Leaderboard

În acest tutorial voi descrie pa?ii necesari pentru a crea o interfa?? API, ce va oferi informa?ii despre IP-ul, ?ara, regiunea, ora?ul ?i coordonatele (?ti?i voi: adresa, blocul, etajul, apartamentul) utilizatorului. De asemenea, v-a fi verificat dac? acesta folose?te un proxy sau dac? IP-ul lui nu este un proxy public. ?i pentru ca lista s? fie complet?, se vor ob?ine ?i informa?iile despre versiunea browser-ului, limba setat? ?i referer-ul acestuia. Pentru cei ner?bd?tori, vreau s? men?ionez c? la final rezultatul returnat de interfa?a API va ar?ta în felul urm?tor, iar un exemplu de aplica?ie ce folose?te acest API poate fi g?sit aici: My IP Vreau s? men?ionez c? interfa?a va fi dezvoltat? cu ajutorul unei aplica?ii pentru Google App Engine, iar limbajul de programare va fi Python. Dac? nu cunoa?te?i Python, pute?i utiliza Java sau Go (desigur, va trebui s? v? descurca?i singuri). Pasul 1. Înregistrarea unei noi aplica?ii Pentru început e nevoie s? înregistr?m o nou? aplica?ie. Acest lucru poate fi f?cut accesând aceast? adres? URL https://appengine.google.com/start/createapp — unde trebuie s? alegem identificatorul unic ?i numele aplica?iei. Pentru op?iunea „Storage Options” bif?m „High Replication” (Master/Slave e considerat? „învechit?” ?i probabil în viitorul apropiat aplica?iile ce utilizeaz? aceast? metod? nu vor mai fi func?ionabile). Pasul 2. Desc?rcarea ?i instalarea SDK-ului Dup? ce am înregistrat aplica?ia, desc?rc?m SDK-ul pentru Google App Engine de pe pagina Downloads. Aici alegem SDK-ul pentru limbajul de programare dorit (în cazul meu Python) ?i sistemul de operare (în cazul meu Windows). Pasul 3. Crearea unei noi aplica?ii Acum, dup? ce am desc?rcat ?i instalat SDK-ul GAE, cre?m o nou? aplica?ie local?. Pentru aceasta rul?m executabilul Google App Engine Launcher ?i din meniul „File” alegem op?iunea „Create New Application”. În fereastra ce apare, introducem identificatorul ales la pasul 1, loca?ia unde dorim s? salv?m aplica?ia, introducem portul necesar ?i ap?s?m „Create Application”. Vreau s? men?ionez c? eu am ales portul 8090, astfel pentru exemplele de mai jos voi folosi acest port. Pasul 4. Testarea aplica?iei ?i acum a venit timpul s? rul?m aplica?ia implicit? pentru a fi siguri c? totul e ok: select?m aplica?ia creat? ?i ap?s?m click pe „Run”. A?tept?m pu?in, ?i dac? a fost indicat calea corect? ?i un port liber — aplica?ia va deveni activ?. Iar pentru a fi siguri c? totul func?ioneaz? perfect, ap?s?m butonul „Browse” sau acces?m http://localhost:8090/ — dac? browser-ul arat? mesajul „Hello world!” — atunci e ok, ?i putem trece la urm?torul pas. Pasul 5. Preg?tirea spa?iului de lucru Deschidem folderul unde am salvat aplica?ia (acest lucru poate fi f?cut ?i cu ajutorul SDK-ului: din meniul „Edit” alegem „Open in Explorer”) ?i ?tergem fi?ierele de care nu mai avem nevoie: favicon.ico main.py main.pyc Deschidem fi?ierul app.yaml ?i înlocuim con?inutul acestuia cu urm?torul cod: # Identificatorul aplicatiei (ales la pasul 1) application: json-api # Despre chestiile de mai jos (si multe alte lucruri utile) puteti citi accesand URL-ul # https://developers.google.com/appengine/docs/python/config/appconfig version: 1 runtime: python27 threadsafe: false api_version: 1 handlers: # Indicam ca in folderul /static sunt salvate fisiere statice precum imagini, css, js si altele - url: /static static_dir: static # Daca utilizatorul acceseaza /ip.js atunci executam scriptul ip.py - url: /ip\.js script: ip.app # Pentru celelalte pagini accesate de catre utilizator afisam pagina implicita - url: /.* static_files: static/html/index.html upload: static/html/index.html Dup? aceasta, cre?m fi?ierul static/html/index.html în care scriem mesajul de întâmpinare (sau folosim sursa paginii de aici http://json-api.appspot.com/). Acces?m http://localhost:8090/ dac? apare mesajul introdus, mergem mai departe. Exact la fel proced?m ?i cu fi?ierul static/html/ip.html (sursa o g?sim aici http://json-api.appspot.com/static/html/ip.html) care va fi folosit pentru a afi?area informa?iei ob?inute de la interfa?a API. Dat fiind faptul c? cu ajutorul Google App Engine putem ob?ine doar ini?ialele ??rii, cre?m un fi?ier static/js/iso3166_codes.js folosind datele de aici http://json-api.appspot.com/static/js/iso3166_codes.js care vor fi folosite la ob?inerea numelui ??rii. De asemenea, cre?m ?i fi?ierul static/js/ip.js (sursa http://json-api.appspot.com/static/js/ip.js) care va avea rolul de a primi ?i afi?a datele returnate de interfa?a API. Pasul 5. Crearea interfe?ei API Cre?m fi?ierul ip.py în care copiem urm?torul cod: #!/usr/bin/env python # -*- coding: utf-8 -*- # Includem bibliotecile necesare import webapp2, json, urllib2, re class InitApp(webapp2.RequestHandler): def get(self): req = self.request # Lista variabililor pe care o va returna interfata API info = { 'ip' : req.remote_addr, 'country' : req.headers.get('X-AppEngine-Country'), 'region' : req.headers.get('X-AppEngine-Region'), 'city' : req.headers.get('X-AppEngine-City'), 'coordinates' : req.headers.get('X-AppEngine-CityLatLong'), 'browser' : req.headers.get('User-Agent'), 'lang' : self.getLang(), 'referer' : req.referer, 'isproxy' : self.isProxy(), } # Verificam daca utilizatorul nu foloseste un proxy "transparent" if req.headers.get('X-Forwarded-For'): info['realip'] = req.headers.get('X-Forwarded-For').split(',')[0] # Obtinem reprezentarea JSON pentru variabilele necesare result = json.dumps(info) # Verificam daca utilizatorul a specificat o functie callback. Exemplu: # Request : http://json-api.appspot.com/ip.js?varname=data # Rezultat : callback({...}); if req.get('callback'): result = '{0}({1});'.format(self.getVar('callback'), result) # Verificam daca utilizatorul a specificat o variabila. Exemplu: # Request : http://json-api.appspot.com/ip.js?varname=data # Rezultat : var data = {...}; elif req.get('varname'): result = 'var {0} = {1};'.format(self.getVar('varname'), result) # Afisam rezultatul ca fiind plain-text self.response.headers['Content-Type'] = 'text/javascript; charset=utf-8' self.response.out.write(result) # Eliminam caracterele nevalide din numele functiei callback si numele variabilei def getVar(self, var): return self.filter(self.request.get(var)) # Obtinem initialele pentru limba folosita def getLang(self): lang = self.request.headers.get('Accept-Language') return self.filter(lang.split(',')[0]) # Eliminam caracterele non-alfanumerice def filter(self, str): return re.sub('[^a-z_\.0-9]', '', str, flags=re.IGNORECASE) # Verificam utilizatorul foloseste un proxy public def isProxy(self): # Intrebam pe domnul Google folosind sintaxa inurl:proxy 127.0.0.1 # daca IP-ul nu este un proxy public q = urllib2.quote('inurl:proxy ' + self.request.remote_addr) url = 'http://ajax.googleapis.com/ajax/services/search/web?v=1.0&q=' + q # Folosim contructia try pentru a ne feri de erorile imprevizibile try: # Obtinem un sir JSON returnat de catre serverul Google str = urllib2.urlopen(url).read() # Convertim intr-o variabila datele JSON data = json.loads(str) # Verificam daca au fost gasite mai mult de 5 rezulate return (data['responseData']['cursor']['resultCount'] > 5) except: pass # Deja nu mai are importanta - au fost ceva erori sau Google nu a gasit nimic - # consideram ca IP-ul nu este un proxy return False app = webapp2.WSGIApplication([('/ip.js', InitApp)], debug=True) Pasul 6. Înc?rcarea aplica?iei pe server Dup? ce am salvat toate fi?ierele ?i am testat aplica?ia accesând URL-ul http://localhost:8090/static/html/ip.html putem înc?rca toate fi?ierele pe serverul appspot cu un simplu click pe butonul „Deploy”. În fereastra ce apare, introducem adresa de email ?i parola pentru contul Google. Dup? înc?rcarea fi?ierelor, putem accesa aplica?ia noastr? folosind adresa http://json-api.appspot.com/ (în loc de json-api folosi?i identificatorul ales la pasul 1). Pasul 7. Final Pentru cei un pic mai leno?i, sursa aplica?iei poate fi desc?rcat? accesând adresa URL http://json-api.appspot.com/static/zip/json-api.zip Enjoy!

Salut la toti de pe rst am facut un tutorial despre exploit development sper sa placa Cuprins https://imageshack.com/i/0r20130612142230j youtube vimeo Win32 Exploit Development-01 on Vimeo Download Tools Win32Exploits Development-tools-01 Download Video+Tools Win32Exploits Development-Video+tools-01 Urmeaza o serie de tutoriale despre exploit development ps.respir mai greu in video sper sa nu va speriati am fost operat la plamin

.htaccess is one file that every web admin should know and understand. At its basic level it controls access to your sites directories. But there is much more that you can do, as the snippets in this post will show you. If you you would like to learn the basics of .htaccess, you should check our our Introduction to .htaccess article, which explains pretty well everything you will need to get you up and running. So, here are some useful tricks you can do with .htaccess: 1. Controlling Access to Files and Directories Password protection is one thing, but sometimes you may need to completely block users from having the option of accessing a particular file or directory. This usually happens with system folders, such as the includes folder for which applications will need access but no users will ever need the privilege. To do this, paste this code onto an .htaccess file and and drop it in the directory: deny from all However, this will block access to everyone, including you. To grant yourself access you need to specify your IP address. Here is the code: order deny,allow deny from all allow from xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx is your IP. If you replace the last three digits with 0/12 for example, this will specify a range of IPs within the same network, thus saving you the trouble to list all allowed IPs separately. If you want to block access to a particular file, including .htaccess itself, use the following snippet instead: <Files .htaccess> order allow,deny deny from all </Files> Similarly, if you want to allow given IPs, list them with allow from. If you want to block access to particular file types, use this instead: <FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$"> Order Allow,Deny Deny from all </FilesMatch> 2. Disabling Directory Browsing To prevent directory browsing, add this: Options All -Indexes However, if for some reason you want to enable directory browsing, change it to the following: Options All +Indexes 3. Speeding-Up Load Times by Compressing Files You can compress any type of file, not only images. For instance, to compress HTML files, use this: AddOutputFilterByType DEFLATE text/html To compress TEXT files, use this: AddOutputFilterByType DEFLATE text/plain You can also compress JavaScript, or add compression to multiple file types with one command: AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/rss+xml Alternatively, if you want to compress all of your JavaScript, HTML, and CSS files with GZIP, you can use this: <IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text\.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image\.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </IfModule> 4. Protect Your Site against Hotlinking If you don’t want your images hotlinked, add this to your .htaccess file: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] Just replace yourdomain.com with your own and you are good to go. 5. Blocking Visitors Referred from a Particular Domain If you have users from a particular domain you don’t welcome, you can ban them from your site. For instance, if your site gets listed in a place you don’t want traffic from (i.e. adult sites, blackhat sites, etc.), you can serve them with a 403 Forbidden page. You need to have mod_rewrite enabled but since it is usually on, you should be fine. Add this snippet: <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER} bannedurl1.com [NC,OR] RewriteCond %{HTTP_REFERER} bannedurl2.com [NC,OR] RewriteRule .* - [F] </ifModule> You need to replace bannedurl1.com and bannedurl2.com etc. with the domain names you want to blacklist. You may want to use the [NC] flag because it specifies that the domain name you’ve entered isn’t case sensitive. The [F] flag specifies the action to take – in this case to show the 403 Forbidden error. If you want to ban multiple sites, use the [NC,OR] flag for every domain but the last and if you want to ban a single domain use only the [NC] flag. 6. Blocking Requests from Particular User Agents If your log files show particular user agents (bots or spiders) you can add a few lines to .htaccess and deny them access to your site: RewriteEngine On RewriteBase / SetEnvIfNoCase Referer "^$" bad_user SetEnvIfNoCase User-Agent "^badbot1" bad_user SetEnvIfNoCase User-Agent "^badbot2" bad_user SetEnvIfNoCase User-Agent "^badbot3" bad_user Deny from env=bad_user Replace badbot1, badbot1, etc. with the names of bots from your log files. This should keep such programs away from your site. 7. Caching Files Another way to speed your site’s load times is via file caching. Here is what you need to add in order to cache files: <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$"> Header set Cache-Control "max-age=2592000" </FilesMatch> You can add more file types (or remove some of them) to the sequence of files listed in this example – do what suits you. You can also use max-age to specify the amount of time in seconds that your files will live in the cache. 8. Disabling Caching for Particular File Types If you don’t want to cache particular file types, it is easier not to include them in the cache sequence. However, sometimes files might get cached even if you you don’t explicitly list them there and in this case you may want to disable caching only for them. Most often you will want to disable caching for dynamic files, such as scripts. Here is how to do it: <FilesMatch ".(pl|php|cgi|spl|scgi|fcgi)$"> Header unset Cache-Control </FilesMatch> Just pipe the files you want caching disabled for and this is it. 9. Bypassing the Download Dialogue By default, when you try to download a file from a Web server, you get a dialogue that asks you if you want to save the file or open it. This dialogue is especially irritating with large media files or PDFs. If the files you have uploaded to your server are for downloads, you can save users the trouble and proceed straight to download. Here is what you need to set in .htaccess: AddType application/octet-stream .pdf AddType application/octet-stream .zip AddType application/octet-stream .mp3 10. Renaming an .htaccess File If for some reason, mostly security-related, you want to rename your .htaccess file, it is very easy to do it. In theory, renaming an .htaccess file shouldn’t cause problems with the applications running on your server but if by chance you notice such issues after you rename the file, just rename it back to its original name. AccessFileName htac.cess You also need to update any entries in the file itself or everywhere .htaccess is mentioned, otherwise you will be getting lots of errors. 11. Changing a Default Index Page If you want your index page to be something different from the default index.html, index.php, index.htm, etc. this is very easy to do. Here is what you need to add to .htaccess: DirectoryIndex mypage.html Replace mypage.html with the actual URL of the page you want to use as index and you are done. 12. Redirecting to a Secure https Connection If you are using https and you want to redirect users to the secure pages of your site, use this: RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 13. Restricting File Upload Limits in PHP, Maximum Size of Post Data, Max Script Execution Time, etc. .htaccess allows you to set some values that directly affect your PHP applications. For instance, if you want to impose upload limits in PHP, so that you don’t run out of hosting space because of large files, use this: php_value upload_max_filesize 15M Of course, you can set the value to anything you deem appropriate – 15M (MB) in this example isn’t fixed in stone. You can also restrict the maximum post size for uploading in PHP, To do it, add this: php_value post_max_size 10M Similarly, you can change 10M to any value that suits you. If you don’t want scripts to execute forever, you can limit their execution time with the help of the following: php_value max_execution_time 240 240 is the number of seconds before the script will be terminated and as you guess, it could be any value. Finally, if you want to limit the time a script can parse input data, use this: php_value max_input_time 180 And set any value in seconds that suits you. 14. Disguising File Types Sometimes you wouldn’t like users, to know the file types of the files on your site. One way to hide this information is if you disguise them. For instance, you can make all your files look as if they are HTML or PHP files: ForceType application/x-httpd-php ForceType application/x-httpd-php There is much more that can be done with .htaccess. For instance, you can set automatic translation of your site’s pages, or set the server timezone, or remove the www from URLs, or use fancy directory listings, etc. In any case, before you start experiments with .htaccess, always backup the original .htaccess, so if things don’t go as planned, you have a working copy to revert to. Source

Mai bine vedeti tot serialul cum fac eu. Si daca nu ai invatat bine te mai uiti inca o data peste el si asa inveti bine, pentruca toate lucrulile bazate sunt in el, acolo poti sa vezi ce fac persoanele si cum se comporta,etc Cel mai bun mod sa mintii, sa crazi tu minciuna ta. Adica cum zic eu " Sa te minti in fata " jajaaja

Nu am apucat sa citesc tot, dar legat de privire nu sunt deacord, pana nu demult asa se stia, singurul puct cheie al privirii aplicat in unele circumstante o reprezinta faptul ca atunci cand acceseaza memoria se uita timp de mai putin de o secunda pana la 3 secunde intr-un punct altul decat cele alese intr-o discutie obisnuita. La inceput cu intrebari simple ce apeleaza la memorie, chiar poti sa pui subiectul sa povesteasca un moment din viata lui, forma sub care ii ceri asta tine de tine cat sa nu se prinda. Dupa ce ai stabilit miscarile ochiilor in functie de accesarea memoriei intrebi amanunte despre subiectul care te intereseaza, e posibil sa acceseze apoi, sau nu memoria, daca nu o acceseaza si raspunde ff repede posibil sa minta, daca tu iei un aer impunator, gen nu permiti sa fi mintit, sau cat sa il pui intr-o situatie ceva mai stresanta, se va simti ceva mai vinovat atunci cand te minte si vei observa cum de exemplu isi retrege usor (pt scurt timp, imediat ce iti raspunde) buza de jos, sau ia o pozitie de aparare, tine mainile incrucisate, mainile peste organe. Mainile la spate sau duce usor la spate, indeosebi in spatele capului semn ca iti ascunde ceva. Mai ajuta pentru inducerea starii de nesiguranta a subiectului, daca dupa ce iti raspunde ramai blank pentru 1-2 secunde sau chiar mai putin, adica nu ii dai nici un fel de feedback ca si cand inca nu ti-ar fi raspuns, acest lucru il preseaza putin. Mai ajuta sa iei o atitudine foarte hotarata si mental nu ii permiti sa te minta, adica iei atidudine, sau vb cu el cu intentia (scopul) sa nu ii permiti sa te minta, sau inventezi un tic nervos, la tine, care cand il faci il faci cu intentia sa induci persoanei starea de vinovatie, nevoia de a spune adevarul. Tine putin de NLP asta si de paraphihologie, dar daca faci asta cu incredere o sa ramai socat cat de puternic e psihicul uman! Mai sunt si alte zeci de solutii dar este suficient pt un moment, oricum, va faceti prea multe grij. Totul este rezultatul legiilor naturii, mai exact al principiului actiunii si reactiunii, minti esti mintit, inseli esti inselat. Ca sa iesi din cercul asta vicios trebuie sa te ridici peste subiect si sa iti pui probl asa. Esti sincer, si esti mintit, nu-i nimic e problema celui care te minte, esti corect si esti inselat e problema celui care te insala, facand asta te ridici peste cel care face aceste lucruri fata de tine si ne mai rezonand nu te mai afecteaza, adica te detasezi, si te doare la basketi! Nu iti face griji ca esti neindreptatit, fa-ti griji ca ti se da prea multa dreptata si poate ca nu ai, e uman sa gresesti! Fa bine si vei fi raspatit cu bine, e simplu, dar faci bine fara sa astepti vreo plata si atunci vei primi! Plm... legine naturii, sunt pestetot ele guveneaza viata, moartea si creeatia, si nu te poti sustrage lor. PS: nu e deajuns sa intelegi ce am scris eu aici, trebuie sa constientizezi si sa iti insusesti la nivel de sine (subconstient). E ca si cand ai cheia dar nu o rotesti, ea trebuie rotita iar rezultatul declanseaza niste reactii in lant, incredibile si benefice evident!

Uite sursa ta : https://rstcenter.com/forum/59836-pack-scripts-shell-proxy-bruteforce-exploiter-md5-etc.rst

Nu sunt rom si nici nu le iau apararea!Eu unul sunt de parere ca nu `tiganii` sunt de vina,sunt si romani analfabeti,prosti,care violeaza si omoara.Asa cum si Spaniolii de exemplu au `tiganii` lor asa ii avem si noi pe ai nostrii,doar ca e o imensa diferenta!Cand o sa ajunga Romania peste oricare alta tara din UE atunci sa va plangeti de `tigani`.

Design Patterns: Elements of Reusable Object-Oriented Software O carte destul de veche ('97), dar foarte buna. Nu este pentru incepatori, dar explica in amanunt. In plus, include si implementarile design pattern-urilor in C/C++. http://www.sendspace.com/file/mqw0xe timeismoney The way programming should be.