Jump to content

Gonzalez

Active Members
  • Posts

    1577
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Gonzalez

  1. editeaza-ti postul pana nu esti atacat de vreun nebun de ce ai vrut de la contul lui kw3 ?
  2. Gonzalez

    Vrajeli!!!

    voi baieti trebuie sa vedeti un film de la bangbros ( tipi din America, poate unii ati auzit de ei ) is meserias aia , asa prostesc fetele de numa numa. Incep dintr-o simpla discutie cum ar fi : -Hey poti sa-ti pun o intrebare ? asta e cartierul cutare ? si asa intra in vorba cu ea . . . totul vine de la sine . . . in continuare . . . Care vrea mai multe detali PM me
  3. Gonzalez

    HELP

    citeste regulile omule
  4. Rapid PHP Editor 2006 v7.3 Download: http://www.blumentals.net/download/rapidphp7.exe Addon: http://rapidshare.de/files/36010735/lz07s302-2006-10-05.rar
  5. Gonzalez

    Vrajeli!!!

    Shocker ai avut vreodata prietena !? da` !? cel putin la mine merge ,ca-s proaste de rup
  6. MySpace XSS for Firefox 0day Credit: RSnake Whelp, V-Wall ( http://v-wall.co.uk/ ) is at it again - finding more XSS vulnerabilities in MySpace. This is a pretty interesting one, because I think it proves a few points that are worth discussing. First of all, let’s just show the exploits in action: So here’s the deal. MySpace sees his vector which is onload_= which uses the non-alpha-non-digit XSS vector. That works in FireFox. Now, MySpace decides to modify the forward slash and turn it into “..” which they think will break his vector. Oh contrare! It then looks like onload.._= which doesn’t change the vector one bit! Lessons learned? 1) Don’t modify vectors if you don’t know what you’re doing. 2) Make certain you have checked all vectors with your conversion filters and 3) Don’t accept HTML, duh!. Well that last one is mine, but really, if you can help it, don’t allow users to enter stuff that can execute code. This would allow MySpace to be vulnerable to another worm, account take-overs or worse. Ouch. Thanks to V-Wall for the info!
  7. Gonzalez

    "nesimtita"

    era beata Brit ? or what ? as face un gangbang cu toate 3 !
  8. Gonzalez

    Vrajeli!!!

    Texte de agatat: Crezi in dragoste la prima vedere sau mai e nevoie sa mai trec inca o data?
  9. uitativa la rapparu' asta : Lil Jon . . . numa Yeeeaahhh , Whhat? oookkeeyy . . . zice http://www.youtube.com/watch?v=AN6eVpyOu2A
  10. Nod32 2.70.16 Final Info : NOD32 2.7 Final Released Changelog for Microsoft Windows NT / 2000 / 2003 / XP November 17, 2006 - 2.70.16 - Support for Windows Vista 32-bit and 64-bit - Anti-Stealth Technology (Rootkit Removal) - New Categorizations of Malware objects Download : http://rapidshare.com/files/3830852/Nod32_2.70.16_by_koukou.rar
  11. Dorks: "MKPortal 1.1 RC1" Method found by nukedx, Contacts > ICQ: 10072 MSN/Mail: [mail]nukedx@nukedx.com[/mail] web: [url]http://www.nukedx.com This[/url] exploit works on MKPortal <= 1.1 RC1 with vBulletin <= 3.5.4 [url]http://[victim]/[/url][mkportaldir]/index.php?ind=',userid='1 With this example you can change your session's userid to 1. Original advisory: [url]http://www.nukedx.com/?viewdoc=26[/url] # nukedx.com [2006-04-21] --Security Report-- Advisory: vBulletin <= 3.5.4 with MKPortal 1.1 Remote SQL Injection Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/04/06 22:36 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx at nukedx.com Web: [url]http://www.nukedx.com[/url] } --- Vendor: MKPortal ([url]http://www.mkportal.it/[/url]) Version: 1.1 RC1 and prior versions must be affected. (Runs on vBulletin!) About: Via this methods remote attacker can inject arbitrary SQL queries to ind parameter in index.php of MKPortal. Vulnerable code can be found in the file mkportal/include/VB/vb_board_functions.php at line 35-37, as you can see it easy to by pass this SQL update function. Also there is cross-site scripting vulnerability in pm_popup.php the parameters u1,m1,m2,m3,m4 did not sanitized properly. Level: Critical --- How&Example: SQL Injection : GET -> [url]http://[victim]/[/url][mkportaldir]/index.php?ind=[SQL] EXAMPLE -> [url]http://[victim]/[/url][mkportaldir]/index.php?ind=',userid='1 So with this example remote attacker updates his session's userid to 1 and after refreshing the page he can logs as userid 1. XSS: GET -> [url]http://[victim]/[/url][mkportaldir]/includes/pm_popup.php?u1=[XSS]&m1=[XSS]&m2=[XSS]&m3=[XSS]&m4=[XSS] --- Timeline: * 21/04/2006: Vulnerability found. * 21/04/2006: Contacted with vendor and waiting reply. ---
  12. lol ... sa mor de nu am crezut ca ii o fata, si cu poza aia pe desktop. . . seamana . . .
  13. frumos tutorial!
  14. vechi ,dar mersi ca mi-ai reamintit de el manu`
  15. cyberhacker665 thx allot PS : Razvan > cyberhacker665 e fata care o facut! lol
  16. Online TV Player v3.0.0.900 Info: Online TV Player lets you watch 850+ free Internet TV and listen 1500+ free online radio stations on your PC. It allows watcher to watch directly into TV without having to experience the annoyances of a Web site (like slow-loading pages and pop-up ads). No additional equipment required. Online TV Player support both Windows Media and Real Video. You can play most of stream formats in one program. It can set the screen window to any size that you want. It supports full-screen mode too. Download : http://www.takdata.com/download/file/OnlineTVPlayer.3.0.0.900.rar
  17. SirVic acuma la stirile Pro TV au zis ca, cica o primit oferte de la cine stie ce companii... si poate scapa nenerocitul ca Romania nu-l extradeaza ( si asta e foarte bine )
  18. NullByte Exploitation CGI File Edition Hopefully, you all have read my first nullbyte exploitation article and know what a nullbyte is. If you dont know what it is and havent read my article the nullbyte is a string used in programming languages that terminates the string. We will be using the nullbyte to trick a cgi file into displaying it's own code! In this edition of nullbyte exploitation we will see how we are able to exploit perl cgi files on the web. The first example shows of a cgi page that uses the following to access .html pages: index.cgi?pageid=3This, in turn, shows us 3.html. This is not a huge vulnerability, in itself. But, when we apply the nullbyte something magical happends. A simple PoC i will show you is how we are able to view the source of index.cgi. Look below for an example. index.cgi?pageid=index.cgi%00When we enter the null byte into the url it terminates everything so that the .html exrension is not put on.Although i havent tested this theory, but, we should be able to access /etc/passwd using this method. index.cgi?pageid=/ect/passwd%00Theoretically this should open up /etc/passwd and display the password file! Obviously, the possibilities from this point are endless. Thanks for reading!
  19. Salut! are careva regulile de la forum ? sa i le imprumut lui NullCode Mersi Anticipat!
  20. Download : http://rapidshare.com/files/5898749/Writing_Security_Tools_And_Exploits.rar.html
  21. ftp://82.78.78.17/Kit/1800 PHP Scripts (Web Developers Mega Pack)/Scripts and Programs/Unsorted/ si asa mai departe...
  22. nu e facut de mine programul Check your Messages flyppy
  23. http://rapidshare.com/files/2111413/IPB_RC_PACK.rar
  24. Cum sa-ti faci propriul server FTP unde vei putea shareui softuri,filme,muzica ... cu Server U By Sub7 [ Tutorialul e facut in engleza pentru Infected-Database si apoi tradus in romana pentru RST-CREW] 1. Trebuie sa descari urmatorul program si anume http://www.serv-u.com/customer/record.asp?prod=su Dupa ce l-ai downloadat, pornestel: 2. Click Next. Alegeyes 3. Click pe Next din nou pentru a se conecta la Serv-U 4. Scrie IP-ul tau daca ai IP static.Daca nu, lasa-l asa si click pe Next. Alege un nume serverului, eu folosesc MyFTP 5. Pe urma, Serv-U te va intreba daca vrei sau nu sa instalezi Serv-u ca un servicu [sERVICE]. Daca vrei , Serv-U va porni de fiecare data cand PC-ul tau e "ON", sau restart.Daca nu vrei,vei fi nevoit sa pornesti Serv-U manual. 6. Urmatorul pas, Serv-U te intreaba daca dai acces la userii anonimi. E mai bine sa alegi No 7. Click Yes pentru a crea un cont.Alege un nume pentru user/login,eu aleg test 8. Alege o parola.Si alege un folder/poate tot hardul de unde userii pot avea acces.Pentru asta am cread un Folder nou : C:MyFTP. 9. Din motive de securitate, alege YesDaca nu, userii au putea avea acces la alte fisiere/foldere pe care nu vrei sa le vada. 10. Avand in vedere ca setezi serverul si il testezi e mai bine pentru tine de a alege optiuneaNo Privilegepe parcurs vei intelege. 11. Click Finish si lasa Serv-U sa porneasca serverul. Urmatorul lucru e sa mergi la General. Recomandarea mea este sa verifici Hide 'hidden' files si Allow only 2 login(s) from the same IP address. Nu uita sa schimbi Allow only 2 login(s)... pentru 1 logare. 12. Acuma,poti alege ce privilegii pot avea userul tau la server. De cand acesta este un simplu test, eu am debifat toate cu exceptia Read, List, si Inherit. In acest fel userul poate doar sa vada fisierele/folderele si sa downloadeze. 13. Ultimul pas, restarteaza serverul prin Stop si Start [pornestel din nou] doar pentru a te asigura ca modificarile facute functioneaza. Ata ete,acum poti sa-ti testezi serverul prin a te logga. Read - Daca poate sau nu un user sa downloadez fisiere dintr-un anumit loc Write - Daca poate sau nu un user sa uploadeze fisiere intr-un anumit loc Append - Daca poate sau nu un user sa iti rezume partea de unde a downloadata anterior Delete - Daca poate sau nu un user sa stearga fisiere dintr-un anumit loc Execute - Daca poate sau nu un user sa execute un fisier de pe serverul tau List - Daca poate sau nu un user sa vada oricare dintre fisierele dintr-un anumit loc Create - Daca poate sau nu un user sa creeze foldere noi intr-un anumit loc Remove - Daca poate sau nu un user sa stearga sau redenumeasca un folder/fisier Inherit - Daca poate sau nu un user sa aplice lucrarile lui anterior facute intr-un folder/fisier O informatie EXTRA pentru n00bi despre FTP : Syntaxa pentru a creea un FTP : ftp://user:pass@ipaddress-or-domainname:port Enj0Y!
  25. Gonzalez

    Autocrash

    si cum il opresti ?
×
×
  • Create New...