##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
def initialize(info={})
...
15 August 2013
[Metasploit] Joomla Media Manager File Upload Vulnerability
Baca Selengkapnya...
[Metasploit] Joomla Media Manager File Upload Vulnerability
12 June 2013
Cisco ASA Ethernet Information Leak
#!/usr/bin/env python
# CVE-2003-0001 'Etherleak' exploit
# =================================
# Exploit for hosts which use a network device driver that pads
# ethernet frames with data which vary from one packet to another,
# likely taken from kernel memory, system memory allocated to
# the device driver, or a hardware buffer on its network interface
# card. Exploit uses scapy with either ICMP or ARP requests as
# this can trigger with either but...
13 May 2013
19 April 2013
ZPanel Code Execution
Hi all,
There's an arbitrary (PHP) code execution in ZPanel, a free and open-source shared hosting control panel. Using the included zsudo binary, access can be escalated and commands can be run as root.
The vulnerability :
ZPanel uses a poor "templater" system that basically consists of a few str_replace calls and an eval... and as could be expected from something like this, it does a very poor job at preventing malicious code. The relevant...
18 April 2013
Samsung Developer Competition 2013
Samsung menggelar rangkaian acara Samsung Developer Competition 2013. Sebuah acara untuk menjembatani pemain di industri mobile, ahli di bidang produk mobile dan juga para pengembang aplikasi. Tujuannya adalah agar para pengembang bisa melihat apa saja kebutuhan industri yang bisa dipenuhi dengan aplikasi mobile.
Acara kompetisi ini telah dimulai dengan rangkaian workshop dan seminar ke berbagai kampus. Untuk gelaran pertama telah dilaksanakan di...
30 March 2013
Analisa tentang Tools Adwind ( Adwind Web Fake ) yang berbentuk *.jar
Saya kurang begitu tau tentang kapan dan dimana pertama kali software ini di Release.
pertama kali saya mendengar software ini dr teman yang namanya tidak bisa saya sebutkan. Teman saya bertanya
MyFriends : man, lo udah tau belum tentang soft "Adwind Web Fake"?
Me : wew, itu tools apa kk???
MyFriends : Tools itu semacam tools untuk membuat web Fake dimana...
10 March 2013
SyRiAn Sh3ll V7
Source Lengkap bisa diambil di sini http://pastebin.com/vsnFh...
09 March 2013
Google Fusion Tables Cross Site Scripting
# Title: Google Fusion Tables XSS (HTML Injection) Vulnerability
# Release Date: 07/03/2013
# Author: Junaid Hussain - [ illSecure Research Group ]
# Contact: illSecResearchGroup@Gmail.com | Website: http://illSecure.com
# Vulnerable Application: https://www.google.com/fusiontables/DataSource?dsrcid=implicit
-------------------------------------------------------------------------------------
//##### Process:
1. go to https://www.google.com/fusiontables/DataSource?dsrcid=implicit
2....
04 March 2013
Learning Whitehat Hacking and Penetration Testing 2012
Infinite Skills - Learning Whitehat Hacking and Penetration Testing 2012 | Size 1.35 GB
SKU: 01724 | Duration: 10.5 hours - 103 lessons | Date Released: 2012-10-05
Works on: Windows PC or Mac | Format: DVD and Download | Instructor: Ric Messier
In this Ethical Hacking - Whitehat Hacking and Penetration testing training course, expert Ric Messier...
Computer Hacking Forensic Investigator v8 (Slides)
Computer Hacking Forensic Investigator v8 (Slides) | 445 MB
File Computer Hacking Forensic Investigator v8 (Slides) :
Module 01 Computer Forensics in Todays World.pptx
Module 02 Computer Forensics Investigation Process.pptx
Module 03 Searching and Seizing Computers.pptx
Module 04 Digital Evidence.pptx
Module 05 First Responder Procedures.pptx
Module...
25 February 2013
Blackberry GSM codes
The following are codes that you can use on a BlackBerry.
Most require you to hold down the ALT key whilst typing the letters after the + sign (they don't need to be capitals).
IMEI number
Shows your device's international mobile equipment identity (IMEI - your serial number) on-screen.
Type "*#06#" (home screen or call screen.
Home Screen
ALT(left)+Shift(right)+Del - Restart the Blackberry (only for full-keyboard Blackberries)
ALT + JKVV - Display...
RethinkDB (ReQL) The Next Generation NoSQL systems
Seperti dikutip dihalam webnya http://www.rethinkdb.com/
"RethinkDB is built to store JSON documents, and scale to multiple machines with very little effort. It has a pleasant query language that supports really useful queries like table joins and group by, and is easy to setup and learn."
ReQL merupakan Next Generasi NoSQL System Database dimana system ini berbeda dengan MongoDB dan system NoSQL Lainnya. berikut penjelasan RethinkDB mengenai...
24 January 2013
way2sms.py (way2sms.com)
'''
Created on 22-Jan-2013
@author: abhi
'''
import httplib,urllib
from urlparse import urlparse
headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0','Referer': 'http://site3.way2sms.com/'}
username = '7676580202'
password = 'pianist'
def open_way2sms_com():
conn = httplib.HTTPConnection("www.way2sms.com")
conn.request("GET","/")
res = conn.getresponse()
location = res.getheader('location')
...
23 January 2013
remote control commands to the Samsung tv over LAN
#! /usr/bin/python
# Title: samsungremote.py
# Author: Asif Iqbal
# Date: 05APR2012
# Info: To send remote control commands to the Samsung tv over LAN
# TODO:
import socket
import base64
import time, datetime
#IP Address of TV
tvip = "100.0.0.123" #get_settings('tvip')
#IP Address of TV
myip = "100.0.0.112" #get_settings('myip')
#Used for the access control/validation, but not after that AFAIK
mymac = "00-0c-29-3e-b1-4f"...
14 January 2013
An IRC bot written in Brainfuck
Usage
I've included a simple brainfuck interpreter that uses a TCP connection for input and output.
You can probably run this through a regular old brainfuck interpreter and do some crazy shit to wire it
up to a TCP connection, but I didn't feel like it. You can probably make something work with socat.
You can use the custom bf interpreter like this:
netfuck hostname:port path/to/code.bf
For example, to connect the bot to freenode, use...
The Felix Programming Language
The fastest scripting language on Earth.
Download |
Overview: Slideshow |
Tutorial |
Reference |
Community
Why do we need a new programming language?
Existing languages have too many faults to support modern requirements.
Goals.
high performance
rapid prototyping and a scripting language deployment model
safety and correctness
scalability
adaptability
platform...
13 January 2013
gcsms allows you to programmatically send SMS to your number for free
through Google Calendar service. You must set up a few things before
using gcsms to send SMS:
1. Setup a Google account if you don't already have one
- https://gmail.com
2. In Google Calendar (https://calendar.google.com),
under 'Calendar Settings' -> 'Mobile Setup', enter your mobile number
and verify it.
3. In API Console (https://code.google.com/apis/console), under
...
01 January 2013
Ninja Saga Association Panel
import flash.utils.*;
public dynamic final class _StrPool1336 {
public static function _StrPool1337(_arg1:int):String{
//unresolved jump
var _local2:* = new Array(13592198, 2368548, 2368549, 4216384, 1381701, 13592198, 4989476, 5973285,...
