archive-sk.com » SK » H » HELL.SK

Total: 66

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • from.hell.sk.
    sk blog domineefh gpg B6B3 DE7E 2F6E 1C0B EB50 183E E0D2 54E2 0EBC 0F31 otr work E56F64AC 4882A7D1 1F563F55 F7F3DFEF 5E03A6B1 otr gtalk C7006249 05E154ED 3FB24200 5419AD24 B66F53E8 otr icq

    Original URL path: https://from.hell.sk/ (2016-05-02)
    Open archived version from archive


  • blog from.hell | [ more like a notepad then a blog ]
    Associated Tx Power 0 dBm Retry long limit 7 RTS thr off Fragment thr off Encryption key off Power Management on wlan0 IEEE 802 11bgn ESSID off any Mode Managed Access Point Not Associated Tx Power 14 dBm Retry long limit 7 RTS thr off Fragment thr off Encryption key off Power Management on eth0 no wireless extensions root bt airmon ng start wlan1 Interface Chipset Driver wlan1 Realtek RTL8187BvB early rtl8187 phy1 monitor mode enabled on mon0 wlan0 Atheros AR9285 ath9k phy0 Yeaaaaah wlan1 up and ready to play Enjoy Hope i saved you some time of UTFG and screaming of WTF during the night Thanks to the people at JEZGRA NET who noticed this and pointed to this fact and reduced my WTF minute ratio http linux jezgra net 2012 01 airlive wl 1600usb March 23 2010 Other web Leave a comment successfully migrated to hades Yeah migration proces continues well wp successfully migrated to hades January 29 2010 Other security web Leave a comment repost Micro PHP LFI Backdoor I ve been playing around a lot more with LFI attacks because I think they re more prevalent than I originally had expected Last night I had cigars with one of the OWASP guys and I got to thinking that I should probably do a quick post about this For those who aren t clued in about LFI local file include attacks it basically means that PHP is pulling in a file locally and running it you see that happen a lot with flags like language en where en represents a file called en php So an attack might look like http www example com index php language etc passwd 00 The null byte is to truncate anything at the end that the php file might be trying to append to the end of the file like php in en php and so on Although in that example password files aren t PHP so it s not helping you much beyond being able to read files off the file system So the next step is finding the log files and injecting a PHP backdoor through a user agent or referring URL There s some problems with this depending on how you do it because Apache logs will escape quotes Assuming you find a way around that like using the error logs rather than the access logs you can inject your PHP backdoor Here s my micro backdoor thanks to Daniel Herrera for inspiration php c fopen tmp g w fwrite c php passthru GET f So now what this does is throw a PHP file into the tmp directory which is typically writable More importantly that file can now be used to inject commands directly in the example below it s executing whoami http www example com index php language tmp g 00 f whoami If anyone has shorter more effective LFI backdoor please let me know and I ll post them from comments I have a pretty effective LFI backdoor which won t require any file loading at all Taking advantage of PHP s RFC 2397 support http php net manual en wrappers data php you can inject the PHP code you want executed directly into the URL With that said using your above example http www example com index php language data cmd whoami I ve tested it out using several methods including the support for base64 encoding http www example com index php language data base64 PD8gZXhlYygkX0dFVFtjbWRdKTsgPz4 cmd whoami Using the base64 encoding you may be able to shorten your injection pending that they have size restrictions Also notice above when using GET cmd there aren t any quotes used This still works effectively and it comes in handy if the server has magic quotes enabled source http ha ckers org blog 20100128 micro php lfi backdoor January 29 2010 Other linux php security web Leave a comment repost LFI2RCE Local File Inclusion to Remote Code Execution advanced exploitation proc shortcuts This paper exposes the ability from the attacker standpoint to use proc in order to exploit LFI Local File Inclusion vulnerabilities While using proc for such aim is well known this one is a specific technique that was not been previously published as far as we know A tool to automatically exploit LFI using the shown approach is released accordingly Update a third known technique has been dissected here http www ush it 2008 07 09 local file inclusion lfi of session files to root escalation LFI2RCE advanced exploitation proc shortcuts On UNIX systems especially on Linux proc is the preferred userspace interface used for a number of things especially process information This article will expose a technique that uses proc PID fd FD ID to implicitly find the location of the logfile containing the attacker s payload Enjoy reading this article by kuza55 and ascii It s known that LFI Local File Inclusion vulnerabilities can be exploited in a way that converts them in RCE Remote Code Execution The malicious payload must exist locally on the filesystem but since the attacker is commonly not able to directly upload create a file logs are used By their intrinsic nature logfiles contain data that is driven by users eg the log will contain user inputs of some sort Logfiles that don t present this behaviour are not valid candidates The trick is to make these logs contain a base payload that will be later interpreted and executed when the logfile is included This technique itself is know from many years milw0rm com exploits 34 is dated 2003 05 29 but it s even older On a UNIX system multiple logfiles can be used for this scope xfer log Transfer log using specially crafted filenames during FTP transfers fail log using a crafted username and performing a failed login on the FTP server etc While the path of these files is almost always known they stay in var with weak permissions masked 022 the service could

    Original URL path: https://from.hell.sk/blog/ (2016-05-02)
    Open archived version from archive


  • delJ9DOT0TGie1iCU540BqXS5GbHcuoLpjSOMx90dzlzU8PrmM7eO2o1UOrr0GBF fYKLtxQbMJc jthECN9cF5WaaQxq9zsZI0nnABEBAAG0ImRvbWluZWUgZnJvbWhl bGwgPGRvbWluZWVAaGVsbC5zaz6JATgEEwECACIFAk9LwdkCGwMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJEODSVOIOvA8xDb0H 21o7P7ba9jmmzR v8OXZiK4 CaXUBbJGdPcuAng79SF2gnK9rAYqi5vbKFiPDEww1KrXbDH 359A7OT75yAK0m2I wLDXlbGqyeQ2iewFrozO8LB GOBWPg3hddyDvjYx oTaaxLRF6WrvtwAN xdIRvG OD5f5sMTVWfZrTA Z4hn9srRtUMubME9t7ypAVpfUM0hF08XfxP7UbaGKJS2hBTy 6rciBo UyplppNX 4L2pCkMBOtHNLfAbMNXeMNc3nTWqh JpsstrNqNASCQqjfsF arbsZHcBNt hBy0jdDzZny2sK3h1PaAzTsmMWY3 lrwTlq73u9clNYcQWxJlIii5 AQ0ET0vB2QEIAOlnhYKH7Nuz5cvqSnWT9wLlt2 IiJBnxHYRL1ALuXrX4pf9MHOS OKrCPBawks a2gH3xF30Qb 4nxvM5HiV08ouW5sL9ONTcACv33tA3ATneDVE 38d FKpMRnMivoyNAcaRQFPhLQoI7J9Y1PJUAzf1otYqCNXXgdpPcg44wFuxjNwnpmVf wlcJ6VRH5cavNIOkKAYHkfdX7kNBmv4M9pI7ZCzCwS9De 4PFkuVURdsNOp2dMu3 EUVj NOwAmzSiHB0GM Uw1s9imleyFj0lBJR gGs4xlTjEbhARse SKYPD UbZre DbSgtAH qPzStBQ9T4d8QJA oQ5CZGtYdw0AEQEAAYkBHwQYAQIACQUCT0vB2QIb

    Original URL path: https://from.hell.sk/gpg-dominee_at_hell_sk_public.asc (2016-05-02)
    Open archived version from archive

  • blog from.hell | blog from.hell
    from hell sk blog p 178 https from hell sk blog 2013 08 05 vulnerable vm to play with feed 0 Browser plugins 2013 https from hell sk blog 2013 07 31 browser plugins 2013 https from hell sk blog 2013 07 31 browser plugins 2013 comments Wed 31 Jul 2013 08 42 17 0000 admin http from hell sk blog p 173 Continue reading https from hell sk blog 2013 07 31 browser plugins 2013 feed 0 WordPress comment spam https from hell sk blog 2013 07 25 wp comment spam https from hell sk blog 2013 07 25 wp comment spam comments Thu 25 Jul 2013 10 10 37 0000 admin http from hell sk blog p 167 Continue reading https from hell sk blog 2013 07 25 wp comment spam feed 0 Ovislink Airlive WL 1600USB on BackTrack5 BT5 r2 3 2 6 https from hell sk blog 2012 03 15 ovislink airlive wl 1600usb on backtrack5 bt5 r2 3 2 6 https from hell sk blog 2012 03 15 ovislink airlive wl 1600usb on backtrack5 bt5 r2 3 2 6 comments Thu 15 Mar 2012 20 17 50 0000 admin http from hell sk blog p 140 Continue reading https from hell sk blog 2012 03 15 ovislink airlive wl 1600usb on backtrack5 bt5 r2 3 2 6 feed 0 successfully migrated to hades https from hell sk blog 2010 03 23 successfully migrated to hades https from hell sk blog 2010 03 23 successfully migrated to hades comments Tue 23 Mar 2010 20 42 20 0000 dominee http from hell sk blog p 126 https from hell sk blog 2010 03 23 successfully migrated to hades feed 0 repost Micro PHP LFI Backdoor https from hell sk blog 2010 01 29 repost micro php lfi

    Original URL path: https://from.hell.sk/blog/feed/ (2016-05-02)
    Open archived version from archive

  • blog from.hell » Page not found | blog from.hell
    found blog from hell https from hell sk blog more like a notepad then a blog Fri 09 Aug 2013 12 52 46 0000 en US hourly 1 http wordpress

    Original URL path: https://from.hell.sk/blog/comments/feed/ (2016-05-02)
    Open archived version from archive

  • About
    blog Menu Skip to content About wordlists About Toto je nas sukromny blog o veciach podstaty lubovolnej o ktorych chceme hocico povedat pre nas a tych chtorych titeo slova zaujimaju

    Original URL path: https://from.hell.sk/blog/about/ (2016-05-02)
    Open archived version from archive

  • wordlists
    blog Menu Skip to content About wordlists wordlists A collection of Slovak and Czech wordlists Placeholder Leave a Reply Cancel reply You must be logged in to post a comment

    Original URL path: https://from.hell.sk/blog/wordlists/ (2016-05-02)
    Open archived version from archive

  • Simple HTTP server oneliner
    content About wordlists August 9 2013 Web oneliners python ruby web Simple HTTP server oneliner Python python m SimpleHTTPServer 8080 Ruby ruby r webrick e s WEBrick HTTPServer new Port 8080 DocumentRoot Dir pwd trap INT s shutdown s start

    Original URL path: https://from.hell.sk/blog/2013/08/09/simple-http-server-oneliner/ (2016-05-02)
    Open archived version from archive