pyth0n3

In loc sa faci 3-rd party application debugging descarci SDK si creezi ceva unde ai sa poti intelege singur conceptul de Error Handling.Aplicatiile nu au nici un standard si fiecare le programeaza cum vrea el , ai putea sa scrii un mail celui care a facut aplicatia in care ii trimiti eroarea.Incearca o alta aplicatie sau astepti ca cineva sa o bage in debugger si sa iti spuna care ar fi problema?Userii care au descarcat aplicatia si au vazut eroarea nu sau prea complicat sa faca debugging .Sa fim seriosi cati din voi descarca o aplicatie pentru telefon si o desfac sa se uite la codul sursa?Ce pot sa spun este ca ar trebui sa cauti functia unde incearca sa stabileasca conexiunea cu portalul pentru a intelege daca intradevar e o problema de autentificare sau o problema pe care o da aplicatia deoarece a intalnit un anumit status code si nestiind cum sa se comporte a iesit din ciclu cu o erroare care a fost prestabilita de catre programator.

So here we have the following scenario: Determinati adresa in mod manual pentru ambele imagini Descrieti cum ati facut. Download imagini originale work.tar.gz Note:E inutil sa postati adresa daca nu descrieti cum ati facut sa o identificati Am spus in mod manual sper ca stiti ce inseamna manual

Camera Model Name ><script>alert(1);</script> Se poate pune si un XSS dar nu asa deoarece nu vine interpretat de catre browser dar exista o modalitate pentru internet explorer Au fost modificate tagg-urile , daca ai originalul punel pe portalul Microsoft Sky Drive

Avem urmatotul network +++++++++++ (blade) + Router + 192.168.123.111 +++++++++++ **************** | *--------------* | *- ZONE1 -* | *--------------* | *- Solaris 10-* |______________ *--------------* |192.168.123.0 *- SPARC 64 -* | (Subnet1) *- Router -* | *--------------* | **************** 192.168.123.110 | (BLADE) | --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|______________________________________ | | | | -------------- ---------- ------------- --------------- - Debian - - Fedora - - FreeBSD - - Centos - -------------- ---------- ------------- --------------- 192.168.123.100 DHCP 192.168.123.107 192.168.123.105 Vom izola serverul Centos 192.168.1123.105 intrun subnet separat in asa fel incat sa nu poata fi accesat de catre celelalte servere din Subnet1.Eventual ii vom lasa liber accessul SSH doar de pe reteaua externa (Internet) 1.Vom crea un router in serverul (Blade 192.168.123.110) cu un nou subnet 10.0.0.0 Vom crea urmatorul subnet2 clasa A: Network class A IP Adrddress 10.0.0.1 Subnet Mask 255.255.255.252 Broadcast 10.0.0.3 Host range 10.0.0.1 (Router),10.0.0.2 Host Centos (redman) Setari Blade solaris 10 (Router) Vom aloca o interfata fizica pentru subnet2 Show interface [blade]# dladm show-dev | sort -n | awk '{ print $1,$2,$3,$7,$8 }' bge0 link: up duplex: full bge1 link: up duplex: full qfe4 link: down duplex: unknown qfe5 link: down duplex: unknown qfe6 link: down duplex: unknown qfe7 link: up duplex: full Avem 3 interfete de retea momentan care sunt up bge0 link: up duplex: full bge1 link: up duplex: full qfe7 link: up duplex: full Vom folosi urmatoarele qfe7 -> interfata externa conectata direct la internet bge1 -> interfata interna in care vom crea un subnet Vom seta ipforwarding si routing in sistemù routeadm -u -e ipv4-forwarding routeadm -u -e ipv4-routing Vom seta ipfilter svcadm -v enable svc:/network/pfil:default svcadm -v enable svc:/network/ipfilter:default svcadm -v enable svc:/system/rmtmpfiles:default Vom adauga interfetele in fisierul de configurare a firewall-ului echo "bge -1 0 pfil" >> /etc/ipf/pfil.ap echo "qfe -1 0 pfil" >> /etc/ipf/pfil.ap Pentru a verifica daca ip forwarding si routing a fost setat corect [blade]# routeadm | head Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 routing enabled enabled IPv6 routing disabled disabled IPv4 forwarding enabled enabled IPv6 forwarding disabled disabled Routing services "route:default ripng:default" [blade]# Configurarea interfetei pt subnet ifconfig bge1 10.0.0.1 netmask 255.255.255.252 broadcast 10.0.0.3 && ifconfig bge1 plumb up echo 10.0.0.1 > /etc/hostname.bge1 echo "10.0.0.0 255.255.255.252" >> /etc/netmasks [blade]# ifconfig bge1 bge1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3 inet 10.0.0.1 netmask fffffffc broadcast 10.0.0.3 ether x:xx:xx:xx:xx:xx [blade]# INIT restart init 6 Configurarea serverului redman (Centos) Vom configura interfata de retea a serverului ifconfig eth2 10.0.0.2 netmask 255.255.255.252 broadcast 10.0.0.3 route add default gw 10.0.0.1 eth2 ifconfig eth2 up [root@redman ~]# ifconfig eth2 eth2 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx inet addr:10.0.0.2 Bcast:10.0.0.3 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:418 errors:0 dropped:0 overruns:0 frame:0 TX packets:236 errors:1 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:36660 (35.8 KiB) TX bytes:22175 (21.6 KiB) [root@redman ~]# Note: Setarile in centos nu vor fi valabile la reboot Pentru a face acest lucru va trebui creata o directiva /etc/sysconfig/network-scripts ceea ce eu nu o voi face deoarece nu am nevoie de setari statice. Vom crea o regula in Router (BLADE Solaris 10) pentru a permite ssh catre redman (centos) Aici vom face un port forwarding: echo 'rdr qfe7 192.168.123.111 port 4444 -> 10.0.0.2 port 22' >> /etc/ipf/ipnat.conf ipnat -C -f /etc/ipf/ipnat.conf Pentru a verifica regulile NAT [blade]# ipnat -l List of active MAP/Redirect filters: rdr qfe7 192.168.123.111/32 port 4444 -> 10.0.0.2 port 22 tcp List of active sessions: [blade]# Intrun final vom avea urmatorul rezultat ########## #internet# #####.#### . ----------------.---------- - SSH PKI redman port 4444- ----------------.---------- . . +++++++++.+ (blade) + Router.+ 192.168.123.111 +++++++++.+ **************** | . *--------------* | . *- ZONE1 -* (redman) | ................................. (Netmask) 10.0.0.2 _______________ * Solaris 10 -* . 255.255.255.252 ------------ |192.168.123.0 *--------------*__ NAT __________________- Centos - | (Subnet1) *- SPARC 64 -* . 10.0.0.1 ------------ | *- Router/FW -* . (subnet2) | | *--------------* . ----------- | **************** . - SSH PKI - | 192.168.123.110 . - port 22 - | (BLADE) . -----.----- | ............................ --------- - NAT - --------- | Subnet1 Address | 192.168.123.0 Netmask Address | 255.255.255.0 IP Pool Starting Address | 100 IP Pool Ending Address | 200 __________________________|____________________________ | | | -------------- ---------- ------------ - Debian - - Fedora - - FreeBSD - -------------- ---------- ------------ 192.168.123.100 DHCP 192.168.123.107

Sunt rescrise tagg-urile EXIV de catre site Mi-ar trebui de pe Facebook ,Flicker,MSN,Twitter

Apropo astept fotografia originala daca o gasiti

Nu e fotografia originala, e doar o copie si a mai fost postat

------------ - bt.ionut - - PHP GURU - ------------ ....... ........... /-------------------------- . x x . / nu ?tiu cât php ?tii - . _ . \ dar cât ?tii e?ti varz? - ....... \-------------------------- /|\ | / \ ----------------- - <?php - - unlink("foo");- - ?> - ----------------- ____ Before code processing \ ------------------ -------------- \ continut intact -foo nume fisier -______________-foo continut- \__________________ ------------------ -------------- / ____/ After code processing: ___ \ / \ ------\/--------- / -------------- \ continut intact -foo nume fisier-_______/ _______-foo continut- \________________ ------/\--------- unlink() -------------- / / \ ____/ Ouups! S-a rupt "ata"

Poftim : Sursa cod in C care cere 3 password-uri inainte sa distruga un fisier sau un director de fisiere static char data [] = #define xecc_z 15 #define xecc ((&data[0])) "\242\173\305\012\225\163\061\074\036\144\115\323\255\244\223\146" "\207" #define pswd_z 256 #define pswd ((&data[53])) "\213\316\370\033\243\135\234\014\216\366\175\203\107\171\113\025" "\001\152\110\107\031\061\271\156\114\074\325\324\103\146\261\317" "\064\251\353\330\030\016\165\040\033\074\341\256\103\212\372\132" "\154\047\016\271\217\014\020\370\365\341\026\365\163\113\072\157" "\213\342\362\243\360\147\304\013\244\246\272\347\060\265\102\234" "\334\121\125\153\136\146\144\123\107\172\111\273\305\203\052\121" "\145\034\365\125\204\271\141\050\137\033\020\217\320\123\054\255" "\245\201\030\003\347\175\127\057\367\240\353\274\043\025\016\211" "\062\003\337\267\275\100\340\034\133\361\254\054\104\330\331\351" "\132\362\355\102\157\104\162\147\344\135\044\010\162\062\221\245" "\065\161\134\362\261\074\017\015\055\274\072\162\224\023\134\357" "\006\111\061\166\216\243\335\162\000\002\173\163\064\015\030\152" "\176\165\135\057\262\155\075\340\051\167\122\276\213\257\255\221" "\370\336\010\206\202\346\371\203\350\165\366\035\202\017\207\001" "\205\345\061\067\122\156\027\174\345\152\072\160\031\347\002\022" "\306\012\231\111\360\222\314\331\010\303\366\212\322\176\214\127" "\143\275\217\266\054\246\062\021\021\154\202\052\124\205\074\033" "\217\325\145\200\150\061\131\160\364\120\373\307\316\210\037\062" "\105\256\350\161\006\210\345\225\177\142\031\306\334\144\334\335" "\316\044\044\350\125\335\127\242\032\054\166\136\223\047\056\310" "\321\031\241\330\241\206\155\041\351\206\347\305\353\303\243\272" "\347\310\242\075\246\371\337\301\046\126\037\272" #define tst1_z 22 #define tst1 ((&data[366])) "\120\330\053\147\311\223\317\231\217\145\355\044\336\347\077\167" "\207\022\370\006\004\371\227\147\043\050" #define msg1_z 42 #define msg1 ((&data[398])) "\052\224\034\021\131\007\324\327\047\123\244\016\134\125\310\276" "\166\022\170\132\223\060\047\343\075\171\064\140\365\356\374\131" "\361\322\110\125\006\061\332\046\224\365\075\307\076\127\053\351" "\331\375\302\274\305\144\372" #define lsto_z 1 #define lsto ((&data[446])) "\332" #define date_z 1 #define date ((&data[447])) "\276" #define inlo_z 3 #define inlo ((&data[448])) "\244\307\306" #define msg2_z 19 #define msg2 ((&data[454])) "\001\345\050\304\343\233\367\274\155\237\071\374\231\244\321\174" "\167\262\250\236\233\067\012\217\276\065" #define shll_z 9 #define shll ((&data[479])) "\175\342\122\157\103\024\025\315\126\233\321" #define chk1_z 22 #define chk1 ((&data[490])) "\330\100\126\053\245\263\014\204\275\221\103\224\042\276\207\244" "\166\216\353\222\161\102\302\234\011\322\253" #define rlax_z 1 #define rlax ((&data[515])) "\111" #define tst2_z 19 #define tst2 ((&data[520])) "\052\215\277\353\274\002\302\363\222\071\217\062\341\062\313\336" "\177\344\121\342\377\227\234" #define opts_z 1 #define opts ((&data[539])) "\160" #define text_z 914 #define text ((&data[722])) "\163\001\203\116\107\000\061\142\173\325\072\273\337\015\147\106" "\272\100\062\230\145\134\046\045\107\263\346\030\151\262\170\335" "\263\374\054\373\375\135\136\170\063\231\063\022\246\233\131\140" "\333\213\371\101\347\037\146\057\323\115\107\074\000\300\032\264" "\274\107\260\271\244\016\062\330\247\146\353\116\001\104\257\334" "\317\250\036\266\307\205\346\232\322\056\327\323\356\361\207\253" "\070\067\144\335\106\226\265\356\374\240\074\376\345\353\333\264" "\223\371\153\132\176\121\365\121\177\314\044\156\275\254\031\366" "\344\176\324\053\025\211\031\022\052\125\020\020\101\353\304\324" "\344\057\057\143\201\044\265\001\361\332\157\257\207\211\245\153" "\007\171\227\035\003\260\057\056\006\077\076\107\053\003\034\020" "\063\113\163\265\160\050\233\343\255\341\107\134\267\320\346\117" "\203\240\263\066\122\157\370\364\302\070\041\365\177\373\031\045" "\062\156\116\017\065\144\045\377\375\324\076\062\131\343\201\307" "\170\340\070\075\072\367\166\241\107\316\166\057\012\033\171\123" "\342\356\306\174\365\362\260\324\214\003\322\157\005\370\201\243" "\342\273\371\304\040\142\336\251\274\363\163\304\032\145\020\117" "\012\135\250\375\125\213\235\221\367\175\265\012\154\066\146\301" "\212\001\216\220\071\320\027\213\262\071\012\241\160\242\103\376" "\237\207\111\066\343\152\323\076\361\345\363\176\157\104\052\005" "\376\230\002\361\377\360\212\061\361\320\146\062\256\065\123\140" "\221\307\214\104\114\351\162\042\041\117\167\335\077\235\027\232" "\227\053\036\175\153\373\242\345\114\125\221\276\150\000\226\136" "\035\135\022\342\365\276\376\255\176\253\011\025\156\302\374\133" "\126\335\256\175\076\331\110\102\133\377\311\033\374\261\300\273" "\016\224\050\136\203\176\335\165\171\137\051\366\173\134\126\202" "\120\012\140\217\165\245\223\000\352\014\100\257\177\047\036\304" "\036\077\115\117\365\042\156\222\050\132\060\041\325\046\001\357" "\060\064\143\334\221\222\324\341\325\007\043\344\174\334\315\077" "\046\203\066\335\141\176\021\042\226\001\105\230\221\333\062\146" "\247\127\215\326\152\256\206\110\371\165\376\002\140\202\303\360" "\102\016\057\253\076\254\144\136\074\303\123\311\331\010\220\243" "\205\247\007\143\100\075\167\332\213\104\310\224\125\234\227\277" "\241\130\237\203\156\311\152\043\206\116\266\322\334\343\356\052" "\053\007\146\270\044\000\323\204\033\326\343\134\255\036\034\237" "\017\310\105\200\270\036\140\061\046\263\044\335\300\164\115\276" "\214\321\255\154\350\241\360\200\023\372\174\156\105\117\103\010" "\367\064\274\060\041\133\040\347\347\366\065\342\173\012\334\363" "\122\327\216\076\070\340\000\220\224\123\043\044\320\065\315\272" "\305\020\313\107\001\262\264\231\065\277\302\303\274\324\335\161" "\165\217\071\321\064\024\075\043\106\351\054\214\205\217\117\017" "\135\071\337\227\021\000\271\033\277\166\036\341\156\336\005\013" "\223\064\164\005\021\226\277\127\263\151\217\015\247\166\063\160" "\202\132\341\107\054\022\160\202\300\062\120\173\264\016\055\131" "\062\322\225\167\033\100\050\010\044\035\053\076\041\314\160\366" "\074\014\005\323\000\145\152\223\053\367\115\046\215\346\251\255" "\226\026\167\132\230\050\016\011\100\130\077\356\023\241\027\154" "\356\122\045\150\254\317\107\136\266\375\236\022\106\105\162\034" "\175\206\033\330\125\313\377\114\062\125\357\271\112\107\123\002" "\351\253\021\255\007\134\147\264\177\361\253\123\244\320\347\321" "\117\033\116\062\074\112\306\124\035\033\276\312\001\221\303\337" "\333\167\211\361\225\110\033\000\002\133\303\147\115\232\053\172" "\330\150\223\223\376\244\371\171\157\361\044\323\371\250\111\002" "\326\322\136\167\220\263\307\317\347\203\133\076\324\153\323\312" "\247\336\273\204\203\022\017\015\160\266\001\302\334\221\130\374" "\156\360\236\323\372\236\270\114\105\244\127\037\243\317\114\063" "\023\074\224\030\362\275\025\167\324\107\220\132\155\355\142\026" "\162\241\010\046\012\013\121\020\361\102\053\131\300\010\275\300" "\101\271\015\322\301\274\122\327\367\076\165\315\235\135\246\215" "\230\232\074\035\144\066\145\240\225\026\233\026\340\123\105\001" "\313\360\004\062\036\313\366\234\202\351\273\253\275\133\231\327" "\320\124\210\010\147\306\342\352\241\010\147\005\061\305\132\115" "\360\007\143\337\363\067\355\340\271\234\346\225\126\065\316\307" "\005\002\237\235\172\071\233\222\103\131\377\313\276\377\052\201" "\341\102\053\367\126\071\035\303\350\171\027\214\134\036\305\055" "\035\207\364\311\032\277\177\272\317\211\362\124\231\122\204\217" "\070\121\031\054\376\072\375\307\166\106\033\074\272\002\062\376" "\354\042\021\206\254\076\015\227\031\054\055\035\300\042\357\173" "\356\111\341\153\210\103\313\372\266\141\003\046\020\212\257\266" "\366\267\060\215\324\063\075\003\142\103\103\241\213\156\244\247" "\176\330\363\362\215\143\032\103\305\036\151\325\250\031\214\236" "\320\274\053\245\360\151\250\122\255\354\364\070\132\231\337\330" "\161\322\312\377\066\345\102\374\003\254\322\253\306\136\112\226" "\032\165\074\013\336\344\136\213\320\122\303\053\354" #define chk2_z 19 #define chk2 ((&data[1721])) "\210\221\106\350\357\027\131\262\071\005\204\160\306\241\112\317" "\137\271\256\166"/* End of data[] */; #define hide_z 4096 #define DEBUGEXEC 0 /* Define as 1 to debug execvp calls */ #define TRACEABLE 0 /* Define as 1 to enable ptrace the executable */ /* rtc.c */ #include <sys/stat.h> #include <sys/types.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> #include <unistd.h> /* 'Alleged RC4' */ static unsigned char stte[256], indx, jndx, kndx; /* * Reset arc4 stte. */ void stte_0(void) { indx = jndx = kndx = 0; do { stte[indx] = indx; } while (++indx); } /* * Set key. Can be used more than once. */ void key(void * str, int len) { unsigned char tmp, * ptr = (unsigned char *)str; while (len > 0) { do { tmp = stte[indx]; kndx += tmp; kndx += ptr[(int)indx % len]; stte[indx] = stte[kndx]; stte[kndx] = tmp; } while (++indx); ptr += 256; len -= 256; } } /* * Crypt data. */ void arc4(void * str, int len) { unsigned char tmp, * ptr = (unsigned char *)str; while (len > 0) { indx++; tmp = stte[indx]; jndx += tmp; stte[indx] = stte[jndx]; stte[jndx] = tmp; tmp += stte[indx]; *ptr ^= stte[tmp]; ptr++; len--; } } /* End of ARC4 */ /* * Key with file invariants. */ int key_with_file(char * file) { struct stat statf[1]; struct stat control[1]; if (stat(file, statf) < 0) return -1; /* Turn on stable fields */ memset(control, 0, sizeof(control)); control->st_ino = statf->st_ino; control->st_dev = statf->st_dev; control->st_rdev = statf->st_rdev; control->st_uid = statf->st_uid; control->st_gid = statf->st_gid; control->st_size = statf->st_size; control->st_mtime = statf->st_mtime; control->st_ctime = statf->st_ctime; key(control, sizeof(control)); return 0; } #if DEBUGEXEC void debugexec(char * sh11, int argc, char ** argv) { int i; fprintf(stderr, "shll=%s\n", sh11 ? sh11 : "<null>"); fprintf(stderr, "argc=%d\n", argc); if (!argv) { fprintf(stderr, "argv=<null>\n"); } else { for (i = 0; i <= argc ; i++) fprintf(stderr, "argv[%d]=%.60s\n", i, argv[i] ? argv[i] : "<null>"); } } #endif /* DEBUGEXEC */ void rmarg(char ** argv, char * arg) { for (; argv && *argv && *argv != arg; argv++); for (; argv && *argv; argv++) *argv = argv[1]; } int chkenv(int argc) { char buff[512]; unsigned long mask, m; int l, a, c; char * string; extern char ** environ; mask = (unsigned long)&chkenv; mask ^= (unsigned long)getpid() * ~mask; sprintf(buff, "x%lx", mask); string = getenv(buff); #if DEBUGEXEC fprintf(stderr, "getenv(%s)=%s\n", buff, string ? string : "<null>"); #endif l = strlen(buff); if (!string) { /* 1st */ sprintf(&buff[l], "=%lu %d", mask, argc); putenv(strdup(buff)); return 0; } c = sscanf(string, "%lu %d%c", &m, &a, buff); if (c == 2 && m == mask) { /* 3rd */ rmarg(environ, &string[-l - 1]); return 1 + (argc - a); } return -1; } #if !TRACEABLE #define _LINUX_SOURCE_COMPAT #include <sys/ptrace.h> #include <sys/types.h> #include <sys/wait.h> #include <fcntl.h> #include <signal.h> #include <stdio.h> #include <unistd.h> #if !defined(PTRACE_ATTACH) && defined(PT_ATTACH) # define PTRACE_ATTACH PT_ATTACH #endif void untraceable(char * argv0) { char proc[80]; int pid, mine; switch(pid = fork()) { case 0: pid = getppid(); /* For problematic SunOS ptrace */ #if defined(__FreeBSD__) sprintf(proc, "/proc/%d/mem", (int)pid); #else sprintf(proc, "/proc/%d/as", (int)pid); #endif close(0); mine = !open(proc, O_RDWR|O_EXCL); if (!mine && errno != EBUSY) mine = !ptrace(PTRACE_ATTACH, pid, 0, 0); if (mine) { kill(pid, SIGCONT); } else { perror(argv0); kill(pid, SIGKILL); } _exit(mine); case -1: break; default: if (pid == waitpid(pid, 0, 0)) return; } perror(argv0); _exit(1); } #endif /* !TRACEABLE */ char * xsh(int argc, char ** argv) { char * scrpt; int ret, i, j; char ** varg; stte_0(); key(pswd, pswd_z); arc4(msg1, msg1_z); arc4(date, date_z); if (date[0] && (atoll(date)<time(NULL))) return msg1; arc4(shll, shll_z); arc4(inlo, inlo_z); arc4(xecc, xecc_z); arc4(lsto, lsto_z); arc4(tst1, tst1_z); key(tst1, tst1_z); arc4(chk1, chk1_z); if ((chk1_z != tst1_z) || memcmp(tst1, chk1, tst1_z)) return tst1; ret = chkenv(argc); arc4(msg2, msg2_z); if (ret < 0) return msg2; varg = (char **)calloc(argc + 10, sizeof(char *)); if (!varg) return 0; if (ret) { arc4(rlax, rlax_z); if (!rlax[0] && key_with_file(shll)) return shll; arc4(opts, opts_z); arc4(text, text_z); arc4(tst2, tst2_z); key(tst2, tst2_z); arc4(chk2, chk2_z); if ((chk2_z != tst2_z) || memcmp(tst2, chk2, tst2_z)) return tst2; if (text_z < hide_z) { /* Prepend spaces til a hide_z script size. */ scrpt = malloc(hide_z); if (!scrpt) return 0; memset(scrpt, (int) ' ', hide_z); memcpy(&scrpt[hide_z - text_z], text, text_z); } else { scrpt = text; /* Script text */ } } else { /* Reexecute */ if (*xecc) { scrpt = malloc(512); if (!scrpt) return 0; sprintf(scrpt, xecc, argv[0]); } else { scrpt = argv[0]; } } j = 0; varg[j++] = argv[0]; /* My own name at execution */ if (ret && *opts) varg[j++] = opts; /* Options on 1st line of code */ if (*inlo) varg[j++] = inlo; /* Option introducing inline code */ varg[j++] = scrpt; /* The script itself */ if (*lsto) varg[j++] = lsto; /* Option meaning last option */ i = (ret > 1) ? ret : 0; /* Args numbering correction */ while (i < argc) varg[j++] = argv[i++]; /* Main run-time arguments */ varg[j] = 0; /* NULL terminated array */ #if DEBUGEXEC debugexec(shll, j, varg); #endif execvp(shll, varg); return shll; } int main(int argc, char ** argv) { #if DEBUGEXEC debugexec("main", argc, argv); #endif #if !TRACEABLE untraceable(argv[0]); #endif argv[1] = xsh(argc, argv); fprintf(stderr, "%s%s%s: %s\n", argv[0], errno ? ": " : "", errno ? strerror(errno) : "", argv[1] ? argv[1] : "<null>" ); return 1; } Trebuie compilat gcc destroy.c -o destroy chmod +x destroy Exemplu: [pyth0n3@mc]$ file phone.db phone.db: SQLite 3.x database [pyth0n3@mc]$ ./destroy phone.db Please enter your password1: Please enter your password2: Please enter your password3: 47104+0 records in 47104+0 records out 47104 bytes (47 kB) copied, 0.328082 s, 144 kB/s [pyth0n3@mc]$ file phone.db phone.db: data [pyth0n3@mc]$ /usr/bin/hexedit phone.db 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...................................................................................... Password password1 is H43T=11(f password2 is sL:X]6HH> password3 is 250w5.PLt Note:Requires Korn Shell

@bt.ionut Facem pariu, si daca iti demonstrez ca nu elimina fisierele si iti recuperez datele iti tai limba pentru ce ai spus mai sus, ti-o tai tie si la ala care tia spus ca functioneaza . rm -rf tot unlink foloseste si uite aici http://www.youtube.com/watch?v=tZhpunfbouc&list=UUVah62aHNrw6c-C-DnVW9hw&index=5&feature=plcp PHP e un limbaj high level iar eu iti spun ce face cand vine tradus la nivelul de assembler daca vrei.

Trebuie sa va bat cu cuie in cap ? Bullsh*t Functia unlink nu sterge fisierele

Pai ar avea rost sa pierzi timpul ca sa ii creezi o interfata grafica ? Program arhiveaza : tar -rvf $@ ./arhiveaza nume_arhiva nume_fisier_de_pus_in_arhiva ./arhiveaza nume_arhiva nume_director_de_pus_in_arhiva Program dezarhiveaza tar -xvf $@ ./dezarhiveaza nume_arhiva Cross platform In sistemele *NIX vine de default In windows va trebui sa instalezi Cygwin

@novarulles in primul rand as prefera don' pyth0n3 deoarece suna mai bine in al doilea rand toti cei care ati incarcat poze pe facebook facute cu un iphone 3G tocmai ati publicat urmatoarele date: GPS Latitude GPS Longitude GPS Position Facebook, MSN, Flicker precum si alte site-uri care fac hosting de imagini nu modifica tagg-urile EXIF . In acest video am introdus un mp3 intro imagine folosind-uma de tagg-urile EXIF dupa care am incarcat imaginea in MSN Oricine poate descarca o copie cu imaginea si extrage mp3-ul.Cine a spus ca sharing de mp3 comercial trebuie facut doar pe trackere de torrente se poate face si pe portalul Microsoft sau Facebook. Embedding mp3 to jpeg image - YouTube Poate o sa va fie de ajutor #!/usr/bin/python #Purpose: Will display the number of Bytes to remove #Author pyth0n3 import sys if len(sys.argv) < 2: print '\n[+] Usage: python showbyte.py <yourfile>\n ' sys.exit() file = sys.argv[1] myfile =open(file).read().index("begin-base64") print "\n" , "[",myfile,"]", "Bytes to remove\n" #END

./script numefisier -> rescrie tot fisierul cu 0 ./script nume_director -> rescrie directorul si toate fisierele din el cu 0 ./script / -> rescrie directorul root cu 0 in mod recursiv + toate fisierele existente in acest director Nu elimina fisierele le rescrie cu 0 si e mult mai eficient decat rm -rf Bineinteles pentru a distruge un mirror ./script drive1 ./script drive2 Note:Trebuie rescrise toate partitiile care fac parte din mirror pentru a distruge datele #!/bin/ksh ###Display handler if [[ $# -lt 1 || $# -gt 1 ]]; then print "[+] Usage: $0 filename "; print "[+] $# Arguments were Supplied, must be 1 "; print "[+] Exiting.."; exit 32; fi ###Main typeset handler=$1; LOCATION=$(find $handler -name "*" -type f) for f in $LOCATION; do dd if=/dev/zero of=./$f bs=1 count=$(echo $(stat -c%s "$f")); done

O idee ar fi rescrierea fisierelor deoarece este mai eficienta decat eliminarea lor care pana la urma se limita la un simplu unlink si datele pot fi recuperate intrun mod destul de simplu, dar nu e valabila daca vin implementate si solutii de mirror|clone|snapshot etc.

1.Elimina database-ul doar daca e mysql (Nu e valabil si in alte tipuri de database si readuc aminte mysql nu este singurul db care exista) 2.Nu sterge datele ci face doar unlink care e cu totul altceva ( adica sterge doar numele fisierelor nu si continutul ,reduce numarul de referinte in inode si atat , asta inseamna ca datele exista in continuare). 3.Daca vine rulat intrun host 3rd party (pe langa faptul ca datele vor ramane oricum in partitie deoarece ai facut doar unlink pot fi implementate si solutii de mirror|clone|snapshot care oricum vor pastra o copie fresh a datelor. 4.In cazul in care vin implementate solutiile de la punctul 3 iti demonstrez ca nu vei distruge datele nici daca vei folosi comandul "dd" (conversion of raw data) care poate face un device format la un low level. 5.Tu ai chemat doar cateva functii intrun limbaj de programare high-level interpretat la nivel de utilizator care vin traduse la un low-level si fac un indirect system call , adica solicita un serviciu la nivelul de kernel a sistemului de operare. Un syscall furnizeaza doar o interfata intre user level si system level care poate fi chemata prin intermediul diverselor limbaje de programare high-level.Prin intermediul limbajelor de programare high level se face doar o cerere care nu e nicidecum echivalenta cu un ordin.

1.Nu ai specificat platforma doar nu vrei sa ghicesc toate sistemele operative existente 2.Cred ca esti constient ca ip-ul local al calculatorului nu este echivalent cu ip-ul public. 3.Nu ai specificat cate interfete are serverul sau pc-ul tau deoarece fiecare poate avea un ip divers Oricum pt unix&linux /sbin/ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}' | mail -s "Local Ip" you@youre.yours Unde eth0 este interfata de retea Dealtfel ia si descrie in detaliu ambientul

Pwned by EXIF data Cand am facut un tutorial despre tagg-urile EXIF am avut mai putina popularitate decat topicul cum sa inchizi un cont de facebook.Multi habar nu au ca un asemenea tag detine informatii foarte pretioase care pot fi uploadate oriunde cu imaginea , iar facebook nu modifica tagg-urile si nici MSN.

NU ma intereseaza scannerul tau si punct nici gratis si nici sursa , la mine in pc rulez doar jucariile mele , ale voastre le dau drumul in gradina mea zoologica sa vad cum se comporta , si voi restul folositi-il in continuare pana cand nu va saturati.Am incheiat comentariile!E corect sa stii cum functioneaza un lucru inainte sa il folosesti. Data viitoare nu ma mai bag ca musca in lapte sa controlez nimic ,daca e un backdoor va las sa il folositi linistiti cu cat mai multi cu atat mai bine.Sh*t pana la urma nimeni nu imi da 2 lei.Va umflati fiecare!

Ori ii pui un pass corect ori ii pui un pass care nu e corect iese curat cu un exit status 0 . Targetul meu inchide orice conexiune deci eu ma intreb cu cine face bruteforce daca conexiunea este inchisa?Target-ul l-am configurat sa nu accepte nici un fel de password deci scriptul ar trebui sa iasa si nu curat ci cu un exit divers de 0.Eu nu astept codul sursa ci doar sa isi faca treaba intrun mod putin mai normal fara conexiuni suspecte si iesiri de 0 in orice situatie.

Stabileste o conexiune cu un ip extern (probabil ai facut update de la domeniu la ip) din romania dupa care stabileste o conexiune cu target-ul , dupa ce face bruteforce stabileste o alta conexiune cu un ip extern.Folosind scriptul pentru bruteforce avem un exit status 0 pe cand target-ul a inchis conexiunea (False Positive).Testat in laborator! Blocati conexiunea in OUTPUT chain pentru adresa ip iptables -A OUTPUT -p tcp -d 89.45.197.158 -j DROP Desi cred ca va castreaza din functii deoarece el testeaza conexiunea catre extern inainte sa faca treaba , nu cred ca e corect asa ceva nimeni nu a certificat ca aceasta conexiune este legala si nu stim exact ce face .In al doilea rand nu poti iesi cu un exit status 0 pe cand target-ul iti inchide conexiunea testat cu un sigur pass dar presupun ca nu iese din loop pana cand nu termina lista de password-uri asadar daca target-ul iti inchide conexiunea din start e inutil sa incerci alte password-uri si nu poti iesi curat trebuie controlate la randul lor aceste structuri de control.Aveti grija ce rulati in computer-ul vostru controlati ceea ce face inainte de a executa scripturile.

Singurele distro Linux despre care putem vorbi si pune in confrunt intre ele sunt: Debian,RedHat,Slackware,Suse, restul sunt doar derivate , Ubuntu e un derivat si nu il voi pune in confrunt cu nici una din distributiile de mai sus. Eu cand voi vorbi de Linux ma voi referi doar la 4 distributii iar cand ma voi referi la derivate voi specifica cine este tatal. In privinta asta nu am nici un dubiu, ma refeream la final users.Sunt mai multi fani Ubuntu si e mai usor de aceea au ales ca suit-ul de tool-uri sa fie in ubuntu.Eu as fi preferat sa ramana o distributie pura ca Slackware .(Asta e doar una din parerile mele)Ei au facut ceea ce au crezut mai bine pentru final users. Oricum e destinat pentru pentesting LiveCD dar poate fi si instalat evident.

Eu nu am inteles inca cat de departe trebuie sa continui cu vanzarile astea.Adica pana la ce punct, userii imi spun ca sunt interesati si ma intreaba pretul , cred ca tre sa fie ceva de genul da ori ba.