elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Introducción a Git (Primera Parte)


  Mostrar Mensajes
Páginas: 1 ... 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [18] 19 20 21 22 23 24 25 26 27 28 29 30 31 32
171  Programación / Ingeniería Inversa / Re: [Duda] Pasa algo al usar OllyDbg en w64? en: 2 Agosto 2014, 06:06 am
Tremendo debugger windbg. Cuando estas aprendiendo internals de windows , te salva la vida y lo hace un poco mas llevadero.
172  Seguridad Informática / Hacking / Re: Hack my server II en: 2 Agosto 2014, 02:36 am
-rwsr-xr-x 1 root root 44176 May 16  2013 /bin/ping
-rwsr-xr-x 1 root root 94792 Jun 12  2013 /bin/mount
-rwsr-xr-x 1 root root 44688 May 16  2013 /bin/ping6
-rwsr-xr-x 1 root root 36936 Jul 26  2013 /bin/su
-rwsr-xr-x 1 root root 69120 Jun 12  2013 /bin/umount
-rwxr-sr-x 1 root shadow 35536 May 18  2013 /sbin/unix_chkpwd
-rwsr-xr-x 1 root root 121112 Mar 11 08:24 /usr/bin/sudo
-rwsr-xr-x 1 root root 32464 Jul 26  2013 /usr/bin/newgrp
-rwxr-sr-x 1 root ssh 129120 Apr 29 19:54 /usr/bin/ssh-agent
-rwsr-sr-x 1 root mail 89216 Jun  8  2012 /usr/bin/procmail
-rwsr-xr-x 1 root root 23104 May 16  2013 /usr/bin/traceroute6.iputils
-rwxr-sr-x 1 root shadow 23360 Jul 26  2013 /usr/bin/expiry
-rwsr-xr-x 1 root root 68152 Jul 26  2013 /usr/bin/gpasswd
-rwxr-sr-x 1 root tty 19024 Jun 12  2013 /usr/bin/wall
-rwxr-sr-x 1 root shadow 54968 Jul 26  2013 /usr/bin/chage
-rwsr-xr-x 1 root root 41336 Jul 26  2013 /usr/bin/chsh
-rwxr-sr-x 1 root mail 18672 Jun  8  2012 /usr/bin/lockfile
-rwxr-sr-x 1 root crontab 35984 Feb  9  2013 /usr/bin/crontab
-rwsr-xr-x 1 root root 47032 Jul 26  2013 /usr/bin/passwd
-rwsr-xr-x 1 root root 18928 May 16  2013 /usr/bin/arping
-rwxr-sr-x 1 root tty 14688 Jun  4  2013 /usr/bin/bsd-write
-rwsr-xr-x 1 root root 46424 Jul 26  2013 /usr/bin/chfn
-rwxr-sr-x 1 root utmp 380088 Aug 19  2013 /usr/bin/screen
-rwxr-sr-x 1 root mlocate 39520 Jun 20  2013 /usr/bin/mlocate
-rwxr-sr-x 1 root mail 14848 Jun  5  2013 /usr/bin/dotlockfile
-rwsr-xr-x 1 root root 10208 Sep 10  2013 /usr/sbin/sensible-mda
-rwsr-sr-x 1 libuuid libuuid 18904 Jun 12  2013 /usr/sbin/uuidd
-rwxr-sr-x 1 root smmsp 82816 Sep 10  2013 /usr/lib/sm.bin/mailstats
-rwxr-sr-x 1 root smmsp 851840 Sep 10  2013 /usr/lib/sm.bin/sendmail
-rwsr-xr-x 1 root root 249704 Apr 29 19:54 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 10368 Oct 12  2013 /usr/lib/pt_chown

A escalar privilegios bitchess...!
173  Seguridad Informática / Hacking / Re: Hack my server II en: 2 Agosto 2014, 01:12 am
Borra los permisos y la shell. Se va la gracia sino. Igual , aprendi algo nuevo , lo cual era el objetivo de esto.
174  Seguridad Informática / Hacking / Re: Hack my server II en: 2 Agosto 2014, 00:37 am
dimitrix , saca los permisos ... Danos un poco mas de tiempo. Ando en algo. Dejalo sin permisos.
175  Programación / Ingeniería Inversa / Re: [Duda] Pasa algo al usar OllyDbg en w64? en: 1 Agosto 2014, 23:40 pm
Aunque me encanta OllyDbg porque empeze con el , te recomiendo que uses IDA desde el principio asi dsp no te molesta hacer el cambio.

https://www.hex-rays.com/products/ida/index.shtml
176  Programación / Ingeniería Inversa / Re: [Duda] Pasa algo al usar OllyDbg en w64? en: 1 Agosto 2014, 23:26 pm
Sale chuck norris del monitor.
177  Seguridad Informática / Hacking / Re: Hack my server II en: 1 Agosto 2014, 21:12 pm
Perdon , es 2.0.1 RC 1 . Me baje el source de la pagina oficial de wordpress y el readme dice 2.0 . Lee 3 paginas atras que estuvimos discutiendo sobre entrar por wordpress.
178  Seguridad Informática / Hacking / Re: Hack my server II en: 1 Agosto 2014, 19:09 pm
http://WEB/wp-includes/ FPD


Código
  1. function wp_handle_upload(&$file, $overrides = false) {
  2. 	// The default error handler.
  3. 	if (! function_exists('wp_handle_upload_error') ) {
  4. 		function wp_handle_upload_error(&$file, $message) {
  5. 			return array('error'=>$message);
  6. 		}
  7. 	}
  8.  
  9. 	// You may define your own function and pass the name in $overrides['upload_error_handler']
  10. 	$upload_error_handler = 'wp_handle_upload_error';
  11.  
  12. 	// $_POST['action'] must be set and its value must equal $overrides['action'] or this:
  13. 	$action = 'wp_handle_upload';
  14.  
  15. 	// Courtesy of php.net, the strings that describe the error indicated in $_FILES[{form field}]['error'].
  16. 	$upload_error_strings = array(false,
  17. 		__("The uploaded file exceeds the <code>upload_max_filesize</code> directive in <code>php.ini</code>."),
  18. 		__("The uploaded file exceeds the <em>MAX_FILE_SIZE</em> directive that was specified in the HTML form."),
  19. 		__("The uploaded file was only partially uploaded."),
  20. 		__("No file was uploaded."),
  21. 		__("Missing a temporary folder."),
  22. 		__("Failed to write file to disk."));
  23.  
  24. 	// Accepted MIME types are set here as PCRE. Override with $override['mimes'].
  25. 	$mimes = apply_filters('upload_mimes', array (
  26. 		'jpg|jpeg|jpe' => 'image/jpeg',
  27. 		'gif' => 'image/gif',
  28. 		'png' => 'image/png',
  29. 		'bmp' => 'image/bmp',
  30. 		'tif|tiff' => 'image/tiff',
  31. 		'ico' => 'image/x-icon',
  32. 		'asf|asx|wax|wmv|wmx' => 'video/asf',
  33. 		'avi' => 'video/avi',
  34. 		'mov|qt' => 'video/quicktime',
  35. 		'mpeg|mpg|mpe' => 'video/mpeg',
  36. 		'txt|c|cc|h' => 'text/plain',
  37. 		'rtx' => 'text/richtext',
  38. 		'css' => 'text/css',
  39. 		'htm|html' => 'text/html',
  40. 		'mp3|mp4' => 'audio/mpeg',
  41. 		'ra|ram' => 'audio/x-realaudio',
  42. 		'wav' => 'audio/wav',
  43. 		'ogg' => 'audio/ogg',
  44. 		'mid|midi' => 'audio/midi',
  45. 		'wma' => 'audio/wma',
  46. 		'rtf' => 'application/rtf',
  47. 		'js' => 'application/javascript',
  48. 		'pdf' => 'application/pdf',
  49. 		'doc' => 'application/msword',
  50. 		'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
  51. 		'wri' => 'application/vnd.ms-write',
  52. 		'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
  53. 		'mdb' => 'application/vnd.ms-access',
  54. 		'mpp' => 'application/vnd.ms-project',
  55. 		'swf' => 'application/x-shockwave-flash',
  56. 		'class' => 'application/java',
  57. 		'tar' => 'application/x-tar',
  58. 		'zip' => 'application/zip',
  59. 		'gz|gzip' => 'application/x-gzip',
  60. 		'exe' => 'application/x-msdownload'
  61. 	));
  62.  
  63. 	// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
  64. 	$test_form = true;
  65. 	$test_size = true;
  66.  
  67. 	// If you override this, you must provide $ext and $type!!!!
  68. 	$test_type = true;
  69.  
  70. 	// Install user overrides. Did we mention that this voids your warranty?
  71. 	if ( is_array($overrides) )
  72. 		extract($overrides, EXTR_OVERWRITE);
  73.  
  74. 	// A correct form post will pass this test.
  75. 	if ( $test_form && (!isset($_POST['action']) || ($_POST['action'] != $action)) )
  76. 		return $upload_error_handler($file, __('Invalid form submission.'));
  77.  
  78. 	// A successful upload will pass this test. It makes no sense to override this one.
  79. 	if ( $file['error'] > 0 )
  80. 		return $upload_error_handler($file, $upload_error_strings[$file['error']]);
  81.  
  82. 	// A non-empty file will pass this test.
  83. 	if ( $test_size && !($file['size'] > 0) )
  84. 		return $upload_error_handler($file, __('File is empty. Please upload something more substantial.'));
  85.  
  86. 	// A properly uploaded file will pass this test. There should be no reason to override this one.
  87. 	if (! @ is_uploaded_file($file['tmp_name']) )
  88. 		return $upload_error_handler($file, __('Specified file failed upload test.'));
  89.  
  90. 	// A correct MIME type will pass this test.
  91. 	if ( $test_type ) {
  92. 		$type = false;
  93. 		$ext = false;
  94. 		foreach ($mimes as $ext_preg => $mime_match) {
  95. 			$ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
  96. 			if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
  97. 				$type = $mime_match;
  98. 				$ext = $ext_matches[1];
  99. 			}
  100. 		}
  101.  
  102. 		if ( !$type || !$ext )
  103. 			return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
  104. 	}
  105.  
  106. 	// A writable uploads dir will pass this test. Again, there's no point overriding this one.
  107. 	if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
  108. 		return $upload_error_handler($file, $uploads['error']);
  109.  
  110. 	// Increment the file number until we have a unique file to save in $dir. Use $override['unique_filename_callback'] if supplied.
  111. 	if ( isset($unique_filename_callback) && function_exists($unique_filename_callback) ) {
  112. 		$filename = $unique_filename_callback($uploads['path'], $file['name']);
  113. 	} else {
  114. 		$number = '';
  115. 		$filename = str_replace('#', '_', $file['name']);
  116. 		$filename = str_replace(array('\\', "'"), '', $filename);
  117. 		if ( empty($ext) )
  118. 			$ext = '';
  119. 		else
  120. 			$ext = ".$ext";
  121. 		while ( file_exists($uploads['path'] . "/$filename") ) {
  122. 			if ( '' == "$number$ext" )
  123. 				$filename = $filename . ++$number . $ext;
  124. 			else
  125. 				$filename = str_replace("$number$ext", ++$number . $ext, $filename);
  126. 		}
  127. 	}
  128.  
  129. 	// Move the file to the uploads dir
  130. 	$new_file = $uploads['path'] . "/$filename";
  131. 	if ( false === @ move_uploaded_file($file['tmp_name'], $new_file) )
  132. 		die(printf(__('The uploaded file could not be moved to %s.'), $file['path']));
  133.  
  134. 	// Set correct file permissions
  135. 	$stat = stat(dirname($new_file));
  136. 	$perms = $stat['mode'] & 0000777;
  137. 	@ chmod($new_file, $perms);
  138.  
  139. 	// Compute the URL
  140. 	$url = $uploads['url'] . "/$filename";
  141.  
  142. 	return array('file' => $new_file, 'url' => $url, 'type' => $type);
  143. }
  144.  
  145.  
  146.  


Mi upload muere en : die(printf(__('The uploaded file could not be moved to %s.'),$file['path']));

Devolviendo como string un .
Es decir : "The uploaded file could not be moved to  ."

Intento desde /wp-admin/link-import.php

Modifico el MAX_FILE_SIZE ,que es un input type="hidden",para poder subir mi shell que tiene mas tamaño.

A ver si alguno se le cae alguna idea de como pasar desde ahi , y tendriamos un bypass al uploader de wordpress.
179  Seguridad Informática / Hacking / Re: Hack my server II en: 1 Agosto 2014, 17:27 pm
No valen plugins ¬¬.
180  Seguridad Informática / Hacking / Re: Hack my server II en: 1 Agosto 2014, 15:09 pm
Prueben por el puerto 10000.


Mod: Se supone que no se da ni la direccion ni la IP ·_·

Mala mia.
Páginas: 1 ... 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [18] 19 20 21 22 23 24 25 26 27 28 29 30 31 32
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines