Jump to content

Zaseth

Members
  • Content count

    26
  • Joined

  • Last visited

Everything posted by Zaseth

  1. It would be cool if there would be userbars under your name. Just a little more customization! As example:
  2. Someone gave this to me. It has a ton of CPPS sources. Download: https://drive.google.com/uc?id=0B7VzJNrahSLsclM5dmNZaXd6YlE&export=download
  3. Hope you enjoy a good read. You can find it here: https://pastebin.com/raw/evzkavhN
  4. I will list some Javascript frameworks that are worth looking at. The list: Meteor Vue Knockout. Angular React Head. Mustache Ember Backbone Lodash and Underscore jQuery RxJS Mobx
  5. Something that I created when I was bored. This could be used for serious trolling. *NOTE*: THIS IS NOT REAL. Download: FakeCP_-_A_fake_CPPS_phpinfo-like_cpanel_by_Zaseth.rar
  6. This Python script will find for any webshell. It uses a wordlist for that. You need: Python 3x Hope you enjoy! Zaseths_ShellKiller.rar
  7. Hey all. There's a free program to check your own PHP code for vulnerabilities. You can run this program on XAMPP. The PHP checker: https://sourceforge.net/projects/rips-scanner/ The SQL query checker is site-based. You can find it here: http://www.sqlparser.com/sql-injection-detector/
  8. Look, If you don't like this thread then just don't comment on it. There's a paid version that is upto date.
  9. Something I created when I was bored. Don't even take it serious though. <?php // By Zaseth. FTP not tested. $ftp_server = "ftp.example.com"; $conn_id = ftp_connect($ftp_server) or die("Couldn't connect to $ftp_server"); if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { echo 'Seems to be Windows.'; echo exec('dir'); } else { echo 'Seems to be a distribution of Linux.'; $output = shell_exec('ls -lart'); echo "<pre>$output</pre>"; echo exec('whoami'); } echo "------------------------"; $filename = 'Kitsune.sql'; if (file_exists($filename)) { echo "Seems to be Kitsune."; } else { echo "This doesnt seem to be $filename"; } $myfile = fopen("Login.xml", "r") or die("Unable to open file!"); echo "------------------------"; echo fread($myfile,filesize("Login.xml")); fclose($myfile); $myfile3 = fopen("Database.xml", "r") or die("Unable to open file!"); echo "------------------------"; echo fread($myfile3,filesize("Database.xml")); fclose($myfile3); $myfile2 = fopen("Kitsune\Logging\Logs\Warn.txt", "r") or die("Unable to open file!"); echo "------------------------"; echo fread($myfile2,filesize("Kitsune\Logging\Logs\Warn.txt")); fclose($myfile2); ?>
  10. So SWFObject & SWFAddress are both used in the CP play page. These ''Javascript'' frameworks are for prettifying (and importing) SWF files into a homepage. Now this is a format of SWFObject's usage: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="swfobject.js"></script> <script type="text/javascript"> swfobject.registerObject("myFlashContent", "9.0.0"); </script> </head> <body> <div> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="800" height="600" id="myFlashContent"> <param name="movie" value="untitled.swf" /> <!--[if !IE]>--> <object type="application/x-shockwave-flash" data="untitled.swf" width="800" height="600"> <!--<![endif]--> <a href="http://www.adobe.com/go/getflashplayer"> <img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" /> </a> <!--[if !IE]>--> </object> <!--<![endif]--> </object> </div> </body> </html> So now you are thinking probably: It's a large piece of code. Is there any way to actually generate this with a ton of options? Well yes, there is and you can find that here: https://raw.githubusercontent.com/swfobject/swfobject/master/swfobject_generator/html/index.html SWFAddress is there for using hyperlinks. Basically adding #xdd into your URL. These are both pretty small projects and frameworks, but CP always used them. You can find SWFAddress here: http://www.asual.com/swfaddress/
  11. You can also use Sweetalert. I think it looks pretty nice and it is very stylish. You can find it here: http://t4t5.github.io/sweetalert/
  12. Ssssh let's not make our love public.
  13. I ripped some stuff together and eventually created this. You can find it here: https://pastebin.com/raw/N7h0u7MD
  14. I still had this somewhere. Download: https://mega.nz/#!t4YwUDYD!NRJLlxeVSqpqyHk6e2NrB2VL3lUKrOwMkGgqLHqIX_o
  15. Something rare. Got the .SWF and the .FLA Not corrupt and fully working. Nightclub_2008.rar
  16. I didn't see any v1.3 so I will just upload it here. Download: thefish1.3.rar
  17. Not rare, but still pretty cool to have. Download: fireworks swf.rar
  18. Some cool custom .SWF Download: https://mega.nz/#!Z1JRRCgJ!la2Pnf2aPd8g4wD4hYS-GtDB_Qp-lf9ww_LsHLE2VPo
  19. Hey guys. So I have the CP Play Page of Feb 2012. I cleaned it and updated the JavaScript. Download: CP_Play_Page_Feb_2012_Cleaned_by_Zaseth.rar
  20. Some SWF files, webpages and sources from those old days. I hope you enjoy! Download: https://mega.nz/#!cwJ1wQ7Y!2ghZJDBgvXHdIP-zDBmrqDpkK_Q3DXoYUG-nPigOdQA
  21. Looks great. I also have some SWF's stored on a place: https://mega.nz/#F!lsQUiDKZ!C1RwZZydF6qvc4_WOArqpw
  22. Really simple small 'tutorial' Now as an example, I've seen people use this: <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <!-- form contents --> </form> Please NEVER use this. This is vulnerable to XSS because there's no htmlentities. The xss code gets reflected and executed. What you should do: <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> What happens is that the htmlentities breaks the <script> part of a xss injection. The injection then will not work. You can also use strip_tags. Example of mysql real escaping: $xdd = $_POST["xdd"]; $xdd = mysqli_real_escape_string($xdd); $xdd = htmlentities($xdd); You can also add some javascript stuff to your register. I created some javascript register here: https://pastebin.com/EWs5RgSS This includes: Disallow special characters Max length Password generator Email can only contain regex These also make xss impossible
  23. I'm on a phone so Lmao. Dropping a lot of my stuff in content releases tomorrow.
  24. I've seen a lot of people also using insecure crossdomain.xml configs. This file is for domains that can connect etc. When it's insecure, an attacker can upload malicious SWF content. Insecure crossdomain.xml: <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy> The following is a correct crossdomain.xml: <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.xdd.com" /> <allow-access-from domain="xdd.com" /> </cross-domain-policy>
  25. Don't even try to help this person. She will keep bugging you and she will eventually insult you. Many people told her 'no'
×