-
Posts
1374 -
Joined
-
Last visited
-
Days Won
14
Everything posted by Ganav
-
Majestic bot necesita un pachet software numit mono, ce permite rularea de aplicatii native Windows pe Linux. Site-ul se gaseste aici: http://mono-project.com/Main_Page Pentru a descarca pachetul este recomandat, totusi, sa folosim repository-ul de pe github(pe site nu sunt prezente ultimele release-uri intrucat programul a fost migrat pe github). Folosind comanda: git clone git://github.com/mono/mono.git putem descarca sursele in directorul curent. Ulterior, construim aplicatia folosind sursele respective. Introducem in terminal urmatoarele comenzi: cd mono ./autogen.sh --prefix=/usr/local Daca totul a decurs bine ar trebui sa avem un fisier Makefile in directorul curent. Acum rulam urmatoarea comanda: make get-monolite-latest care descarca cateva submodule de care are mono nevoie. Inainte de a incepe compilarea trebuie sa validam un fisier ClaimsPrincipal.cs la linia 72. Rulam urmatoarele comenzi: find . -name "ClaimsPrincipal.cs" O data ce gasim calea rulam: gedit ./mcs/class/corlib/System.Security.Claims/ClaimsPrincipal.cs la linia 72 inlocuim: identities.Add (new ClaimsIdentity (identity)) cu identities.Add (new ClaimsIdentity (identity)); Acum putem incepe compilarea. Executam: make make install make clean make ca si user obisnuit si make install ca si r00t. Daca totul a decurs cu success putem lansa un program windows folosind comanda: mono program.exe Putem plasa si argumente relevante pentu program in linia de comanda. Atentie! aplicatia ruleaza doar daca executabilul nu are dependente externe, care nu sunt native platformei windows(.dll-uri necesare la runtime). Eu am l-am folosit pentru a lansa majestic bot 12 care se gaseste aici: http://www.majestic12.co.uk/ Pentru detalii privind instalarea puteti vedea fisierul README.md. Este o arhitectura P2P si necesita o inregistrare la inceputul rularii. Trebuiesc exportate cateva variabile de mediu(in $PATH): LD_LIBRARY_PATH=/usr/local/lib:/home/alex/MJ12node export LD_LIBRARY_PATH MONO_THREADS_PER_CPU=100 export MONO_THREADS_PER_CPU Mono permite si lansarea de aplicatii native windows pe linux cu conditia sa nu necesite depente externe(.dll-uri) si care nu tin de Windows, la runtime. Este mai eficient ca o masina virtuala intrucat are mai putine niveluri de abstractizare.
-
+1 pentru libgen. Uita-te la an: Last updated on 3 October, 3013
-
Connected to 188.210.83.37. 421 Service not available, remote server has closed connection ftp>
-
Da, majoritatea youtube-erilor cu greutate provin din Romania. Ban-ul e pe drum(sper).
-
Mai era un truc pe messenger, pe care il folosea Nemesis parca. Schimbi iconita fisierului .exe sa apara ca si cum ar fi o imagine si ii dai un nume lung de genul: poza.jbg[sPACE][sPACE].exe si il trimiti prin messenger. Lumea de obicei nu deschide fereastra destul de mult
-
Israelian websites Upload-form.php Vulnerability
Ganav replied to CaVaLerul's topic in Cosul de gunoi
Ce relevanta are faptul ca sunt domenii din Israel? Un form de upload nu garanteaza o gaura de securitate. Trebuie, in primul rand, sa permita upload-ul de script-uri executabile(PHP, ASP) si in al doilea rand trebuie sa poti accesa folderul unde a fost urcat fisierul. Poti folosi urmatorul truc pentru a trece de upload: schimbi numele fisierului din r57.php in r57.php%00.jpg. Vezi care sunt extensiile permise. Poti avea si client side validation. Aici poti folosi burpsuite pentru a schimba numele fisierului inainte de a-l urca. Unele functili de upload pot genera nume unice de fisiere(de exemplu MD5(nume_fisier + timestamp)) care sunt imposibile(vorbesc din experienta) de ghicit. Mai trebuie sa stii si unde au fost urcate fisierele si daca userul(pe linux este www-data) are acces la directorul respectiv. -
Intocmai, de aceea recomand cautarea unor VPN-uri comerciale ce ofera o perioda de incercare(trial).
-
Imi aduc aminte de aceasta carte. Mai jos sunt inca doua carti. Prima se adreseaza programatorilor incepatori, si are o structura didactica(este pentru platforme x86 Windows) iar cea de a doua, "Professional Assembly Language x86", cuprinde si regstrii de tip streaming mmx/sse si este pentru *NIX-uri. http://kysmykseka.net/kysmyk/Wizardry/Programming/Assembly/Assembly%20Language%20for%20x86%20Processors%206th%20Ed.pdf https://github.com/forhappy/CS61/blob/master/Books/Professional.Assembly.Language.Jan.2005.eBook-DDU.pdf
- 1 reply
-
- 1
-
Navigand pe forum am constatat ca sunt numeroase oferte si cereri legate de utilizarea de VPN-uri. Cu o scurta cautare pe google am gasit un furnizor care da trial pentru 24 de ore si necesita doar o adresa de e-mail(pe care ulterior se va livra codul de activare). Adresa furnizorului este: https://billing.cactusvpn.com/free-vpn-trial/ Introduceti, desigur, date arbitrare la nume si prenume iar pentru e-mail puteti genera un cont temporar folosind: http://10minutemail.com/10MinuteMail/index.html Acum aveti access prin VPN timp de 24 de ore dupa care operatia trebuie reluata. Daca, ulterior, nu mai primiti un cont incercati sa dati clear cookies si/sau intrati prin proxy(merge si tor). Eu am ajuns la aceste site-uri cu cateva cautari banale pe google. Se pot folosi dork-uri pentru a cauta furnizori si din alte regiuni. De exemplu: free vpn trial and site:.de vpn trial and site:.de
-
Pentru inceput nu poti da flood prin tor, cel putin de tip UDP. Au fost numeroase discutii pe tema asta si pana la urma s-a hotarat ca protocolul sa fie exclus din cadrul retelei(multi utilizatori se foloseau de tor pentru a descarca fisiere multimedia de mari dimensiuni, extenuand astfel resursele disponibile). Autoritatile isi pot da seama daca cineva se foloseste de tor pentru a "perturba un sistem informatic" urmarind in prinicpal doua aspecte: DNS lookups(acestea nu se fac implicit prin serverul SOCKS 5.0 pe care ruleaza tor si pot divulga IP-ul tau real) si asa numitele "timing attacks". Prin atacurile de sincronizare se pot determina intervalele de timp in care se face atacul. De exemplu, daca eu dau flood la un server autoritatile pot vedea ca folosesc tor in timp ce serverul primeste pachetele prin tor. Urmarind mai mult timp momentele in care esti activ si ataci si momentele in care atacurile sunt primite de server "organele autorizate" pot trage concluzia ca esti un potential suspect. Acum conteaza si ce server "perturbi" dar si cat de grava este "perturbarea". O comunitate restransa de gameri nu dispune, in general, de cunostiintele necesare pentru a se apara(ar putea instala Snort dupa care sa stabileasca o regula de filtrare simpla: daca pachetele contine cuvantul "tor" sau "onion" pachetul este sters(dropped). Este putin probabil ca politia sa intervina in astfel de situatii(din pacate legea se aplica numai atunci cand interesele celor care o scriu sunt in joc).
-
Cate surse WiFi sunt in jur. Si eu am uneori problema aceasta pe Ubuntu. Incearca sa se conecteze la hot-spot-ul/router-ul cu semnalul cel mai puternic. Cu alte cuvinte daca sunt deja conectat si gasesc o sursa mai puternica de semnal ma deconecteaza si incearca o noua conexiune cu aceasta. Este putin diferita implementarea pe linux decat cea pe windows.
-
Hacking ASP/ASPX sites - Aspx Injection
Ganav replied to Individual14xxx's topic in Tutoriale in engleza
Vezi ca ai o greseala in sintaxa care iti returneaza numele celei de a doua tabele. In loc de [url]www.vulnerablesite.com/gallery.aspx?id=10[/url] and 1=convert(int,(select [COLOR="#FF0000"]top1[/COLOR] table_name from information_schema.tables where table_name not in ('first_table_name'))) replace the first_table_name with the actual table name we got above. trebuie sa fie [url]www.vulnerablesite.com/gallery.aspx?id=10[/url] and 1=convert(int,(select [COLOR="#FF0000"]top 1[/COLOR] table_name from information_schema.tables where table_name not in ('first_table_name'))) replace the first_table_name with the actual table name we got above. Un mod mai neconventional de a invata SQLi este sa exploatezi un site cu sqlmap si sa faci sniffing cu wireshark/tcpdump. Dupa aceea poti vedea toti vectorii de atac care au fost folositi. -
Baza de date ebay a fost compromisa in totalitate!
Ganav replied to doiulyka's topic in Stiri securitate
De cele mai multe ori cand o baza de date a unei corporatii de renume este compromisa ajunge de vanzare pe diferite piete clandestine, ce se gasesc pe asa numitele dark-neturi sau daca vrem sa folosim termenul mediatic "hidden web". Acolo sunt diferiti indivizi si organizatii care pun sume semnificative de bani in joc sub forma de bitcoin-uri. Aceste entitati cumpara orice ce este scump, in baza faptului ca ar avea o valoare proportionala cu costul.Modul in care se folosesc de aceste informatii lasa, insa, de dorit. Am vazut un caz cand o baza de date de 1TB a fost cumparata de un client din Kurdistan. In concluzie, nu va faceti griji, schimbati parola doar pentru linistea proprie. -
Am observat ca ai setat "Hide extensions for known files" pe acea statie. Nu are importanta daca nu o folosesti in scopuri lucrative sau daca folosesti o masina virtuala. Din cele doua update-uri semnificative observ ca ambele se refera la anul 2009. Se poate oare sa fie patch-uri pentru vulnerabilitatile exploatate de StuxNet? Ma intreb oare daca Windows nu are si alte vulnerabilitati intentionat plasate in kernel in scopuri de monitorizare, de spionaj industrial si/sau militar.
-
Intrebarea este: mai avem nevoie de emotii? de a comunica in persoana cu cineva de care oricum nu ne pasa sau cu care nu ne vom mai intalni pentru tot restul vietii? Practic technologia ne accelereaza ritmul vietii; cu alte cuvinte traiesti mai mult in acelasi interval de timp ca si generatiile trecute. Dezavantajul este ca se pierde interesul pentru literatura beletristica, muzica clasica si arta. Toate acestea vor disparea in viitor. Poate unii din noi chiar vom apuca aceasta perioada.
-
Mrs. Eu l-am cumparat acasa pentru 60RON acum cateva luni. Am mai prins si Dead Space I la "oferta".
-
O sursa destul de cuprinzatoare se poate gasi aici: c++ faq - The Definitive C++ Book Guide and List - Stack Overflow. Cartile se adreseaza pentru toate categoriile de programatori(novice, intermediari si avansati). Pentru programare in Java poti arunca o privire aici: http://javarevisited.blogspot.it/2013/01/top-5-java-programming-books-best-good.html
-
Sunt cateva aici: Web Shells and RFIs Collection
-
Am observat ca sunt unele probleme legate de sintaxa(in array-ul de shell-uri exista o intrare de tipul ...,"shell1.php",,"shell2.php". Codul editat este mai jos: <p align="center"> <img border="0? src="http://img213.imageshack.us/img213/2766/76507468.jpg"</p> <link href="http://dz48-coders.org/indexi/pic/favicon.ico" type="image/x-icon" rel="shortcut icon" /> <title>PHP Shell Finder by PirateHack ~ UBERS</title> <body background="http://i.imgur.com/Hu89kme.png" bgcolor="black"> <style> body,td,th{ font: 8pt Lucida,Tahoma;margin:0;vertical-align:top;color:#00ff00; } table.info{ color:#000;background-color:#222; } span,h1,a{ color: $color !important; } span{ font-weight: bolder; } h1{ border-left:7px solid $color;padding: 3px 5px;font: 14pt Verdana;background-color:#333;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#222; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #555;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:300px; } input,textarea,select{ margin:0;color:#999;background-color:#222;border:1px solid $color; font: 8pt Tahoma,’Tahoma’; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} .l2{background-color:#333} pre{font-family:Courier,Monospace;} .found { color: #008000; font-weight: bold; } .damane { color: #FFFF00; font-weight: bold; } .scan { color: #A52A2A; font-weight: bold; } .start { color: #0000FF; font-weight: bold; } // –> </style> </head> <body> <p align="center"> </p> <p align="center"> </p> <p align="center"> </p> <p align="center"><font color="FC0000" size="4"> SHELL Finder by PirateHack ~ UBERS.org, Edit by TheB</font></p> <br> <form action="" method="post"> <p align="center"> <input name="traget" type="text" size="30" value="http://website.com"/><br> <br><br> <input name="scan" size="80" value="SCAN THIS" type="submit"> </form> <?php /* Coded by PirateHack Website: HackShqip.AL */ set_time_limit(0); if (isset($_POST["scan"])) { $url = $_POST['traget']; echo "<br /><span class=\"start\">Scanning ".$url."<br /><br /></span>"; echo "Results:<br /><br />"; $shells = array("WSO.php", "dz.php", "cpanel.php", "cpn.php","sql.php","mysql.php","madspot.php", "Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","dz0.php","dam.php","user.php","dom.php","whmcs.php", "vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php" , "d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","Sym.php","c22.php","c100.php", "wp-content/plugins/akismet/admin.php#","wp-content/plugins/google-sitemap-generator/sitemap-core.php#", "wp-content/plugins/akismet/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php", "tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php", "tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","tmp/admin.php","cliente/downloads/h4xor.php", "whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php", "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar", "admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","administration/Sym.php","images/Sym.php", "/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","/shell.php","/sa.php","/admin.php", "/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php", "/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz", "/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt", "/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","/backup.sql","/back.sql","/data.sql","wp.rar/", "wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php", "tmp/killer.php","whmcs.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/", "tmp/d0maine.php","d0maine.php","tmp/sql.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl", "forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php", "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php", "Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/", "tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php", "/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/","admins.asp","admins.php","test.php","/image/WSO.php","/image/dz.php","/images/cpanel.php","/image/cpn.php","/image/sql.php","/image/mysql.php","/image/madspot.php", "/image/Cgishell.pl","/image/killer.php","/image/changeall.php","/image/2.php","/image/Sh3ll.php","/image/dz0.php","/image/dam.php","/image/user.php","/image/dom.php","/image/whmcs.php", "/image/vb.zip","/image/r00t.php","/image/c99.php","/image/gaza.php","/image/1.php","/image/wp.zip"."wp-content/images/disqus.php", "/image/d0mains.php","wp-content/images/akismet.php","/image/madspotshell.php","/image/Sym.php","/image/c22.php","/image/c100.php", "wp-content/images/admin.php#","wp-content/images/sitemap-core.php#", "wp-content/images/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php", "/image/madspotshell.php","/image/root.php","/image/whmcs.php","/image/index.php","/image/2.php","/image/dz.php","/image/cpn.php", "/image/changeall.php","/image/Cgishell.pl","/image/sql.php","/image/admin.php","/image/h4xor.php", "/image/dz.php","/image/L3b.php","/image/d.php","/image/d.php","/image/L3b.php","wp-content/images/admin.php", "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar", "/image/admin2.asp","/image/uploads.php","/image/sa.php","/image/sysadmins/","/image/admin1/","/image/Sym.php","images/Sym.php", "/image/r57.php","/wp-content/images/disqus.php","/image/shell.php","/image/sa.php","/image/admin.php", "/image/sa2.php","/2.php","/image/gaza.php","/image/up.php","/image/upload.php","/image/uploads.php","/image/index.php","/image/shell.php","/image/amad.php", "/image/t00.php","/image/dz.php","/image/site.rar","/image/Black.php","/image/site.tar.gz","/image/home.zip","/image/home.rar","/image/home.tar","/image/home.tar.gz", "/image/forum.zip","/image/forum.rar","/image/forum.tar","/image/forum.tar.gz","/image/test.txt","/image/ftp.txt","/user.txt","/site.txt", "/admin/cpanel","/awstats","/image/site.sql","/image/vb.sql","/image/forum.sql","/image/backup.sql","/image/back.sql","/image/data.sql","/image/wp.rar/", "wp-content/images/disqus.php","/image/asp.aspx","/image/index.php","/image/vaga.php", "/image/killer.php","/image/whmcs.php","/image/killer.php","/images/domaine.pl","/image/domaine.php","/image/useradmin/", "/image/d0maine.php","/image/d0maine.php","/image/sql.php","/images/dz1.php","/image/dz1.php","/image/forum.zip","/image/Symlink.php","/image/Symlink.pl", "forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php", "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php", "Server.php","/image/uploads.php","/image/up.php","Server/","/image/c99.php","/images/priv8.php","/image/priv8.php","/image/cgi.pl/", "/image/cgi.pl","/image/dom.php","/images/index.php","/image/webadmin.html","/image/admins.php", "/wp-content/image/d00.php", "/image/admins/","/image/admins.asp","/image/admins.php","/image/test.php","/images/WSO.php","/images/dz.php","/e107_administrator/cpanel.php","/images/cpn.php","/images/sql.php","/images/mysql.php","/image/madspot.php", "/images/Cgishell.pl","/images/killer.php","/images/changeall.php","/images/2.php","/images/Sh3ll.php","/images/dz0.php","/images/dam.php","/images/user.php","/images/dom.php","/images/whmcs.php", "/images/vb.zip","/images/r00t.php","/images/c99.php","/images/gaza.php","/images/1.php","/images/wp.zip"."wp-content/disqus.php", "/image/d0mains.php","wp-content/images/akismet.php","/image/madspotshell.php","/image/Sym.php","/image/c22.php","/image/c100.php", "wp-content/images/admin.php#","wp-content/images/sitemap-core.php#", "wp-content/images/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php", "/image/madspotshell.php","/image/root.php","/image/whmcs.php","/image/index.php","/image/2.php","/image/dz.php","/image/cpn.php", "/image/changeall.php","/image/Cgishell.pl","/image/sql.php","/image/admin.php","/image/h4xor.php", "/image/dz.php","/image/L3b.php","/image/d.php","/image/d.php","/image/L3b.php","wp-content/images/admin.php", "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar", "/images/admin2.asp","/images/uploads.php","/images/sa.php","/images/sysadmins/","/images/admin1/","/images/Sym.php","images/Sym.php", "/images/r57.php","/wp-content/disqus.php","/images/shell.php","/images/sa.php","/images/admin.php", "/images/sa2.php","images/2.php","/images/gaza.php","/images/up.php","/images/upload.php","/images/uploads.php","/images/index.php","/images/shell.php","/images/amad.php", "/images/t00.php","/images/dz.php","/images/site.rar","/images/Black.php","/images/site.tar.gz","/images/home.zip","/images/home.rar","/images/home.tar","/images/home.tar.gz", "/images/forum.zip","/images/forum.rar","/images/forum.tar","/images/forum.tar.gz","/images/test.txt","/images/ftp.txt","/e107_images/user.txt","/e107_images/site.txt", "/administrator/cpanel","/awstats","/images/site.sql","/images/vb.sql","/images/forum.sql","/images/backup.sql","/images/back.sql","/images/data.sql","/images/wp.rar/", "/e107_images/disqus.php","/images/asp.aspx","/images/index.php","/images/vaga.php", "/images/killer.php","/images/whmcs.php","/images/killer.php","/images/domaine.pl","/images/domaine.php","/images/useradmin/", "/images/d0maine.php","/images/d0maine.php","/images/sql.php","/e107_images/dz1.php","/images/dz1.php","/images/forum.zip","/images/Symlink.php","/images/Symlink.pl", "forum.rar","/e107_images/joomla.zip","/e107_downloads/joomla.rar","/e107_images/wp.php","/e107_images/buck.sql","/e107_images/sysadmin.php","/e107_images/c99.php", "/e107_images/xd.php", "/e107_images/c100.php", "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","/images/upload.php","images/admin.php", "Server.php","/images/uploads.php","/images/up.php","Server/","/image/c99.php","/images/priv8.php","/image/priv8.php","/image/cgi.pl/", "/images/cgi.pl","/images/dom.php","/image/index.php","/images/webadmin.html","/images/admins.php", "/wp-content/images/d00.php", "/images/admins/","/images/admins.asp","/images/admins.php","/images/test.php"); //Start Scan foreach ($shells as $shell) { $headers = get_headers($url.$shell); if (eregi('200', $headers[0])) { //Result echo "<a href=\"$url.$shell\">$url$shell</a> <span class=\"found\">Founded!</span><br /><br/><br/>"; //By PirateHackf edit by TheB $dz = fopen("shells.txt", "a+"); $suck = "$url.$shell"; fwrite($dz, $suck."\n"); } } //Result In Text File (shells.txt) echo "<span class=\"damane\">Click Here to See Shells Founded On a txt File [ <a href=\"./shells.txt\" target=\"_blank\">shells.txt</a> ]</span>"; } ?></center> <center> <p align="center"> </p> <p align="center"> </p> <p align="center"><font color="#F6358A" size="4?></font><br><br> Where there is a shell, there is a way .</p> </p> <p> </center> </body> </html>