 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
| Search found 2418 matches |
|
| waraxe |
|
| Replies: 2 |
| Views: 12235 |
|
|
 |
|
 |
|
Hello guys,
Can I ask you for favor, I need to crack one password from .htpasswd file.
fogxFDgIY8ZMY
Thank you
Plaintext of fogxFDgIY8ZMY is edindzek |
|
|
|
| waraxe |
|
| Replies: 2 |
| Views: 12501 |
|
|
|
|
|
|
Just replace "eval" with "print" 
function check_serial_valid() {
$host = $_SERVER['HTTP_HOST'];
if (preg_match("/^(www.)(.*)/si", ... |
|
|
|
|
Plaintext of 035b34234885be8be1bf2639c055532d is jrpx7v2
Plaintext of c4371440330ab7a298802624773d871a is mqd8eq
Plaintext of 7c01e86a2dc31e5cc9027f7f5e899b02 is !barbecue
Plaintext of 1a21e33e3d31 ... |
|
|
|
| waraxe |
|
| Replies: 2 |
| Views: 14670 |
|
|
|
|
|
|
Best solution would be specially written php script for decoding, but here is quick method:
1. use text editor ( like Notepad++) and do search/replace
Search for \x and replace with %
2. Use onli ... |
|
|
|
|
anyone who is able to decrypt this, i have tried it several times but failed,
so giving this challenge to the forum since i saw ya guys did it before with hashes thanks
3a135b16102e7b43
3e6656 ... |
|
|
|
| waraxe |
|
| Replies: 5 |
| Views: 21061 |
|
|
|
|
|
|
According to php version it may be possible to use null bytes.
Now there is one thing, that makes exploitation little bit harder - we need
base64 encoder, which does accept null bytes. Online encod ... |
|
|
|
| waraxe |
|
| Replies: 5 |
| Views: 21061 |
|
|
|
|
|
|
First of all, there are preconditions listed in advisory:
Preconditions:
1. attacker must be logged in as valid user
2. PHP must be < 5.3.4 for null-byte attacks to work
If you want to use ... |
|
|
|
| waraxe |
|
| Replies: 5 |
| Views: 21061 |
|
|
|
|
|
|
You can find many tutorials about exploiting LFI via "/proc/self/environ" and uploaded gif/jpg pictures, for example:
https://bechtsoudis.com/hacking/php-code-into-jpeg-metadata-from-hide-to-unhide ... |
|
|
|
| waraxe |
|
| Replies: 4 |
| Views: 14013 |
|
|
|
|
|
|
Kindly hack this LM and NTLM hash. Thank you.
LM Hash : 2fd901f1686492e7ab28d4c7aab1ea45
NTLM Hash : 5340f1e408a802a35b69de7b4083a2ce
Plaintext of 5340F1E408A802A35B69DE7B4083A2CE is ... |
|
|
|
| waraxe |
|
| Replies: 0 |
| Views: 10325 |
|
|
|
|
|
|
| ------------------------------------ |
|
|
|
| waraxe |
|
| Replies: 0 |
| Views: 11349 |
|
|
|
|
|
|
---------------------------------
// Router
if (isset($request->get---------------------------------
final class Action {
protected $file;
...
public function __construct($route, $args = ar ... |
|
|
|
|
---------------------------------
if (!empty($_FILES)) {
$tempFile = $_FILES-----------------------------------
<html><body><center>
<form action="http://localhost/uploadify-v ... |
|
|
|
|
---------------------------------
if (file_exists($_SERVER-----------------------------------
<html><body><center>
<form action="http://localhost/uploadify-v3.0.0/uploadify-che ... |
|
|
|
| waraxe |
|
| Replies: 2 |
| Views: 12202 |
|
|
|
|
|
|
Bypassing IPS/IDS needs advanced skills and lot's of testing and thinking.
And if you find for example a way to fool mod_security anti-sql-injection filter, then you have 0-day information, which wil ... |
|
|
|
| waraxe |
|
| Replies: 1 |
| Views: 10865 |
|
|
|
|
|
|
There is no easy way to this.
You can try educated guess or wordlist/bruteforce methods.
And analyze target website html form source code - POST parameters naming tends to correlate with SQL databas ... |
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 106
Members: 0
Total: 106
