|
271
|
Seguridad Informática / Nivel Web / Re: Vulnerabilidades en Hi5
|
en: 12 Mayo 2008, 10:37 am
|
Myspace no es seguro, recientemente se publico un paper pero debes realizar un pago moderado, solo asi podras descargarlo y observar las vulnerabilidades mas recientes de myspace, de momento olvido el link, seguro alguien mas sabe de lo que hablo.
-berz3k.
|
|
|
272
|
Seguridad Informática / Hacking / Re: conectar a hotmail por consola
|
en: 12 Mayo 2008, 10:30 am
|
Bien, solo he conseguido tener la consola del MSN sobre windows XP (win32) en cygwin y rula de maravilla, es decir al final me quedo un bonito tmns.exe, intente probarlo con las libs necesarias en otra box sin exito alguno, si alguien lo consigue que nos informe su avance, dejo algunos logs de mi instalacion. $ chmod 777 tmsnc-0.3.2.tar.gz
localAdmin@x ~ $ gzip -d tmsnc-0.3.2.tar.gz
localAdmin@x ~ $ tar -xvf tmsnc-0.3.2.tar tmsnc-0.3.2/ tmsnc-0.3.2/m4/ tmsnc-0.3.2/m4/curses.m4 tmsnc-0.3.2/m4/iconv.m4 tmsnc-0.3.2/autopackage/ tmsnc-0.3.2/autopackage/default.apspec tmsnc-0.3.2/autopackage/default.apspec.in tmsnc-0.3.2/src/ tmsnc-0.3.2/src/Makefile.in tmsnc-0.3.2/src/core_net.c tmsnc-0.3.2/src/dialog.c tmsnc-0.3.2/src/misc.h tmsnc-0.3.2/src/Makefile tmsnc-0.3.2/src/core_misc.c tmsnc-0.3.2/src/core_net.h tmsnc-0.3.2/src/dialog.h tmsnc-0.3.2/src/core_misc.h tmsnc-0.3.2/src/core_ssl.c tmsnc-0.3.2/src/ui.c tmsnc-0.3.2/src/core_ssl.h tmsnc-0.3.2/src/ui.h tmsnc-0.3.2/src/conf.c tmsnc-0.3.2/src/debug.c tmsnc-0.3.2/src/charset.c tmsnc-0.3.2/src/conf.h tmsnc-0.3.2/src/core.h tmsnc-0.3.2/src/stamp-h.in
localAdmin@x ~/tmsnc-0.3.2 $ ls AUTHORS Makefile README autopackage config.status current_song.sh install-sh src COPYING Makefile.am VERSION config.guess config.sub depcomp m4 ChangeLog Makefile.in aclocal.m4 config.log configure doc missing INSTALL NEWS autogen.sh config.rpath configure.in indent.sh mkinstalldirs
$ ./configure checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for gcc... gcc checking for C compiler default output file name... a.exe checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... .exe checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking for a BSD-compatible install... /usr/bin/install -c checking whether make sets $(MAKE)... (cached) yes checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for pid_t... yes checking for size_t... yes checking whether time.h and sys/time.h may both be included... yes checking whether struct tm is in sys/time.h or time.h... time.h checking for library containing gethostbyname... none required checking for socket... yes configure: checking location of ncurses.h file... Found ncurses on /usr/include/ncurses.h checking for use_default_colors... yes checking for resizeterm... yes checking for resize_term... yes checking for wadd_wch... no checking build system type... i686-pc-cygwin checking host system type... i686-pc-cygwin checking for ld used by GCC... /usr/i686-pc-cygwin/bin/ld.exe checking if the linker (/usr/i686-pc-cygwin/bin/ld.exe) is GNU ld... yes checking for shared library run path origin... done checking for iconv... yes checking how to link with libiconv... -liconv checking for iconv declaration... extern size_t iconv (iconv_t cd, const char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); checking for openssl... yes checking for gtf_filter_warez in -ltalkfilters... no configure: creating ./config.status config.status: creating Makefile config.status: creating doc/Makefile config.status: creating src/Makefile config.status: creating autopackage/default.apspec config.status: creating src/config.h config.status: executing depfiles commands
Version: 0.3.2 Prefix: /usr/local CFLAGS: -g -O2
Talkfilter support: no i18n support: yes
localAdmin@x ~/tmsnc-0.3.2 $
localAdmin@x ~/tmsnc-0.3.2 $ make Making all in src make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src' make all-am make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src' if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT misc.o -MD -MP -MF ".deps/misc.Tpo" -c -o misc.o misc.c; \ then mv -f ".deps/misc.Tpo" ".deps/misc.Po"; else rm -f ".deps/misc.Tpo"; exit 1; fi In file included from misc.c:17: misc.h:29:53: warning: no newline at end of file if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT main.o -MD -MP -MF ".deps/main.Tpo" -c -o main.o main.c; \ then mv -f ".deps/main.Tpo" ".deps/main.Po"; else rm -f ".deps/main.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT conf.o -MD -MP -MF ".deps/conf.Tpo" -c -o conf.o conf.c; \ then mv -f ".deps/conf.Tpo" ".deps/conf.Po"; else rm -f ".deps/conf.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT login.o -MD -MP -MF ".deps/login.Tpo" -c -o login.o login.c; \ then mv -f ".deps/login.Tpo" ".deps/login.Po"; else rm -f ".deps/login.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT sig.o -MD -MP -MF ".deps/sig.Tpo" -c -o sig.o sig.c; \ then mv -f ".deps/sig.Tpo" ".deps/sig.Po"; else rm -f ".deps/sig.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT menu.o -MD -MP -MF ".deps/menu.Tpo" -c -o menu.o menu.c; \ then mv -f ".deps/menu.Tpo" ".deps/menu.Po"; else rm -f ".deps/menu.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT ui.o -MD -MP -MF ".deps/ui.Tpo" -c -o ui.o ui.c; \ then mv -f ".deps/ui.Tpo" ".deps/ui.Po"; else rm -f ".deps/ui.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT list.o -MD -MP -MF ".deps/list.Tpo" -c -o list.o list.c; \ then mv -f ".deps/list.Tpo" ".deps/list.Po"; else rm -f ".deps/list.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT charset.o -MD -MP -MF ".deps/charset.Tpo" -c -o charset.o charset.c; \ then mv -f ".deps/charset.Tpo" ".deps/charset.Po"; else rm -f ".deps/charset.Tpo"; exit 1; fi charset.c: In function `convert': charset.c:72: warning: passing arg 2 of `libiconv' from incompatible pointer type if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_misc.o -MD -MP -MF ".deps/core_misc.Tpo" -c -o core_misc.o core_misc \ then mv -f ".deps/core_misc.Tpo" ".deps/core_misc.Po"; else rm -f ".deps/core_misc.Tpo"; exit 1; fi core_misc.c: In function `swapLongLong': core_misc.c:74: warning: dereferencing type-punned pointer will break strict-aliasing rules core_misc.c:75: warning: dereferencing type-punned pointer will break strict-aliasing rules if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_net.o -MD -MP -MF ".deps/core_net.Tpo" -c -o core_net.o core_net.c; then mv -f ".deps/core_net.Tpo" ".deps/core_net.Po"; else rm -f ".deps/core_net.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_ssl.o -MD -MP -MF ".deps/core_ssl.Tpo" -c -o core_ssl.o core_ssl.c; then mv -f ".deps/core_ssl.Tpo" ".deps/core_ssl.Po"; else rm -f ".deps/core_ssl.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_p2p.o -MD -MP -MF ".deps/core_p2p.Tpo" -c -o core_p2p.o core_p2p.c; then mv -f ".deps/core_p2p.Tpo" ".deps/core_p2p.Po"; else rm -f ".deps/core_p2p.Tpo"; exit 1; fi core_p2p.c: In function `MSN_handle_p2p_msg': core_p2p.c:142: warning: unused variable `len' if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT dialog.o -MD -MP -MF ".deps/dialog.Tpo" -c -o dialog.o dialog.c; \ then mv -f ".deps/dialog.Tpo" ".deps/dialog.Po"; else rm -f ".deps/dialog.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT filters.o -MD -MP -MF ".deps/filters.Tpo" -c -o filters.o filters.c; \ then mv -f ".deps/filters.Tpo" ".deps/filters.Po"; else rm -f ".deps/filters.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT event.o -MD -MP -MF ".deps/event.Tpo" -c -o event.o event.c; \ then mv -f ".deps/event.Tpo" ".deps/event.Po"; else rm -f ".deps/event.Tpo"; exit 1; fi if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT debug.o -MD -MP -MF ".deps/debug.Tpo" -c -o debug.o debug.c; \ then mv -f ".deps/debug.Tpo" ".deps/debug.Po"; else rm -f ".deps/debug.Tpo"; exit 1; fi gcc -Wall -g -O2 -o tmsnc.exe misc.o main.o conf.o login.o sig.o menu.o ui.o list.o charset.o core_misc.o core_net.o core_ssl core_p2p.o dialog.o filters.o event.o debug.o -lssl -lcrypto -lncurses -lpanel -lform -liconv -liconv Info: resolving _stdscr by linking to __imp__stdscr (auto-import) make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src' make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src' Making all in doc make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc' make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2' make[1]: Nothing to be done for `all-am'. make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2'
localAdmin@x ~/tmsnc-0.3.2 $
localAdmin@x ~/tmsnc-0.3.2 $ make all Making all in src make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src' make all-am make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src' make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src' make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src' Making all in doc make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc' make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2' make[1]: Nothing to be done for `all-am'. make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2'
localAdmin@x ~/tmsnc-0.3.2
$ make install Making install in src make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src' make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src' test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin" /usr/bin/install -c 'tmsnc.exe' '/usr/local/bin/tmsnc.exe' make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src' make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src' Making install in doc make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc' make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc' make[2]: Nothing to be done for `install-exec-am'. test -z "/usr/local/share/man/man1" || mkdir -p -- "/usr/local/share/man/man1" /usr/bin/install -c -m 644 './tmsnc.1' '/usr/local/share/man/man1/tmsnc.1' make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc' make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc' make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2' make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2' make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2' make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2'
localAdmin@x ~/tmsnc-0.3.2 $ /usr/local/bin/tmsnc.exe Starting TMSNC Version: 0.3.2 Process ID: 4708 Terminal emulation: cygwin Logged out from MSN server, quitting TMSNC If you find TMSNC useful, please consider a small donation
-berz3k.
|
|
|
275
|
Seguridad Informática / Nivel Web / Re: [XXS] lawebdelprogramador
|
en: 12 Abril 2008, 02:23 am
|
Antes de la descarga existe un "POP ALLOW" tanto en firefox como en IE, para un usuario dummie, lo pasaria por alto y el XSS de nada serviria , podria ofuscarse un poco mas el code para forzar al nevegador y que no se observe el POP. -berz3k.
|
|
|
278
|
Seguridad Informática / Nivel Web / Re: Bug Latinchat
|
en: 18 Febrero 2008, 11:38 am
|
Es importante antes de postear un nuevo tema leer y probar, mejor aun; realizar alguna especie de PoC (Proof Of Concept ), con estos detalles podremos ayudar o aportar mejores ideas para un buen entendimiento o posible "explotacion", no lanzar preguntas o posibles fallos "on air", tampoco son necesarios los "screenshots" o patallazos a menos que se requiera profundizar o detallar algun aspecto ademas de obsfuscar los detalles comprometedores. Leer las reglas del foro.
-berz3k.
@z1x2c3z1x2c3| cuanto tiempo podras invertir en presionar el boton "Impr Pant" y subirla al publico? 8 horas ? 10 horas? las imagenes, video o code, son la mejor parte de un PoC.
|
|
|
|
|
|
|