0x000000

     0x000000/rvdh                       .-'-.              //o\  _\/_
                                    --  /     \  --           |   /o\\
  ^^~^~^~^~^~^~^~^~~^~^~^~^~^~^~^~^~^~^-=======-~^~~^^~~^~^~^~|~~^~^|^~`
     I'm out of my head                                             |
       That was what they said
         There was no way that I would
           Ever trust again

As far as whitehats go Ronald is a pretty nice guy. Sometimes you find yourself
respecting a guy for the way he goes about his shit, Ronald is that kinda guy.
The comparison with the no talent asshat rsnake is obvious - both "specialize"
in this new form of security - "WEB APPLICATION SECURITY". Ronald was never
about the money, whereas rsnake is all about the hype, the drama, and seeing
his name in lights. Ronald quit the security scene some time ago, and despite
creating a new site it has been idle for a long time. So rather than let this
information go to waste, I figured I would share the security secrets of his
CMS/blog.

Let's start with his index.php. I hope no one hosts this zine with a .php
extension, they'd be as owned as Ronald.

<?
include("stats.php");

if($_REQUEST['!']) {

    $xor = (int)$_REQUEST['!'];
   
    switch($xor) {
   
    case 4:
    $uri = 'archive.php';
    break;
    case 6:
    $uri = 'about.php';
    break;
    case 7:
    $uri = 'contact.php';
    break;
    default:
    $uri = 'err.php';
    break;
    }
}


function nl2br_pre($string, $wrap = 100) {
  $string = nl2br($string);

  preg_match_all("/<pre[^>]*?>(.|\n)*?<\/pre>/", $string, $pre1);

  for ($x = 0; $x < count($pre1[0]); $x++) {
    $pre2[$x] = preg_replace("/\s*<br[^>]*?>\s*/", "\r\n", $pre1[0][$x]);
    $pre1[0][$x] = "/".preg_quote($pre1[0][$x], "/")."/";
  }

  return preg_replace($pre1[0], $pre2, $string);
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>0x000000 Hacking &amp; Security, cuz Web 2.0 is kitsch</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="robots" content="noarchive">
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="wrapper">
<h1>rvdh
  <p>Hacking & Security</p></h1>
<div align="left" id="menu"><a href="index.php" class="link">index</a> <a
href="index.php?!=4" class="link">archive</a> <a href="rss.php"
class="link">rss</a></div>
<div id="content" align="left">
  <?
if($_REQUEST['i']) {
if(is_numeric($_REQUEST['i'])) {
$get = (int)$_REQUEST['i'];
$sql = "SELECT * FROM blog WHERE id = '".mysql_real_escape_string($get)."'
LIMIT 1";
$res = mysql_query($sql) or die();
while($r=mysql_fetch_array($res)) {
?>
  <br />
  <table width="100%" border="0" cellspacing="0" cellpadding="3">
    <tr>
      <td width="80%"><h3>
  <a href="index.php?i=<?=$r['id']; ?>" alt="Posted on:
<?=$r['date'];?>" title="Posted on: <?=$r['date'];?>"><?=$r['title'];?></a>
 </h3>
 </td>
      <td width="20%" valign="bottom"><div align="right"><a
href="index.php?i=<? if($get == '') { echo '1'; } else { echo ($get-1); } ?>"
class="arrow">&#8594; </a></div></td>
    </tr>
  </table>
  <br />
  <?
echo nl2br(stripslashes($r['article']));
echo $r['code1'];
if($r['code2']) { echo stripslashes($r['code2']).$r['code3'];  }
?>
  <br />
  <table width="100%" border="0" cellspacing="0" cellpadding="3">
    <tr>
      <td width="80%"></td>
      <td width="20%" valign="bottom"><div align="right"><a
href="index.php?i=<? if($get == '') { echo '1'; } else { echo ($get-1); } ?>"
class="arrow">&#8594; </a></div></td>
    </tr>
  </table>
  <?
}
}
}  elseif($_REQUEST['!']) {
   @include($uri);
} else {

$get = (int)$_REQUEST['i'];
$sql = "SELECT * FROM blog ORDER BY id DESC LIMIT 1";
$res = mysql_query($sql) or die();
while($r=mysql_fetch_array($res)) {
?>
  <br />
  <table width="100%" border="0" cellspacing="0" cellpadding="3">
    <tr>
      <td width="80%"><h3>
   <a href="index.php?i=<?=$r['id']; ?>" alt="Posted on:
<?=$r['date'];?>" title="Posted on: <?=$r['date'];?>"><?=$r['title'];?></a>
 </h3>
</td>
      <td width="20%" valign="bottom"><div align="right"><a
href="index.php?i=<?= ($r['id'] -1); ?>"  class="arrow">&#8594; </a></div></td>
    </tr>
  </table>
  <br />
  <?
echo stripslashes(nl2br($r['article']));
echo $r['code1'];
if($r['code2']) { echo stripslashes($r['code2']).$r['code3'];  }
?>
  <br />
  <table width="100%" border="0" cellspacing="0" cellpadding="3">
    <tr>
      <td width="80%"></td>
      <td width="20%" valign="bottom"><div align="right"><a
href="index.php?i=<?= ($r['id'] -1); ?>"  class="arrow">&#8594; </a></div></td>
    </tr>
  </table>
  <?
}
}
?>
</div>
<br />
<script type="text/javascript"><!--
google_ad_client = "pub-4603962989172802";
google_ad_slot = "0213361181";
google_ad_width = 700;
google_ad_height = 67;
//-->
</script>
<script type="text/javascript"
src="
http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<br />
<div id="acunetix_element"
style="width:100px;float:right;margin-top:10px;top:0px;
left:690px;position:absolute;"><a
href="
http://www.acunetix.com/cross-site-scripting/scanner.htm"
target="_blank"><img src="125x125freexssa.gif" border="0" alt="free websecurity
scanner" /></a></div>
</div>
</body>
</html>

$ head -n 50 x/processor.php
<?php

$chk  = $_SERVER['REMOTE_ADDR'];
$host = $_SERVER['REMOTE_HOST'];
$ua   = $_SERVER['HTTP_USER_AGENT'];
# process login
if($chk !== "82.171.76.240") {
die("Dream on.");
}

if($chk != "82.171.76.240") {
die("Dream on.");
}


// local DB

    $dbHost = "localhost";
    $dbBase = "xtheory";
    $dbUser = "blogger2";
    $dbPass = "1uZ5UoZOL8";
    $dbLink = mysql_connect($dbHost, $dbUser, $dbPass) or die(mysql_error());
 mysql_select_db($dbBase) or die(mysql_error());
?>
<?

if($_REQUEST['up'] === "true") {

$titlex = $_REQUEST['title'];
$longx = addslashes($_REQUEST['long']);
$sqlvar = htmlentities($longx, ENT_QUOTES);
$datex = $_REQUEST['date'];
$hashx = $_REQUEST['hash'];
$pagex = $_REQUEST['page'];
$code1 = $_REQUEST['code1'];
$c2 = addslashes($_REQUEST['code2']);
$code2 = htmlentities($c2, ENT_QUOTES);
$code3 = addslashes($_REQUEST['code3']);
$sql = "INSERT INTO blog set title = '".$titlex."', article = '".$sqlvar."',
date = '".$datex."', hash = '".$hashx."', page = '".$pagex."', code1 =
'".$code1."', code2 = '".$code2."', code3 = '".$code3."'";
echo $sql;
$res = mysql_query($sql) or die(mysql_error());
echo "Ok!";
die();
}
# login for my blog
# there is only me.
$chk  = $_SERVER['REMOTE_ADDR'];
$host = $_SERVER['REMOTE_HOST'];
$ua   = $_SERVER['HTTP_USER_AGENT'];
# process login


/*********************************************************
*
* Gotta love that extensive checking, != and !== ...
*
* Heres a challenge for you, spot the vuln!
*
*********************************************************/

<script>
function show(value) {
document.getElementById('img').innerHTML = '<img src="'+value+'" border="0"
width="70" height="70">';
}
</script>
<?

function flood($sid,$userid) {

$sql = mysql_query("select timer from posts where sid = '".$sid."' and userid =
'".$userid."'");
    while($g=mysql_fetch_array($sql)) {
   
    if(time() - $g['timer'] < 20 ) {
    die('(!) Flooding detected, wait...');
    }
}

}

function flood2($catid,$uid) {

$sql = mysql_query("select timer from topics where catid = '".$catid."' and uid
= '".$uid."' order by id DESC limit 1");
    while($g=mysql_fetch_array($sql)) {
   
    if(time() - $g['timer'] < 150 ) {
    die('(!) Flooding detected, wait...');
    }
}

}

function BBCode ($string) {

$search = array(
      
"/\[url\]((http|https|ftp|mailto):\/\/([a-z0-9\.\-@:]+)[a-z0-9;\/\?:@=\&\$\-_\.
\+!*'\(\),\#%~ ]*?)\[\/url\]/is",
      
"/\[url=((http|https|ftp|mailto):\/\/[a-z0-9;\/\?:@=\&\$\-_\.\+!*'\(\),~%#
]+?)\](.+?)\[\/url\]/is",
      
"/\[url=\]((http|https|ftp|mailto):\/\/[a-z0-9;\/\?:@=\&\$\-_\.\+!*'\(\),~%#
]+?)\[\/url\]/is",
      
"/\[email\]([a-z0-9\-_\.\+]+@[a-z0-9\-]+\.[a-z0-9\-\.]+?)\[\/email\]/ies",
 "/\[b\](.+?)\[\/b\]/is",
 "/\[u\](.+?)\[\/u\]/is",
 "/\[i\](.+?)\[\/i\]/is",
 "/\[s\](.+?)\[\/s\]/is",
 "/\[center\](.+?)\[\/center\]/is",
 "/\[hr\]/i",
 "/\[code\](.+?)\[\/code\]/is",
 "/\[sub\](.+?)\[\/sub\]/is",
 "/\[sup\](.+?)\[\/sup\]/is",
);
$replace = array(
 "<p>[<a href=\"$1\">$3</a>]</p>",
 "<p><a href=\"$1\">$3</a></p>",
 "<p><a href=\"$1\">$1</a></p>",
 "<p>'<a href=\"'.encode('mailto:$1').'\">'.encode('$1').'</a>'</p>",
 "<strong>$1</strong>",
 "<u>$1</u>",
 "<i>$1</i>",
 "<s>$1</s>",
 "<center>$1</center>",
 "<hr />",
 "<pre class='q'>$1</pre>",
 "<sub>$1</sub>",
 "<sup>$1</sup>",
);
   
$new = preg_replace($search , $replace, $string);
return $new;
}

function rplace($data) {

   
    $data = BBcode($data);

$data = str_replace('8(',' <img src="smiles/8(.png" border="0"> ',$data);
$data = str_replace('8)',' <img src="smiles/8).png" border="0"> ',$data);
$data = str_replace('8p',' <img src="smiles/8p.png" border="0"> ',$data);
$data = str_replace('8s',' <img src="smiles/8s.png" border="0"> ',$data);
$data = str_replace('-cool',' <img src="smiles/-cool.png" border="0"> ',$data);
$data = str_replace('-ehm',' <img src="smiles/-ehm.png" border="0"> ',$data);
$data = str_replace('-emo(',' <img src="smiles/-emo(.png" border="0"> ',$data);
$data = str_replace('-evil',' <img src="smiles/-evil.png" border="0"> ',$data);
$data = str_replace('-fu',' <img src="smiles/-fu.png" border="0"> ',$data);
$data = str_replace('-good',' <img src="smiles/-good.png" border="0"> ',$data);
$data = str_replace('-orly;)',' <img src="smiles/-orly;).png" border="0">
',$data);
$data = str_replace('-ok',' <img src="smiles/-ok.png" border="0"> ',$data);

return $data;
}


function wrap($datas) {

    $buffer = 33;
    $break  = ' ';
    $wrapped = false;

$aa = array('/&lt;script&gt;/','/&lt;\/script&gt;/','/%3E%3Cscript/');
$bb = array(' &lt;script&gt;',' &lt;/script&gt;',' %3E%3Cscript');

$data = preg_replace($aa,$bb,$datas);

    $tmp = explode(' ', $data);
   
    foreach($tmp as $word) {
   
       while($w = $word[$buffer++]) {
     $strbf = $w;
 }
 
    if(preg_match("/(<a href)/i", $word)){
    $yikes = false;
    }
 
 if($strbf && $yikes) {
     $abc = false;
     for( $i=0; $i < 33; $i++ ) {
  $abc  .= $word[$i];
     }
    
     $split = false;
     for( $j = 33; $j < strlen($word); $j++ ) {
  $split .= $word[$j];
     }
    
 $wrapped .= $abc . $break . $split;
 $buffer = 34;
 
 } else {
 $strbf = false;
 $wrapped .= ' '. $word;
 }
    }


return $wrapped;

}

# encode data
function encode($data) {
    return htmlspecialchars($data,ENT_QUOTES,'UTF-8');
}

# prepare data for database
function prepare($data,$buffer,$string,$truncate,$escape) {
   
    $input = ($data) ? true : false;
    $buffer_message = 'Error: a problem was found, please try again or abort.';
   
    if($input) {
 
 while($tmp = $data[$buffer++]) {
    
     $strbf = $tmp;
 }
 
 if($strbf && !$truncate) {
    
     echo $buffer_message;
     exit;
    
 } elseif ($truncate) {
    
     $dat = false;
    
     for($i=0;$i<($buffer-1);$i++) {
  
  $pre = $data[$i];
  $dat .= $pre;
     }
    
     $prepr = ($string) ? $dat : (int) $dat;
     $processed = ($escape) ? mysql_real_escape_string($prepr) : $prepr;
    
 } else {
    
     $prepr = ($string) ? $data : (int) $data;
     $processed = ($escape) ? mysql_real_escape_string($prepr) : $prepr;

 }
    } else {
 $processed = false;
    }
   
    return $processed;
}

function check() {

$run = explode(',',$_COOKIE['guid']);

 $p = prepare($run[2],250,true,false,true);
 $u = prepare($run[1],150,true,false,true);
 $sql = mysql_query("select * from users where user = '".$u."' and pass
= '".$p."'");
 
     if(mysql_num_rows($sql) >0) {
     session_start();
     $_SESSION['login'] = 1;
     while($m=mysql_fetch_array($sql)) {
     $username = encode($m['user']);
     ?>
     <script>
     y('guid','<?= unique().','.$username.','.sha1($p);?>');
     </script>
<?
     }
 }
    }


function image($val) {

$val = preg_replace("/..\//",' ',$val);

if(preg_match("/(\.p|\.j|\.h|\.a|\.x|\.s|..\/|\(|\)|http|ftp|\/\/|www|eval|data
:|script|>|<|\'|\"|\-|\+|\$|\`|;|{|}|system|php|&#|java|xss|%3C|%3E|minutemaid|
cookie|alert|string)/i", $val)){
    $img = false;
    } else {
    $img =
(eregi("^([a-zA-Z].*|[1-9].*)\.(((j|J)(p|P)(g|G))|((g|G)(i|I)(f|F)))$", $val))
? true:false;
    }
   
if($img === false) {
    $img = 'hacked.gif';
    }
if (file_exists('avatars/'.escapeshellcmd($img))) {
    return escapeshellcmd($img);
    } else {
    return 'hacked.gif';
    }
}


# uniqueid
function unique(){
    $u =
uniqid(mt_rand(0,65350),(int)str_replace('.','',$_SERVER['REMOTE_ADDR']).mt_ran
d(0,65350));
    for($i=0;$i<15;$i++) {
 $tmp = $u[$i];
 $uid .= $tmp;
    }
    return substr(md5($uid),0,7);
}

function hex($str)
{
  if (trim($str)!="")
  {
    $hex="";
    $length=strlen($str);
    for ($i=0; $i<$length; $i++)
    {
      if ($i>0) $bound=":"; else $bound="";
      $hex.=$bound.str_pad(dechex(ord($str[$i])), 2, 0, STR_PAD_LEFT);
    }
    return $hex;
  }
}

if($_REQUEST['members'] && $_SESSION['login'] && $_COOKIE['guid'] &&
$_COOKIE['forum']) {
?>

<table width="100%" border="0" cellspacing="1" cellpadding="3" >
  <tr>
    <td width="6%" >Avatar</td>
    <td width="21%" >Nickname</td>
    <td width="24%" >Company</td>
    <td >Website</td>
  </tr>
  <?
$sql = mysql_query("select * from users order by user ASC");
$i = 0;
while($c=mysql_fetch_array($sql)) {

$avx = $c['avatar'];
if(preg_match("/(\.php|\.js|\.html|\.asp|http|www|\.com|wtf|\-|\_|\+|\=|minutem
aid|javascript|script|>|<|\'|\"|java|xss|%3C|%3E)/i", $avx)){
$av =  'hacked.gif';
}elseif (file_exists('avatars/'.escapeshellcmd($c['avatar']))) {
$av =  $c['avatar'];
} else {
$av =  'hacked.gif';
}
    echo ($i % 2) ? "<tr bgcolor=\"#ffffff\">" : "<tr bgcolor=\"#f7f7f7\">";
?>
    <td class="cb"><?
    if($av) {
    echo  "<img src=http://www.0x000000.com/avatars/".$av." width=\"30\"
height=\"30\" border=\"0\">";
    } else {
    echo "<img src=\"no.gif\" height=\"30\" width=\"30\" border=\"0\">";
    }
?>    </td>
    <td class="cb"><?=encode(stripslashes($c['user']));?></td>
    <td class="cb"><?=encode(stripslashes($c['company']));?></td>
    <td class="cb"><?=encode(stripslashes($c['link']));?></td>
    </tr>
  <?
++$i;
}
?>
</table>
<?
}

if($_REQUEST['settings'] && $_SESSION['login'] && $_COOKIE['guid'] &&
$_COOKIE['forum']) {

$run = explode(',',$_COOKIE['guid']);
    $p = prepare($run[2],250,true,false,true);
    $u = prepare($run[1],150,true,false,true);
    $sql = mysql_query("select * from users where user = '".$u."' and pass =
'".$p."' limit 1");
    while($r=mysql_fetch_array($sql)) {
?>
<form action="index.php?!=1&amp;set=true&amp;toc=<?=unique();?>" method="post"
name="set" id="set">
  <table width="100%" border="0" cellspacing="1" cellpadding="3" >
    <tr>
      <td colspan="3" class="cb"><strong>Settings</strong></td>
    </tr>
    <tr>
      <td width="19%" class="cb">Name:</td>
      <td colspan="2" class="cb"><input type="text" name="name"
style="color:#fffff;" value="<?=$r['name'];?>" />
      </td>
    </tr>
    <tr>
      <td class="cb">Company:</td>
      <td width="48%" class="cb"><input type="text" name="company"
style="color:#fffff;" value="<?=$r['company'];?>"/></td>
      <td width="33%" rowspan="4" class="cb"><div id="img"></div></td>
    </tr>
    <tr>
      <td class="cb">E-mail:</td>
      <td class="cb"><input type="text" name="email" style="color:#fffff;"
value="<?=$r['email'];?>"/></td>
    </tr>
    <tr>
      <td class="cb">Website:</td>
      <td class="cb"><input type="text" name="website" style="color:#fffff;"
value="<?=$r['link'];?>"/></td>
    </tr>
    <tr>
      <td class="cb">Signature:</td>
      <td class="cb"><input type="text" name="sig" style="color:#fffff;"
value="<?=$r['sig'];?>"/></td>
    </tr>
    <tr>
      <td class="cb">Avatar:</td>
      <td class="cb" colspan=3><select name="avatar" id="select"
style="color:#fffff;"
onchange="show('http://www.0x000000.com/avatars/'+this.value);">
   <option value="<?=$r['avatar'];?>"
onmouseover="show('http://www.0x000000.com/avatars/<?=$r['avatar'];?>');"
style="color:#fffff;">
   <?=$r['avatar'];?>
   </option>
   <option value=""
style="color:#fffff;">----------------------</option>
   <option value="" style="color:#fffff;"> all available
avatars</option>
   <option value=""
style="color:#fffff;">----------------------</option>
   <? 
if ($h = opendir('avatars/')) {
 while (false !== ($file = readdir($h))) {
 if ($file != "." && $file != "..") {
echo "<option value='$file'
onmouseover=\"javascript:show('http://www.0x000000.com/avatars/".encode($file).
"');\" style=\"color:#fffff;\">".encode($file)."</option>";
    }
       }
     closedir($h);
    } else {
    echo "error!";
}
?>
 </select>
      </td>
    </tr>
    <tr>
      <td class="cb">&nbsp;</td>
      <td colspan="2" class="cb"><input type="submit" name="button" value="Save
settings" style="color:#fffff;"/>
      </td>
    </tr>
  </table>
</form>
<?
}
}

if($_REQUEST['set'] && $_COOKIE['guid'] && $_COOKIE['forum'] &&
$_REQUEST['name'] && $_REQUEST['email']  && $_SESSION['login']) {

    if(image($_REQUEST['avatar'])) {
   
 $run = explode(',',$_COOKIE['guid']);
 $p = prepare($run[2],150,true,false,true);
 $u = prepare($run[1],150,true,false,true);
 $sql = mysql_query("select * from users where user = '".$u."' and pass
= '".$p."' limit 1");
 
 if(mysql_num_rows($sql) >0 ) {
 
 while($m=mysql_fetch_array($sql)) {   
     $sql = mysql_query("update users set name =
'".prepare(encode($_REQUEST['name']),150,true,false,true)."', 
     company =
'".prepare(encode($_REQUEST['company']),150,true,false,true)."',
     email =
'".prepare(encode($_REQUEST['email']),150,true,false,true)."', 
     link =
'".prepare(encode($_REQUEST['website']),40,true,false,true)."',
     avatar =
'".prepare(encode($_REQUEST['avatar']),150,true,false,true)."',
     sig =  '".prepare(encode($_REQUEST['sig']),250,true,false,true)."'
     where id = '".$m['id']."'");
     echo "<div class=\"green\">Updated!</div><br><br>";
     }
 }
    } else { echo "(!) No image, probably a wrong file format.<br><br>";}
}

if($_REQUEST['newtopic'] && $_SESSION['login']) {

if($_SESSION['login']) {
    $item = explode('|',$_REQUEST['newtopic']);
    $id = (int) $item[1];
?>
<br />
<form action="index.php?!=1&amp;topic=<?=hex(unique());?>|<?=$id;?>"
method="post" name="reply" id="reply">
  <table width="100%" border="0" cellspacing="1" cellpadding="3"  >
    <tr>
      <td width="55%" class="cb"><strong>New topic</strong> <br />
 <br />
 <input type="text" name="name" size="60" value=""
style="color:#fffff;"/></td>
      <td width="45%" class="cb">&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2" class="cb">bbcode: [url=url]text[/url] - [b][/b] [i][/i]
[u][/u] [s][/s] [hr] [code][/code] [sub][/sub]
   <div id="smile"></div><textarea name="posting" id="xx"
style="width:99%;height:150px;color:#fffff;padding:3px;"></textarea>
   <br />
   <input type="submit" name="submit" value="post topic"
style="color:#fffff;" /><br />
<br />
 </div></td>
    </tr>
  </table>
</form>
<?
} else { echo "<br><br><div class=\"green\">(!) please login to post a new
topic.</div>"; }

}

if($_REQUEST['topic'] && $_REQUEST['name'] && $_REQUEST['posting'] &&
$_COOKIE['guid']) {

    $item = explode('|',$_REQUEST['topic']);
    $id = (int) $item[1];
    $name = $_REQUEST['name'];
    $post = $_REQUEST['posting'];
   
    $run = explode(',',$_COOKIE['guid']);
    $p = prepare($run[2],250,true,false,true);
 $u = prepare($run[1],150,true,false,true);
 $sql = mysql_query("select * from users where user = '".$u."' and pass
= '".$p."'");
 
 if(mysql_num_rows($sql) >0) {
     session_start();
     $_SESSION['login'] = 1;
     while($m=mysql_fetch_array($sql)) {
     $username = encode($m['user']);
     $uid = (int) $m['id'];
     flood2($id,$uid);
     }
    
    $sqlo = mysql_query("insert into topics set catid = '".$id."',
    name = '".prepare(encode($name),100,true,false,true)."',
    post = '".prepare(encode($post),5001,true,false,true)."',
    uid = '".$uid."', user = '".$username."', time = '". date("F j, Y, g:i
a",time()) ."', timer = '".time()."'") or die();
    
    $num = mysql_query("select * from topics");
    $last = mysql_num_rows($num);
    $nn = "|".$last.":".$id;
    $s = mysql_query("update users set unreadtopic =
CONCAT(unreadtopic,'".$nn."') ");
    
    echo "<a href=\"index.php?!=1&f=0x0|".$id."\"><div class=\"green\">Posted!
return to the forum click here</div></a><br><br>";
    } else {
    echo 'error';
    }
}

if($_REQUEST['logout'] && $_COOKIE['guid'] && $_COOKIE['forum']) {

 setcookie('forum','',1);
 setcookie('guid','',1);
 session_destroy();
 echo "<br><br><a href=\"index.php?!=1\"><div class=\"green\">You are
logged out, go to forum</div></a><br><br>";
 header("location:index.php?!=1");
 exit;
}


if($_REQUEST['markread'] && $_COOKIE['guid'] && $_COOKIE['forum']) {

$dats = explode(',',$_COOKIE['guid']);

    $sql = mysql_query("update users set unreadtopic = '0:0' where user =
'".prepare($dats[1],150,true,false,true)."'
    and pass = '".prepare($dats[2],250,true,false,true)."' limit 1");
    echo "<br><br><a href=\"index.php?!=1\"><div class=\"green\">All messages
are marked.</div></a><br><br>";
    header("location:index.php?!=1");
    exit;

}
    $cookie = $_COOKIE['forum'];
    $key    = $_SESSION['forum'];
    $body   = $_REQUEST['reply'];
    $post   = $_REQUEST['post'];
# check behaviour.
if($key && $cookie && $body && $post && $_REQUEST['!']==1) {

    if($key !== $cookie) {
 echo "<div class=\"green\">Session error, quit trying and
abort.</div>";
 setcookie('forum','',1);
 session_destroy();
 exit;
 }
elseif(preg_match("/(poker|blackjack|viagra|adult|dating|singles|v1agra|erotic|
pills|levitra|lolita|phentermine|zyban|valtex|xenical|adipex|celebrex|diflucan|
norvasc|pharmacy|drugstore|meridia|cunt|mortgage|credit|loan|finance|cash|boob|
enlarge|insurance|debt|casino|prozac|zoloft|masculine|xanax|valium|hydrocodone|
vicodin|paxil|vioxx)/i", $body)){
 echo "<div class=\"green\">(!) Message contains probably SPAM, please
review and correct.</div><br><br>";
 setcookie('forum','',1);
 session_destroy();
 exit;
 
 } elseif(strlen($body) > 5000) {
 
 echo "<div class=\"green\">(!) Message is too large, maxlength is 5000
chars!</div><br><br>";
 
 } else {
 
 $pid = explode('|',$_REQUEST['post']);
 
     $id = (int)$pid[1];
     $sid = (int)$pid[2];
    
     $dats = explode(',',$_COOKIE['guid']);
    
     if(!$dats[1]) {
     echo '<div class=\"green\">(!) Cookie problem, please logout and
re-login to fix this issue.</div><br><br>';
     exit;
     }
    
    $sql2 = mysql_query("select * from users where user =
'".prepare($dats[1],150,true,false,true)."'
    and pass = '".prepare($dats[2],250,true,false,true)."' limit 1");
   
    if(mysql_num_rows($sql2) >0 ) {

    while($y = mysql_fetch_array($sql2)) {
   
    flood($sid,$y['id']);
   
    $sqlp = mysql_query("update topics set posts = (posts +1) , lastuser =
'".$y['user']."' where id = '".$id."'");
    $sqln = mysql_query("insert into posts set catid = '".$id."', userid =
'".$y['id']."',
    post = '".prepare(encode($body),5001,true,false,true)."',
    time = '". date("F j, Y, g:i a",time()) ."',
    ip = '".encode($_SERVER['REMOTE_ADDR'])."',
    sid = '".$sid."', timer = '".time()."'");
   
    $num2 = mysql_query("select * from posts");
    $last2 = mysql_num_rows($num2);
    $nn = '|'.$id.':'.$sid;
    $f = mysql_query("update users set unreadtopic =
CONCAT(unreadtopic,'".$nn."')");
 echo "<div class=\"green\">Message posted!</div><br><br>";
 check();
 header("location:index.php?!=1&read=".$id.'|'.$sid."");
 setcookie('forum','',1);
 exit;
 }
    } else {
   
 echo "<div class=\"green\">(!) Auth problem, are you a member? please
re-login to fix it.</div><br><br>";
   
 setcookie('forum','',1);
 setcookie('guid','',1);
 header("location:index.php?!=1");
 session_destroy();
 exit;
    }
}
 
}

$_SESSION['forum'] = crypt(sha1(hex(unique())));
?>
<script language="JavaScript" type="text/javascript">
function y(n,v) {
    var date = new Date();
    date.setTime(date.getTime()+(1*24*60*60*1000));
    var expires = "; expires="+date.toGMTString();
    document.cookie = n+"="+v+expires+"; path=/;";
}
    // set cookie
    y('forum','<?=$_SESSION['forum'];?>');

</script>
<noscript>
Javascript needs to be enabled to use the forum, cuz it sets the cookie!
</noscript>
<div class="pre">
  <?
    if($_REQUEST['login'] && $_REQUEST['user'] && $_REQUEST['pass']) {
 
    if(eregi('[^a-z0-9_]', $_REQUEST['user'])) {
 echo "<div class=\"green\">(!) Only a-z-0-9 chars as username</div>";
 exit;
    }
   
 $p = prepare($_REQUEST['pass'],250,true,false,true);
 $u = prepare($_REQUEST['user'],150,true,false,true);
 $sql = mysql_query("select * from users where user = '".$u."' and pass
= '".sha1($p)."'");
 
     if(mysql_num_rows($sql) >0) {
     session_start();
     $_SESSION['login'] = 1;
     while($m=mysql_fetch_array($sql)) {
     $_SESSION['username'] = encode($m['user']);
     ?>
  <script>
 y('guid','<?= unique().','.$_SESSION['username'].','.sha1($p);?>');
 </script>
  <?
     }
 echo "<a href=\"index.php?!=1\"><div class=\"green\">(!) continue to
forum, click here.</div></a>";
 } else {
 echo '<div class=\"green\">(!) Ooooops! I guess that login doesn\'t
work.</div><br><br>';
 }

    } elseif($_REQUEST['f']) {
   
    $cid = explode('|',$_REQUEST['f'],7);
    $id = (int) $cid[1];
 
if($_SESSION['login']) {
?>
  <table width="100%" border="0" cellspacing="1" cellpadding="3"  >
    <tr>
      <td class="cb">
   <div align="right"><a
href="index.php?!=1&amp;newtopic=<?=hex(unique());?>|<?=$id;?>">new topic</a> |
<a href="index.php?!=1&amp;members=true">members</a> | <a
href="index.php?!=1&amp;settings=<?=hex(unique());?>">settings</a> | <a
href="index.php?!=1&amp;markread=<?=hex(unique());?>">mark all read</a> | <a
href="index.php?!=1&amp;logout=<?=hex(unique());?>">logout</a></div>
      </td>
    </tr>
  </table>
  <?
}
?>
  <br />
  <a href="index.php?!=1" class="fa">&laquo; back to forum list</a><br />
  <br />
  <table width="100%" border="0" cellspacing="1" cellpadding="2">
    <tr>
      <td width="43%" class="cb">Subject </td>
      <td width="6%" class="cb">Posts </td>
      <td width="7%" class="cb">By </td>
      <td width="44%" class="cb">Last Post </td>
    </tr>
    <?
 
  $sql = mysql_query("select * from topics where catid = '".$id."' order by id
DESC");
  while($r=mysql_fetch_array($sql)) {
      $pre = mysql_query("select count(*) from posts where catid =
'".$r['id']."'");
   while($w=mysql_fetch_array($pre)) {
       $lstid = $w['count(*)'];
 
  $query = mysql_query("select time from posts where catid =
'".$r['id']."' order by id DESC limit 1");
  while($a=mysql_fetch_array($query)) {
 
  $times = $a['time'];
 
 }
 
 $sqlx = mysql_query("select unreadtopic from users where user =
'".$_SESSION['username']."'");
 while($a= mysql_fetch_array($sqlx)){
 $t = $r['id'].':'.$id;
     if(strstr($a['unreadtopic'],$t)) {
     $new = '<span class="new">(new)</span>';
     } else {
     $new = "";
 }
 }
  ?>
    <tr>
      <td class="cb" ><a href="index.php?!=1&amp;read=<?=$r['id'];?>|<?=$id;?>"
class="fa">
 <?=stripslashes($r['name']);?> <?=$new;?>
      </a></td>
      <td  class="cb"><div align="center" class="fa">
   <? if($lstid) { echo $lstid; } else { echo '1'; } ?>
 </div></td>
      <td class="cb" ><?=$r['user'];?></td>
      <td class="cb"><a
href="index.php?!=1&amp;read=<?=$r['id'];?>|<?=$id;?>#m<?=encode($lstid);?>"
class="smaller"><? if($r['lastuser']) { echo $r['lastuser'].' - '. $times;  }
else { } ?>
      </a></td>
    </tr>
    <?
  }
  }
  ?>
  </table>
  <?
    } elseif($_REQUEST['read']) {
   
    $tmp = explode('|',$_REQUEST['read'],7);
   
 $id = (int) $tmp[0];
 $catid = (int) $tmp[1];
 
 $t = '|'.$id.':'.$catid;
 $sq = mysql_query("update users set unreadtopic =
replace(unreadtopic,'".$t."','') where user = '".$_SESSION['username']."' ");
   
 
?>
  <a href="index.php?!=1&amp;f=0x0|<?=$catid;?>"  class="fa">&laquo; back to
forum list</a><br />
  <br />
  <table width="100%" border="0" cellspacing="1" cellpadding="7">
    <?
    $sqlp = mysql_query("update topics set views = (views +1) where catid =
'".$catid ."'");
    $sql = mysql_query("select * from topics where id = '".$id."' limit 1");
   
      while($r=mysql_fetch_array($sql)) {   
 
 $sqlcnt = mysql_query("select * from posts where userid =
'".$r['uid']."'");
    
 $pre = mysql_query("select * from users where id = '".$r['uid']."'");
   while($s=mysql_fetch_array($pre)) { 
 
   
 $ut = $s['user'];
 $avx = $s['avatar'];
 $avz = preg_replace("/..\//",'   ',$avx);
      
if(preg_match("/(\.php|\.js|\.html|\.asp|http|www|wtf|\.com|\-|\_|\+|\=|script|
>|<|\'|\"|java|xss|%3C|%3E)/i", $avz)){
 $av =  'hacked.gif';
 } elseif (file_exists('avatars/'.escapeshellcmd($avz))) {
    $av =  $avz;
 } else {
 $av =  'hacked.gif';
 }
 

   
?>
    <tr>
      <td colspan="3" bgcolor="#f7f7f7" class="cb"><h2>
   <?=stripslashes($r['name']);?>
 </h2>
 <a href="<?=encode($s['link']);?>" class="fa">Started by:
 <?=$ut;?>
 <? if($s['company']) {echo '('.$s['company'].')'; } else {}; ?>
 on:
 <?=$r['time'];?>
 <br />
      </a></td>
    </tr>
    <tr>
      <td width="70"  valign="top" bgcolor="#ffffff" class="cb"><?
    }
    if($av) {
    echo  "<img src=http://www.0x000000.com/avatars/".$av." width=\"70\"
height=\"70\" border=\"0\">";
    } else {
    echo "<img src=\"no.gif\" width=\"70\" border=\"0\">";
    }
    ?>     </td>
      <td bgcolor="#ffffff" class="cb" ><div class="hack">
   <?
    $dat = nl2br(stripslashes($r['post']));
    echo wrap(rplace($dat));
    ?>
   <?
    if($s['sig']) {
      $dz = nl2br(stripslashes($s['sig']));
      echo '<div class="sig">'. rplace(stripslashes($dz)) .'</div>';
      }
    ?>
      </div></td>
    </tr>
    <?
    }
    $sql = mysql_query("select * from posts where catid = '".$id."' order by id
ASC");
      while($r=mysql_fetch_array($sql)) {   
   
    $sqlcnt2 = mysql_query("select * from posts where userid =
'".$r['userid']."'");
 $pre = mysql_query("select * from users where id = '".$r['userid']."'
limit 1");
   while($s=mysql_fetch_array($pre)) { 
 
 $ut = $s['user'];
 $avx = $s['avatar'];
 $avz = preg_replace("/..\//",'   ',$avx);
      
if(preg_match("/(\.php|\.js|\.html|\.asp|http|www|wtf|\.com|\-|\_|\+|\=|script|
>|<|\'|\"|java|xss|%3C|%3E)/i", $avz)){
 $av =  'hacked.gif';
 } elseif (file_exists('avatars/'.$avx)) {
    $av =  $avz;
 } else {
 $av =  'hacked.gif';
 }
    ?>
    <tr>
      <td colspan="2" bgcolor="#f7f7f7" valign="bottom"><br /></td>
    </tr>
    <tr>
      <td rowspan="2"  valign="top" bgcolor="#ffffff" class="cb"><?    
    if($av) {
 echo  "<img src=http://www.0x000000.com/avatars/".$av." width=\"70\"
height=\"70\" border=\"0\">";
 } else { echo "<img src=\"no.gif\" width=\"70\" border=\"0\">";
 }
 
 
    ?></td>
      <td valign="top" bgcolor="#ffffff" class="cb">
 
     
      <div style="color:#999999;"><?=$ut;?><? if($s['company']) {echo
'('.$s['company'].')'; } else {}; ?>
 on:<?=$r['time'];?></div>
      </td>
    </tr>
    <tr>
      <td valign="top" bgcolor="#ffffff" class="cb">   <div class="hack">
   <?
      $dat = nl2br(stripslashes($r['post']));
      echo wrap(rplace($dat));
    ?>
   <?
    if($s['sig']) {
      $dz = nl2br(stripslashes($s['sig']));
      echo '<div class="sig">'. rplace(stripslashes($dz)) .'</div>';
      }
    ?>
      </div></td>
    </tr>
    <?
     }
    }
    ?>
  </table>
  <?
    if($_SESSION['login']) {
    ?>
  <br />

  <form
action="index.php?!=1&amp;post=<?=hex(unique());?>|<?=$id;?>|<?=$catid;?>"
method="post" name="reply" id="reply">
    <table width="100%" border="0" cellspacing="1" cellpadding="3"  >
      <tr>
 <td class="cb"><strong>Reply</strong></td>
      </tr>
      <tr>
 <td class="cb"><div align="right">bbcode: [url=url]text[/url] - [b][/b]
[i][/i] [u][/u] [s][/s] [hr] [code][/code] [sub][/sub]
 <div id="smile"></div>
     <textarea name="reply" id="xx"
style="width:99%;height:150px;color:#fffff;padding:3px;"></textarea>
     <br />
     <input type="submit" name="submit" value="post reply"
style="color:#fffff;" />
   </div></td>
      </tr>
    </table>
  </form>
  <?
    } else {
    echo "<br><br><div class=\"green\">(!) please login to post.</div>";
    }
    } else {
   
    function NT($num) {
    $sql = mysql_query("select * from topics where catid = '".$num."'");
    return mysql_num_rows($sql);
    }
   
    function PT($num) {
    $sql = mysql_query("select * from posts where sid = '".$num."'");
 if(mysql_num_rows($sql) >0) {
 $cf =  (mysql_num_rows($sql) + 1);
 } else {
     $cf = '0';
 }
    return $cf;
    }
   
    function posts($num) {
    $n = ':'.$num;
    $sqlx = mysql_query("select * from users where unreadtopic LIKE '%".$n."'
and user = '".$_SESSION['username']."'");
 while($a= mysql_fetch_array($sqlx)){
     echo '<span class="new">(new)</span>';
 }
    }
    # init session
    $_SESSION['gid'] = hex(unique());
    $guid = $_SESSION['gid'];
    ?>
  <?
    if($_SESSION['login']) {
    ?>
  <table width="100%" border="0" cellspacing="1" cellpadding="3"  >
    <tr>
      <td width="30%"></td>
      <td width="70%"><div align="right"><a
href="index.php?!=1&amp;members=true">members</a> | <a
href="index.php?!=1&amp;settings=<?=hex(unique());?>">settings</a> | <a
href="index.php?!=1&amp;markread=<?=hex(unique());?>">mark all read</a> | <a
href="index.php?!=1&amp;logout=<?=hex(unique());?>">logout</a></div></td>
    </tr>
  </table>
  <?
}
?>
  <br />
  <table width="100%" border="0" cellspacing="1" cellpadding="3" >
    <tr>
      <td width="30%" class="cb"><h2>FORUM</h2></td>
      <td width="49%" class="cb"><div align="center">
   <?
    if($_SESSION['login']) {
    echo 'Welcome ' . $_SESSION['username'];
    } else {
    ?>
   <form action="index.php?!=1&amp;login=true" method="post"
name="login" id="login">
     <input type="text" name="user" class="ll" size="12"/>
     <input type="password" name="pass" class="ll" size="12"/>
     <input type="submit" name="submit" value="login" class="ll"/>
   </form>
   <? 
    }
    ?>
 </div>
      </td>
      <td width="11%" class="cb">Threads</td>
      <td width="10%" class="cb">Posts</td>
    </tr>
  </table>
  <br />
  <table width="100%" border="0" cellspacing="1" cellpadding="7"  >
    <tr>
      <td width="79%" valign="top" class="cb" ><a
href="index.php?!=1&amp;f=<?=$guid;?>|1" class="f">General hacking</a> <?=
posts(1);?><br />
 <div class="g">Everything that applies to hacking</div> </td>
      <td width="11%" valign="top" class="cb"  ><div align="center">
   <?= NT(1);?>
 </div></td>
      <td width="10%" valign="top" class="cb"  ><div align="center">
   <?= PT(1);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|2"
class="f">News</a> <?= posts(2);?><br />
 <div class="g">Important news about hacking or security.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(2);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(2);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|3"
class="f">Webapplication hacking</a> <?= posts(3);?><br />
 <div class="g">Everything webapplication, hacking websites, apps and
more...</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(3);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(3);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|4"
class="f">Network hacking</a> <?= posts(4);?><br />
    <div class="g">Strictly hardcore network.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(4);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(4);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|5"
class="f">SQL Injection</a> <?= posts(5);?><br />
  <div class="g">Vectors, questions and answers about SQL
injection.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(5);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(5);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|6"
class="f">XSS</a> <?= posts(6);?><br />
  <div class="g">Vectors, questions and answers about cross site
scripting.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(6);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(6);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|7"
class="f">CSRF</a> <?= posts(7);?><br />
 <div class="g">Unauthorized requests, CSRF, and general sea
surfing.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(7);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(7);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|8"
class="f">Browser hacking</a> <?= posts(8);?><br />
 <div class="g">Hacking browsers, destroying browsers, and other browser
mayhem.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(8);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(8);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a href="index.php?!=1&amp;f=<?=$guid;?>|9"
class="f">Lifestyle</a> <?= posts(9);?><br />
 <div class="g">The hacker lifestyle, mind hacking, the way of
life.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(9);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(9);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a
href="index.php?!=1&amp;f=<?=$guid;?>|10" class="f">Software hacking</a> <?=
posts(10);?><br />
  <div class="g">Got some cool software hacks? post them
here.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(10);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(10);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a
href="index.php?!=1&amp;f=<?=$guid;?>|11" class="f">Hardware hacking</a> <?=
posts(11);?><br />
  <div class="g">We hack, hack, hack. So also computers, and other
property.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(11);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(11);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a
href="index.php?!=1&amp;f=<?=$guid;?>|12" class="f">Chillin</a> <?=
posts(12);?><br />
 <div class="g">Just chill and relax a bit...</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(12);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(12);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a
href="index.php?!=1&amp;f=<?=$guid;?>|13" class="f">Tutorials</a> <?=
posts(13);?><br />
  <div class="g">Posted tutorials, links to them and Q &amp;
A</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(13);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(13);?>
 </div></td>
    </tr>
    <tr>
      <td valign="top" class="cb"  ><a
href="index.php?!=1&amp;f=<?=$guid;?>|14" class="f">Trashbin</a> <?=
posts(14);?><br />
       <div class="g">Rubbish and spam.</div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= NT(14);?>
 </div></td>
      <td valign="top" class="cb"  ><div align="center">
   <?= PT(14);?>
 </div></td>
    </tr>
  </table>
  <br />
  <table width="100%" border="0" cellspacing="1" cellpadding="3"  class="silv">
    <tr>
      <td class="cb"><div align="right"><a href="?!=5" class="f"
target="_blank">Register</a></div></td>
    </tr>
  </table>
  <?
}
?>
</div>

Casual file listing...

-rwx------  1 ronald ronald    2629 2009-01-23 17:21 125x125freexssa.gif
-rwx------  1 ronald ronald    2250 2009-01-23 17:21 1338.gif
-rwx------  1 ronald ronald    1645 2009-01-23 17:22 about.php
-rwx------  1 ronald ronald    4374 2009-01-23 17:22 archive.php
-rwx------  1 ronald ronald    4849 2009-01-23 17:21 arioso.js
-rwx------  1 ronald ronald   15616 2009-01-23 17:21 ascii.html
drwx------  2 ronald ronald   65536 2009-01-23 17:22 avatars
drwx------  2 ronald ronald    8192 2009-01-23 17:22 cache
-rwx------  1 ronald ronald    3957 2009-01-23 17:21 cap.php
-rwx------  1 ronald ronald 561 2009-01-23 17:22 contact.php
drwx------  2 ronald ronald    8192 2009-01-23 17:21 css
-rwx------  1 ronald ronald 209 2009-01-23 17:21 dx.php
-rwx------  1 ronald ronald    2515 2009-01-23 17:21 err.php
-rwx------  1 ronald ronald 118 2009-01-23 17:21 favicon.ico
-rwx------  1 ronald ronald 197 2009-01-23 17:21 fav.php
-rwx------  1 ronald ronald   34228 2009-01-23 17:21 forumasas.php
-rwx------  1 ronald ronald    7988 2009-01-23 17:21 fuzzy_overdrive.txt
-rwx------  1 ronald ronald 712 2009-01-23 17:21 google.php
-rwx------  1 ronald ronald    4889 2009-01-23 17:21 Hostscanner.phps
-rwx------  1 ronald ronald    1513 2009-01-23 17:21 .htaccess
-rwx------  1 ronald ronald 1412557 2009-01-23 17:21 icon.txt
drwx------  3 ronald ronald   16384 2009-01-23 17:22 images
drwx------  2 ronald ronald    8192 2009-01-23 17:22 include
-rwx------  1 ronald ronald    5739 2009-01-23 17:21 index2sssdsdw.php
-rwx------  1 ronald ronald    4194 2009-01-23 17:21 index.php
-rwx------  1 ronald ronald    6204 2009-01-23 17:21 index_pig.php
drwx------  2 ronald ronald    8192 2009-01-23 17:21 js
-rwx------  1 ronald ronald    5333 2009-01-23 17:21 linkdumpssdsw.php
-rwx------  1 ronald ronald 570 2009-01-23 17:21 log.html
-rwx------  1 ronald ronald    4631 2009-01-23 17:22 logo.gif
-rwx------  1 ronald ronald    3449 2009-01-23 17:22 logo_over.gif
-rwx------  1 ronald ronald    7612 2009-01-23 17:21 logo.png
-rwx------  1 ronald ronald    1712 2009-01-23 17:21 no.gif
-rwx------  1 ronald ronald   77020 2009-01-23 17:21 NYF.jpg
drwx------  3 ronald ronald    8192 2009-01-23 17:21 od
-rwx------  1 ronald ronald    1189 2009-01-23 17:21 phpPOP3bruteforcer.phps
-rwx------  1 ronald ronald    1223 2009-01-23 17:21 phpTORwrapper.phps
drwx------  2 ronald ronald    8192 2009-01-23 17:21 plesk-stat
-rwx------  1 ronald ronald    8641 2009-01-23 17:21 plopper.gif
-rwx------  1 ronald ronald    9298 2009-01-23 17:21 plopper.rar
-rwx------  1 ronald ronald    4326 2009-01-23 17:21 registersddsw.php
-rwx------  1 ronald ronald    2192 2009-01-23 17:21
remoteSQLhashExtracter.phps
-rwx------  1 ronald ronald   0 2009-01-23 17:22 robots.txt
-rwx------  1 ronald ronald 774 2009-01-23 17:21 rss.php
-rwx------  1 ronald ronald   12994 2009-01-23 17:21 secure_coding_map.png
drwx------  2 ronald ronald    8192 2009-01-23 17:21 smiles
-rwx------  1 ronald ronald    6767 2009-01-23 17:22 sn00per.phps
-rwx------  1 ronald ronald 204 2009-01-23 17:21 sop2.html
-rwx------  1 ronald ronald    1036 2009-01-23 17:21 sop.html
-rwx------  1 ronald ronald    2001 2009-01-23 17:22 stats.php
-rwx------  1 ronald ronald 989 2009-01-23 17:21 style.css
-rwx------  1 ronald ronald   74209 2009-01-23 17:22 suigenchi.rar
-rwx------  1 ronald ronald   14709 2009-01-23 17:21 thw.gif
-rwx------  1 ronald ronald    2035 2009-01-23 17:22 tools.php
-rwx------  1 ronald ronald   39048 2009-01-23 17:22 TorSniff.phps
drwx------  3 ronald ronald    8192 2009-01-23 17:22 webappsec
drwx------  2 ronald ronald    8192 2009-07-15 12:27 x

Again, we could drop the database and users but there is no need, this is old
material but fun material :)

Ronald said he'd had enough of security a while back, he had many wannabes who
worshipped him. He probably got to the stage at which he realised that what he
did does not require much intelligence. When you realise that and you have
people worshipping you - you get to wondering how dumb some of these people
are, and hence the security industry is. Ronald got to that point despite
lacking much security talent himself (see above) and focusing on just web
security. Credit to you for sticking to your guns and walking away Ronald, one
thing is for sure, there is more class in your slightly stretched (im sure)
dutch asshole than there is in Jeremiah Grossman and rsnake's brains.

Comments