Kατεβάσετε την εφαρμογή android του blog! DownLoad

FoulsCode: 2011-17

Translate

Πρόσφατα Σχόλια

Σύνολο αναρτήσεων

Hacking Resources

Written By Greek Port on Σάββατο, 31 Δεκεμβρίου 2016 | Δεκεμβρίου 31, 2016



Disclosures

Application Logic

06/18/2013 - https://labs.spotify.com/2013/06/18/creative-usernames/ - Creative usernames and Spotify account hijacking
06/26/2013 - Hijacking a Facebook Account with SMS - https://whitton.io/articles/hijacking-a-facebook-account-with-sms/
03/25/2014 - Phabricator Bypass auth.email-domains - https://hackerone.com/reports/2233
05/15/2016 - The Bank Job - https://boris.in/blog/2016/the-bank-job/
05/19/2016 - InstaBrute: Two Ways to Brute-force Instagram Account Credentials - https://www.arneswinnen.net/2016/05/instabrute-two-ways-to-brute-force-i...
06/06/2016 - Trello bug bounty: Payments informations are sent to the webhook - https://hethical.io/trello-bug-bounty-payments-informations-are-sent-to-...
06/07/2016 - Pwning Pornhub (memcache) - https://blog.zsec.uk/pwning-pornhub/
07/01/2016 - Magento – Re-Installation & Account Hijacking Vulnerabilities - http://netanelrub.in/2016/07/01/magento-re-installation-account-hijackin...
08/08/2016 - Free way to Facebook Freebooting | Hacking Rights Manager - http://www.7xter.com/2016/08/free-way-to-facebook-freebooting.html
08/16/2016 - Google Chrome, Firefox Address Bar Spoofing Vulnerability - http://www.rafayhackingarticles.net/2016/08/google-chrome-firefox-addres...
08/18/2016 - How I hacked an Android App to Get Free Beer - https://breakdev.org/how-i-hacked-an-android-app-to-get-free-beer/
09/02/2016 - Response To Request Injection (RTRI) - https://www.bugbountyhq.com/front/latestnews/dWRWR0thQ2ZWOFN5cTE1cXQrSFZ...

Authentication

04/27/2016 - Microsoft Office 365 SAML Bypass - http://www.economyofmechanism.com/office365-authbypass.html
04/28/2016 - Slack bot token leakage exposing business critical information - https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-b...
06/01/2016 - Taking over Heroku accounts - http://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html
10/20/2016 - Slack, a Brief Journey to Mission Control - http://secalert.net/slack-security-bug-bounty.html
11/02/2016 - Bypassing Two-Factor Authentication on OWA & Office365 Portals - http://www.blackhillsinfosec.com/?p=5396

CORS/CSP

04/04/2016 - CSP: bypassing form-action with reflected XSS - https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-ref...
12/16/2016 - Exploiting Misconfigured CORS (Cross Origin Resource Sharing) - http://www.geekboy.ninja/blog/exploiting-misconfigured-cors-cross-origin...

CSRF

05/17/2016 - How I bypassed Facebook CSRF in 2016 - http://pouyadarabi.blogspot.ca/2016/05/how-i-bypassed-facebook-csrf-in-2...
19/07/2016 - Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) - https://hethical.io/paypal-bug-bounty-updating-the-paypal-me-profile-pic...
26/10/2016 - Google Spreadsheet Vuln - CSRF and JSON Hijacking allows data theft - https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hija...

CSV Injection

29/01/2013 - Cell Injection: Attacking the End User Through the Application - http://blog.7elements.co.uk/2013/01/cell-injection.html
04/17/2016 - CSV Injection in business.uber.com - http://blog.daviddworken.com/posts/csv-injection-in-businessubercom/

HPP

08/23/2015 - Twitter HPP vulnerability unsubscribing from emails - http://www.merttasci.com/blog/twitter-hpp-vulnerability/
12/03/2015 - Parameter Tampering Attack on Twitter Web Intents - https://ericrafaloff.com/parameter-tampering-attack-on-twitter-web-intents/
02/02/2016 - Bypassing Digits web authentication's host validation with HPP - https://hackerone.com/reports/114169

Host Header Injection
09/06/2016 - Internet Explorer has a URL Problem - http://blog.innerht.ml/internet-explorer-has-a-url-problem/
10/24/2016 - Combining Host Header Injection and Lax Host Parsing Service Malicious Data - https://labs.detectify.com/2016/10/24/combining-host-header-injection-an...

IDOR

06/23/2016 - UBER HACKING: HOW WE FOUND OUT WHO YOU ARE, WHERE YOU ARE AND WHERE YOU WENT! - https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you...
06/23/2016 - Facebook's Bug - Delete any video from Facebook - http://www.pranavhivarekar.in/2016/06/23/facebooks-bug-delete-any-video-...
08/25/2016 - How I Could Have Hacked Multiple Facebook Accounts - https://medium.com/@gurkiratsingh/how-i-could-have-hacked-multiple-faceb...
11/22/2016 - You get a UUID! You get a UUID! Everybody gets a UUID! - http://www.rohk.xyz/uber-uuid/

Information Disclosure

12/21/2016 - Disclosing the primary email address for each Facebook user - http://www.dawgyg.com/2016/12/21/disclosing-the-primary-email-address-fo...

SSRF

04/18/2016 - ESEA Server-Side Request Forgery and Querying AWS Meta Data - http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-queryin...
02/23/2016 - FFMPEG File Disclosure - https://github.com/ctfs/write-ups-2015/tree/master/9447-ctf-2015/web/sup...
Trello Bug BOunty Access Servier Files Using Imagetragick - https://hethical.io/trello-bug-bounty-access-servers-files-using-imagetr...

SSTI

04/25/2016 - Adapting AngularJS Payloads to Exploit Real World Applications - http://blog.portswigger.net/2016/04/adapting-angularjs-payloads-to-explo...

Reverse Engineering

04/19/2016 - Digging into a Facebook Worm -https://gist.githubusercontent.com/phwd/0ec21c6289543f35135e17aa11f7dec1...
07/01/2016 - How I Cracked a Keylogger and Ended Up in Someone's Inbox - https://www.trustwave.com/Resources/SpiderLabs-Blog/How-I-Cracked-a-Keyl...
11/14/2016 - Hacking Team Back For Your Androids - http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/

Relative Path Overwrite

03/21/2014 - Relative vs Absolute - http://www.thespanner.co.uk/2014/03/21/rpo/
02/17/2015 - Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities - http://blog.portswigger.net/2015/02/prssi.html
07/03/2016 - RPO Gadgets - http://blog.innerht.ml/rpo-gadgets/

XSS

07/06/2010 - Facebook XSS via Cross-Origin Resource Sharinghttp://maustin.net/2010/07/06/facebook_html5.html
02/14/2013 - How I got the Bug Bounty for Mega.co.nz XSS - https://labs.detectify.com/2013/02/14/how-i-got-the-bug-bounty-for-mega-...
04/22/2015 - XSS via Host header - www.google.com/cse - http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
12/08/2015 - Creative bug which result Stored XSS on m.youtube.com - http://sasi2103.blogspot.ca/2015/12/creative-bug-which-result-stored-xss...
04/17/2016 - XSS in pypi (and Uber!) - http://blog.daviddworken.com/posts/xss-in-pypi-and-uber/
04/17/2016 - XSS in getrush.uber.com - http://blog.daviddworken.com/posts/xss-in-getrushubercom/
04/19/2016 - Using a Braun Shaver to Bypass XSS Audit and WAF - https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-...
05/09/2016 - XSS and RCE, domain takeover with remote loaded JS - http://brutelogic.com.br/blog/xss-and-rce/
06/13/2016 - Embedding XSS in SVG files - http://bini.tech/wordpress-remote-upload-unrestricted-file-upload/
07/02/2016 - OneDrive: an easter egg into MS library - XSS on Microsoft and not only - https://luc10.github.io/onedrive-an-easter-egg-into-ms-library/
07/04/2016 - Apple and the 5 XSSes - http://strukt93.blogspot.ca/2016/07/apple-and-5-xsses.html
07/19/2016 - Instagram Reflected XSS in Link Shim - http://ameeras.me/Instagram-Reflected-XSS-in-Link-Shim/
07/19/2016 - Blind XSS in Spotify - https://mhmdiaa.github.io/jekyll/update/2016/07/19/blind-xss-in-spotify....
07/22/2016 - United to XSS United - http://strukt93.blogspot.ca/2016/07/united-to-xss-united.html
08/29/2016 - Turning Self-XSS into Good XSS v2: Challenge Completed but Not Rewarded - https://httpsonly.blogspot.ca/2016/08/turning-self-xss-into-good-xss-v2....
08/31/2016 - Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter - https://thehackerblog.com/breaching-a-ca-blind-cross-site-scripting-bxss...
09/19/2016 - Combination of techniques lead to DOM Based XSS in Google - http://sasi2103.blogspot.ca/2016/09/combination-of-techniques-lead-to-do...
12/07/2016 - Stored XSS Affecting All Fantasy Sports on Yahoo - http://dawgyg.com/2016/12/07/stored-xss-affecting-all-fantasy-sports-fan...

XXE

06/25/2014 - Identifying Xml eXternal Entity vulnerability (XXE) in GPX files - http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html
03/21/2015 - XML External Entity (XXE) Injection in Apache Batik Library [CVE-2015-0250] - https://www.insinuator.net/2015/03/xxe-injection-in-apache-batik-library...
08/14/2015 - XXE ALL THE THINGS!!! (INCLUDING APPLE IOS’S OFFICE VIEWER) - https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-io...

CRLF

03/15/2015 - Parse.com - X-Forwarded-Host Injection - Bypass secure & HTTP_only Vulnerability - https://www.youtube.com/watch?v=1yUw7rtTTeI

Remote Code Execution

12/09/2013 - Remote Code Execution exploit in WordPress 3.5.1 - https://tom.vg/2013/12/wordpress-rce-exploit/
02/15/2015 - RCE in Oracle NetBeans Opensource Plugins: PrimeFaces 5.x Expression Language Injection - http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource...
11/06/2015 - Java unserialization - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss...
11/12/2015 - XSS to Remote Code Execution with HipChat - http://maustin.net/2015/11/12/hipchat_rce.html
05/04/2016 - Remote Code Execution via ImageMagick - http://pastebin.com/aE4sKnCg (file)
05/10/2016 - Exploiting ImageMagick on Polyvore (Yahoo) - http://nahamsec.com/exploiting-imagemagick-on-yahoo/
07/22/2016 - Exploiting Java Deserialization via JBoss - https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserializati...
07/25/2016 - CVE-2016-5840: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability - http://www.korpritzombie.com/cve-2016-5840-trend-micro-deep-discovery-ho...
08/15/2016 - Jetbrains IDE Remote Code Execution and Local File Disclosure - http://blog.saynotolinux.com/blog/2016/08/15/jetbrains-ide-remote-code-e...
08/24/2016 - The Million Dollar Dissident - https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-...
09/21/2016 - pwn them for learn -http://bugdisclose.blogspot.ca/2016/09/pwn-them-for-learn.html
10/26/2016 - Details on the Privilege Escalation Vulnerability in Joomla - https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vuln...

Memory Related

5/13/2016 - 7-Zip vulnerabilities found by Talos - http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html

Source Code Disclosure

03/27/2016 - A tale of an interesting source code leak - http://secalert.net/#scl-soh
07/19/2016 - Accessing PornHub's SVN repo - https://hackerone.com/reports/72243
07/22/2016 - Twitter's Vine Source code dump - https://avicoder.me/2016/07/22/Twitter-Vine-Source-code-dump/
10/14/2016 - Importance of up-to-date application usage plus complex password OR from directory traversal to admin panel takeover - http://zuh4n.blogspot.ca/

SQLi

12/20/2016 - Flickr from SQLi to RCE - https://pwnrules.com/flickr-from-sql-injection-to-rce/
07/25/2016 - SQL Injection on sctrack.email.uber.com.cn - https://hackerone.com/reports/150156

Subdomain Takeover

10/21/14 - Hostile Subdomain Takeover using Heroku/Github/Desk + more - https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-h...
12/08/14 - Hijacking of abandoned subdomains part 2 - https://labs.detectify.com/2014/12/08/hijacking-of-abandoned-subdomains-...
07/26/16 - Uber Subdomain Takeover - http://blog.eseccyber.tech/article/uber.html
09/05/2016 - How I was able to read Uber logs and internal emails - http://blog.pentestnepal.tech/post/149985438982/how-i-was-able-to-read-u...

HTML Injection

07/26/2016 - Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection - https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-...

OAuth

02/07/2014 - How I Hacked GitHub Again. - http://homakov.blogspot.ca/2014/02/how-i-hacked-github-again.html
07/20/2015 - Bypassing Google Authentication on Periscope's Administration Panel - https://whitton.io/articles/bypassing-google-authentication-on-periscope...
01/04/2016 - Bypassing callback_url validation on Digits - https://hackerone.com/reports/108113
02/29/2016 - Swiping Facebook Official Access Tokens - http://philippeharewood.com/swiping-facebook-official-access-tokens/
04/03/2016 - Obtaining Login Tokens for Outlook, Office or Azure (OAuth) - https://whitton.io/articles/obtaining-tokens-outlook-office-azure-account/
06/16/2016 - Bypass Disabled Client OAuth Login in Facebook Pages Manager App - http://philippeharewood.com/bypass-disabled-client-oauth-login-in-facebo...
10/13/2016 - CVE-2016-4977: RCE in Spring Security OAuth - http://secalert.net/#CVE-2016-4977

Mobile

04/12/2015 - Shopify android client all API request's response leakage - https://hackerone.com/reports/56002
07/26/2016 - Odnoklassniki Android application vulnerabilities - https://hackerone.com/reports/97295

Browser
12/06/16 - Firefox - SVG cross domain cookie vulnerability - https://insert-script.blogspot.ca/2016/12/firefox-svg-cross-domain-cooki...


CTF Writeups

03/03/2013 - Unauthorized Access: Bypassing PHP strcmp() - http://danuxx.blogspot.ca/2013/03/unauthorized-access-bypassing-php-strc...
06/09/2016 - Hack in the Box 2016 – MISC400 Writeup (Part 1) - http://rileykidd.com/2016/06/09/hack-in-the-box-2016-misc400-writeup-par...
10/03/2016 - Hacking the Hard Way at the Derbycon CTF - https://labs.signalsciences.com/hacking-the-hard-way-at-the-derbycon-ctf...
BSides Ottawa CTF - Second Place! - https://blog.fletchto99.com/2016/october/bsides-ottawa/
2016 Hack the Vote - https://github.com/ctfs/write-ups-2016/tree/master/hack-the-vote-ctf-2016
Resources

XXE Payloads in iOS - http://en.hackdig.com/08/28075.htm
Burp Tutorials - https://vimeo.com/album/3510171
Facebook CTF - https://github.com/facebook/fbctf
SSRF Bible - https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa...
Jerry Gamblin Hacking Blog - http://jerrygamblin.com/category/hacking
Filedescriptor XSS Polygots - http://polyglot.innerht.ml/
prompt.ml XSS Challenge - https://github.com/cure53/XSSChallengeWiki/wiki/prompt.ml#hidden-level--1
Hacking with Unicode - https://speakerdeck.com/mathiasbynens/hacking-with-unicode-in-2016
Programming Practice (paid premium) - https://coderbyte.com/
Online CTF Practice challenges - https://backdoor.sdslabs.co
Nicolas Grégoire Burp Pro Tips - http://www.agarri.fr/docs/HiP2k13-Burp_Pro_Tips_and_Tricks.pdf
Open Security Training - http://opensecuritytraining.info/
OWASP Mutillidae II Web Pen-Test Practice Application - https://sourceforge.net/projects/mutillidae/
DNS - https://haxpo.nl/haxpo2015ams/wp-content/uploads/sites/4/2015/04/D1-P.-M...
XSS without HTML: Client-Side Template Injection with AngularJS - http://blog.portswigger.net/2016/01/xss-without-html-client-side-templat...
File Upload XSS - http://brutelogic.com.br/blog/file-upload-xss/
CSV Injection Mitigations - https://blog.zsec.uk/csv-dangers-mitigations/
Comma Separated Vulnerabilities - http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
Running your own anonymous rotating proxies - http://blog.databigbang.com/running-your-own-anonymous-rotating-proxies/
Reviewing bug bounties - a hacker's perspective - http://www.skeletonscribe.net/2016/08/reviewing-bug-bounties-hackers.html
Practical HTTP Host Header Attacks - http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks...
Practice CTF List / Permanant CTF List - https://captf.com/practice-ctf/
lcamtuf's blog - https://lcamtuf.blogspot.ca/
Backup File Artifacts - http://blog.mazinahmed.net/2016/08/backup-file-artifacts.html
Unicode Character 'PILE OF POO' - http://www.fileformat.info/info/unicode/char/1F4A9/index.htm
Decompile and Recompile Android APK - https://blog.bramp.net/post/2015/08/01/decompile-and-recompile-android-apk/
Frans Rosen - Time Based Captcha Protected SQLi - http://www.slideshare.net/fransrosen/time-based-captcha-protected-sql-in...
CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy - https://research.google.com/pubs/pub45542.html
How to View TLS Traffic in Android’s Logs - https://blog.securityevaluators.com/how-to-view-tls-traffic-in-androids-...
https://url.spec.whatwg.org/
AngularJS Sandbox Escapes Explained - https://www.reddit.com/r/angularjs/comments/557bhr/xss_in_angularjs_vide...
Senate Republicans were skimmed for six months, quietly fix store - https://gwillem.github.io/2016/10/04/how-republicans-send-your-credit-ca...
Introduction to OSINT: Recon-ng Tutorial - https://strikersecurity.com/blog/getting-started-recon-ng-tutorial/
Exploiting CORS misconfigurations - http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-fo...
Abusing Dorking and Robots.txt - http://sten0.ghost.io/2016/10/13/abusing-dorking-and-robots-txt/
Brute Logic XSS Challenge I - http://brutelogic.com.br/blog/xss-challenge-i/
How Google and Bing Protect their APIs - https://rudk.ws/2016/10/23/how-google-and-bing-protects-their-api/
Free Dev Books - https://devfreebooks.github.io/
IOS Application Security Review Methodology - http://research.aurainfosec.io/ios-application-security-review-methodology/
Anatomy of a Subtle JSON Vulnerability - http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerabi...
Finding XSS Slidedeck - http://slides.com/mscasharjaved/deck-13#/
XSS Polyglots - https://blog.bugcrowd.com/xss-polyglots-the-context-contest?utm_campaign...
Bypassing Saml 2.0 SSO - http://research.aurainfosec.io/bypassing-saml20-SSO/
Bypassing CSP using polyglot jpegs - http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
Facebook Graphql Crash Course - https://www.facebook.com/notes/phwd/a-facebook-graphql-crash-course/1189...
New XXSI Vector Untold Merits of nosniff - https://www.hurricanelabs.com/blog/new-xssi-vector-untold-merits-of-nosniff
Research papers

Minded Security Expression Language Injection Paper - https://www.mindedsecurity.com/fileshare/ExpressionLanguageInjection.pdf
Sandboxing JavaScript in the Browser - https://var.thejh.net/thesis_excerpt.pdf
Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? - http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-...
Online Courses / Training

Cyber Security Base with F-Secure is a free course series by University of Helsinki - https://cybersecuritybase.github.io/
Vulnerable Web Applications for Learning - https://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applica...
Jame Kettle's hackxor - http://hackxor.sourceforge.net/cgi-bin/index.pl#demo
Google XSS Game - https://xss-game.appspot.com/
Google DOM Based XSS - https://public-firing-range.appspot.com/address/index.html
Code Lab: Web Application Exploits and Defenses - https://google-gruyere.appspot.com/
Cheat Sheets

Path Traversal Cheat Sheet Linux - https://www.gracefulsecurity.com/path-traversal-cheat-sheet-linux/
XXE - https://www.gracefulsecurity.com/xxe-cheatsheet/
HTML5 Security Cheat Sheet - https://html5sec.org/
Brute XSS Cheat Sheet - http://brutelogic.com.br/blog/cheat-sheet/
MySQL SQL Injection Cheat Sheet - http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-c...
AngularJS Sandbox Bypass Collection (includes 1.5.7) - http://pastebin.com/xMXwsm0N
Java Deserialization - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
Penetration testing tools cheat sheet - https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
OAuth - https://github.com/homakov/oauthsecurity
Burp How Tos

http://security-geek.in/2014/08/22/using-burp-suite-to-brute-force-http-...
Tools

Discovery
https://github.com/OJ/gobuster
Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines - https://github.com/aboul3la/Sublist3r
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible - https://github.com/ChrisTruncer/EyeWitness
Smart content discovery burp plugin with context awareness - https://github.com/pathetiq/BurpSmartBuster
An automated tool that checks for backup artifacts that may discloses the web-application's source code - https://github.com/mazen160/bfac

Recon-ng
Recon-ng + Google Dorks + Burp = ... - https://averagesecurityguy.github.io/2016/10/21/recon-ng-dorks-burp/

Port Scanning
Resolve and quickly portscan a list of (sub)domains - https://github.com/melvinsh/subresolve

Mobile
JD-GUI, a standalone graphical utility that displays Java sources from CLASS files. - https://github.com/java-decompiler/jd-gui
Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing - https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning - https://github.com/Fuzion24/JustTrustMe
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps - https://github.com/nabla-c0d3/ssl-kill-switch2
Android APK Tool - https://ibotpeaches.github.io/Apktool/
Android Dex2Jar - https://github.com/pxb1988/dex2jar

Decompiler
JPEXS Free Flash Decompiler - https://github.com/jindrapetrik/jpexs-decompiler
Flashbang, find theflashVars of a naked SWF and display them - https://github.com/cure53/Flashbang

Java Deserialization
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization - https://github.com/frohoff/ysoserial

Password Cracking
John the Ripper - http://www.openwall.com/john/

Hash Cracking
Online Hash Crack - http://www.onlinehashcrack.com/
CyberChef - https://gchq.github.io/CyberChef/

Vulnerability SaaS
SSRF Detector - https://ssrfdetector.com/
XSSHunter - https://xsshunter.com



via: www.torontowebsitedeveloper.com
Δεκεμβρίου 31, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Δίκτυα video - Part 4

Written By Greek Port on Σάββατο, 24 Δεκεμβρίου 2016 | Δεκεμβρίου 24, 2016




Δεκεμβρίου 24, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Greek Anonymous.wmv

Written By Greek Port on Πέμπτη, 22 Δεκεμβρίου 2016 | Δεκεμβρίου 22, 2016

Δεκεμβρίου 22, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Δίκτυα video - Part 3

Written By Greek Port on Δευτέρα, 19 Δεκεμβρίου 2016 | Δεκεμβρίου 19, 2016




Δεκεμβρίου 19, 2016 | 0 σχόλια | Διαβάστε περισσότερα

THC-SmartBrute

Written By Greek Port on Τετάρτη, 14 Δεκεμβρίου 2016 | Δεκεμβρίου 14, 2016


[0x00] What is THC-SMARTBRUTE ?

This tool finds undocumented and secret commands implemented in a smartcard.
An instruction is divided into Class (CLA), Instruction-Number (INS) and the
parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible
values of CLA and INS to find a valid combination.

Furthermore it tries to find out what parameters are valid for a given class and instruction number.


  [0x01] Requirements

You need a PC/SC compatible smartcard reader that is supported by the PCSC-LITE library.
A list of supported devices can be found here
THC-SMARTBRUTE was developped with the XXX smartcard reader.


  [0x02] Compiling

Install the PCSC-LITE library first (Download)
Edit Makefile to your needs and run make.


  [0x02] Command line arguments

--verbose
        prints a lot of debugging messages to stderr *FIXME*
--undoconly
        only prints found instruction if its not element of the standard
        instruction list
--fastresults
        before iterating through all possible combinates of class and
        instruction-number typical class/instruction-values are verified for
        availability.
        After that the classes 0x00, 0x80 and 0xA0 (GSM) are tried first.
--help
        prints out the usage
--chv1 pin1
        a VERIFY CHV1 instruction with pin1 as argument is executed
--chv2 pin2
        a VERIFY CHV2 instruction with pin2 as argument is executed

--brutep1p2
        finds valid parameter p1 and p2 combinations for the instruction
        the user defined with --cla and --ins .
        For parameter p1 the value 0x00 is assumed.

--brutep3
        find valid p3 values for given --cla, --ins, --p1 and --p2

--cla CLASS
        sets the instruction class to CLASS
--ins INS
        sets the instruction-number to INS
--p1 P1
        sets parameter p1 to P1
--p2 P2
        sets parameter p2 to P2
--p3 P3
        sets parameter p3 to P3


  [0x04] Examples

1. ~$ ./thc-smartbrute
        run thcsmartbrute without any arguments to brute force for valid instructions
2. ~$ ./thc-smartbrute --undoconly
        find valid instructions but only print out non-standard instructions

3. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --brutep1p2
        find the first two arguments for the GSM instruction SELECT FILE

4. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --p1 0x00 --p2 0x00 --brutep3
        find the 3rd argument for the already found first two arguments 
        for the GSM instruction SELECT FILE
        

  [0x05] Some interesting smartcard links

1. ISO 7816 - the standard for general purpose smartcards
2. List of supported devices here
3. PCSC-Lite library homepage


  [0x06] Download Link

Grab the latest release thcsmartbrute-1.0.tar.gz



 Yours sincerly,

 Gamma
 The Hackers Choice
 http://www.thc.org/thc-smartbrute

Δεκεμβρίου 14, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Δίκτυα video - Part 2



Δεκεμβρίου 14, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Find and display a DHCP server's IP address mac [ENG]


Have you ever needed to know the address of your DHCP server? I don't know how useful this will be to people, but it was surprisingly tough for a team of three of us to figure out, so I figured it's worth a post. Surprisingly, the address doesn't show up in the system log, ifconfig, NetInfo, or anywhere else that we thought to look (and we looked in quite a few places)!

So here's the solution,. Go to the Terminal and run this command (replace en0 with en1 if you're on AirPort):

ipconfig getpacket en0 

According to the manual page for ipconfig, this command appears to be unique to Mac OS X, first introduced in the Public Beta! The command will display a bunch of useful info, including:
server_identifier (ip): That's your DHCP server's IP address.
yiaddr: Your machine's IP address.
chaddr: Your machine's MAC address.
domain_name_server: Your domain name server(s).
There's much more in the output. Keep in mind that if you have entered an IP address manually, then you'll get no output from this command. I have tested this in both 10.4.4 and 10.3.9, and it works fine in both.

via: www.hints.macworld.com
Δεκεμβρίου 14, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Δίκτυα video - Part 1

Written By Greek Port on Τρίτη, 13 Δεκεμβρίου 2016 | Δεκεμβρίου 13, 2016





Δεκεμβρίου 13, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Web Pentesting για Mozilla Firefox

Written By Greek Port on Δευτέρα, 12 Δεκεμβρίου 2016 | Δεκεμβρίου 12, 2016



1.Tamper Data : https://addons.mozilla.org/En-us/firefox/addon/tamper-data/

Tamper Data is one of the most useful add-ons for pentesters, It is used to view and modify HTTP/HTTPS headers and post parameters as well as trace HTTP response or requests. It can also be used for testing web app security by modifying POST parameters and much more.

2. HackBar : https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Hack Bar is another widely used add-on because it has numerous security audit and light penetration testing tools. It's quick, light and easy to use for XSS, SQL encoding/decoding as well as Hexing and Splitting. Hack Bar comes with an inbuilt feature of encoding and decoding common encryption like MD5, SH1, Base64 etc.

3. User Agent Switcher : https://addons.mozilla.org/en-us/firefox/addon/user-agent-switcher/

This is most useful tool when you're testing for multiple browser vulnerabilities, Yes it can switch user agent. The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It can help you changing the User Agent to IE, Search Robots, I-Phone (I-OS), or you can also create your own User Agent.

4. Cookie Manager+ : https://addons.mozilla.org/en-us/firefox/addon/cookies-manager-plus/

Cookie manager can help you to view, edit, create and inject cookies etc. It also shows extra information about cookies, allows edit multiple cookies at once as well as backup/restore.

5. HttpFox : https://addons.mozilla.org/en-us/firefox/addon/httpfox/

HTTP-Fox monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers. It aims to bring the functionality known from tools like HTTP watch or IE Inspector to the Firefox browser.

6. Live HTTP Headers : https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

It is another great alternative to Tamper Data but with huge difference for e.g viewing HTTP headers of a page while browsing. It is mostly used to Inject payloads and fetch server response information very quickly.

7. PassiveRecon : https://addons.mozilla.org/en-us/firefox/addon/passiverecon/

PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information. One of the most wanted information gathering tool.

8. XSS Me : https://addons.mozilla.org/en-us/firefox/addon/xss-me/

Cross-Site Scripting (XSS) is a common flaw found in today's web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the exploit-me tool used to test for XSS flaws.
Δεκεμβρίου 12, 2016 | 0 σχόλια | Διαβάστε περισσότερα

Christmas Themed Button

Written By Greek Port on Σάββατο, 10 Δεκεμβρίου 2016 | Δεκεμβρίου 10, 2016


*Πάμε να δούμε ένα κουμπί του ταιριάζει παντού λόγο εορτών.

*Όταν ο κέρσορας είναι πάνω στο κουμπί αλλάζει χρώμα θα το δούμε και στο live link που είναι στο τέλος μετά τον κώδικα!

CODE:

<style>
/*
Christmas Button
/* www.foulscode.com
IE9+, Chrome, Firefox, Opera
известные баги:
# нет снежной шапки на input[type="button"]
# Opera: на input не работает text-shadow
# Opera: на input при клике border окрашивается в черный цвет
# Opera: из-за конического градиента в фоне, в Опере сильно тормозят transitions (Opera 12.12)
# IE + Opera: В Опере при нажатии на input, в ИЕ при нажатии на input и button текст кнопки смещается вправо вниз
# IE9: не поддерживается transition и text-shadow
P.S. через border-image не прокатило: не поддерживается ИЕ, в Опере частичная поддержка.
*/

.button {
display: inline-block;
-webkit-box-sizing:border-box;
  -moz-box-sizing:border-box;
       box-sizing:border-box;
min-width:100px;
padding: 22px 33px;
font-family: 'Lobster', cursive;
font-size: 26px;
line-height: 26px;
text-decoration: none;
color: #FFF;
text-shadow: 0 1px 2px rgba(0,0,0,0.75);
background: #5e0d0c;
outline: none;
border-radius: 15px;
border: 1px solid #4c0300;
box-shadow:
inset 1px 1px 0px rgba(255,255,255,0.25), /* highlight */
inset 0 0 6px #a23227, /* inner glow */
inset 0 80px 80px -40px #ac3223, /* gradient */
1px 1px 3px rgba(0,0,0,0.75); /* shadow */
position: relative;
overflow: visible; /* IE9 & 10 */
-webkit-transition: 500ms linear;
  -moz-transition: 500ms linear;
    -o-transition: 500ms linear;
transition: 500ms linear;
}
.button::before {
content: '';
display: block;
position: absolute;
top: -7px;
left: -3px;
right: 0;
height: 23px;
background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAXCAYAAACS5bYWAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABFpJREFUeNrUV0tIo1cUvpkYjQ4xxSA6DxuNqG0dtaUKOgs3s6i0dFd3pSsXdjeIixakiGA34sZuXCkoONLFwJTK4GMYLYXg29gatTpiXurkbd7vv9/5ub+IxuhA7eiFQ5Kbc8/57ne/e87/ywRBYLdl3GG3aNwqsLJ0k0tLS+fmcnNzWUVFBVMoFGx2djarvLxcm5OTw+bm5iytra2xc4ExNjY27iqVyvvwK6CpeDzuCYVC1urq6qDA9UcfPp+PHR4esmAwKK6tr68/l5/8rgQ2Ozub1dbWyiYmJooaGxt/VqvV38jlchX9l0qlwoFA4DWS/RKLxRxFRUVf5+XlPcaaT2AP0sVPJBL2SCRiAPBpu93+vKamZo/Ae71eZjabWV1dXVqw7CKwp43ksrCw8Bhg7MJ/PLDZ5PHx8cz29vYT5JGD/bSYLgTrcDgYdk6siSc6NjZWDaAe4ZoHQL+cmZnRpZPnhWDpD8kw7uKo9ML/NMCsd2tr61vkzboMrEyv138M7TyLRqMWMBsX3sMgaZhMpp+AR5EJrCocDpuEGzKg4x8khs+CVWxubvZfR9JkMik4nU7BarUKLpeLmLsKuwIqTLynp4fqmIzASrqQT09Pf1VVVfX0KsWZ6uHBwQHTaDSsoKAgo6/H4xHLEcrVyRwuEisrKzs5XrrIVAVwiUVDKRRrL+YI32ewdVhMApuHWvcj6vids6J2u90MF4yBHUZNgKoEBaRBQalJqFSqtJfUYrGIlQX+ydXVVTN+u0tKSjQNDQ1axJVl2iTypebn55d7e3v/kqoDgZU1NTU9LCws/Py0M+2ekuGincxJ3yF+18jIyHJLS0slQJUWFxczrBeBE0vE5tHRkbixlZWVfSR8gTX/0P5gH7S1tX3Z3t7+BW8qAvwSfr8/jA0EIRM/qoFtampqbW9vTw+XA+ojUruVd3Z2tvb19T2TQFEim81GgVJoCvvj4+NLOJZgaWmpemdn5y3a6BbcnJDAw8HBwac6ne6eqCW5XDwB3qVSqM9/DAwMUNy/eVLabT7sI25qwgujThCBhWE+mAt2yNc4SQKSZrOQQE1HS22VJkmPAGTr7+//fX19fRk+Zgq0trbGeFAKEAQT98BSqKOj47vm5uaa/Px8JeIk4GcaHh6eWlxcfAU/A8xG67BxAX3fwdcbYUpSDJ06Z49Ak8ZC3OL8f3YiA4PBYKdLQ2AJ9OTk5GpXV9cQiCVh79M94QtlPLDUE/1gPNrd3f0W33W4cBoco48zQuy/IZYAMnGqlSc4c66L9JruQUaSARXeT8HGKzxAqFBekni6+h46+pMzGiJGMgTOJh1yU/KNEGDvZWvfBawkA9ppwGg0mrRa7SOI2g+gxOgbJIpdFpj72PnxSnPX8vqRxTURgBQWKisrH+GThOm+CtAzoK/9/Uiqq/6hoaHfdnd3jaOjo7/yY7yxbwqkWy3sQzpS2C6YirwvUJk0y7hurfyGRrnduPGvAAMASmo8wzeVwfsAAAAASUVORK5CYII=) no-repeat 0 0,
url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAE0AAAAXCAYAAABOHMIhAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABiZJREFUeNrsWMtPlFcUvzPMwIDysLyRR4uATDHWCiVgSmRlios2DeiiXUFs0nRBd6arxqQhJDapkYXhP4BqDKTQhZaFNQSCaBEVJjwdHsNr5DUMDDPDzPT3u7nTDEgRKrKgc5KT+z3uufec33de99P4fD4RpL2RNgjB3kn35MkTeRERESFiYmLkGBoaKnQ6nWSNRvPPZFxr+vv7k6KioiIdDsfa8vLyQkFBgcP3Bnel3MDAQArWI0eFhISE87nb7bZ7PJ4VvLYuLi5O5+fnu9+kMNfq6+tLjIyMzMY6KeBEbK/XarXReI3lPDZMWcc4v7GxYV1dXR3Jy8ub2E5HPvJ6vRSSDH0ku1wuAfsEZOV1IEFHoeNFdHS0yMrK2knR0Lm5uR+hxLdQMjbwHTZbB41h8RGwCdc9MzMzneHh4bGJiYlf4SN8ijkfwqiIncCAAR7Iz2GPSShudjqdfeCeqampvwBQfFxc3JdYqwTv8gB8/F48A8BgKecE14V+L7ju2tpae05OzkuCCZvkPOj8mizmC6vVKtmPu+bx48cC3qI1mUyFUOyywWD4SHlELBaLJmCHNcwAghuAOujtuF4FqHO4nsX4EsAS3I4TJ04ME1h8PDE9PS09TYZoY2Pj1729vd6lpSVfkDYTPG0UkfNDRUWFgQ5Gb2Mh0N29e9eG/GQfHh4W8/PzwUy/ObQ/gMfVVlZW1iAiZdQxp3nv3LljRoL/5erVq1UIxzSiiVD9X4EDYATynCwAzGO858hCQRoaGmJFZNJz8YIcBc4BF966dau6sLAwBxVSJCUlCSThQwuU3W6XkYUok1Vzm5znQx5bbm9v77p+/frPeNSNRzZ/ISBwrG4ZR48eLamtrf2+uLjYSEG9Xi/wTISFhQlWGXohyzO/CJlVl23KQRLbABoaHx+/Z1lUZ/Hq1SsJFj3JT3hmHx8fnydPTEzMj46OziHPW2w22wxeD4Kfgadh/4YEzU8Az4DhffAn5eXlX1y6dKkEoCTspAQ9Mjs7+0BBo8Fms1lkZGTsOo0QLLRNkvnR+fEJzIMHD0xtbW39CL8JTFtSbAOvBIyLHIGVm9VzE2gKuDAMSSpcT6KXyT137lx2cnLyMXhcGDb3wq3XuWF3d/fCzZs3P0c4v5eSknJQbYLo7Ox0gC2lpaVZ3Be67Th/dnZWoAJKsJC3XA8fPhxoamp6hMb+BaaMgWcUMGtszZjiFDNmvcDI91pzG0iY4ARwkwrxkcHBwUdgNrRMbnrqoRbkVzDcvn3bl5qaWsmcgFH4G8XdEGUWFhak51AuISFBnkoCTyFbyWKxCJwIxlC0fq2rq7tcVFRkRKskjh8/Lr0+kBjCCDV/knfdv3//WX19/R8IRRNemxlu4AXwKqM+EJwdj1HbPYSwh3sCPAJDABm2LLchCjS+5/kirKGhwWk0GrMuXrxYQuX9hm/XXTMXMY+srKwI5ApZrbYmZh7deEJhAUKjLe/pLTzSsCuHrK+1tbUJVe3P6upq87Vr174rKysrYHVj/uW+OH3IfEuw4F3ee/fuPQfAvwOs5yyE4CnlFOu7BWrTCWlreO6FACpBZGwUw4BvkANLobReHb3kGZYGsGzTq/zlO8AT1ru6uoZbWlqeA6gINJAfnz59OlVLoX8Jtebm5raampqfcMvQYgTknz9//sKVK1c+y83NTdIEuCnaKMuNGzd+6+np6cCtSTkAw9D9X8Dyh+dbgaaAC1XAnUlPTy+qqqq6cPbs2UzkmWjNljiDJzpwHFnCkW2yo6NjCKW8H54wjlezKvRT09LSTsJrz5w6dSoN+Yp51ADAPUj8VoDbDq9pxrwuJcNIYQllJTIi/xopBw/VA7DJp0+f9hA78CgL5F5C8J2CpoCj8sfA6WCe/FPRhsRlZmbGIs8Y4FFO5CJgtrSsvrRVGW1V93b1myoGnKAKEcHgnwsWpg1lNI0fphwrmdqbckeU18WrnlOjqp5/j7W3BWvfQVPKa5SBkcrYCNVB65TRTlWZ1lXiXVU5xbtlDb2SPaLWYwrgHIcqPg6Vc7fbX69Yoyqfa7/AeiegbWOEVhmsVcWDwPn224iDJgla8Hd38Hd3ELQgaIeI/hZgAIPEp0vmQJdoAAAAAElFTkSuQmCC) no-repeat 50% 0,
url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACEAAAAXCAYAAACFxybfAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAodJREFUeNrsVb1rWlEUv2pN/GqspKRSKFYXWzEloIWif0Fn6dJChQ7OQil0qd3EzcEpg0OgdHDr4CQODk7VRlLMEIVqApX4We0zflR9/Z1Ui4T34ksaaAYP/Hzc673n/M6550PG8zz73yKjn0wm83fDYDAwo9HINBrNnwOQg4MDs0ql2lQqlfdAWont7ng8Pjw+Ps44nc4G1pI9EXWaSOzt7TGO42aH5Pv7+08ajUZ0MBiUeXEZd7vdL5VK5fX29rZ+5tQiEmdxKrlcjsEYczgcynK5/BKKv/IXFNz/XiqVXkHdjUuRIA9SqdRD8or/R8Ez9fr9fqHVakUR4c2z0REjIQuHw2ZcrPBXLCA0RHTezEdHjIQqkUhEr9I4HOILhQLf6/VoOUFEvDMiQiToDx1Cdz+bzZ6bUFarlel0OkkVUK/XWbvdPoVer5fh3ntsfwJ+CJ2XA4p0Op1bpBgJyxDehQQ6nQ5DZXHBYDBZq9V+EhFUndnr9drEqoc2bwJbwGPgtohuVSwWe2Gz2TZMJpNgRKi6qtUqg2EWj8dTgUDgo0KhWPN4PC70EvXOzs67fD6/S6kiRIKeZA1YJ2MiJNbdbvfTUCjkV6vVK2hcDF8GI2w0GrGTkxM2HA5PDxaLxSOfz/cWEfk81X0XIMMFgJJ/srBjCgk8IdcfuVyuZ36//7nFYtkQyAMumUzuRiKRD0jMFLa+AZOpYwqgB/ziBVqmVBKUO7eAB/R0WG/Z7XaTVqtdbTabHJL6EK2djBaBPHA0NSqpbUsiMUeEBgpF4Q5AbZrmSJ/yEWgBTaBNHl9kdkgmMUeG7qwAq9PqovceTA3zlxlgsuswyuXsGsiSxJLEkoSY/BZgAEjRodi+uBruAAAAAElFTkSuQmCC) no-repeat 100% 0;
}
.button:hover {
background: #a61715;
text-shadow: 0 1px 2px rgba(0,0,0,0.75), 0 0 40px #FFF;
box-shadow:
inset 1px 1px 0px rgba(255,255,255,0.25), /* highlight */
inset 0 0 6px #da3b2c, /* inner glow */
inset 0 80px 80px -40px #dd4330, /* gradient */
1px 1px 3px rgba(0,0,0,0.75); /* shadow */
}
.button:focus {
outline: none; /*FF*/
}
.button:active {
box-shadow:
inset 1px 1px 0px rgba(255,255,255,0.25), /* highlight */
inset 0 0 6px #da3b2c, /* inner glow */
inset 0 80px 80px -40px #dd4330, /* gradient */
0px 1px 0px rgba(255,255,255,0.25); /* shadow */
-webkit-transition: 50ms linear;
  -moz-transition: 50ms linear;
    -o-transition: 50ms linear;
       transition: 50ms linear;
}

/* other styles */
html, body {
width:100%;
height: 100%;
}
.bg {
width: 100%;
height: 100%;
display: table;
background: url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiA/Pgo8c3ZnIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgdmlld0JveD0iMCAwIDEgMSIgcHJlc2VydmVBc3BlY3RSYXRpbz0ibm9uZSI+CiAgPHJhZGlhbEdyYWRpZW50IGlkPSJncmFkLXVjZ2ctZ2VuZXJhdGVkIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSIgY3g9IjUwJSIgY3k9IjUwJSIgcj0iNzUlIj4KICAgIDxzdG9wIG9mZnNldD0iMCUiIHN0b3AtY29sb3I9IiNkMzU0NDgiIHN0b3Atb3BhY2l0eT0iMSIvPgogICAgPHN0b3Agb2Zmc2V0PSIxMDAlIiBzdG9wLWNvbG9yPSIjNGExMTBjIiBzdG9wLW9wYWNpdHk9IjEiLz4KICA8L3JhZGlhbEdyYWRpZW50PgogIDxyZWN0IHg9Ii01MCIgeT0iLTUwIiB3aWR0aD0iMTAxIiBoZWlnaHQ9IjEwMSIgZmlsbD0idXJsKCNncmFkLXVjZ2ctZ2VuZXJhdGVkKSIgLz4KPC9zdmc+);
background: -moz-radial-gradient(center, ellipse cover, #d35448 0%, #4a110c 100%); /* FF3.6+ */
background: -webkit-gradient(radial, center center, 0px, center center, 100%, color-stop(0%,#d35448), color-stop(100%,#4a110c)); /* Chrome,Safari4+ */
background: -webkit-radial-gradient(center, ellipse cover, #d35448 0%,#4a110c 100%); /* Chrome10+,Safari5.1+ */
background: -o-radial-gradient(center, ellipse cover, #d35448 0%,#4a110c 100%); /* Opera 12+ */
background: -ms-radial-gradient(center, ellipse cover, #d35448 0%,#4a110c 100%); /* IE10+ */
background: radial-gradient(ellipse at center, #d35448 0%,#4a110c 100%); /* W3C */
}
.centerer {
display: table-cell;
vertical-align: middle;
text-align: center;
/* noise image */
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAYAAABw4pVUAAAgAElEQVR4Xm3d7bFbxRKFYen/+YuDAHIwBAFBYOdgyMEQhAkCyMEmCBOEr94pHtVi11WVkbT3TE93T3+s7tk63H/44YeXX3/99dbr999/v3333Xe3N2/e3D58+HD7888/b4/7tx9//PG89/rnn39uP/300xnTtd9+++32888/n7GfPn26vXr16nyO5ldffXXGN/+PP/4447r+7bffnnt9/vrrrw/d5kUvustP8837/Pnzode/1mrt6LRe/H7zzTfne/Sj9e7du9svv/xy3v/+++8zDt9n0ccreaPz8ePHJ71oRKt1fG5e86NlXjzTSeNcT4+tH+34jFavPkcnfUSn+62RXI1p3v0hyEsLxXA3379/f/v+++/PoBilpN5T3tu3bw+xiFqgexRjw1rARraB0epeyl4lE6oxMRQvvTBpbGv3uRc+WrONIGzKNx9vvXctftrY5lBYPFk3maLftXi0+TaOkSVTuopOCo0X9KzNoBpH3u41vu9tCqPqczxyhPuDyRcWFNNNiMmsrOst1j9eEUNZU4R6tSihE9iut0ldb250zecZbXpMNQ6zvXctJccHK2utNm7XQbv1Gh9frRHd+CAkI4jX+GhstBrD6xvLi//666+j7P4xul2jeQyH98Rr19dbGA9a0S1K4Cv99vnLly/Hi6PRv+MhLUC5rD1CLKF7WU7W0KQYFc4wxV0bc7/fn5uRpcUsN01hzaGQGOfa1uC+0WIklMzThMvoN1/o4TUssHWj8fr166f1R5fhRC/58blGkUzCXPeTq3Ub38amyJTcBkePh5CnMckrZDWWgQvpfbeZZ402pIVtinjN3SIeE/KEMMbFIuwzixZGYobL5m19F4NTmHwhLwg9vKbvfU6g/lEib2O5Qu565BpU/HRPHlkv7R6Z4lXusBnRFnJTaBssOrSx5sohvJ1Xb45rA4suQmNrdF8ejfb9schLAyR0BDEkscVU+aNdFE8TkPK6H0FKZe0WTXmSLUuSs2IUiGhenxOIcVASj4lWVlm+Y6U2mIfLBRlBvOG5eYWJvnePZfcu0TbG+oBCmyGM8xJhLT6F33TQdclcDhZBbBBjA5qa3xr3UJaQIoHFWBPbgISOqZhvEcgJUwkXE1mXJCleAwbRF+cXHaXgYmvvy1jMZUmStETYXPNTKFTXOvJA7yy9MQBAIUsIXhniXRwXisiSHCkJj83rM6NrfPchzeRMVwBI94GI1gBQRBt5j1FE+4SsBq5yWBN0svBSfMyCoIXmpvDoSL5yiSSYwlOcfGRzWazN5D1tBuU2t+82LTqLXoRIoU94W6vcnHXNUcACRXc/vjIK+UEkkJxbS35L8ZBn420Sw0CXgUji6TLvxWdGf39cOB7SYOFCQnQNjFtMbfdZTYQXunJ1+L0NyiKEpuZbD5rh+tGh/HhgGFlZTPdd3eE+NJdHCx+MBoSOV3WI8GqjGEaJu3EMS/5obfWTcCMUGkvW1ssbodWFxjYxnTIyMLvv98dCL33grk3GtPibgBYAgblbzGxs534pimAJDSXJC4SIXvPlLnRbL0uLlzaO1S2MTuDGUURjhEvvAEk0bF48CCs8Xg7qu1efeaK8lkKFa6ipaxmrXAhcyJ8Hzj42Wm3Td9A5eTMicPv+mPRCkE1wih0JTtJusQRK2THQe+5avokO/C1spISsK4a4pxDYGGunWPCVUtQQfW8saBoPCbChonsgJQ8Xiha1kTF6i6DaVAqWC7rGWOQVGxm/5aX4aO301Hvfu84IXWeAwhOkpjay5jOHcHPKjoDkp5ihiHaUBTY+4mqLrkNmFsGwmNl9OULiJyjEB0zgI6VCdW1oQuMZlhcaFkZv7oL0kiPlg9FCpXpAWGkcOYED0Lc1oDIhVwHM64owGSOjFjKBEPA373PvbAhrbqIE2SIKqN5Vt1lVBCUmSIfbqltYXEz1EosXhehl5T1itLGSe/OyOp65fZ9tfagDvCvG5EfKXQQo3ApR0QMk4jvlq8cao80RbzadXDoA+NVH09WQL+Vc9VXvdJ4e7o8Bp5dlMbsslrP+xrQJW9Fu8ZVyxc6YVSyCo4ROSL2y9UK9pOZm/b3UGEIRoYUBNFsDTV4Y/8IYZTYv2puHFJ3qq81BIkPXbNCiQMgqpdoYeaM15B/wWOSIDwhMiwgIOoUhS4O3hQL5YKtQISnLUylTEAuzqeKmfKMbILREwwaLqaxvIW/rqIMIIMdx+5Si4pVAWzdklLL6HF96Vq3X9QUX0bZOhsMgbKj8o2gUrpvHqCX/5kBbugTxkI4gQbkxevLPCVkU1kRwUrEjEacA2FwYYs25NctQw1Bi9JqLKbHfhoKdEr13GwIqMwTIRxjjlRqL0RcWG7O1QGMYG+NJdhAUwhQek7eN7n6fhSH9M56rnxWP8atv1nrJ11ryaGO6pm7bznW8nDqEQpXvKdwusgaJKoUr1CK+0E8yjI6NVChx4RjezYiuOA8d2VwCCmd6UbqrOs3R4HXxC8IzhPhKScIaPvOArZ9EhNYV46OdovoudPmcUuOBUfEoEUVN0wYL45AfwCQXMYKzIQmhUNq2CQzfwn1WlG3roXsW5qIUluAQzMLl5gtN6o+trruWMuWSLJ2lMh6dBR7H+hWzLL958Ud5krs6Z1Ei4xMO8S4vaYNEU93CMzUpbabaTJe7sqD5Nleope/mndbJ4/1lc4HYx4qEClg+ZhNG7KcIeLqFJUMMAAwL8xRzkiiPskGtIwk2puvR1X5Rt7gnP6l7tHV0FFiojVK4Fk6iBWarHygcnHfYpoMAnDSvNdKhbi4AEG/Wd04j3DkWWMjbmieHtIhKNsVEXCWp0Ik4JUAqapYSZxYhSdqIaCzaUVlv804oZFkpUqtGHdN7mxGfbbiXWN09BVz8SuKFS56XIng5uN3aClYeE22di+iKBopWHslTGTDeFoy0frzIUSIHL0nn0Khy4bkhG3acZjUxQbQvKEqPJisBCFiDrqpYCT1I6s1RdduwapCY2xbJIqA2RMd3G4y8QFtF7rKp7sdb9Fgw6MpqtW/ks3h2GKWuAF2VA/jYkNf6qn/3KZqHZji62E5qo2HzTshiBSzXAwkWiCi3lmsi0Iurp8xe0UAnYYQgXhejrefksOsUqSZw9pBitgiF1Sm49/hZEBEfNlxrBqJqXCGCR6+Vdx24kMgXfdmI7UHxxOQhHx61ZnpX/LVu+oIchcHdtPvDcl+2weVsAuLQphDrGwtpxZzK2Q6LzYWOFhfmYloI0T7fpA9hGcdIwMWEystY7AIOUDnLk0xTbp4Hianc8R595zjqlTaFcrTZGZ7CsfuQY+EzPrbqVmuIEGojevM9770CmWS7Py6+ODwq3MDbuWwWwo0104SDFCiHqDy7ZkNZH5RhHleOmVw2q6m9oH0iOUM8wAQQoI0v+W4XWlsHbO+epMpy1QSqeDBccRfd5slJrZteoKRkzNCAFx4vhzRWhGhT5DToTthXy/UdL+nx/lD4CVksh9WyeJYENlKQDYkYb1qkEz01iqZgXtYGc9VFTAq2xsDxraVxGD8eUYIK3QOp8aGNoxvdOGgQIBCe9JjagO1bbS2ji2CToqHtw6MVoEJa8reGKJKsugDrUYw5GeLleabOurmx+JwgYKvYiiFVOUGEF20EeF1bXviTbyicNwEE2vkpQHxemKgzLA/Fj7okb8vremlj8PS+m9PaDAXk9lBd71rrkJbmKlTF4+UnDUJwPZp9Fkah13TDq7V4AKLu3R9KPN1ePSJMtaCCDPzEpC6wjRIv21Sur70udrdoSmCpii8bL1HHlNCzRR6LlC8Uac2LP55FuXpY8RTfDo825LbJbWCbJEelLLVHYxkhDwZIWg/EFY7UTTzAWsCKrrnoIcqIRvHzn5ClpUFYcbrFTe5aAkpSMQySQhTqGu6qisVw10u4vWKueduYhNeFE0WhNkMe17W+b8HWuiB73qq2Sp540CoBwUHr+NBsZFRi/eahxqlHeB2Zt9cl/OXpUGZ8QXLRgQTpWK45Ty5KxA2MARDPRizSkTNgeTkB+tFMZJViqeo9wdUdzcWcvGCju05oXgABic28jiWD58mjVc9jFWDyDHQkFPYdYOAV20JJgQ6bJGHRBCLsO0+/rtcYnYY2x/E0dNm91jg5RLKJSBe7CdW0y+2enfQuwalVXBenHThBJBTA2lMUECDXHGker5TESISa1tHf2k1bgOAYAZLjqRAWQJLRaVjGDz6Su382aYtchR3D2rAkZCkSV1bhntzqLvVcIdP68XVgrxDQjYWJ4iRFxRThEkii65oELEywYm0KIYm1c2UIhkXJMcKTp9KFl6wzC9MT4gG8xQYBHHuyaS2tGHUAK5WzWDJ9LCiBSBXKPK71JfB4UqvIT7wOaGqtDeXC6KnUxVsWkfAUixA4rIWg1dy4LGIh3aKZBIBmwFmJM9rgdgI56Io59EMieIBOFF/OIVh5fGwYBDai3WZkRBAeS2WdjdnaA7ho87Q7nLXgm7dsbpJ7bH70RZstZhn35umT1HsMKEEVRLC+BlhKijmWK9FK5PJN11XmQkOb2P0YZ2VbE7BQCRVz2iHRI3zzNkes4tEBNrRMhB7epYhTdKLJyrWM9qi3jbJpjct4VfbxxyDRirbaRGdBzdP8xkOpDFSP7Zyp1+1lLQ3c51c1FVkixVG4bmVMR1z+oawE86hp12JM7rChmI356IK3fU/Ibcnw0gzIySZle4g7XvJW4EIM97gRmRqHBmvuWnxG8/8hRk3MxshXmpaULJ/wmsY6eYwXAAlf8p165+QQ8ZebQgpQhr4Ua22nWZlNalEoxXk0oVkPJKE2kcy1IyRrTNu8aJdL9gyke1ocC8nlQGurp/zWRcFmc21KskNLi5ogtu4LqbVN0CHrKtam6nLIwbxHSmB0azznYesmNjiF9DkmtnDTolB0xVxjN3E1T5c2BjyNp/3OgqEmRRKlq3RTrnbCWi6rZZHxEI1Fa41PMfKRcFMoY0yNAZPBapB9H3zjLdCdBAws8CB0eaoaJJ1p4eRNgITrvAZy7HufzxEuC1OQNXmV0nfP1UqMjQVPISRNyuh5pklChLtZNmsR3lTbejoJyKPcIxS8jxfWDutDQjZffowXylEnNba1kmVDtxZIMoG8woxKPv48buteNDRp+wyQREODlsx9l58Bk5PUdR6zCrFdTnBOLk/0DiWxeiFI+PIzBmFMIvMkX8KrnCE7MTkh95SSQClIjmIsQoh6I551WgkqzzkMgnTkK30xSk8+Gy9/8bTk4xkAiB8iKR32pwvkjI66Y5/jja6wpdB+nqnvZkhQ4CoYyvKU/ZqDKWHjuALJJioeFZwE9EhqygZpje27brCqe4tRbRiQsvfG8bB400sSw9G0afHZhiePw7Tm6cOlJKeH4j6U5URRqwV851mM9fojn8ZZT4rA5+n2Ppg9P0dQGTufAPWgo4ShBCCg79yTGzfeGYOQE21zetflhMLEdPB1k7pClMI3x4DaOrhC5rW3ZkOSSQ6ITxA8OimwNRjWHitAVR4lchSh5lDht456LJ0yCsauKBQ6bTJjjLfTXOwGxNPFGAM/YwZ6Est5RvMUfkCAoi1moYeUKkb2eRO+xC23qGAZhPi+/bR44+qFCkYgrEXfGEgHAGGVzRHq9KbaDLXKdrr9BC4a8sJ6klCZbPHAEBsjKvD27gtleGucds5pLm5+oNiUz1q27tgOpmd9m89qsjYQVRzXMdX/YX3QW0qVd7QfKHkfxAMeoD2CCXkKOxsjxMafSn2LQjLKgVomThXbgF6rzN3Y7oHsmx9ttqJYrtP22RNSsDyjT65zHhIDV/dNmC3MIJUsWSWq0NF3Us0rjtoAv59QDQsVEF0bqTdloxR2jdGWjnbMxxMFASMaoBt2optBbK9pN7S50A5PzyjAb4VqSs2g2uyuSf59pmgRoLGMy+FYipYz8Nt6jJTna80/TwwhIQvqTxFSiNjw1WeWkbVEwwHSdoljUl7hNc6koTmKiA4BNRC1q8Vn1T+DcF1RuOcoPqd8Cbo1hVOIjtIgqd5bR4iBiOQneQHaUv/ItZqFjSv3uM8o6Dn6OgDp8/wcgQJY+CbtCIjvkENCKsgSDlJJyI29Ck4IZL0EgpFwWSy6HoDwHJfxjnv1leJFqx946B4rBCe9y5Xuk0kuk0e2KyuP8qiUqPnZeE3GPEbdAm0VniArzxY3XldCjknuYzBV6sIH1xQbeYWYSsGQT+Mxw531mcR317cQNJ9SszJWzhi277XWK2QmsJZ+a6my1QN7WET5QEn0NrwlVxuVwh3QRU+IBFQaA2mRoTnrDRI8z2kcb4S65OYN8aDvs9ur5FdzxDAkob8veWtCQiRgHOtgNY23MRCNRKrZl0A6yjyxa1mVzdaCYAAE4pmsmgHxGKGSF8dPdIVJYVl9k/K0dORQoZRF61pvHaRrse0Rp4uihkeJ4kGdx+MYXPycB+VAuWs/ScJRIUum8gTFySXiLOicgvTF5Cg9nGj6MT3htpUP22vPLNQVj1mpjbNB5JGY+94a+8QJo9GjwoPw2ruH5ZILqNGuAYIYa+/xQ1dkiYfu+SsWy2t08ZZMjTs5RGxXwXYz5UdcWJDgWFVjFUZXi93upWoY4vGgth/cCIPCSXPF+Y3r0Fnj5YgNb43dKh00thEUoUsbPRYdHT0pym+eTrCYr4YSDtE0Bw8Lk9VpvJPRR8MmxIcQfApDfR6dVIVNg7LwhcC+CzN6OTZBeNF+EIaiJW6Ll9ZJ0BSgfmE5YLBKuk1NkR4ukOucAhqvbmJg2iKaeeoOxSeUAxGBp6CzPpsaTajhTX6iDbpuE3KhtTOS1kmn+yiqgvKErBTD8iQeKEHMFA4kVb9LV3Ok0BbUn+r7FmwSZPQgKli+tT10oBkoFCjuWKMwpV8GNCSkqt0jNymMcjKkPttcHqFdIs/0zuIl8+RI2c1Rjyj69NIyhj5rvPIMgAF9Xo8XXQKF9fPnCA7jWZcNkg8W9XQNmmoBcxKk654epGT39yk+x7RttOahNdeqAAugw29CNmyZp0AV3/vu9xx9Bn3XwqGifTRHU7XxIOtu2IKBvC96ckZrMz5hnQzpcJ8DaK7mIwB0coh4mtCIQS4YbiEWr2WuV3MNAdBYc1WzCdm45uhPJazqVh5zfkKR0chYmssKNTTB9WPS/ybezT/d5/HJ1VoeS4outNMYEUHDUjgDYPLEPabQ6sjI0p+wDmI3XhiXWxapae/Ie8l2ur2FLPErBenfYDhmVdkb2/X9haktqJrjMKZxjk8lZtVwzGc1Me6ejec5EqpcFA+Yh6ZsRmO2exBP29ruvo6wRCqkyEMUa5OEzMbLYcILT9t6ygGYfGlDGWn64rnpRt7h3efEMEYb2OJbRHE1YYICLUKYiGm6EWzb5uAxQVjuHv5HKwY9OKYbALFAJcKfJ2VaZz02Oqpom+mgjKF0XQ6Se4TbNlBbnAFCZnLetmw0CuOz++XW+EHPsbYSQo6S3xSaisRTGPobiWoGMVifXj/HgT6L3xZKDGhD+H04bK4huHFcMmMIbZr6gsdGU0s73tAzdlEOo1FktZYKXj/LJvIOP9hU44gQNsRGUNZ6TTwwQk92dg3qZIQQlQ3QdGQkclTj29DjId30IEBxkvDaCOoSiAVSUPXC7GqJbV97qNrPyOQkuQUiUsSJ3cIDb1zgICwkrDwAPcWzUMKihTL3og3Sb6iKnpqqMZCVpycp1WEZwNN6C7HTw/4CS2glQ2s3VzWfLnRG7g9Cz0p9i6WFfJSY9RmjBdI98RXk085m3d33T5JF3yaKsQsn18ooR7HWPCEW2FBFQ4QQoOq5NRwHMKY2pM9qFc1RhWw0hRln+a1HiSr8eLWeyBEfUoBQKJSnB/Sc0TT+2X4vdIh9ziAawC1jQnxOKZLfooSu6V3B5M4DJG+5gADCgrjsTEIXQPiytroDWkvJvG1bMDrYEJhwuElfO0fLXHhpDUqKT1V/6/TPb0qMw9PCd8hze2PRUf/ImXTugO75kAPrSighS22yqMhnDTlQlPeAtuJ7QrsW46pdgOF6eqaajuFrY89cfbAU6EhWNd09Zxldax0JnPcBI42jsHjTOeDNKV+3to3RfORpYC2jUSQnu1ALfTJIOYNHypN4fP4BM0wq7yU6StTRFHIglt51MiXDvjce5OT+TslASaGgcX0WixWd4rtKmaCqfQrY323oM8kR4Lc6Z/OAZM2zxHjoL762rSIqtDE8WoSQ+/S7eK58weOb5/wcSGgdIe35K1zCSi5a3eqCmAdLJfUIeqzSZkAL3UuhMPrGzNPV/PdXvpvosjihUzGYEtCQR/JKiZlhyAk8k5LxCj5r+ezxLz73OTPIkMeC6incQRSQwyDjFcy1kYwPAIgOb+uaMJkcjT0POcRsxHPpRTOIOPwhbG7ujyoj3nxxWthT9W/9ojbo2lqIlgIEIzHvo/6LuPaPuaQ8wAIkj45NkNfiVWhL0WA0Kxequq6bkCzABd2Ylz7orHs8x8ml7oJEDlGC5m1G/PD4Y6jBXoyAZw3ScMwrFE+gZUw0VgPRRkSn61sw8hyxPFpCEGuDsKChaHjQIVo2Uf1BEMlWa6L3lOTsXGPUsW/zhNLGbcNR/oimPATINE40UB7El2ajaLJGLdzqjsujQimkFq/4S77TOsFcN7j4WlzELL6JMgFjVF6x2yrl6MUQbC8PQT4EyKolZzWNmMylY1bBqv0QIBCrvQu5601+9COcLpwWKvC6rSPW32bFexbuPId3owWN2sw2dmEwVKjTnSw6DLz6/HkmrROWa+d5SArSxEvICGmx7zO8FkgIoUrXF7RtDQjOo5hbxzRXn0qjc/tECdV3Zy08V7WvswCOdl+YFVIpJFrgajQ9DK5Iljt5fXT6xxsWMQpJooOOBDjOs4EYyMsTnJBca57CcIsbFk0RLJWFgId6My3WZ53M5rUBLA0SEo52c3RgN1yI/c33t0rEbE05R7Epaz02XpyjX9sv+BCWoa3GRbf7fh0MmrYuw3QoFn9bXCY36J7CeYougdCuuOaJ9Np1aLS5p5cF5i3WFtcsyDK4qnAVYQVWnxVUMdTm+gF/48FMCdtfXNgagBJ0QnnVbsLmguY6Z4Faos8aJVZISki0Qap8HWfGBUGlE+fu8aYcaJwiLxq8g2yATVFEaPXctPyiFlHvNeegLJiaEJ5JMpG7xxB3lJy6x8rkAl4iL7RJYq9ijFdqXahVICOVbu/RlTd4cLzIfW1QCmF9cqFWuzyksaeKV+8I034jyXqjv2f8bWLrQH7mAQo8TYhXSOqmSws2wkYuaDqtE6gp5UI0QoyKGbSk/G15RJACJW4uasMURguJt54wzsmgHpBCCizOQ6NFGZBWGyt8xgtEKIfIT723EXJI8giNYn3zu75PXILjEnVjGBzAAUkKwY4bPIEJVPj/eMWjNpS66vmjT+hAISOZ9Q66KtJgeQvHyD6Vt/CzDXCPMuUXhaAqPXr6aG2MWM2reBNLFEqEUWHWwxLxrr/UZwBF61uNIR+C/+oNXpsBbE2zOmnjur+diS2KbVLz98EPiPH6v4c6G2L37RiXpVjCOCPnDZDGPp2xYUCdIRQ0HrOKTqHPd5B4k568wjoXbRUKW0dNlPE412keuJ41U0LzIbOtmbqWLKppdUjr8h6VO9nTjefLoKXWlMeMi79eXZcDFZMMPh2cpA5f85ImiJ2suXsxpQptjJh99a5tumk5tFgWrx9kDVYpQbZGyoPN5S0J1QFQgpoLFLBW8nRfi1sIBHUb64HweGPhOgjx1wbJI9GhOLoBNOK5e40HBrROGFb3ra1ItEH4PhuiMOyLKrXPrMXJHnTRGP0rkHOfzRLyjIkWaLe0uk4QoaQNTpDr/9pCYRYPC0D0lBSiDtc2hyywAAIAgubJbTY+XiAxiKt3P5mIhlYM2smvR4Yn6M0jswxbm2TbKvpfeftBWawYUpEbCKCVkuu2uMrdkyHCDGESYNspEiyvAlVtHqzffZ7CxcHla1tEfwx8xUOCy3XJ00uBFk9dixakJf9o0cidbRbQwWN1JBSgCkKwn3zpyGNFwFFjGJMcLJw2T2fh5JAW93CB/ODsAFMgMa9osxKUS/rfwYm3hNZPEv8bL2lyb+GnNdQ7CrjW24Mz8Flip3SFbEL6PUZrUYjQpc/FGOQJIMJ1p5/CYfyrsKElMslVGUn3FIdAg4iT4qOfTqJvo9FN1hOybAIUJEkKKSDjKhV0XMGa12ISl0TI6lmSuWIoJMQjhcfuxywPk6u0X6AgQEGyb33VfZ95q8316Kf+kjCTnGTQ03NIhnd5A1IDENpocxWqDK+xilbhV42noperTlI3WByULLvOUlK8UNA7TxFaeAaL5frqAOhLYac63ed9o+H3HQmHD4psLYhww0WC20SerfJmMBQJ2bBK/JivMmcIOsJQYBsthAvtNkfYJDtw40CKl253OBp9Z/zPv+SAQQIotOyckOWnaC2uPdJCvIzrg56s0GansF7RTfmKsBStF0SQ7Yktzof0dBR6Bz3jSTw2R2jd38WLArqy8dQ1h1RgcvTkr8ZGMwXmEZ7gB6dbN5n8TI6n6M85FPOTPLoFAJL/bIgkI9SwXiFl+0tNAv+6v5hfLmKN0BOBYkQrXHtlrYqSVOvoi9EABWOQXG0k75SLWB25PG0pzPTurMMztvucGKgaX1DR5sD0Fg82esOZYtNTMvKGTgVjav0+iwbP/9NnuwUnx+jG5bNzjyPXXjand81EbnyFrMbENDdWiCWgBwyyYAc/mzzBcJvG+vEKnaANfovlDEKYAlm1XuKlDVBfWRvIaP31AjnKhi+apJs2Sb4R2vXQenfgt7JZL77Pw9Y2wO7D8WoIjcAYV2xte4ElYjRFq2NiLsZtmo5va1lPiHEGom/GusBibRWxuHHcHg3hBMSND39vnRwKQUUojyMvWmAsBLkQWt5l8XmHP3LHcjUAAAbmSURBVNCTrOlJ7hDunRUxMC0XIesgwEIWl24C1yKsyhVm9lyV9nNCxZRGnFwUzRiRD2wIyJjCQD/JUUIXzxWU0VCYLT1n1B5Jglwa4yGK7ahuqwdsbo6nK6HB5Y3nQpqqbPkiXpNpD5uS3X0AgI6BHzzHnzx1IlF1iKQUcW3uLfqyBtVqYaHv6g9e01yJbvMKhlTHIC8ripbErj2yIUNYxDTavjcnZclJelrxAiiIz9onao+uqzP0n5KDbHsenpz42z4blNl66g6dcN4LVGgHxa8SQ7XPG08d0sLtcAxCPzEoX4jV3FO46l2iJIi2Q9+hColzQ0S0HWD1rhCk8L43X9iC/hRewth2FRqj7pCckweU9cNLYKHxlHvtKFNQio5mSjbfRm0oZwhkobOFtUKjTZSnmwOlnj+toUd0/ZEMJYB6rDolRTSFtWAurxHHExKwe1tU+qENN9fbEtP3b6HHoIo3PvbvuattKDPBjIFuVPT4WRBBwUKj2iWZAAJ1h9CWPCyfl7cGtISnNt+zZc0lm6KTcca7dvx/HgN6MHX+xB+XFOuEEQdACe3BBD2dNsbzUSk/GjHraQpVabTkmv2zGIo8sFVbIyWCsF1TnCacxJ6wNjTFslY8geasj+e3JoVuuBHzU1KvwssWfPtghc5CcuFVWAeRebBGpKPsdLf9um0Fte6zdZICnMoRjiVDYS3qAbmUkRBdE+psau96SIv5AQEGQCGEYakAgX5YfCyk3q5w1/WswMyUxFMkcohHlSw5RxsKWo/uuvpAh4J8rrdOmyP/aNd4Z3yOKdIFGUWQrsU/TzxJHTpReLkJdbUgBe9fKGieUz+EWYw8k3Kb73mpY36Pl9aL/pTrqvPobGG54UG7PUEUVvEhPEZrnxKMBxBTEQwN9t48sR8Q4NEeQpeLhDLdAnIzMl0LYV1eEyXklHiMVv/o9EShx3/O/2EnQnZtrYaihI0YtaNgrUKIkhvjyDJF9Fpk01r740sWuAkYdKTMeNP1TYl7BqKjLEkndC/PInva4xo+hFSdCUrWDFzrVdDKJTZSbopPaNU6CzCUD81XZ6np1DnNO89lQSpcvsl93tojBli55Cfmc2VWDTH0XeNPZSrUtea2MqKp4oa4WK66IiU7LhYmu9YaPGKtfVGh+wo2/ydT84Vj9DcHNSaD1O1WADPc5JVrU7ZiWAhMnngEv3l276C0ZujzgGpPxSATDxlYUNXrXFnV3WKY5hlCgnYGmJv1wetaNRL4HpFmDPv/VGeBrbO1EE/quj9NznoVuYyL58iJwhIj6TsPAB6gpFVmCvdwnHrIo0qtRcnN8WS8ukMD02mlbgXkdx4DctatKylfKAAbvA1CrQud23Y3RvxPHx3UJKAwpADTlvAgHDenLJudUO4JKfiBysBFtQrDUP2qr+SX7QgAJ6ryrQnAVflR2PbcmTmtDzTQkWITmtLBSC4eLunLkaJI9M8vqBqwLeIGUFCTFHvqEr2XGBYnNzmvtRCKpywqu4YFMBOokKuiraNqnXjssxzDghM63h0fUJBk6zRROI5GhsVwhBfwVRSwTvR5kdDa9+67d91cetomKiMzT3h7tt8xrjnXAOjIeYO+UMzb8awQSkuRnraIKRVyjFIkBlgxkNB6LLn3Xh4MkJPWMuOBp6jem6MfxsAcPCky4zUDNLc5woVNaSzj2F4YxNR84XxrEj0xAEmV3xryBrrqHfqDcE8dEkMSOuShRyRZsTCHShSCsZTlSRPuGk0dXK1t7t86No1VtwY+zGVta3XOQSTZLWLjK6XLe+I9IKKY611dFO3kZLV0gK9k3HDFE3gIwLOGymMbk0FrUlq/NTdPJVM6PygrpYGSXDrlut7kPqtHoK0WUjcIcVt1S5ILDrbxCLtrgSRQL3Cz99Zg5RJo75SpCGT5AAOvcuYCORI82jtWZQ2NxYccRKbGODX0fG/rUvYeI3s0KBoQIW+7PlsGcbbOKQwlZ4JG2K467xVq/Pk8AmyyTgnr1gT2AICiS6V9DYEqZjlEntA+aXyb1pq6Ab4r2MR6yClaaqDoxyMFav+HmNQeeOh7NBRyjIai1WCtJzmDu6KACr25WjrJ5DkCnt13sPo85KBVAuGkODXEYm4oRftYs20PnRSHFBIjrPF6D1hYQYzFCwWpfIUekJXlN24PgHjfhkzhguf7fk3I8QCWymNCtcKOLtQPkB6E1jgPcTv7aD0dcFGAJybP8cjHhxOyQN8IpkwvCEzyY70R2GJo291++CJhs0jxHbZX0fZ9URNYDR6mMMVhinFmwxAWMkfHeGEs+vjWsealurAq8d5TZnMBneYAOfQidOlgADYMYGsbeVGkiJd0osmoDuv6/wCiiw+ViXMk9gAAAABJRU5ErkJggg==);
}

/*
border-image не поддерживается в IE10 и плохо работает в Opera :(
border-image-source: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPUAAAAXCAYAAADTPQnsAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAADTNJREFUeNrsW2lMVFkafcVaggiKICLKoigoCG4dxHaJbdplMjOZCB2nTcYltjqTGUcdW7snjmMycek4aqt/TOxo1GlkVNRW+eGWQeMSF0QQKEDAYpOlZBGKfZtznveZklQVIKBQqZvcVNVb7nv3ft853/nuvaVqb2+XrMVarMVyisrYwSdPnpi/SaWS7O3t5e/Nzc2SKWKwsbGRr7O1tZV/t7a2yte3tbWZbX/69Old7sCnJCWOw4eMn1K8vLykESNGSHZ2du8d5/g0NjZKDQ0Ncq2rq5Nqa2vl64YOHSq5uLhITk5O8vh2NjYc76amJrm9+vp6ubI9tuXm5iYNHjxYbkuxZ1cL31Fpl+2xXb4jj/W0KPYfKAGnox8Y2p/2op05xuJaVVZWlr9arQ7FmI9GHznwtcBGfmlp6RP0vZxd74n/23Xn5QlOb29vyd3d/R1Qadw3b95IZWVlUktLi+Tq6vrOURwcHIy2Q0ejA1RXV8v39oYj9MfCMSBwlLEgkFgNnYBGTk9P9xoyZIgLgFGH8aiAYethrPZBgwaZcyRVZmamN9pjHQJ7DBJjq4eD1OC0rrKysnjatGnNfDZtYq6ttLS0ESCLQLTjjTqCzgbScH3Lxa3VuKQBn+WwsQ62y5k0aVIB3xHOKdvc0MnoEyRwhcQVYulN4Pf3wjEPCAiQnJ2dOb42sPFnIPBvQIILcG6MsXt8fHzaMD7JwMXPly9f/mndunXV3QF4t0FNBwsMDJQZPSEhwW7s2LG+jo6O0u3btwuio6ObyEhGHMUZRvfGdcN4CMatBKsXwiFq6RB0eDoBwV1cXCwb3FIKHX3cuHHmgOQAItwBkKwHiNwNzwEMCNANeXD+HFQNvieVlJQ8gA3c4RhfgyQ+xzUTATqnTli8FfeX4RmFGHstHCoNNenVq1dPAWCP4cOH/w5tzca5SSAGj25GajTVWMB28X6pbBe2vTt+/PiXtK1C+saIiepDp9PJ1RLTPxL3hAkTpMjISPsLFy78Hn79LcY5pAu32uC6KawrV67828KFC7f7+fmdwvGWXpffZJ3Jkyer4uPjR0REROyGw0bBaC7CuPV6vf5/AOUROJAOTvdrvFQk7pmIOspY+3CyMhg2GU5wA459ITQ0NJeOUFVVJeXn50thYWEDXn4j2tpoNJrPAJyvQGxhIqK6Y9xcCWhLjVCwRzN9gmoB32sB+jJ8L8XnSwCf4L+PgJBNe4NcZDK3NPnNQwh2QejHzwRoT9rGWDZg7Aqhcu7k5OT8iDZTDaN3l8eITmlYySCPHj2KJOu393LBS7dCct6ElPyCCp9SrZtO9MmqObKOjY1dnpyc3AaiareW9wsIPRfK47uoqCh1R18zDCif0rY98APVwYMH/dHH4t4eN5Bjk1ar/dZQYRt7H6MzLb6+vlJISIg0depUsqYqJiYmODw8PB7S26MPWM4G+eQXkG03Ae6rYLgAUwpiICmwuLi4avRHn52dLZWXl1unZN+PPv6I2HtWrVq1C/5laarFEdjZjpTTq7ca5GQk/QhB1R7Y/AHEt9xc6mz0BCTje/M9CxYs+AmAduvr0QC4F82dO/dpRkbGn4OCgmK7m0v0J789d+6cNj09/cDWrVtXg7g4y9lxXC2+GM6MM49WZvSV1Y8XL16QvJl0W9LM2eDKykq/xMREsxcx5zY3eWlYXr9+LU8osyL1VeG+f+LwL6hVRhPzjoHzwYMHwbj5DFiBs5vNqHoPD4+IjzjJ4IqofTIvL+/v+Gk/QA3LHCI/LS0tfsWKFT88fPgwC/2hE0s1NTUWDWS9Xi+xrykpKVJqaqqUm5sr581wdBngkJDMpavOnj17bePGjfEfMrvbz4vtvXv3nnV2EceIqwOdFU4iIzjod+/efUun09UQ2Bhjf/jVRFOKtuNBLqukqtXqMf1hdLKysr4Ho/3bXMTuxxNlPMnZaV8w6+w9e/b8debMmcE8zxUEsjRXDzhLzD7QwMo6MmfNlXXNj1W4zESHAYF3+14uZTKaMM1gJDaIMPr8/Pxy1oKCgnIAvCw5ObkIjlpC86KmoBZjvFosaKKME8jhqDMoek3cogapLZ84caInU11jEZuqhsvEXCGIj4+/vWPHjhj4ypClS5dGYnwGnTx58h8IGklMtc2B2l6j0eyF7N3cBzmUzNQ0OJc4uPxlChCGYC0tLW05duzYTHQo0RSj9/fNJzCAGh9+NDIM8tvo6OjZAK1nJ2mIvHz4MQsBqdVq5fmUrqYJBDMdj5WkRFsQuAkJCZqbN2+mQ5kUCInIyjXXGoPPSn5irJotbPabKe0QVC5Tqk3c4j5r1qzFe/fu3Qg8OHCtn7ggwXNMqWiUtXzk0gVr1679DkT4WLTtjUogvyAhcq7ZVE5te+PGjV8hKm7sSie4nszlCG5CGTZsmNlrCWYuU/FllcKI4O/v/85wBL2yQYGVEo6yA8f4flMEow/IvAtO2wAnfYmv9XFxcSWoCUgvgiIjIwNHjhw5FCztiLFpQ58bCIjHjx9XHDp06DfOzs7DuNHnYxTaIDMzsx6pV9G8efPG0RZ4t84IVyopKZHBDCdsunPnTubFixcfIZfkkkseaokAbh0qw3ejqARxG8bFUvcnt6BvFfisMHUB/GEwJHrTtm3bHJCCfB0QEOBpqHAUlXPr1q2kI0eO/AfnEsWYEsAkSm4CqDcV6BRQO4WGhn7PmeiOxquoqHjHxJSLfLjCIgQfpSS3LRozPCSXLB9wfWtSUlI+fleMHj3afcaMGb5o12yoxvPakIsm7tq167k0wGfDYeRGGLJQRKwcpBWPUN2FVLMXxmkUUYzSrN3Hx2cVwYXPd7v3upTM4x7ajJGX93l6esq72swpo6KiIglSLm/r1q3/PXz48FcRERHB3DMwatQoWTUYFhIy7SomwZquX7+ecvTo0RtwQg1Oaxk9hENzJ1GTBYO3J4VEl3H//v1zqC/gG+EhISG+IHJH2E4PYsyHfzAQZKOmCSArQU3f6bwUAYNczwe51DRTxjPU+SLJLz916lTiokWLxgO8ftzbylyMAFekNlmcBPD06VMtgPkL7skSL+S2Zs2aJevXr18opDnXLVtqamrq0aFaOGNNRkZGEZzlGSLXA1zyShq4s+CGwKZkegMDEriFQpo5CNZtF5KKhnM8c+ZMY3Bw8LglS5bMJrgUYBrbnUWC5ThzAo7qhtKt48QVdzhxhxvJl1KPv0m6VFwkXdzbfvXq1Yuwxe0NGzZod+7c+afFixdP5+w0bcrncp858336AAn32rVrz0EA8QDzcyEFXwnSarACuVNfaIMfVAkFWoLfSaiuguAbBLlXCnJ8I9RN19MBOtWWLVui9+3bd0Y5SECSvWFkyiRtbGzsEzhMrZ+fnysMXQpWz6BCgPT2AUtvhHyQtRojgzKjR0kZExNzB4Znu6nC6I0i3wgS1VVIimbRmXrRoXLB+LzntTnpPZD/0GFCmhHkHM+ZANg3yMHnAVT2yvO4u48AU1KWjn+OARk3QOFkX7ly5TmA7BQVFTVl8uTJPjYm/v3B8bt06dJNEO+/hJ2oIKbNnTv3S5DvoqCgIC+VQUfT09OLDh48eBnK6z5+agRB0QGbewvMlvSHji70VSXI3VF6uxrVapCmdDoAxsaIDTpu2rRpJZL2o3QYXgSDcTmiaP/+/VdTUlKo5/MF4CQBvtdCXo2EPPt88+bNf5gzZ04ovqsROVqePXuWd+LEievID2/hmmQqPIXB0Qk7AeZhIlopUapFdKRJyJO6rnTM0kAtDO0ggB0+ZsyYiNWrV385derUAOS5rqoOD0Ukr+cSkUajKaSUu3v3bjr/8YNTpYL5fZDyTEDUp8QbjTydebwahNCq1Wp1AP9dRN1LuO6huIf24RQ4Z+qCkf8H8z5EeHsAuhC2TSK2UXMVwu3tyGwB20Q/WjEFavX8+fMXnz9//gJnpSmvDhw4kLR9+/bjiAIpIk+qFABTCQAqcoB60BeVm9UD3FEgn6tFhGU0z2HU7bhk0VWjfminBjqoxRgQXPyXDJcX+c8QHycnp+FQRe4kT0TkRqgpYLrqjbCPToBSJ37rBfNz0xBn270EWF1FVGgRoMwVuZtOmYnmvnV8OIuo7SHUlUrMWivPqOsrmW0Fdc9BTTYPBwPfCgsLcyksLGwNDAz8I/K0uyJCmzWeiCpuoqoF4KtFfvVBhreC+j1p5igm1AhGJ0GkdgKUjUI5NQjlVCsUUVuHNuzFvc6iPVuR9ijpTr3I+Y09315UlaKk+jpntoK6Z6BWnEMPaZXn6+sbkpubWwNAM0LnwHidLiOJa8pgCJ3BMetESe9MqLQbgFYnIqitiMDtwnbt5sZbnGsSteoDnt8kWdY2zo8CrE9Z7IRz6JOTkx8hfwrBJ7e4VXQF0EYcwFr6eNZURFhrsRaTRZkRrTl+/Pjl7Ozs9NOnT58VksxarMVaBmBRNp/U6nS6tGXLlv2FUlp6uzZmLdZiLQMY1MzNuN7I9WFlO5+1fGDpzkSftVhLb5f/CzAAMfWUqSkTWC4AAAAASUVORK5CYII=);
border-image-slice: 23 34 23 44;
border-image-width: auto auto 0 auto;
border-image-outset: 5px 0px 0px 2px;
border-image-repeat: stretch;
*/
</style>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Christmas Button</title>
<link href='http://fonts.googleapis.com/css?family=Lobster' rel='stylesheet' type='text/css'>
</head>
<body>
<div class="bg">
<div class="centerer">
<a href="#" class="button">Christmas Button</a>
</div>
</div>
</body>
</html>

Δεκεμβρίου 10, 2016 | 0 σχόλια | Διαβάστε περισσότερα
 
berita unik