IMPLEMENTASI CRAWLTRACK SEBAGAI UPAYA MELINDUNGI
SERVER DARI SERANGAN BOTNET (SQL INJECTION)
TUGAS AKHIR
Sebagai Persyaratan Guna Meraih Gelar Sarjana Strata 1
Teknik Informatika Universitas Muhammadiyah Malang
Oleh :
FAIZAL HARWIN
09560064
JURUSAN TEKNIK INFORMATIKA
FAKULTAS TEKNIK
UNIVERSITAS MUHAMMADIYAH MALANG
2015
LEMBAR PERSEMBAHAN
Alhamdulillahilladzi bini’matihi tatimmusshoolihat, Allahummasholli
wasallim ‘ala nabiiyina Muhammad wa ‘ala alihi washohbihi ajma’in. Amma
ba’du. Penulis menyampaikan ucapan terimakasih yang sebesar-besarnya dan
kupersembahkan tugas akhir ini untuk :
1. Ibundaku tercinta Inaq Sapinah, Jazakillahukhoiron katsiron atas seluruh doa,
kasih sayang, kebaikan, dukungan serta kesabaran selama ananda berjuang
semenjak masih duduk di bangku sekolah dasar hingga menjadi seorang
sarjana seperti yang ibunda impikan. I LOVE YOU SO MUCH MOM
2. Ayahandaku tercinta Amaq Rifa’i, Jazakillahukhoiron katsiron atas seluruh
kasih sayang, jerih payah, kesabaran, kerja keras, doa, dukungan moral dan
materi, cinta dan harapan yang ayahanda berika sampai ananda menjadi
seorang sarjana seperti impian ayahanda. I LOVE YOU SO MUCH DAD.
3. Bapak Saifuddin, S.Kom dan bapak Zamah Sari, M.T. selaku dosen
pembimbing kami. Terimakasih banyak atas bimbingan dan arahan bapak
selam proses penulisan tugas akhir ini sampai tuntas. Semoga.
4. Bapak / Ibu Dekan Fakultas Teknik Informatika Universitas Muhammadiyah
Malang.
5. Bapak/ Ibu Ketua Jurusan Teknik Informatika Universita Muhammadiyah
Malang
6. Bapak /Ibu Dosen Teknik Informatika Universitas Muhammadiyah Malang.
Terimakasih atas bimbingan dan pengajaran Bapak/Ibu semua selama proses
perkuliahan di kampus putih tercinta.
7. Karyawan UPT. Perpustakaan UMM, Terimakasih banyak atas Doa dan
Motivasi yang bapak/ibu berikan selama saya menjadi bagian dari UPT.
Perpustakaan. I LOVE LIBRARIAN.
8. Ibu Tri Wahyuni Tercinta. Jazakillahukhoiron katsiron atas segala kebaikan
ibu selama ini. Terimakasih banyak sudah menerima saya menjadi bagian dari
keluarga besar Bapak Setiawan. Sekiranya ada kebaikan yang ada pada diri
saya semoga Alloh SWT juga memberikan kebaikan bagi ibu sekeluarga.
9. Ibu Umi dan Bapak Bakhtiar yang saya hormati. Jazakillahukhoiron katsiron
atas kerelaan hati bapak memberikan tempat buat saya tidur di ruangan bapak,
semoga kelak mendapatkan keturunan perempuan seperti yang bapak impikan
selama ini, dan untuk Ibu Umi yang cantik, mudah-mudahan segera
mendapatkan pendamping hidup seperti yang ibu umi impikan.
10. Teman-teman partime UPT. Perpustakaan semuanya, Khususnya Akses
Internet, Aris Hanafi, Dwi Fandi, AL, Neni, Dian. Terimakasih banyak atas
doa dan dukungan kalian semua. Kenangan Indah Bersama Kalian Akan slalu
kami Kenang. I LOVE YOU ALL
11. Teman-teman kos Raffah dan GAZA, Izzul, Yasir, Ridwan, Yanto, Jeffry,
Daeng, Kak Bayu, Rezza, dkk yang tidak bisa saya sebutkan satu persatu
disini. Terimakasih banyak telah menjadi teman kos yang aman dan nyaman
selama saya berada di Malang. INDAH PADA WAKTUNYA KAWAN.
12. Teman-teman dan rekan-rekan seperjuangan anak-anak Teknik Informatika
angkatan 2009, Pak Gunarno, Thorik, Hadi Asri, Yazid, Rizal, Mansur, Adly
dkk, yang unik-unik, baik-baik, pintar-pintar, gokil semua. SALAM SATU
JIWA DAN SUKSES SELALU UNTUK KITA SEMUA.
13. SALAM SATU JIWA DI BUMI AREMA. Terimakasih telah menjadi kota
yang begitu indah, sejuk dan ramah, kota tempat menimba sejuta ilmu dan
pengalaman. MALANG IS PART OF MY LIFE FOREVER.
14. Pihak-pihak yang tidak bisa saya sebutkan satu persatu yang telah banyak
membantu dan berkorban dalam proses penyusunan dan penulisan tugas akhir
ini. Terimakasih dan suskses selalu untuk kita semua.
DAFTAR ISI
LEMBAR PERSETUJUAN ............................................................................ i
LEMBAR PENGESAHAN ............................................................................. ii
LEMBAR PERNYATAAN .............................................................................. iii
ABSTRAK ........................................................................................................ iv
ABSTRACK ...................................................................................................... v
LEMBAR PERSEMBAHAN ............................................................................ vi
KATA PENGANTAR ....................................................................................... viii
DAFTAR ISI ...................................................................................................... ix
DAFTAR GAMBAR ......................................................................................... xi
DAFTAR TABEL .............................................................................................. xiv
BAB I PENDAHULUAN .................................................................................. 1
1.1 LATAR BELAKANG ........................................................................... 1
1.2 RUMUSAN MASALAH ....................................................................... 2
1.3 BATASAN MASALAH ........................................................................ 2
1.4 TUJUAN PENELITIAN ......................................................................... 3
1.5 METODELOGI PENELITIAN ............................................................. 3
1.5.1 Studi Pustaka .............................................................................. 3
1.5.2 Perancangan Sistem ................................................................... 3
1.5.3 Pengujian Terhadap Sistem ........................................................ 3
1.5.4 Analisa Hasil .............................................................................. 4
1.6 SISTEMATIKA PENULISAN .............................................................. 4
BAB II LANDASAN TEORI ............................................................................ 5
2.1 Botnet .................................................................................................... 5
2.1.1 Siklus Hidup Botnet ................................................................... 5
2.1.2 Command and Control ............................................................... 7
2.1.3 Communication Protocol ........................................................... 9
2.2 Web Analisis .......................................................................................... 10
2.2.1 Crawltrack .................................................................................. 14
2.3 SQL injection ......................................................................................... 16
2.3.1 Mencari Target SQL Injection ................................................... 17
2.3.2 Lokasi SQL Injection ................................................................. 17
2.4 Web Server ............................................................................................. 18
2.5 Internet Protokol ..................................................................................... 19
2.5.1 Pengalamatan IP Address ........................................................... 19
2.6 Port .......................................................................................................... 20
2.7 Mesin Virtual ......................................................................................... 21
2.7.1 Vmware ...................................................................................... 22
2.8 User Mode Linux (UML) ....................................................................... 24
2.8.1 Kernel Base Virtual Machine ..................................................... 25
BAB III ANALISA DAN PERANCANGAN SISTEM .................................... 27
3.1 Analisa Sistem ........................................................................................ 27
3.1.1 Kebutuhan Perangkat Keras ....................................................... 27
3.1.2 Kebutuhan Perangkat Lunak ...................................................... 29
3.2 Kebutuhan Crawltrack ........................................................................... 30
3.3 Konfigurasi Alamat IP Address ............................................................. 30
3.4 Skenario Penyerangan dan Pengendalian Bot ........................................ 31
3.5 Skenario Pengujian Sistem ..................................................................... 34
3.6 Perancangan Aluar Sistem ..................................................................... 35
3.7 Perancangan Sistem ............................................................................... 36
BAB IV IMPLEMENTASI DAN PENGUJIAN SISTEM ................................ 37
4.1 Implementasi Sistem .............................................................................. 37
4.1.1 Persiapan Sistem Operasi ........................................................... 37
4.1.2 Implementasi Crawltrack pada webserver ................................. 38
4.1.2.1 Installasi xampp ................................................................... 38
4.1.2.2 Installasi Webserver ............................................................. 39
4.1.2.3 Installasi crawltrack ............................................................. 40
4.1.3 Implementasi Unrealircd ............................................................ 44
4.1.4 Setting Perl Bot .......................................................................... 48
4.1.5 Konfigurasi mIRC ...................................................................... 49
4.2 Pengujian Sistem .................................................................................... 50
4.2.1 Pengujian sistem sebelum implementasi Crawltrack ................. 50
4.2.2 Pengujian sistem sesudah implementasi Crawltrack ................. 60
BAB IV KESIMPULAN DAN SARAN ........................................................... 63
5.1 Kesimpulan ............................................................................................ 63
5.2 Saran ....................................................................................................... 64
DAFTAR PUSTAKA ........................................................................................ 65
LAMPIRAN ....................................................................................................... 66
DAFTAR GAMBAR
Gambar 2.1 Siklus Hidup Botnet ....................................................................... 6
Gambar 2.2 Centralized C&C mechanism ......................................................... 8
Gambar 2.3 P2P-base C&C mechanism ............................................................ 8
Gambar 2.4 Public Flow .................................................................................... 15
Gambar 2.5 Admin Flow .................................................................................... 15
Gambar 2.6 Security Flow ................................................................................. 16
Gambar 2.7 Header Protokol IP ......................................................................... 19
Gambar 2.8 Port dan Aplikasi TCP /IP .............................................................. 21
Gambar 2.9 skema Vmwarew di atas Host ........................................................ 23
Gambar 2.10 Vmware di atas Hardware ............................................................ 23
Gambar 2.11 Struktur UML ............................................................................... 24
Gambar 2.12 Struktul UML2 ............................................................................. 25
Gambar 2.13 Linux Hosting Dalam UML .......................................................... 25
Gambar 2.14 Virtualisasi KVM ......................................................................... 26
Gambar 3.1 Virtual network Editor ................................................................... 30
Gambar 3.2 Proses Penyebaran Botnet .............................................................. 32
Gambar 3.3 Diagram Alur Perancangan Sistem ................................................ 35
Gambar 3.4 Topologi Jaringan ........................................................................... 36
Gambar 4.1 Update dan upgrade ubuntu server ................................................. 37
Gambar 4.2 update dan upgrade centos server ................................................... 37
Gambar 4.3 installasi xampp di centos .............................................................. 38
Gambar 4.4 Menjalankan xampp ....................................................................... 39
Gambar 4.5 Memindahkan folder web ............................................................... 39
Gambar 4.6 Membuat database webserver ........................................................ 39
Gambar 4.7 Home page web vulnerable ............................................................ 40
Gambar 4.8 Membuat database crawltrack ....................................................... 41
Gambar 4.9 Bahasa untuk crawltrack ................................................................ 41
Gambar 4.10 Koneksi crawltrack ke database ................................................... 41
Gambar 4.11 Setting crawltrack ......................................................................... 42
Gambar 4.12 Administrator acount ................................................................... 42
Gambar 4.13 Halaman admnistrator .................................................................. 43
Gambar 4.12 Index.php web vulnerable ............................................................ 43
Gambar 4.15 Crawler testing ............................................................................. 44
Gambar 4.16 Download unrealircd .................................................................... 44
Gambar 4.17 Folder unreal ................................................................................ 45
Gambar 4.18 Setting unrealircd ......................................................................... 45
Gambar 4.19 Konfigurasi unrealircd .................................................................. 46
Gambar 4.20 Printah make ................................................................................. 46
Gambar 4.21 Membuat file tambahan ................................................................ 46
Gambar 4.22 Menjalankan perintah ./Config ..................................................... 48
Gambar 4.23 Setting mIRC ................................................................................ 49
Gambar 4.24 Botmaster join ke channel Skripsi ................................................ 50
Gambar 4.25 Alamat web vulnerable ................................................................. 51
Gambar 4.26 Just record it ................................................................................ 51
Gambar 4.27 Perl bot running ............................................................................ 52
Gambar 4.28 Komputer korban join ke Skripsi ................................................. 52
Gambar 4.29 IP dari Komputer bot .................................................................... 53
Gambar 4.30 Mencari database webserver ........................................................ 53
Gambar 4.31 Mencari tabel databae pentest ...................................................... 54
Gambar 4.32 Mencari Kolom tabel table_user .................................................. 55
Gambar 4.33 Perintah dump .............................................................................. 56
Gambar 4.34 Vulnerable page ............................................................................ 57
Gambar 4.35 Penambahan parameter OR 1=1 ................................................... 57
Gambar 4.36 Grafik server load ......................................................................... 58
Gambar 4.37 Hacking Attempts ......................................................................... 58
Gambar 4.38 Hacking details ............................................................................. 59
Gambar 4.39 Grafik serangan SQL .................................................................... 59
Gambar 4.40 Hasil record dari crawltrack ........................................................ 60
Gambar 4.41 Record it and block it ................................................................... 60
Gambar 4.42 Serangan SQL injection gagal ...................................................... 61
Gambar 4.43 Menambahkan parameter OR 1=1 ............................................... 61
Gambar 4.44 Crawltrack block serangan SQL injection ................................... 62
DAFTAR TABEL
Tabel 2.1 Daftar kunci web analisis ................................................................... 10
Tabel 3.1 Spesifikasi Kebutuhan Perangkat Keras ............................................ 28
Tabel 3.2 IP Address PC .................................................................................... 31
DAFTAR PUSTAKA
[1] Bist, Ankur Singh. 201 2. Botnet : A Survey. International Journal of
Engineering Sciences & Research. IJESRT, Singh, 1 (10), 583-585.
[2] Nugraha Adhity and R. Adi Fauzi. 2011. Botnet Detection Survey, Faculty
of Information and Technolgy, University Teknikal Malaysia Melaka,
Seminar Nasional Teknologi & Komunikasi Terapan 2011.
[3] Gadgil, Sampada., Pillai, Sanoop., Poojary Sushant. 2013. SQL Injection
Attacks and Prevention Techiques. International Journal on Recent and
Innovation Trends in Computing and Communication, 1(4), 293.296.
[4] Geges, Septian., Wibisono,Waskitho., Tohari, Ahmad. 2013. Identifikasi
Botnets Melalui Pemantauan Group activity Pada DNS Traffic. Jurnal
Teknik Pomits, 2(1), 1-6
[5] Hidayatulloh Beni Ari. 2014. Load Balancing Honeypot System Untuk
Meminimalisir Dos/Ddos Pada Honeypot Network Menggunakan Teknik
Forwarder Dan Vacancy Checker . Undergraduate Theses from
JIPTUMMPP.
[6] Nugroho, Revana Mendra. 2014. Implementasi Firewall IPTables Untuk
Mencegah Serangan Terhadap Webserver. Undergraduate Theses from
JIPTUMMP.
[7] Anonim. 2014. More CrawlTrack Tips and Techniques for Webmasters.
http://www.seochat.com/c/a/website-promotion-help/crawltrack-tips-and-
techniques-for-webmasters, Diakses pada Jumat, 23 Desember 2014 jam
14.25
[8] Anonim. 2014 . More CrawlTrack Tips and Techniques for Webmasters.
http://www.seochat.com/c/a/website-promotion-help/more-crawltrack-
tips-and-techniques-for-webmasters, Diakses pada jumat, 23 Desember
2014 14.26
Top Related