Jump to content

Kabron

Active Members
  • Posts

    250
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by Kabron

  1. A trecut ceva timp de când am postat pe aici, motiv pentru care a ap?rut ?i acest post. Despre ce este vorba? We all love WordPress, but in most cases we prefer to hide the fact that we are using a blogging platform for our entire business. From other side every day a couple of new security bugs found in plugins, themes and WordPress itself. This is natural for a popular software but are we safe? Can all plugin authors be notified timely about bugs? Are all of them responsible for security problems they generated? or Can we update our themes and plugins everyday? Hide My WP created to help us. It not only boosts our security but it also allows us to have more beautiful URLs and permalinks! Please note this is a long waited plugin. No free or premium alternative is available. Boost your security Hide My WP control access to PHP files. It protects your site from 95% of SQL-Injection and XSS attacks. This means you can install unsafe plugins without worry about security. You know hackers, spammers and robots all love WordPress, too with Hide My WP they can’t recognize WordPress and simply ignore you! Hide wp-login.php Try this: wpwave.com/wp-login.php Not found!? OK. Try this one: wpwave.com/wp-login.php?hide_my_wp=1234 Hide wp-admin and all of its files (for untrusted users) Mai multe informatii aici: http://codecanyon.net/item/hide-my-wp-no-one-can-know-you-use-wordpress/4177158 Download : Zippyshare.com - hide_my_wp.zip Pass: rst
  2. Conteaz? de câte ori se introduce codul voucher (de aici ?titi ce s? face?i) Abonament valabil pana la 20.11.2013 1X.XX.XX
  3. Link-uri de rahat, stau s? downloadez 78 de Mb cu 100kb/s *** Poftim: CTR.zip (78.8 MB) https://mega.co.nz/#!1R8RQTBL!DHLz7z5LtimSVnvHFI433nMd0mUwc9ertjzNgFzkFxs Download CTR.zip - FisierulMeu.ro
  4. Can I have my site on 2 servers simultaneusly as backup New To Web Development forum at WebmasterWorld
  5. Verfic? dac? nu este ceva de la browser, javascript
  6. Asta pentru c? nu intri pe website, zona de facebuci like înainte de a porni scriptul. Încearc? ?i o s? mearg? Baft?.
  7. Singura chestie este c? nu pot ad?uga website-ul meu via Add Site de pe tâmpenia aia de addmefast. P.S linux: /home/nume/iMacros/Macros
  8. L?sând greutatea mea ?i faptul c? sunt inapt adu argumente care s? contrazic? ceea ce am zis V?d c? e?ti "medic dentist", asta explic? de ce nu ai habar c? este genuflexiune ?i nu genoflexiune, din?ii nu fac asta ) P.S s? fiu de nu arâ?i ca un adev?rat culturist: P.S2 Faptul c? lucrezi la mami la cabinet ca medic dentist este ?i mai tare!
  9. Ce zici dac? î?i scri tu articolele ?i nu dai copy/paste? )) Ai m?car habar despre ceea ce este acolo? "Reduce?i din carbohidra?i ?i sodiu ?i reten?ia subcutanat? va scade." Asta cu sodiu -> broscience. "Dozele folosite pentru înc?rcare variaz? între 15-25g pe zi timp de 5-7 zile iar" Perioada de înc?rcare este absolut op?ional? ?i la alegerea fiec?ruia. Asta dac? vorbim de monohidrat. Dac? vorbim despre Hcl s? faci loading phase nu ?tiu cât de ok este. "1. Genoflexiuni cu haltera pe spate" Vezi c? se numesc genuflexiuni maestre, mi?care este flexia genunchiului, tu ai genunchi nu genonchi "4. Împins cu priz? medie de la umeri cu halter? din stând" Iar în titlul clipului este WIDE-GRIP -> wide grip -> priz? larg? nu medie "5. Flot?ri în mâini la paralele" Ce-i drept po?i face flot?ri în picioare folosind paralelele "3. Aceste exerci?ii reprezint? modul cel mai natural în care organismul uman realizeaz? mi?c?ri." "10. Datorit? stimul?rii mai multor grupe musculare în acela?i timp, exerci?iile de baz? ajut? la restrângerea timpului petrecut în sala de for??." Care este relevan?a? Î?i este fric? c? o s? creasc? mult prea mult nivelul de cortisol dac? te antrenezi 1 or?, o or? jumate? (b?nuind c? despre asta este vorba, nu sunt sigur c? ai habar ce este). Ultimele studii arat? destul de clar c? un nivel crescut al cortisolului nu este atât de d?un?tor precum se spunea pân? acum, din contra, poate ajuta chiar împreun? cu cel de testosteron sau cre?tere. Ceea ce vorbe?ti tu acolo, "exerci?ii de baz?" sunt de fapt exerci?ii menite s? aib? ca target cât mai mul?i mu?chi posibili în timpul execut?rilor (vezi deadlifts ?i squats), interesul fiind, cum am spus mai sus un nivel ridicat al testosteronului ?i hormonului de cre?tere. Ha?! Încearc? s? ai habar despre ce vorbe?ti/copiezi înainte )
  10. Atât eu cât ?i un amic de al meu am schimbat NS-urile ?i website-urile sunt ok. Creation date: 25/12/2012 Expiration date: 25/12/2013 (in 363 days) P.S eu am uitat s? spun, nu încerca?i s? lua?i mai mult de un domeniu.
  11. P.S Private Domain Registration este oferit gratuit
  12. Cu mult? pl?cere, s?rb?tori fericite.
  13. Cr?ciun fericit! Get free .ME domain name for a year! | The Lacuna Blog - Computer Tips and Tutorials P.S Pân? pe 31 este valabil? oferta.
  14. Hi all, From the developers' description [1], W3 Total Cache is: The most complete WordPress performance framework. Recommended by web hosts like: MediaTemple, Host Gator, Page.ly and WP Engine and countless more. Trusted by countless sites like: stevesouders.com, mattcutts.com, mashable.com, smashingmagazine.com, makeuseof.com, yoast.com, kiss925.com, pearsonified.com, lockergnome.com, johnchow.com, ilovetypography.com, webdesignerdepot.com, css-tricks.com and tens of thousands of others. W3 Total Cache improves the user experience of your site by improving your server performance, caching every aspect of your site, reducing the download times and providing transparent content delivery network (CDN) integration. Downloads: 1,388,876 Ratings: 4.6 out of 5 stars Unfortunately, it's frequently incorrectly deployed. When I set it up by going to the Wordpress panel and choosing "add plugin" and selecting the plugin from the Wordpress Plugin Catalog (or whatever), it left two avenues of attack open: 1) Directory listings were enabled on the cache directory, which means anyone could easily recursively download all the database cache keys, and extract ones containing sensitive information, such as password hashes. A simple google search of "inurl:wp-content/plugins/w3tc/dbcache" and maybe some other magic reveals this wasn't just an issue for me. As W3 Total Cache already futzes with the .htaccess file, I see no reason for it not to add "Options -Indexes" to it upon installation. I haven't read any W3 documentation, so it's possible this is a known and documented misconfiguration, but maybe not. 2) Even with directory listings off, cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable. Again, it seems odd that "deny from all" isn't added to the .htaccess file. Maybe it's documented somewhere that you should secure your directories, or maybe it isn't; I'm not sure. If I had to categorize these holes, I'd say they're due to "misconfiguration", but I figure it's relevant to write in to full-disclosure & webappsec because I'm usually not horrible with configuring things and I made these mistakes several times without realizing. I'm copying the author on this email, as he may want to include a warning message where nieve folks like myself can see it, or document these somewhere if they're not already, or at least apply the two .htaccess tweaks mentioned above. Anyway I put together a short and simple shell script that works pretty decently against my own various wordpress websites, and exploits the configuration error in point (2) above. Exploiting point (1) can be done with wget & grep and is even more dull than the below exploit. **************** W3 Total Fail Exploit for point (2): w3-total-fail - Intelligently guesses hash values in order to extract Wordpress password hashes via W3 Total Cache. (Read the entire usage message.) Screencast for point (2): http://git.zx2c4.com/w3-total-fail/plain/screencast.ogv or **************** Merry Christmas. - Jason zx2c4 Full Disclosure: Wordpress Remote Exploit - W3 Total Cache
  15. Pute?i începe prin a pune în debara baza de date actual?
  16. Când am spus ceva nou m-am referit la ceva nou format de staff-ul RST. Cum am precizat ?i mai sus, mult noroc.
  17. Acum vin ?i eu ca musca'n lapte ?i spun urm?toarele: Chiar dac? a fost pu?in gr?bit procesul de "revenire" a forumului, asta este, nu este chiar mare problem? îns? ce nu în?eleg eu sunt urm?toarele lucruri: - De ce nu se încearc? s? se fac? ceva nou având în vedere c? acum este un moment potrivit? - De ce a?i ales s? folo?i?i baza de date veche având în vedere c? deja exist? prin anumite locuri aceast? baz? de date, baz? probabil puricit? de câteva persoane? - De ce nu a?i ales un fresh start? RST-ul teoretic era mort de aproximativ doi ani oricum, nu v?d s? fie a?a mare pagub? dac? se începe ceva nou, nu v?d atat de important? baza de date actuala, ce pu?in nu din punct de vedere calitativ. L?sând deoparte zona de showoff unde mai posteaz? doar cei care au prea mult timp liber ?i sunt lucruri de rahat cea mai activ? zon? este reprezentat? de categoria off topic. Se putea încearca ceva nou, se putea îndrepta toat? aten?ia spre cei care chiar sunt pasiona?i de zona IT, cei care chiar doresc s? înve?e câte ceva, s? spun? ceva interesant. SQLi ?i XSS parc? nu intr? la categoria asta, nu ce se afl? momentan pe site. Dac? ?i pân? acum cei care aveau ceva de spus intrau rar, acum se va intra ?i mai rar. Despre scris nici nu cred c? mai are rost s? discut?m. Mult? baft? totu?i. P.S Nytro, nu este vorba despre teama de arestat, nu cred s? existe atât de multe persoane de aici în aceast? situa?ie. ?ine strict de privacy P.S2 Câ?i dintre voi ave?i alte parole acum?
  18. Kabron

    [util]URLFind

    Pentru c? mai sunt ?i oameni ce gândesc pe aici: URLFind - URL mapping and links cross domains.
  19. Pentru c? tot sunte?i atât de mul?i haceri pe acilea: Link to part 1: Sqli-Labs Series Part 1 Link to part 2: Sqli-Labs Series Part 2 Link to part 3: Sqli-Labs Series Part 3 Link to part 4: Sqli-Labs Series Part 4 Link to part 5: Sqli-Labs Series Part 5 Link to part 6: Sqli-Labs Series Part 6 (Double Query Injection) Link to part 7: Sqli-Labs Series Part 7 (Double Query Injection Continued.....) Link to part 8: Sqli-Labs Series Part 8 (Blind Injections - Boolean Based) Link to part 9: Sqli-Labs Series Part 9 (Blind Injections - Time Based) Link to part 10: Sqli-Labs Series Part 10 (Dumping Database Using Outfile) Link to part 11: Sqli-Labs Series Part 11 (Post Parameter Injection -Error Based) Link to part 12: Sqli-Labs Series Part 12 (Post Parameter Injection Double Query ) Link to part 13: Sqli-Labs Series Part 14 (Injection In Update Query) Link to part 14: Sqli-Labs Series Part 14 (Injection In Update Query) Link to part 15: Sqli-Labs Series Part 15 (Injection In Insert Query) Link to part 16: Sqli-Labs Series Part 16 (Cookie Based Injections) Link to part 17: Sqli-Labs Series Part 17 (Second Order Injections)
  20. Kabron

    Free VPS :)

    https://www.digitalocean.com/ Size: 256 Mb | Region: New York 1 | Status: Active | Image: Ubuntu 11.04 x32 Desktop | Active: 1 minute
×
×
  • Create New...