อธิบายทำไมจึงบัค RFI-LFI และ การ Scan หาบัคด้วยสคิป

0
Posted by windows98SE on 02/09/2010 – 7:31 pm
Filed under เรื่อยเปื่อย บ่นๆ ไร้สาระมั่ง ไม่ไร้สาระมั่ง

อธิบายทำไม จึงบัค RFI LFI

การ Scan หา บัค ด้วย สคิป จาก link

http://www.stephack.com/coding/perl-vulnerablefinder.html

ใครสนใจเรื่อง security สามารถ ติดต่อ เรียน กับกระผมได้ที่

http://www.opkwin.com/forum/index.php?board=32.0

ซึ่งหลักๆแล้ว ในหมวดลับ จะทำ VDO อธิบายคล้ายๆ ใน clip VDO นี่แหละ

แต่จะ ละเอียดกว่า และไม่ต้องไปถาม Google เพราะ ถาม ในหมวดลับ ได้เลย ^^”

Perl Vulnerable Finder

0
Posted by windows98SE on 01/09/2010 – 10:21 pm
Filed under รวม code ทั้งมั่วเอง ทั้งจิ๊กชาวบ้านมา
Tagged as , , , , 
# Perl Vulnerable Finder
# Powered by windows98SE
# Update 02/09/2553 12:46
#
# HOW TO USE
# - Copy and save this script to "anyname.pl"
# - change "$PATH" to you AppServ path
# - change "$URL" to url
# - Download Free Script (Web App, CMS, bla bla)
#    Ex. http://www.exploit-db.com/exploits/10277/
# - Extract it to $PATH
# - run this code
# (in linux need make result_exploit_scan.html and chmod 0777)
# - see Posible Vulnerable in result_exploit_scan.html
#
# Enjoy
 
use HTML::Entities;
 
 
my $PATH = 'D:/AppServ/www/exploit_scan';
my $URL = 'http://localhost/exploit_scan';
 
my @FILES;
my @TYPES = qw(php php5 php3 cgi);
my $RESULT = $PATH.'/result_exploit_scan.html';
 
 
&_start;
&_folder($PATH);
foreach (@FILES){&_read($_);}
&_end;
 
 
###############################################
sub _folder {
  my @folders;
  my $dir = _path($_[0]);
  opendir (DIR, $dir );
  while (defined(my $tmp = readdir(DIR))){
	next if($tmp =~ /^\.\.?$/i);
	push (@folders, $dir.'/'.$tmp) if(chdir($dir.'/'.$tmp));
	foreach my $extention (@TYPES){
	  if((-f "$dir/$tmp") && ($tmp =~/$extention$/i)){
		push (@FILES, $dir.'/'.$tmp);
	  }
	}
  }
  closedir(DIR);
  foreach my $folder (@folders){
	_folder($folder);
  }
}
 
sub _read {
  my $found = 0;
  my $write;
  my $num_line = 0;
  my $comment = 0;
  my $file = _path($_[0]);
  open FILE, "<", "$file" or die "[+] Can't open $file : $!";
  while(<FILE>) {
	$num_line++;
	my $line = $_;
	$line =~ s/\r|\n//gi;
	$line =~ s/^\s+//gi;
	$line =~ s/\s+$//gi;
	$line =~ s/\s+/ /gi;	
	$comment = 1 if($line =~/^\/\*/i);
	$comment = 0if($line =~/\*\//i);
 
	next if ($comment);
	next if ($line =~/^\/\//i);
	next if ($line =~/^function/i);
 
	if($line =~ /(\$\_(get|post|cookie|request|files)\[(\'|\")([a-z0-9\-\_]+)(\'|\")\])/ig){
	  my $regex = $1;
	  $write = $write._write($num_line,"<div class='method'>$regex</div>",("<p class='src'>"._html($line)."</p>"));
	  $found = 1;
	}
	if($line =~ /((include|require|readfile|file|file\_get\_contents|fopen|popen)(\_once)?)([\s|\(]|\"|\$)/ig){
	  my $regex = $1;
	  next if ($line !~/\$/ig);
	  $write = $write._write($num_line,"<div class='rfi'>$regex</div>",("<p class='src'>"._html($line)."</p>"));
	  $found = 1;
	}
	if($line =~ /(select|order|where) /ig) {
	  next if ($line !~/\$/ig);
	  next if ($line !~/\=/ig);
	  $write = $write._write($num_line,"<div class='sql'>SQL</div>",("<p class='src'>"._html($line)."</p>"));
	  $found = 1;
	}
  }
  close(FILE);
  if($found){
	my $file2 = $file;
	my $file3 = _path($PATH);
	$file2 =~ s/$file3//ig;
	print OUTFILE "<tr><th colspan=\"3\" class=\"file\" align=\"left\"><a href=\"$URL$file2\" target=\"_blank\">$file2</a> ($num_line line)</th></tr>";
	print OUTFILE "$write";
  }
}
 
sub _start {
  open OUTFILE, ">", "$RESULT" or die "Can't open $RESULT $!";
  print OUTFILE "<html><head>
<style type=\"text/css\">
table{border:1px solid #e5eecc;}
td{border:1px dashed #e5eecc;}
th{border:1px dotted red;background-color:#e5eecc;}
tr{border:1px solid red;}
.sql{color:#ff0000;}
.rfi{color:#0000ff;}
.method{color:#666666;}
.src{color:#000000;}
.file{color:#999999;}
.cradit{color:#ff0000;background-color:#e5eecc;}
</style>
</head>
<body><table width=\"95%\">
<tr>
	<th width=\"5%\">Line</th>
	<th width=\"10%\">Variable</th>
	<th width=\"85%\">Source<br />( Path = $PATH )</th>
</tr>
";
}
 
sub _write {
  my $line = $_[0];
  my $var = $_[1];
  my $src = $_[2];
  return "<tr>
	<td width=\"5%\" align=\"center\">$line</td>
	<td width=\"10%\" align=\"left\">$var</td>
	<td width=\"85%\" align=\"left\">$src</td>
</tr>
";
}
 
sub _end {
  print OUTFILE "<tr>
  <th colspan=\"2\" width=\"10%\" align=\"left\">Total : ".scalar(@FILES)." File.</th>  
  <th align=\"right\" class=\"cradit\">powered by <a title=\"admin\@stephack.com\" target=\"_blank\" href=\"http://www.stephack.com\">windows98SE</a></th>
  </tr>
  </table></body></html>";
  close OUTFILE;	
}
 
sub _path {
  my $var = $_[0];
  $var =~ s/\\/\//gi;
  $var =~ s/^\s+//gi;
  $var =~ s/\s+$//gi;
  $var =~ s/\/$//gi;
  return $var;
}
 
sub _html {
  return encode_entities($_[0]);  
}

linux command for my asus eeePC 1005ha (Bt4 r1)

0
Posted by windows98SE on 30/08/2010 – 9:48 am
Filed under โลงเลียของนู๋ ... เอ้ย ลินุก ของผม!!
Tagged as , , ,

# The GIMP Toolkit set of widgets for X
# (ibgtk1.2) For uplink [game] :)
apt-get install libgtk1.2

# Adobe Flash Player platform support library for Esound and OSS
# (flashplugin-nonfree-extrasound) For Firefox
apt-get install flashplugin-nonfree-extrasound

# VLC media player is a highly portable multimedia player
# supporting most audio and video formats
# (H.264, Ogg, DivX, MKV, TS, MPEG-2, mp3, MPEG-4, aac, …) from files,
# physical media (DVDs, VCD, Audio-CD), TV capture cards
# and many network streaming protocols.
# (vlc) For play All Media file
apt-get install vlc

# BitTorrent client for KDE
# (ktorrent) For Download torrent file
apt-get install ktorrent

# VoIP chat for online gaming
# (teamspeak-client) for use TS
apt-get install teamspeak-client

# Port of the famous Win32 graphical FTP client
# (filezilla) for FTP Client
apt-get install filezilla

# Captures audio-video data of a Linux desktop session
# (recordmydesktop) for make TUT
apt-get install recordmydesktop

perl map, while, regexp, trick (Simple PROJECT Count TAG code)

0
Posted by windows98SE on 30/08/2010 – 12:54 am
Filed under รวม code ทั้งมั่วเอง ทั้งจิ๊กชาวบ้านมา
Tagged as , 
my @tags = qw(a h1 h2 h3 h4 h5 h6 img link meta p title);
my %hash = map {lc($_) => 0} @tags;
my $tag_regexp = join ("|", @tags);
while ($line =~ /<(($tag_regexp)([^>]+)?)>/ig){
  my $regex = $1;
  if($regex =~/\s/){
    my ($tag, $option) = split(/\s/, lc($regex),2);
    print "TAG : $tag / Option ($option)\n";
  }else{
    print "TAG : $regex / Option (Null)\n";  
  }
}

Simple FUNCTION EVAL by REGEXP

0
Posted by windows98SE on 20/08/2010 – 2:45 pm
Filed under เรื่อยเปื่อย บ่นๆ ไร้สาระมั่ง ไม่ไร้สาระมั่ง
Tagged as , 
#!/usr/bin/perl
while(1){
  print "Questions :";
  my $input = <STDIN>;
  chomp($input);
  $input =~s /\s|\t|\r|\n|\=|\?|\[|\]|\://ig;# หรือ จะตัดอะไรเพิ่มก็ใส่ลงไป เช่น /\s|\t|\r|\n|\=|\?|\(|\)|\[|\]|\://ig;
  $input =~s /x/\*/ig;# แปลงเครื่องหมาย x เป็น * (คูณ)
  $input =~s /÷/\//ig;# แปลงเครื่องหมาย ÷ เป็น / (หาร)
  while(my ($regex) = $input =~/(\((.{3})\)|(.{2}\(.{2}\))|(\(.{2}\).{2}))/i){
	my $eval_regex = eval $regex;
	$input =~ s/(\((.{3})\)|(.{2}\(.{2}\))|(\(.{2}\).{2}))/$eval_regex/i;
	print "input ($regex) : $input\n";
  }
  my $ans = eval $input if(eval $input); # ป้องกัน error กรณีใส่อะไรที่ คำนวน (eval) ไม่ได้เข้าไป
  print "Answer : $ans\n";
}