 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 188
 Members: 0
 Total: 188
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
hash is nothing but random bytes hex encoded.
so you have two choices
1) count how many hex chars that is and take a guess by looking lengths
http://en.wikipedia.org/wiki/List_of_hash_functions
... |
|
|
|
|
You want to backdoor all other sites index files or all files?
Discression is always good and infecting every file on servers might not be very discrete.
/edit
allthough in some cases it could hel ... |
|
|
|
| Heintz |
|
| Replies: 1 |
| Views: 11711 |
|
|
 |
|
 |
|
http://www.ai-junkie.com/
hands on and plain english , not too academical.
Cause i'm being taught java i rewrote the genetic algorithm and neural network classes over to java. for learning purpo ... |
|
|
|
| Heintz |
|
| Replies: 1 |
| Views: 12290 |
|
|
|
|
|
|
Hi,
I happened to read once here about Waraxe describing how a good php shell should be like. I had similar ideas at the time, but my script was half done / and originally meant private use. Then i ... |
|
|
|
|
Hello been a long time,
thought someone might be interested to know about this tool.
download address: http://www.plain-text.info/dl/file/gwl
What it does: It takes wordlists as input and sorts ... |
|
|
|
|
http://www.securityfocus.com/archive/1/442438/30/0/threaded
Affected versions: php 5.1.4 and older, 4.4.3 and possibly older
Cause: when php-s sscanf functions format argument contains argument ... |
|
|
|
| Heintz |
|
| Replies: 6 |
| Views: 17326 |
|
|
|
|
|
|
if apache runs as a high privileged user like root and php is badly configured then yes. 'whoami' shell cmd to find out what user you are.
anyway i took a look at the c99sh source and its half-lie ... |
|
|
|
| Heintz |
|
| Replies: 3 |
| Views: 13337 |
|
|
|
|
|
|
i think any somewhat experienced c programmer knows the technique, but
the real thing is the exploitation. in other words making a schellcode from bytes which get through all kinds of different filte ... |
|
|
|
| Heintz |
|
| Replies: 1128 |
| Views: 1371897 |
|
|
|
|
|
|
7af36368f003c7e68e752b963072900d alhadara 54959db46671c1aa6eaf9d9a95d66a26 xp7ytp
big thanks to Waraxe for linking  |
|
|
|
| Heintz |
|
| Replies: 80 |
| Views: 140235 |
|
|
|
|
|
|
What's the deal with Plain-Text.info anyway? I've got a hash that's at 97% and has been waiting for 208 hours. Sorting their list shows the last hash have been waiting 391 hours at 97%.
Yet they cl ... |
|
|
|
| Heintz |
|
| Replies: 3 |
| Views: 15113 |
|
|
|
|
|
|
i now start to see the nessesarity of rewrite of nuke source. i took a look at nuke source too and some patches seem to be directly for exploit urls.
what i mean is like fictional (not found in nuke ... |
|
|
|
| Heintz |
|
| Replies: 10 |
| Views: 20876 |
|
|
|
|
|
|
firstable, great work on last advisory.
will be interesting to read the coming ones. hopefully software author respond more sensibly too |
|
|
|
| Heintz |
|
| Replies: 4 |
| Views: 11555 |
|
|
|
|
|
|
shure
http://www.php.net/uniqid |
|
|
|
| Heintz |
|
| Replies: 4 |
| Views: 11555 |
|
|
|
|
|
|
working on "the" forum? doesnt say anything to me. firstable tell what software you are working on (NOT the url where the forum is though).
and not every long hex string is a md5 hash.
so get the so ... |
|
|
|
| Heintz |
|
| Replies: 11 |
| Views: 17331 |
|
|
|
|
|
|
this might be a bit offtopic but here goes anyway,
Those GET tricks reminded me another issue that is also often overlooked:
auto-submitting forms:
nice.html:
<html>
<head>
<t ... |
|
|
| Page 1 of 6 |
Goto page 1, 2, 3, 4, 5, 6Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
