Lebih lengkap silahkan dilihat di SINI
xxxxxxxxxxxxxxxxxxxxx
Pentest Lab
xxxxxxxxxxxxxxxxxxxxx
Secara default untuk mengakses RouterOS dapat melalui:
o Telnet
o SSH
o HTTP
o Winbox
o FTP
o Mac-Telnet
### Minimal Firewall Configuration
Fig. Topologi
Target Attacker
[ vmWare ] ;--------x x---------; [ Notebook ]
192.168.0.1/24 192.168.0.2/24
RouterOS winXP
Alatbantu:
- PortScanner . Nmap v4.2
- HTTP BruteForce . FScan v0.6
- SSH BruteForce
- FTP BruteForce
- Portknock
;;;;;;;;;;;; Ada lima Rule ;;;;;;;;;;
o1. Drop Port Scanner
o2. Drop SSH BruteForce
o3. Drop FTP BruteForce
o4. Drop HTTP/HTTPS BruteForce
o5. PortKnocking Rule
o1. Drop Port Scanner
-----------------------------------------------------------------------------------
D:\>nmap -vv -sX -sV -p U:53,111,137,500,T:21-25,80,139,179,8080 192.168.0.1
Starting Nmap 4.22SOC8 ( http://insecure.org ) at 2008-07-19 17:12 SE Asia Stand
ard Time
Initiating ARP Ping Scan at 17:12
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 17:12, 0.11s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:12
Completed Parallel DNS resolution of 1 host. at 17:12, 16.50s elapsed
Initiating XMAS Scan at 17:12
Scanning 192.168.0.1 [9 ports]
Completed XMAS Scan at 17:12, 1.27s elapsed (9 total ports)
Initiating Service scan at 17:12
Scanning 4 services on 192.168.0.1
Discovered open port 80/tcp on 192.168.0.1
Discovered open|filtered port 80/tcp on 192.168.0.1 is actually open
Discovered open port 23/tcp on 192.168.0.1
Discovered open|filtered port 23/tcp on 192.168.0.1 is actually open
Discovered open port 22/tcp on 192.168.0.1
Discovered open|filtered port 22/tcp on 192.168.0.1 is actually open
Discovered open port 21/tcp on 192.168.0.1
Discovered open|filtered port 21/tcp on 192.168.0.1 is actually open
Completed Service scan at 17:12, 6.09s elapsed (4 services on 1 host)
SCRIPT ENGINE: Initiating script scanning.
Host 192.168.0.1 appears to be up ... good.
Interesting ports on 192.168.0.1:
PORT STATE SERVICE VERSION
21/tcp open ftp MikroTik router ftpd 2.9.27
22/tcp open ssh OpenSSH 2.3.0 mikrotik 2.9 (protocol 1.99)
23/tcp open telnet Linux telnetd
24/tcp closed priv-mail
25/tcp closed smtp
80/tcp open http MikroTik router http config
139/tcp closed netbios-ssn
179/tcp closed bgp
8080/tcp closed http-proxy
MAC Address: 00:0C:29:D1:59:AB (VMware)
Service Info: Host: MikroTik; OS: Linux; Device: router
Read data files from: C:\Program Files\Nmap
Service detection performed. Please report any incorrect results at http://insec
ure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.203 seconds
Raw packets sent: 14 (562B) | Rcvd: 7 (302B)
D:\>
-----------------------------------------------------------------------------------
Tambahkan rule;
-----------------------------------------------------------------------------------
| add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
| address-list="port scanners" address-list-timeout=2w comment="Drop Port \
| Scanners" disabled=no
| add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
| action=add-src-to-address-list address-list="port scanners" \
| address-list-timeout=2w comment="" disabled=no
| add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
| address-list="port scanners" address-list-timeout=2w comment="" \
| disabled=no
| add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
| address-list="port scanners" address-list-timeout=2w comment="" \
| disabled=no
| add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
| action=add-src-to-address-list address-list="port scanners" \
| address-list-timeout=2w comment="" disabled=no
| add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
| action=add-src-to-address-list address-list="port scanners" \
| address-list-timeout=2w comment="" disabled=no
| add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
| action=add-src-to-address-list address-list="port scanners" \
| address-list-timeout=2w comment="" disabled=no
| add chain=input src-address-list="port scanners" action=drop comment="" \
| disabled=no
-----------------------------------------------------------------------------------
IP address Attacker akan dimasukkan kedalam ip firewall address-list, Maka;
-----------------------------------------------------------------------------------
D:\>nmap -vv -sX -sV -p U:53,111,137,500,T:21-25,80,139,179,8080 192.168.0.1
Starting Nmap 4.22SOC8 ( http://insecure.org ) at 2008-07-19 17:16 SE Asia Stand
ard Time
Initiating ARP Ping Scan at 17:16
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 17:16, 0.11s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:16
Completed Parallel DNS resolution of 1 host. at 17:17, 16.50s elapsed
Initiating XMAS Scan at 17:17
Scanning 192.168.0.1 [9 ports]
Completed XMAS Scan at 17:17, 1.26s elapsed (9 total ports)
Initiating Service scan at 17:17
Scanning 9 services on 192.168.0.1
Completed Service scan at 17:17, 5.00s elapsed (9 services on 1 host)
SCRIPT ENGINE: Initiating script scanning.
Host 192.168.0.1 appears to be up ... good.
Interesting ports on 192.168.0.1:
PORT STATE SERVICE VERSION
21/tcp open|filtered ftp
22/tcp open|filtered ssh
23/tcp open|filtered telnet
24/tcp open|filtered priv-mail
25/tcp open|filtered smtp
80/tcp open|filtered http
139/tcp open|filtered netbios-ssn
179/tcp open|filtered bgp
8080/tcp open|filtered http-proxy
MAC Address: 00:0C:29:D1:59:AB (VMware)
Read data files from: C:\Program Files\Nmap
Service detection performed. Please report any incorrect results at http://insec
ure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 23.094 seconds
Raw packets sent: 19 (762B) | Rcvd: 1 (42B)
D:\>
[admin@MikroTik] ip firewall address-list> print
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 Save Haven 192.168.0.3-192.168.0.5
1 D Save Haven 192.168.0.2
2 D port scanners 192.168.0.2
[admin@MikroTik] ip firewall address-list>
C:\Documents and Settings\adminz>ping 192.168.0.1 -t
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.1:
Packets: Sent = 24, Received = 19, Lost = 5 (20% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Documents and Settings\adminz>
-----------------------------------------------------------------------------------
o2. Drop SSH BruteForces
-----------------------------------------------------------------------------------
| add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist \
| action=drop comment="Drop SSH brute forcers" disabled=no
| add chain=input protocol=tcp dst-port=22 connection-state=new \
| src-address-list=ssh_stage3 action=add-src-to-address-list \
| address-list=ssh_blacklist address-list-timeout=1w3d comment="" \
| disabled=no
| add chain=input protocol=tcp dst-port=22 connection-state=new \
| src-address-list=ssh_stage2 action=add-src-to-address-list \
| address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
| add chain=input protocol=tcp dst-port=22 connection-state=new \
| src-address-list=ssh_stage1 action=add-src-to-address-list \
| address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
| add chain=input protocol=tcp dst-port=22 connection-state=new \
| action=add-src-to-address-list address-list=ssh_stage1 \
| address-list-timeout=1m comment="" disabled=no
-----------------------------------------------------------------------------------
o3. Drop FTP BruteForce
-----------------------------------------------------------------------------------
| add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist \
| action=drop comment="Drop FTP brute forcers" disabled=no
| add chain=output protocol=tcp content="530 Login incorrect" \
| dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
| add chain=output protocol=tcp content="530 Login incorrect" \
| action=add-dst-to-address-list address-list=ftp_blacklist \
| address-list-timeout=3h comment="" disabled=no
-----------------------------------------------------------------------------------
o4. Drop HTTP/HTTPS BruteForce
Meminimalkan attacking terhadap port http/https ke RouterOS dengan BruteForce
Seperti:
------------------------------------------------------------------------------------
D:\fscan>fscan.exe --ports 80 --hosts 192.168.0.1 --threads 200
Fast HTTP Auth Scanner v0.6
(c) Andres Tarasco - http://www.514.es
[+] Loaded 26 user/pass combinations
[+] Loaded 42 ignored webservers
[+] Loaded 41 Router authentication schemes
[+] Loaded 51 webform authentication schemes
[+] Loaded 13 Single Users
[+] Scanning 1 hosts (192.168.0.1 - (null))
[+] Scanning 1 ports - bruteforce is active
Server Port status password banner
192.168.0.1 80 200 not:found (mikrotik routeros)
scan Finished
D:\fscan>
------------------------------------------------------------------------------------
Jika dilihat pada log RouterOS :
------------------------------------------------------------------------------------
[admin@MikroTik] > log print
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user Admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user admin from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user cisco from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user 1234 from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user operator from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user user from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user root from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user root from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user root from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user root from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user super from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user test from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user Cisco from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user smc from 192.168.0.2 via web
16:49:45 system,error,critical login failure for user support from 192.168.0.2 via web
16:52:17 system,error,critical login failure for user admin via local
------------------------------------------------------------------------------------
Tambahkan Rule di firewall RouterOS
-----------------------------------------------------------------------------------
| add chain=input protocol=tcp dst-port=80 src-address-list=web_blacklist \
| action=drop comment="Drop Web brute forcers" disabled=no
| add chain=input protocol=tcp dst-port=443 src-address-list=web_blacklist \
| action=drop comment="" disabled=no
| add chain=output protocol=tcp content="invalid user name or password" \
| dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
| add chain=output protocol=tcp content="invalid user name or password" \
| action=add-dst-to-address-list address-list=web_blacklist \
| address-list-timeout=3h comment="" disabled=no
-----------------------------------------------------------------------------------
Dilakukan Bruteforce lagi, maka:
-----------------------------------------------------------------------------------
[admin@MikroTik] ip firewall address-list> pr
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 Save Haven 192.168.0.3-192.168.0.5
1 D Save Haven 192.168.0.2
2 D web_blacklist 192.168.0.2
[admin@MikroTik] ip firewall address-list>
D:\fscan>fscan.exe --ports 80 --hosts 192.168.0.1 --threads 200
Fast HTTP Auth Scanner v0.6
(c) Andres Tarasco - http://www.514.es
[+] Loaded 26 user/pass combinations
[+] Loaded 42 ignored webservers
[+] Loaded 41 Router authentication schemes
[+] Loaded 51 webform authentication schemes
[+] Loaded 13 Single Users
[+] Scanning 1 hosts (192.168.0.1 - (null))
[+] Scanning 1 ports - bruteforce is active
Server Port status password banner
scan Finished
D:\fscan>
-----------------------------------------------------------------------------------
o5. PortKnocking Rule
Tambahkan Rule pada Firewall filter:
-----------------------------------------------------------------------------------
| add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list \
| address-list=knock-knock address-list-timeout=15s comment="Port Knocking" \
| disabled=no
| add chain=input protocol=udp dst-port=17954 src-address-list=knock-knock \
| action=add-src-to-address-list address-list="Save Haven" \
| address-list-timeout=3h comment="" disabled=no
| add chain=input src-address-list="Save Haven" action=accept comment="" \
| disabled=no
| add chain=input action=drop comment="" disabled=no
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
# Download tool portknocking
D:\>wget http://www.zeroflux.org/proj/knock/files/knock-cygwin.zip
# Ekstrak file
D:\knock>dir
Volume in drive D is ---data.
Volume Serial Number is 20B3-1A4D
Directory of D:\knock
19/07/2008 15:24 <DIR> .
19/07/2008 15:24 <DIR> ..
03/07/2005 02:30 1.295.582 cygwin1.dll
10/08/2005 14:52 15.238 knock.exe
2 File(s) 1.310.820 bytes
2 Dir(s) 714.395.648 bytes free
D:\knock>
C:\Documents and Settings\adminz>ping 192.168.0.1 -t
Pinging 192.168.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.1:
Packets: Sent = 6, Received = 0, Lost = 6 (100% loss),
Control-C
^C
C:\Documents and Settings\adminz>
D:\>telnet 192.168.0.1 22
Connecting To 192.168.0.1...Could not open connection to the host, on port 22: C
onnect failed
D:\>putty -ssh -l admin 192.168.0.1
D:\>
---------------------------------------------
|PuTTY Fatal Error [x]|
|-------------------------------------------|
| |
| (X) Network error: Connection timed out |
| |
| +-----------+ |
| | OK | |
| +-----------+ |
| |
---------------------------------------------
D:\knock>knock.exe
usage: knock [options] <host> <port[:proto]> [port[:proto]] ...
options:
-u, --udp make all ports hits use UDP (default is TCP)
-v, --verbose be verbose
-V, --version display version
-h, --help this help
example: knock myserver.example.com 123:tcp 456:udp 789:tcp
D:\knock>knock 192.168.0.1 1337:tcp 17954:udp
D:\knock>
C:\Documents and Settings\adminz>ping 192.168.0.1 -t
Pinging 192.168.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.0.1:
Packets: Sent = 18, Received = 11, Lost = 7 (38% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Documents and Settings\adminz>
D:\>putty -ssh -l admin 192.168.0.1
D:\>
=======================================================================================
| 192.168.0.1 - PuTTY [_][O][X]|
|-------------------------------------------------------------------------------------+
|Using username "admin". [^]|
|admin@192.168.0.1's password: | ||
| | ||
| MMM MMM KKK TTTTTTTTTTT KKK | ||
| MMMM MMMM KKK TTTTTTTTTTT KKK | ||
| MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK | ||
| MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK | ||
| MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK | ||
| MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK | ||
| | ||
| MikroTik RouterOS 2.9.27 (c) 1999-2006 http://www.mikrotik.com/ | ||
| | ||
| | ||
| | ||
| | ||
| | ||
| | ||
| | ||
| | ||
| | ||
| | ||
| | ||
| | ||
|Terminal xterm detected, using multiline input mode | ||
|[admin@MikroTik] > log print | ||
|17:38:31 system,info,account user admin logged in from 192.168.0.2 via ssh [v]|
=======================================================================================
Export file configuration
-------------------------;
/ ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="Drop Port \
Scanners" disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="" \
disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="" \
disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="" disabled=no
add chain=input src-address-list="port scanners" action=drop comment="" \
disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist \
action=drop comment="Drop SSH brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list \
address-list=ssh_blacklist address-list-timeout=1w3d comment="" \
disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list \
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage1 action=add-src-to-address-list \
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist \
action=drop comment="Drop FTP brute forcers" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" \
dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" \
action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h comment="" disabled=no
add chain=input protocol=tcp dst-port=80 src-address-list=web_blacklist \
action=drop comment="Drop Web brute forcers" disabled=no
add chain=input protocol=tcp dst-port=443 src-address-list=web_blacklist \
action=drop comment="" disabled=no
add chain=output protocol=tcp content="invalid user name or password" \
dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
add chain=output protocol=tcp content="invalid user name or password" \
action=add-dst-to-address-list address-list=web_blacklist \
address-list-timeout=3h comment="" disabled=no
add chain=input protocol=tcp dst-port=1337 action=add-src-to-address-list \
address-list=knock-knock address-list-timeout=15s comment="Port Knocking" \
disabled=no
add chain=input protocol=udp dst-port=17954 src-address-list=knock-knock \
action=add-src-to-address-list address-list="Save Haven" \
address-list-timeout=3h comment="" disabled=no
add chain=input src-address-list="Save Haven" action=accept comment="" \
disabled=no
add chain=input action=drop comment="" disabled=no
### Other Security
o SSH Preshated Key authentication
Generate Publik dan private key
Menggunakan ssh keygen pada *NIX
sh$ ssh-keygen -t dsa -f ./id_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./id_dsa.
Your public key has been saved in ./id_dsa.pub.
The key fingerprint is:
91:d7:08:be:b6:a1:67:5e:81:02:cb:4d:47:d6:a0:3b admin-ssh@beka
Menggunakan PuTTYGen Pada Windows
Upload file publik key ke RouterOS gunakan Scp, selanjutnya import file,
[admin@MikroTik] user ssh-keys> import file=id_dsa.pub user=admin-ssh
[admin@MikroTik] user ssh-keys> print
# USER KEY-OWNER
0 admin-ssh admin-ssh@beka
[admin@MikroTik] user ssh-keys>
o Firewall - http://wiki.mikrotik.com/wiki/Dmitry_on_firewalling
o Syslog Daemon
pakai linux dong tutorialnya masak windows juga