tag:blogger.com,1999:blog-10097641837677417752024-02-06T21:35:47.673-08:00-UNSECURED SYSTEMS-vol.2r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.comBlogger71125tag:blogger.com,1999:blog-1009764183767741775.post-81413803502252281362012-08-11T20:03:00.000-07:002012-08-11T20:03:10.637-07:00parmainasGribu pazinot, ka tuvakaja laika bloga autori iesaistisies komercija, toest ne ta ka daris ko darijushi prieka pec , bet ari pelnis par to naudu.Ja Tu esi RTU students un doma kur atrast prakses vietu un Tevi saista droshiba, jeb nedroshiba timekli , raksti un mes tev izdomasim pielietojumu.
Parejiem tik varu teikt, ka par droshibu mes turpinasim rakstit, nenjemot vera to ka der4444 jau strada FIB laba un VietMafia ir savs bizness ,tad r0t iespejams ar cembo stradas zem kaut kada sia secured systems.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-8551055947119609152012-02-04T19:02:00.000-08:002012-02-04T19:08:48.489-08:00Viss TurpinasRakstu latviski jo pashlaik no no ievaonojamibu mekleshanas esmu taalu.<br />Uz doto bridi stradaju lai üelnitu sev un savai gimenei iztikuun man neatliek laika lai nodarbotos ar zinatni.<br />Ja protams atrastos kads investors kursh gribetu savu droshibas kompaniju pacelt debesis,tad varetu mes izmantot savu potencialu.<br />Bet vispar sho lietu galigi nepametu, kadu dienu kaut vai pec 10 gadiem to varu atsakt un uzstadiit jaunus rekordus shaja mazaja nishaa.<br />Katra zinja varu teikt, ka mana saucamaja bloga tuvakaja laika neka nebus, bet neesmu es aizmirsis savupiederibu un savus pienakumus, tapec vel nav game over.<br />Mes vel paradisim , ka latvieshi ir vai nu labakie vai vieni nio labakajiem urkiem pasaule!r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com1tag:blogger.com,1999:blog-1009764183767741775.post-78365974491471008202010-09-15T00:53:00.000-07:002010-09-15T00:54:30.750-07:00XSE shopping cart XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 15 September 2010<br />vendor:http://www.ecommercesoft.net/<br />affected versions:ver.: 1.5.3.0 / 1.5.2.1<br />and other prior<br />versions also can be affected.<br />###############################################<br /><br />XSE shopping cart contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "id" parameter in "default.aspx" and "type" parameter in "SearchResults.aspx" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br /><br /><br />##############################################<br /><br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-79360085834764318322010-09-12T04:34:00.000-07:002010-09-12T04:35:40.913-07:00Open Classifieds version 1.7.0.2 XSS Vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 12 September 2010<br />vendor:http://open-classifieds.com/<br />affected versions:Open Classifieds version 1.7.0.2<br /> Open Classifieds version 1.7.0<br />and other prior<br />versions also can be affected.<br />###############################################<br /><br />Open Classifieds contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "desc","price","title","place" parameter in "index.php" and "subject" parameter in "contact.htm" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br /><br /><br />##############################################<br /><br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-35605831510886937402010-09-11T16:29:00.000-07:002010-09-11T16:34:41.574-07:00new r0t FAQ edition 0.91 alfar0t FAQ edition 0.91 alfa<br /><br />Hi again,<br />Im r0t who reports mostly about new SQL/XSS attack vulnerabilities on net.<br />So there is some things that i want to do clear:<br /><br />1)You arent correct with you report.<br /><br /><br />1.Every from my vulnerability report is autmaticaly reported to biggest vuln. research<br />teams/bugtraq sites (secunia,osvdb,frsirt,security.nnov.ru)So, thats mean or you are more skilled that we all together or you mis.. some stuff. 99% of all my reports are later verified by biggest and best vulnerability researchers on the world.<br />So i have mistakes also with my reports , cauz sometimes i report vuln. for software which dont have any public demos or trial versions and my test are only tested on "case study" or clients who use that software.<br />In that way sometimes vuln researchers after me to verify my report have big problems with that, cauz who wanna test in real examples and of course its illegal, so you can only imagine how is to prove something doing test on bank sites and .gov sites.<br />about that of course i have problems with governments,police and other structures who fight vS "hackers" at all , but its my problem ,not yours.<br />Do it mean that i had broken laws with my tests and reports?<br />Yes of course, but as i used only for testing and reporting, i can answer in any justice for that, for my tests and reports.<br /><br /><br /><br /><br />2)Next time report to vendor!<br /><br />2.Why i dont report to vendors about vulnerabilities?There was few times when i did report and one of them was Vbulletin my favorite forum developers, when from few reports i didnt get answers in some weeks i automatically forgot about reporting to vendors. Of course not all vendors is like one vendor and one vendor isnt like others.<br /><br /><br /><br /><br />3) Its isnt professional when you dont report to vendors.<br /><br />3.Look if you are one of those vendors who are listed on my blog, so thats shows that you had mistake in your work and your product was unsecured and thats means that you arent professional, im not a developer im only pentester.<br /><br /><br /><br /><br />4)Give me live example.<br /><br />4. If you arent from Secunia,frsirt,osvdb or vendor i will not provide you with any live examples or HowTo´s.So anyway forget about that and RFM!<br /><br /><br /><br /><br />5)We had fixed that in new release,delete your report.<br /><br />5.Look Im very glad that you had fixed that vuln., but your vuln. version of your developed software is already in use and many people will use it for while.<br />Its my reports and nothing will be deleted only if i will recognize that it was my mistake.<br /><br />6) You are hacker.<br /><br />6. I never had that idea that im hacker , hacker for me i guru in that skills and knowledge that i dont have. I do only my "job" i report about unsecure systems, with wish that not a vendor ,but software potentional user will now about unsecured systems and he will get more easy to chose witch one software he will use in his project.<br />Yes of course i admit and moderate some hacker and security boards now , but there i am with another "ID", cauz sometimes to be a r0t, can very dangerous.<br /><br /><br /><br /><br /><br />PS.<br />I hope this FAQ will give answers to most of your questions, if you have any another questions about me or my reports you can mail me: krustevs[at] gmail.comr0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-25043510407024415962010-09-09T16:04:00.000-07:002010-09-09T16:25:12.859-07:00NetArtMEDIA Real Estate Portal v2.0 XSS vuln. + NetArtMEDIA lfi.###############################################<br />Vuln. discovered by : r0t<br />Date: 09 September 2010<br />vendor:http://www.netartmedia.net/realestate/<br />affected versions:NetArtMEDIA Real Estate Portal v2.0 and other<br />versions also can be affected.<br />###############################################<br /><br />NetArtMEDIA Real Estate Portal v2.0 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "id" parameter in "AGENTS/index.php" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br /><br />for successful exploitation you must be logged in.<br />##############################################<br /><br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />############################################### <br /><br /><br />+ bonus LOCAL FILE INCLUDE VULN. IN NetArtMEDIA products.<br /><br />Almost all NetArtMEDIA products have local file inclusion vuln.<br />in exmaple in Real Estate Portal v2.0 -"folder" and "action" parameter in "AGENTS/index.php"<br />by other products try also "action" parameter for local file include.<br />Vendor website is running on product "WebSiteAdmin v2.1"(http://www.websiteadmin.biz/), for local file include use input in "lng" parameter in "ADMIN/login.php"<br /><br /><br />=====================================================================================r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-72345840045794829232010-09-09T15:56:00.000-07:002010-09-09T15:59:06.214-07:00iBoutique.MALL 1.2 XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 09 September 2010<br />vendor:http://www.netartmedia.net/mall/<br />affected versions:iBoutique.MALL 1.2and other<br />versions also can be affected.<br />###############################################<br /><br />iBoutique.MALL 1.2 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "tmpl" parameter in "index.php" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br />##############################################<br /><br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-28256601061872841432010-09-09T14:05:00.000-07:002010-09-09T15:45:54.667-07:00PowerStore™ 3 XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 09 September 2010<br />vendor:http://www.webassist.com/php-scripts-and-solutions/powerstore/<br />affected versions:PowerStore™ 3 and other<br />versions also can be affected.<br />###############################################<br /><br />PowerStore™ 3 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "totalRows_WADAProducts" parameter in "Products_Results.php" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br />##############################################<br /><br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com1tag:blogger.com,1999:blog-1009764183767741775.post-38510072478873749532010-09-09T13:48:00.001-07:002010-09-09T13:51:49.694-07:00NetArtMEDIA Car Portal v2.0 XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 09 September 2010<br />vendor:http://www.netartmedia.net/carsportal/<br />affected versions:v2.0 and other<br />versions also can be affected.<br />###############################################<br /><br />NetArtMEDIA Car Portal contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "car_id" parameter in "index.php" and input passed to the "y" parameter in "include/images.php' isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br />##############################################<br /><br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-12163901366084092032010-09-09T03:42:00.000-07:002010-09-09T03:44:27.448-07:00Fendereejam balticom Trafiku.Tiem kas izmanto na savu netu un patik lietot programas ka Utorrent.<br />Kaut kad nesen pamaniju vienu fishku ar balticom klientiem, kuri var netu lietot tikai ar ierobezhotu pc skatu,toest ja gribi otro kompi pielsegt maksa papildus.<br />Kadu vakaru nebiju ipasi apmierinats ar mana kaimina Vasjas sniegto atrumu velkot filmas, pameiginaju apskatities kas notiek apkart.<br />Piesledzoties pie vairakiem bezparoles labdariem, meiginot ieiet mani redirekteja uz uz balticom klientu majas lapu pazinojot par to ka mana mac adrese nav registreta tikla un man nav iedalita IP, vai kaut kas tamlidzigs.<br />Protams ar talruni lai es varetu pieslegt savu pc ,jeb ka vini saka registret to par papildus maksu.<br />Nets ir tatad izmantosim to kaut vai filmam neveicot nekadas ipasi sarezhgitas darbibas.<br />Musu uTorrentam jabut procesa , isak sakot failu velkam pa musu vajo kanalu un vienkarsi nenamam un parsledzamies uz balticom un skatamies - vuallaa!<br />Terejam ne savu trafiku un iegustam iespejams velamo failu.<br />Ja metode neiet Jums ar pirmo reizi cauri meiginiet vel.<br />Ceru ka neaizravos ar nepareizu sarunvalodu un izskaidroju pavisam neachgaarni.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-9175468180824896082010-09-09T00:23:00.000-07:002010-09-09T00:28:48.189-07:00Member Management System v 4.0 XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 09 September 2010<br />vendor:http://www.expinion.net/Applications/MMS_overview.asp<br />affected versions:v 4.0 and other<br />versions also can be affected.<br />###############################################<br /><br />Member Management System contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "REF_URL" parameter in "admin/index.asp" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br />##############################################<br /><br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-52234326392752575182010-08-10T18:18:00.000-07:002010-08-10T18:41:17.609-07:00Google Store vuln.4 years ago i had posted about XSS vuln. in GoogleStore:<br /><br /><a href="http://pridels0.blogspot.com/2006/04/googlestore-xss-vuln.html">GoogleStore XSS@2006 year</a><br /><br />Today i had checked again , but others parameters.<br />And look what i found- an attacker can easy change file(image,etc) location to his malicius file.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjVIj4gdGmR7qvRhyphenhyphenASusO2VOhRJ2SE9jOlXcB4OM84OnSGNcB-thT8pwMH2cPbmUDF0LUEIYWmX5WSQES_gZW__WCU7LFIcGYPMYpQPxz1NscocU3u905D0XOXIypAogBR_EFxjj3ZEP3/s1600/r0t2.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjVIj4gdGmR7qvRhyphenhyphenASusO2VOhRJ2SE9jOlXcB4OM84OnSGNcB-thT8pwMH2cPbmUDF0LUEIYWmX5WSQES_gZW__WCU7LFIcGYPMYpQPxz1NscocU3u905D0XOXIypAogBR_EFxjj3ZEP3/s320/r0t2.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5503959293884183682" /></a><br /><br />Live P0c:<br />http://www.googlestore.com/view_large.aspx?img=http://img834.imageshack.us/img834/3778/r0t.png&edp_no=16918<br /><br /><br />PS. probaly nothing special* as a vuln.,but its interesting why coders/developers of GoogleStore do so simple mistakes.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-89278996760008427362010-03-14T20:30:00.001-07:002010-03-14T20:30:25.991-07:00DirectAdmin <= v1.35.1 XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 15 March 2010<br />vendor:http://www.directadmin.com/<br />affected versions:v1.35.1 and other<br />versions also can be affected.<br />###############################################<br /><br />DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "name" parameter in "CMD_DB_VIEW" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br />##############################################<br />live PoC:<br />http://www.directadmin.com:2222/CMD_DB_VIEW?DOMAIN=demo.com&name=%22%3E%3Cscript%3Ealert%28111%29;%3C/script%3E<br />PS.<br />need to login:<br />demo_user:demo<br />###############################################<br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-6706737721956730072010-03-14T19:10:00.000-07:002010-03-14T19:32:02.227-07:00Garam ejot, jeb back...Sen nebiju bijis , bet shobrid atradu mazu mirkli , lai uzrakstitu kadu domu un droshi vien ka iet.<br /><br />Pedeja laika skatos, ka vards Neo ir kluvis loti populars LV prese.<br />Ko tur teikt, smiekligi ar tadu infu nekad es nekepatu pat lieku flashku ,kur nu vel vairak. Kaut kadi VID dati, lai kadam atgadinat cik un kuram ir alga uz papira? To taksh Valsts Kontrole un KNAB utt. var apskatit jebkura bridi.<br />Laikam cilveks kursh izvelejas vardu Neo , izvelejas to jo masam tas ir daudz pienemaks neka hax0rzzz:)Bet ta reali tadus nikus sev izvelas CS mili,jeb delitanti.<br />Shodien iegaju Delfos a tur raksts ,ka Chili Pica's klientu dati nopludusi tikla, tipa tiem kuriem tur klientu kartes bija, aarpraac.. he he... smiekligi ko tad ar Picu edaju infu var iesakt, vienigais laikam konkurenti var nofludot tos ar spamu lai dabutu sev kadu klientu vairak un tas ari viss, bet breka liela un atkal tiek pieminets Neo protams komentos..:))<br />Cilveku stulbumam laikam nav robezhu..<br />Ja kads no tiem stulbeniem tagad lasa manis rakstito , tad jebkuras kompanijas vai uznemuma LV datubazi dabut ir tik viegli ,ka aptuveni Azeru prova datubazi dabut, tik kam tas ir vajadzigs.. zhurnalistiem vai?Vai tiem kas pavada visu laiku kadas dzeltenes preses zinas ar iespeju komentet izmetot visu savu zhulti uz visiem launajiem deptutatiem,utt.<br />Labi tas par to bulshitu kas notiek presse.<br /><br /><br />Ir doma atsakt blogot un ne tikai... vajadzigi ir kadi paris koderi ar taisniem pirkstiem, kuriem butu prieks veltit laiku ka pen-testeriem,toest nodarboties ar ievainojamibu meklesanu,esmu gatavs ari finansiali atbalstit, ja protams jus attaisnosiet uz jums liktas ceribas.Nopelnisiet sev atpazistamibu pasaule vismaz shaja shauraja sfera, ka ari maizei ar desu nopelnisiet.<br /><br />Ka ari welcome visiem tiem kuriem intrese un patik web aplikaciju ievainojamibas .<br /><br /><br />Pasts mans ir vecais krustevs gmail.comr0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-9227092014793226682009-06-30T06:25:00.001-07:002009-06-30T06:55:01.853-07:00phpMyAdmin XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 30 june 2009<br />vendorlink:http://www.phpmyadmin.net/<br />affected versions:<br />phpMyAdmin 3.2.0.1<br />phpMyAdmin 3.2.1-dev<br />phpMyAdmin 3.3.0-dev<br />phpMyAdmin 2.11.10-dev<br />phpMyAdmin 3.2.0-rc1<br />and another versions also can be affected<br />###############################################<br /><br /><br />Vuln. Description:<br /><br />phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "db" paremeter in "index.php" isn't properly sanitised before being returned to the user.<br />This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.<br /><br /><br />live PoC:<br />http://demo.phpmyadmin.net/MAINT_3_2_0/index.php?db=%22%3E%27%3E%3Cscript%3Ealert%28%2Fr0t%2F%29%3C%2Fscript%3E&token=f70d8ec4305c5a877f56c14554aced10<br /><br /><br /><br />###############################################<br />Solution:<br />Edit the source code to ensure that input is properly sanitised.<br />###############################################<br /><br /><br /><br />Ps.<br />By changing XSS test requests for popular products like phpMyAdmin vulns like XSS will never ends.To prove my words,just use XSS PoC request from live example by another parameters.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-55128544164453918692009-06-29T06:24:00.000-07:002009-06-29T06:32:30.652-07:00XSS ieksh SS.LV<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqf71cEKtKQr6oEc8WYEBf0WiuIE3am1JF72ouVdTpsJvqiq0-dx9ZIuQ7KTsPyRSqPSv_IX9VWlVRILxfpMJAKC-n8vV-8-bP_1YNBMpRo-YgdxjXXLyStVPOLe2TW_ExykuNiR5JNW52/s1600-h/ss.lv.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 179px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqf71cEKtKQr6oEc8WYEBf0WiuIE3am1JF72ouVdTpsJvqiq0-dx9ZIuQ7KTsPyRSqPSv_IX9VWlVRILxfpMJAKC-n8vV-8-bP_1YNBMpRo-YgdxjXXLyStVPOLe2TW_ExykuNiR5JNW52/s320/ss.lv.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5352740268112894562" /></a><br /><br />Ka jau lielakai dalai Mekleshanas dzinejiem ir populara kibele ar XSS, tad ss.lv ar neko ipashi neatshkkiras.<br />Mekleshana:<br />r0t://www.ss.lv/lv/transport/cars/search/<br /><br />parametrs "Cena": ar savam divam ailem "Min" un "Max" ir vieta kur ir ticis nohalturets.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-54639016165877675822009-06-29T04:45:00.000-07:002009-06-29T04:56:11.132-07:00Hackers Library* Ebook - Computer) Hacking The Windows Registry.pdf<br /> * (eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf<br /> * (eBook pdf) Hacking into computer systems - a beginners guide.pdf<br /> * (ebook_-_pdf)_Hacking_IIS_Servers.pdf<br /> * A Beginners Guide To Hacking Computer Systems.pdf<br /> * amazon-hacks.chm<br /> * Attacking the DNS Protocol.pdf<br /> * Auerbach.Practical.Hacking.Techniques.and.Counterm easures.Nov.2006.pdf<br /> * bsd-hacks.pdf<br /> * Certified Ethical Hacker (CEH) v3.0 Official Course.pdf<br /> * Computer - Hackers Secrets - e-book.pdf<br /> * cracking-sql-passwords.pdf<br /> * Crc Press - The Hacker'S Handbook.pdf<br /> * Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru].pdf<br /> * DangerousGoogle-SearchingForSecrets.pdf<br /> * database hacker handbook.chm<br /> * Dummies - Hack How To Create Keygens (1).pdf<br /> * ebay-hacks-100-industrial-strength-tips-and-tools.pdf<br /> * eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm<br /> * ethical hacking, student guide.pdf<br /> * excel-hacks.chm<br /> * google-hacks.pdf<br /> * Guide-to-Hacking-with-sub7 (1).doc<br /> * Hack IT Security Through Penetration Testing.pdf<br /> * Hack Proofing - Your Network - Internet Tradecraft.pdf<br /> * Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress - ISBN 1-928994-34-2.pdf<br /> * Hack Proofing Sun Solaris 8.pdf<br /> * Hack Proofing Your E-Commerce Site.pdf<br /> * Hack Proofing Your Identity In The Information Age.pdf<br /> * Hack Proofing Your Network Second Edition.pdf<br /> * Hack Proofing Your Network_First Edition.pdf<br /> * Hack Proofing Your Web Applications.pdf<br /> * Hacker Disassembling Uncovered.chm<br /> * hacker ethic.pdf<br /> * Hacker Linux Uncovered.chm<br /> * Hacker Web Exploitation Uncovered.chm<br /> * Hacker'S.Delight.chm<br /> * Hackers Beware.pdf<br /> * Hackers Secrets Revealed.pdf<br /> * Hackers Secrets.pdf<br /> * Hackers, Heroes Of The Computer Revolution.pdf<br /> * Hackers_Secrets.pdf<br /> * Hacker_s_Guide.pdf<br /> * Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf<br /> * Hacking - The Art of Exploitation.chm<br /> * Hacking Cisco Routers.pdf<br /> * Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf<br /> * Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf<br /> * Hacking For Dummies 1.pdf<br /> * Hacking For Dummies 2.pdf<br /> * Hacking For Dummies.pdf<br /> * Hacking GMail.pdf<br /> * Hacking IIS Servers.pdf<br /> * Hacking into computer systems - a beginners guide.pdf<br /> * hacking the windows registry .pdf<br /> * Hacking Windows XP.pdf<br /> * Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf<br /> * Hacking-Hacker's Guide.pdf<br /> * Hacking-Hackers Secrets Revealed.pdf<br /> * Hacking-Hugo Cornwall-The Hacker's Handbook .pdf<br /> * Hacking-The Hacker Crackdown.pdf<br /> * Hacking.For.Dummies.Access.To.Other.People's.Syste m.Made.Simple.pdf<br /> * Hacking.Guide.V3.1.pdf<br /> * Hacking.nfo<br /> * Hacking.sfv<br /> * Hackproofing Oracle Application Server.pdf<br /> * Hack_Attacks_Revealed_A_Complete_Reference_With_Cu stom_Security_Hacking_Toolkit.<br /> * chm<br /> * Hack_IT_Security_Through_Penetration_Testing.chm<br /> * haking.txt<br /> * Halting.The.Hacker.A.Practical.Guide.To.Computer.S ecurity.chm<br /> * How to Crack CD Protections.pdf<br /> * John Wiley & Sons - Hacking For Dummies.pdf<br /> * John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eB ook-DDU.pdf<br /> * linux-server-hacks.pdf<br /> * little_black_book_oc_computer_viruses.pdf<br /> * mac-os-hacks.chm<br /> * McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf<br /> * McGraw.Hacking.Exposed.Cisco.Networks.chm<br /> * McGraw.Hill.HackNotes.Network.Security.Portable.Re ference.eB.pdf<br /> * McGraw.Hill.HackNotes.Web.Security.Portable.Refere nce.eBook-.pdf<br /> * McGraw.Hill.HackNotes.Windows.Security.Portable.Re ference.eB.pdf<br /> * Mind Hacks - Tips & Tricks for Using Your Brain.chm<br /> * network-security-hacks.chm<br /> * No.Starch.Press.Hacking.The.Art.Of.Exploitation.ch m<br /> * O'Reilly - Online Investing Hacks.chm<br /> * O'Reilly.-.Network.Security.Hacks.chm<br /> * O'Reilly.Windows.Server.Hack.chm<br /> * O'Reilly.Windows.Server.Hack.rar<br /> * online-investing-hacks.chm<br /> * OReilly Google Hacks, 1st Edition2003.pdf<br /> * OReilly - Google Hacks.pdf<br /> * Oreilly, Paypal Hacks (2004) Ddu.chm<br /> * OReilly,.IRC.Hacks.(2004).DDU.chm<br /> * OReilly.SQL.Hacks.Nov.2006.chm<br /> * OSB.Ethical.Hacking.and.Countermeasures.EC.Council .Exam.312.50.Student.Coursewar<br /> * e.eBook-LiB.chm<br /> * O_Reilly_-_Windows_XP_Hacks.chm<br /> * PC Games - How to Crack CD Protection.pdf<br /> * Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm<br /> * SoTayHacker1.0.chm<br /> * spidering-hacks.chm<br /> * SQL Hacks.chm<br /> * SQLInjectionWhitePaper.pdf<br /> * Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf<br /> * Syngress -- Hack Proofing Your Wireless Network.pdf<br /> * Syngress Hack Proofing Your Identity in the Information Age.pdf<br /> * Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf<br /> * Syngress.Hack.the.Stack.Oct.2006.pdf<br /> * The Little Black Book Of Computer Virus.pdf<br /> * The_20Little_20Black_20Book_20of_20Computer_20Viru ses.pdf<br /> * tivo-hacks.100-industrial-strength-tips-and-tools.pdf<br /> * u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf<br /> * Wiley.The.Database.Hackers.Handbook.Defending.Data base.Servers.chm<br /> * Win XP Hacks oreilly 2003.chm<br /> * Windows Server Hacks.chm<br /> * WinXP SP1 Hack.pdf<br /> * Xbox-hack - AIM-2002-008.pdf<br /> * Yahoo.Hacks.Oct.2005.chm<br /><br />Download from Rapidshare:<br /><br />r0t://rapidshare.com/files/82425846/Hacking.part01.rar<br />r0t://rapidshare.com/files/82442869/Hacking.part02.rar<br />r0t://rapidshare.com/files/82427993/Hacking.part02.rar<br />r0t://rapidshare.com/files/82445546/Hacking.part03.rar<br />r0t://rapidshare.com/files/82430177/Hacking.part03.rar<br />r0t://rapidshare.com/files/82432614/Hacking.part04.rar<br />r0t://rapidshare.com/files/82448319/Hacking.part04.rar<br />r0t://rapidshare.com/files/82451101/Hacking.part05.rar<br />r0t://rapidshare.com/files/82454225/Hacking.part06.rar<br />r0t://rapidshare.com/files/82457503/Hacking.part07.rar<br />r0t://rapidshare.com/files/82460913/Hacking.part08.rar<br />r0t://rapidshare.com/files/82464586/Hacking.part09.rar<br />r0t://rapidshare.com/files/82468340/Hacking.part10.rar<br />r0t://rapidshare.com/files/82471881/Hacking.part11.rar<br />r0t://rapidshare.com/files/82473464/Hacking.part12.rar<br /><br />if download dont works 4 u , change/replace "r0t" to "http".<br /><br /><br />RTFM ;]r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-23075019509089336082009-06-25T14:34:00.000-07:002009-06-25T14:52:42.034-07:00Iznakusi BackTrack 4 Pre ReleaseLigi, ligo, veljorpojam laikam manas asinis ir vairak alus neka asinis.<br />Bet nepar iet runa , runa ies par Backtrack 4 kuram nupat iznakusi ir "Pre Release".<br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMTmKz0wVQDGa1Imgq5EWb2bstPBGZRS8vK2vykoAIrdm5NL0Bi6VaQytLYs5JfgOUKB8gZ8ZO_Y7qDBAbL6N_ZPD13Tiiwz6JqehS0AfMLZlFZIlZ9XeAEQWxSxcLgM4XmCdyTQUFTYcI/s1600-h/backtrack-4-beta.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 192px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMTmKz0wVQDGa1Imgq5EWb2bstPBGZRS8vK2vykoAIrdm5NL0Bi6VaQytLYs5JfgOUKB8gZ8ZO_Y7qDBAbL6N_ZPD13Tiiwz6JqehS0AfMLZlFZIlZ9XeAEQWxSxcLgM4XmCdyTQUFTYcI/s320/backtrack-4-beta.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5351386254077566402" /></a><br />Ta ka kursh nevar nociesties un sagaidit Final relizi, tad velkam <a href="http://www.remote-exploit.org/backtrack_download.html">sheit</a>.Ja salidzinasim ar Backtrack 4 beta, tad svars ir manami pieaudzis no 854mb uz 1390mb, te jau lielu lomu tas vairs nespele, ja Backtrack tresho vareja dabut virsu uz CD matricas, tad te veel uz DVD paliks daudz brivas vietas:)<br />Tapatas* var paluureet <a href="http://www.offensive-security.com/videos/backtrack-security-training-video/up-and-running-backtrack.html">Introduction Video</a> vai palasit <a href="http://www.offensive-security.com/backtrack4-guide-tutorial.pdf">.PDF</a> par to kas jauns lacitim vedera.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-45266749622002456172009-06-20T06:05:00.000-07:002009-06-20T07:06:19.969-07:00SS.lv Zirgu stallis<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbVO4YHca-QFcy-LdzlEyKcFj0875vq8vvqWXRLbtUCiDbaQgxjpxgQEJvQrixgEHsCF-ejA7ZxIlYT4EyMhJxR6cT1fKzUBrgIInFc_QhyFtoAAlDGjw5AzBDF-EJKnGiRhUHhjpEmNnZ/s1600-h/ss.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbVO4YHca-QFcy-LdzlEyKcFj0875vq8vvqWXRLbtUCiDbaQgxjpxgQEJvQrixgEHsCF-ejA7ZxIlYT4EyMhJxR6cT1fKzUBrgIInFc_QhyFtoAAlDGjw5AzBDF-EJKnGiRhUHhjpEmNnZ/s320/ss.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5349399111672674834" /></a><br />Iegaju ka tiko ss.lv apskatities sludinajumus un mans AntiVir sak brekt par malware ieksh javascript , kad veras pats sludinajuma logs valja .Vai nu kads zikkeris paspejis ielikt , bez zinjas vai ss.lv piepelnaas:) Kriize , kriize..<br /><br /><br />PS. protams ka ar FF kluse , jo tendets tieshi prieksh IE.<br /><br /><br />Te ir viens no failiem:<br />h**p://i.ss.lv/w_inc/decoder.js<br /><br /><a href="http://rapidshare.com/files/246649436/Saturs.txt.html">SATURS</a><br /><br />iemetot ieksh virustotal.com shadi <a href="http://www.virustotal.com/analisis/d9e87467c4b2a0feaffc0909274664cc509e9c8388334062bbb6b6f59add720e-1245506416">rezultati</a> iznaca mums.<br />no 41 av 2 nobrecas:<br />AntiVir 7.9.0.19 HEUR/HTML.Malware<br />McAfee-GW-Edition 6.7.6 Heuristic.HTML.Malwarer0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-6246654410497946632009-06-20T02:53:00.000-07:002009-06-20T05:16:19.920-07:00Anti XSS ieksh inbox.lvInbox.lv pats nelietoju, tapeec vareetu teikt ,ka pat nezinaju , kaads tas zveers izskataas. Nejaushi uzduros Googlej0t uz viena <a href="http://rotanovs.com/web-developer/httponly-php/">bloga</a>, kur itka publicejas:<br />"Jul 2001–Feb 2007: Chief Developer at Inbox.lv, largest Latvian Internet portal, proud to say it moved from #4 to #1 in terms of weekly unique visitors since I joined the company." jeb vienkarshi Viktors Rotanovs.<br />Labi , protams rodas iespaids Chief Developer iespejams ka mega labs , par vinja pro neshaubos nemirkli un rekur vel pamaciba bloga par Anti-XSS , tad jau itka visam inbox.lv vajadzetu buut kaartiibaa , ieshu ka es paluukoshos.<br />Es biju mazliet parsteigts, ka lielako ties tam mega portalam nekas pashu rokam nav rakstits*, pa bazi njemti gatavi mazliet modificeti, ka piem pats pasts tiraka Horde,tie amigos ir viens no MySpace kloniem kuri metajas tiimeklii.<br />Tad par XSS, uzmetu aci ipashi nechenshoties pat testa pieprasijumu nemainot atradu paariiti.Isak sakot es domaju ka tas viss ir paradijies peec 2007-ta jo Viktors to nebutu pielavis..:)<br /><br />Amigos, jeb MySpace klons<br /><br />MySpace Klons<br />http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522&from=%22%3E%3Cscript%3Ealert(111);%3C/script%3E<br />http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522%22%3E%3Cscript%3Ealert(111);%3C/script%3E<br />http://amigos.inbox.lv/index.php?mode=report_spam&cat=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E<br /><br />ps. index vieta admin un esam , pie sprices:)<br /><br />http://work.inbox.lv/darbs/o-%22%3E%3Cscript%3Ealert(111);%3C/script%3E.html<br />http://smart.inbox.lv/?logout=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E<br />http://smart.inbox.lv/cr_game/index.php?game_id=15420&rnd=%22%3E%3Cscript%3Ealert(111);%3C/script%3E<br />http://smart.inbox.lv/cr_game/index.php?game_id=%22%3E%3Cscript%3Ealert(111);%3C/script%3E<br /><br />Ja ticet readme.html failam kas metajas tur, tad WP versija ir 1.5:)<br />http://company.inbox.lv/news/readme.html<br /><br /><br /><br />PS.Jau ieprieks atvainojos par sagadatam neertibam, ne pret Viktoru ne pret inbox.lv kolektivu nav man nekadas pretenzijas, es tikai garam ejot ,lai paskatitos ,ka jums iet.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com2tag:blogger.com,1999:blog-1009764183767741775.post-3432791496314858202009-06-19T13:59:00.000-07:002009-06-19T14:00:20.890-07:00DirectAdmin <= v1.33.6 XSS vuln.###############################################<br />Vuln. discovered by : r0t<br />Date: 19 June 2009<br />vendor:http://www.directadmin.com/<br />affected versions:v1.33.6 and other <br />versions also can be affected.<br />###############################################<br /><br />DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "view" parameter in "CMD_REDIRECT" isn't properly sanitised before being returned to the user.<br />This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.<br />##############################################<br />live PoC:<br />http://www.directadmin.com:2222/CMD_REDIRECT?view=<br />advanced&sort1%22%3E%3Cscript%3Ealert(111);%3C/script%3E=1&domain=demo.com<br />PS.<br />need to login:<br />demo_user:demo<br />###############################################<br />Solution:<br />Filter malicious characters and character sequences in a web proxy.<br />###############################################r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-59557377871906059822009-06-19T08:18:00.000-07:002009-06-19T09:30:06.109-07:00Trojani zem Latvijas karogaTrojas zirgi un to Botneti*.<br />Runa ir par to,ka labu laiku atpakal ticis konstatets,bet joprojam nekas nav darits.<br />Es pat abrinoju tos cilvekus ,kuri apzinoties to ka vinju botneta serveris ,kur nak visi logi* un stav administracijas panelis,to visu pasakumu neparliek uz cita servera.<br />Pie tadas nodarbes serveri ir jamaina vismaz reizi pa 2-3 menesiem.<br />Ir viens tads monitoringa saits ka <a href="https://zeustracker.abuse.ch/">ZeuS Tracker</a> ,kursh veero ZeuS troja izplatibu timekli.<br />Tad luk viens no top* Trojana ZeuS hosteriem ir musu pashu <a href="http://www.junik.lv/">JUNIK</a> un rekur ari trakeri vesels <a href="https://zeustracker.abuse.ch/monitor.php?as=8206">saraksts</a> ar ZeuS adminkam*.<br />Ka jau ieprieks mineju , ka parak ilgi stav vini tur.<br />Tapat luk bus vel viena <a href="http://fire.seclab.tuwien.ac.at/chart.php?as=AS8206">vieta</a> , kur redzama aktivitates grafika<br />Pienemsim ka provaideram/hosterim ir pie vienas vietas vai ari piekopj taadu politiku,par tiesibsargajoshajam iestadem nemineshu,bet ir jau ari citi aspekti piemeram Zeus adminka* kada ta naca no developera* ir loti sliktas kvalitates,taapat ka ari Limbo 2 .<br />Ta ka ir tadi <a href="https://zeustracker.abuse.ch/">monitoringa</a> pasakumi, nav jau gruti pat treshajai personai ielist laaciitim veedera un panjemt ko vajag.<br /><br />Sikak par ZeuS funkcionalitati varat palasit autora uzceptaja <a href="http://rapidshare.com/files/246336357/manual_en.txt.html">manuali</a>.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com1tag:blogger.com,1999:blog-1009764183767741775.post-79529786760180265802009-06-18T06:54:00.000-07:002009-06-18T07:23:22.370-07:00Pazudushie Cilvekiwww pasaule sastaptie cilveki vareetu kadam likties , ka vinji tepat ir ka konfektes aiz vitrinas veikala, ka Tu vinjus redzi un tepat vien ir...Tomer viss ir savadaak.Nupat pasham uznaca kaut kada nostalgija par veciem laikiem* pienemsim to pasu vien netsec.lv , ne es butu manijis DigX ne Mandarin'u, te tev bija te tev izbija.Tapat bija taads pasakums ka X-access (x-access.biz , x-exploitz.com)kas itka bija topa augshgala sava nishaa , bet pec tam kadam kaut kas apnika un viss pajuka,bet cilveku bija daudz ar kuriem vareja dalities zinashanas un tapat vien paterzet.Ir jau brizhi kad mes jutamies ka esam izaugushi pietiekoshi un ka ir jakustas uz priekshu un pashreizeeja vieta nevar iedot to izaugsmes iespeju.<br />Izaugsme, tas vien ir atsevishkka posta* veerts vaards.<br />Turpinam ar to ko iesaku,luk shis pats blogs ne es butu manijis :VietMafia,der4444,cembo pedejo gadu laika:( Diemzhel pats daudz kur esmu pie taa vainigs, es pats ik pa bridim pazudu vai nu uz pusgadu ,vai uz gadu un ko tad var gaidit no parejiem.<br />Teiksat ,ja gribetu butu jau sen atradis..varbut ari, vienkarshi lai apjautatos: ka iet? Neiesi googleet cauram dienam.Pieturos pie shi bloga ari ar ceribu , ka caur shejieni mani vares vel dabut roka.Ta ka, ja kads no manis minetajiem cilvekiem lasa sho droshi dodat par sevi zinat.<br /><br />PS><br />Nezinu nemaz vairs ko shaja bloga publicet, laikam vajag vai nu vecos biedrus atpakalj dabuut vai nu jaunas asinis*.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-86843928827483203872009-06-02T11:45:00.000-07:002009-06-02T11:57:33.138-07:00Uz bridi ,kad ir laiks...Roka vienkarsi necelas, lai nemtu un veiktu - copy/paste*,lai uzturetu blogu aktivu.Necelas roka ari lai kadu nodi...u.Tapat ar ievainojamibam ir, ka ir pamaz stimula ,lai ari vinam nodarbotos.<br />Tapec nolemu pajautat Jums -varbut jums ir kada ideja vai ieteikums par kadu rakstu/iem.<br />Tad drosi varat rakstit uz krustevs(a)gmail com.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0tag:blogger.com,1999:blog-1009764183767741775.post-76790426339655192832009-05-22T03:03:00.000-07:002009-05-22T03:15:03.294-07:00Wifi Hacks AIO 2009<div style="text-align: center;">Some software&e-books for wardrivers....<br />enjoy.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://img218.imageshack.us/img218/1111/33o1qx0.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 343px; height: 246px;" src="http://img218.imageshack.us/img218/1111/33o1qx0.jpg" alt="" border="0" /></a> Wifi Hacks AIO 2009<br />27 in 1 WiFi Hacks Tools & E-Books<br /><br />Hacks page 1:<br />* Comm View for WiFi v5.2484<br />* Pure NetWorks NetWork Magic 2<br />* Air Cr@ck<br />* AP Sniff<br />* Comm View<br />* Aerosol<br />* Easy WiFi Radar<br />* Boingo Wireless<br /><br />Hacks page 2:<br />* Get Wep Key Of Encrypted Wireless Connection<br />* WiFi Companion v2.10.4<br />* Net Stumbler<br />* WiFi H@ck Tools<br />* WiFi Internet Access Blocker<br />* iPig WiFi HotSpot VPN Security<br /><br />Hacks page 3:<br />* Hot Spotter v0.4<br />* Kismet<br />* WDG<br />* AirShort v0.2.7e<br />* WiFi Hopper v1.2<br />* Wireless NetWork Ignition<br />* Wepwedgie - alpha<br />* Wep Cr@ck<br /><br />E-Books:<br />* O-Reilly Wireless H@cks<br />* System Cr@cking 2k<br />* FB! Teaches how to break WiFi<br />* Collection of H@cking Dictionary<br /></div> * How to Cr@ck WEP<br /><div style="text-align: center;"><br /></div><a href="http://rapidshare.com/files/146664950/Wifi_Hacks_Application_Rebuild__hacks_all_wifi_connections_.rar">Download link</a>r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.com0