| |
|
271
|
Seguridad Informática / Nivel Web / Re: Vulnerabilidades en Hi5
|
en: 12 Mayo 2008, 10:37 am
|
|
Myspace no es seguro, recientemente se publico un paper pero debes realizar un pago moderado, solo asi podras descargarlo y observar las vulnerabilidades mas recientes de myspace, de momento olvido el link, seguro alguien mas sabe de lo que hablo.
-berz3k.
|
|
|
|
|
272
|
Seguridad Informática / Hacking / Re: conectar a hotmail por consola
|
en: 12 Mayo 2008, 10:30 am
|
Bien, solo he conseguido tener la consola del MSN sobre windows XP (win32) en cygwin y rula de maravilla, es decir al final me quedo un bonito tmns.exe, intente probarlo con las libs necesarias en otra box sin exito alguno, si alguien lo consigue que nos informe su avance, dejo algunos logs de mi instalacion. $ chmod 777 tmsnc-0.3.2.tar.gz
localAdmin@x ~
$ gzip -d tmsnc-0.3.2.tar.gz
localAdmin@x ~
$ tar -xvf tmsnc-0.3.2.tar
tmsnc-0.3.2/
tmsnc-0.3.2/m4/
tmsnc-0.3.2/m4/curses.m4
tmsnc-0.3.2/m4/iconv.m4
tmsnc-0.3.2/autopackage/
tmsnc-0.3.2/autopackage/default.apspec
tmsnc-0.3.2/autopackage/default.apspec.in
tmsnc-0.3.2/src/
tmsnc-0.3.2/src/Makefile.in
tmsnc-0.3.2/src/core_net.c
tmsnc-0.3.2/src/dialog.c
tmsnc-0.3.2/src/misc.h
tmsnc-0.3.2/src/Makefile
tmsnc-0.3.2/src/core_misc.c
tmsnc-0.3.2/src/core_net.h
tmsnc-0.3.2/src/dialog.h
tmsnc-0.3.2/src/core_misc.h
tmsnc-0.3.2/src/core_ssl.c
tmsnc-0.3.2/src/ui.c
tmsnc-0.3.2/src/core_ssl.h
tmsnc-0.3.2/src/ui.h
tmsnc-0.3.2/src/conf.c
tmsnc-0.3.2/src/debug.c
tmsnc-0.3.2/src/charset.c
tmsnc-0.3.2/src/conf.h
tmsnc-0.3.2/src/core.h
tmsnc-0.3.2/src/stamp-h.in
localAdmin@x ~/tmsnc-0.3.2
$ ls
AUTHORS Makefile README autopackage config.status current_song.sh install-sh src
COPYING Makefile.am VERSION config.guess config.sub depcomp m4
ChangeLog Makefile.in aclocal.m4 config.log configure doc missing
INSTALL NEWS autogen.sh config.rpath configure.in indent.sh mkinstalldirs
$ ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.exe
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... .exe
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for a BSD-compatible install... /usr/bin/install -c
checking whether make sets $(MAKE)... (cached) yes
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for pid_t... yes
checking for size_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for library containing gethostbyname... none required
checking for socket... yes
configure: checking location of ncurses.h file...
Found ncurses on /usr/include/ncurses.h
checking for use_default_colors... yes
checking for resizeterm... yes
checking for resize_term... yes
checking for wadd_wch... no
checking build system type... i686-pc-cygwin
checking host system type... i686-pc-cygwin
checking for ld used by GCC... /usr/i686-pc-cygwin/bin/ld.exe
checking if the linker (/usr/i686-pc-cygwin/bin/ld.exe) is GNU ld... yes
checking for shared library run path origin... done
checking for iconv... yes
checking how to link with libiconv... -liconv
checking for iconv declaration...
extern size_t iconv (iconv_t cd, const char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
checking for openssl... yes
checking for gtf_filter_warez in -ltalkfilters... no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating doc/Makefile
config.status: creating src/Makefile
config.status: creating autopackage/default.apspec
config.status: creating src/config.h
config.status: executing depfiles commands
Version: 0.3.2
Prefix: /usr/local
CFLAGS: -g -O2
Talkfilter support: no
i18n support: yes
localAdmin@x ~/tmsnc-0.3.2
$
localAdmin@x ~/tmsnc-0.3.2
$ make
Making all in src
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src'
make all-am
make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src'
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT misc.o -MD -MP -MF ".deps/misc.Tpo" -c -o misc.o misc.c; \
then mv -f ".deps/misc.Tpo" ".deps/misc.Po"; else rm -f ".deps/misc.Tpo"; exit 1; fi
In file included from misc.c:17:
misc.h:29:53: warning: no newline at end of file
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT main.o -MD -MP -MF ".deps/main.Tpo" -c -o main.o main.c; \
then mv -f ".deps/main.Tpo" ".deps/main.Po"; else rm -f ".deps/main.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT conf.o -MD -MP -MF ".deps/conf.Tpo" -c -o conf.o conf.c; \
then mv -f ".deps/conf.Tpo" ".deps/conf.Po"; else rm -f ".deps/conf.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT login.o -MD -MP -MF ".deps/login.Tpo" -c -o login.o login.c; \
then mv -f ".deps/login.Tpo" ".deps/login.Po"; else rm -f ".deps/login.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT sig.o -MD -MP -MF ".deps/sig.Tpo" -c -o sig.o sig.c; \
then mv -f ".deps/sig.Tpo" ".deps/sig.Po"; else rm -f ".deps/sig.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT menu.o -MD -MP -MF ".deps/menu.Tpo" -c -o menu.o menu.c; \
then mv -f ".deps/menu.Tpo" ".deps/menu.Po"; else rm -f ".deps/menu.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT ui.o -MD -MP -MF ".deps/ui.Tpo" -c -o ui.o ui.c; \
then mv -f ".deps/ui.Tpo" ".deps/ui.Po"; else rm -f ".deps/ui.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT list.o -MD -MP -MF ".deps/list.Tpo" -c -o list.o list.c; \
then mv -f ".deps/list.Tpo" ".deps/list.Po"; else rm -f ".deps/list.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT charset.o -MD -MP -MF ".deps/charset.Tpo" -c -o charset.o charset.c; \
then mv -f ".deps/charset.Tpo" ".deps/charset.Po"; else rm -f ".deps/charset.Tpo"; exit 1; fi
charset.c: In function `convert':
charset.c:72: warning: passing arg 2 of `libiconv' from incompatible pointer type
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_misc.o -MD -MP -MF ".deps/core_misc.Tpo" -c -o core_misc.o core_misc
\
then mv -f ".deps/core_misc.Tpo" ".deps/core_misc.Po"; else rm -f ".deps/core_misc.Tpo"; exit 1; fi
core_misc.c: In function `swapLongLong':
core_misc.c:74: warning: dereferencing type-punned pointer will break strict-aliasing rules
core_misc.c:75: warning: dereferencing type-punned pointer will break strict-aliasing rules
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_net.o -MD -MP -MF ".deps/core_net.Tpo" -c -o core_net.o core_net.c;
then mv -f ".deps/core_net.Tpo" ".deps/core_net.Po"; else rm -f ".deps/core_net.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_ssl.o -MD -MP -MF ".deps/core_ssl.Tpo" -c -o core_ssl.o core_ssl.c;
then mv -f ".deps/core_ssl.Tpo" ".deps/core_ssl.Po"; else rm -f ".deps/core_ssl.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT core_p2p.o -MD -MP -MF ".deps/core_p2p.Tpo" -c -o core_p2p.o core_p2p.c;
then mv -f ".deps/core_p2p.Tpo" ".deps/core_p2p.Po"; else rm -f ".deps/core_p2p.Tpo"; exit 1; fi
core_p2p.c: In function `MSN_handle_p2p_msg':
core_p2p.c:142: warning: unused variable `len'
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT dialog.o -MD -MP -MF ".deps/dialog.Tpo" -c -o dialog.o dialog.c; \
then mv -f ".deps/dialog.Tpo" ".deps/dialog.Po"; else rm -f ".deps/dialog.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT filters.o -MD -MP -MF ".deps/filters.Tpo" -c -o filters.o filters.c; \
then mv -f ".deps/filters.Tpo" ".deps/filters.Po"; else rm -f ".deps/filters.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT event.o -MD -MP -MF ".deps/event.Tpo" -c -o event.o event.c; \
then mv -f ".deps/event.Tpo" ".deps/event.Po"; else rm -f ".deps/event.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -Wall -g -O2 -MT debug.o -MD -MP -MF ".deps/debug.Tpo" -c -o debug.o debug.c; \
then mv -f ".deps/debug.Tpo" ".deps/debug.Po"; else rm -f ".deps/debug.Tpo"; exit 1; fi
gcc -Wall -g -O2 -o tmsnc.exe misc.o main.o conf.o login.o sig.o menu.o ui.o list.o charset.o core_misc.o core_net.o core_ssl
core_p2p.o dialog.o filters.o event.o debug.o -lssl -lcrypto -lncurses -lpanel -lform -liconv -liconv
Info: resolving _stdscr by linking to __imp__stdscr (auto-import)
make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src'
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src'
Making all in doc
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2'
make[1]: Nothing to be done for `all-am'.
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2'
localAdmin@x ~/tmsnc-0.3.2
$
localAdmin@x ~/tmsnc-0.3.2
$ make all
Making all in src
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src'
make all-am
make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src'
make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src'
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src'
Making all in doc
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2'
make[1]: Nothing to be done for `all-am'.
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2'
localAdmin@x ~/tmsnc-0.3.2
$ make install
Making install in src
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src'
make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/src'
test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin"
/usr/bin/install -c 'tmsnc.exe' '/usr/local/bin/tmsnc.exe'
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src'
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/src'
Making install in doc
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[2]: Nothing to be done for `install-exec-am'.
test -z "/usr/local/share/man/man1" || mkdir -p -- "/usr/local/share/man/man1"
/usr/bin/install -c -m 644 './tmsnc.1' '/usr/local/share/man/man1/tmsnc.1'
make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2/doc'
make[1]: Entering directory `/home/localAdmin/tmsnc-0.3.2'
make[2]: Entering directory `/home/localAdmin/tmsnc-0.3.2'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/home/localAdmin/tmsnc-0.3.2'
make[1]: Leaving directory `/home/localAdmin/tmsnc-0.3.2'
localAdmin@x ~/tmsnc-0.3.2
$ /usr/local/bin/tmsnc.exe
Starting TMSNC
Version: 0.3.2
Process ID: 4708
Terminal emulation: cygwin
Logged out from MSN server, quitting TMSNC
If you find TMSNC useful, please consider a small donation
  -berz3k. |
|
|
|
|
275
|
Seguridad Informática / Nivel Web / Re: [XXS] lawebdelprogramador
|
en: 12 Abril 2008, 02:23 am
|
Antes de la descarga existe un "POP ALLOW" tanto en firefox como en IE, para un usuario dummie, lo pasaria por alto y el XSS de nada serviria  , podria ofuscarse un poco mas el code para forzar al nevegador y que no se observe el POP. -berz3k. |
|
|
|
|
278
|
Seguridad Informática / Nivel Web / Re: Bug Latinchat
|
en: 18 Febrero 2008, 11:38 am
|
|
Es importante antes de postear un nuevo tema leer y probar, mejor aun; realizar alguna especie de PoC (Proof Of Concept ), con estos detalles podremos ayudar o aportar mejores ideas para un buen entendimiento o posible "explotacion", no lanzar preguntas o posibles fallos "on air", tampoco son necesarios los "screenshots" o patallazos a menos que se requiera profundizar o detallar algun aspecto ademas de obsfuscar los detalles comprometedores. Leer las reglas del foro.
-berz3k.
@z1x2c3z1x2c3| cuanto tiempo podras invertir en presionar el boton "Impr Pant" y subirla al publico? 8 horas ? 10 horas? las imagenes, video o code, son la mejor parte de un PoC.
|
|
|
|
|
|
| |
|
Mostrar Mensajes
