Leaderboard
Popular Content
Showing content with the highest reputation since 11/24/24 in all areas
-
Nu ai ce gestiona. E un bullshit treaba cu atacurile, iar raportul este facut pentru a putea invalida alegerile, in caz ca nu le convine ceva. Nu Simion, Georgescu sau care mai sunt au distrus tara. Consumam ce ne este servit, de +30 de ani. Rahatul cu convocarea CSAT este la ordinul evreului refuzat la export (Iohannis). Nu am votat si nu voi vota niciodata pentru ceva legat de Romania. Sunt plecat de multi ani din tara si nu consider ca ar fi corect sa influentez directia in care merge, prin vot. Ma consider de partea dreptei extreme si cred ca democratia este gresit inteleasa de multi. Multe legi ar trebui schimbate sau pur si simplu eliminate Daca ai un angajat care te fura, nu astepti patru ani. Il dai afara pe loc. Acelasi lucru ar trebui sa se aplice si functionarilor publici. Ei sunt acolo sa ne reprezinte interesele, nu sa faca ce vor. Sa zicem ca esti primar. Dupa cinci-sase luni, daca nu ai realizat nimic, venim peste tine, te luam la rost si iti dam un ultimatum: doua luni sa ne arati rezultate. Calea catre adevar incepe cu fermitatea – ranga intr-o mana si Biblia in cealalta. Pentru cei care striga "vrem democratie" – ce fel de democratie doriti? Cea "moderna", in care alegerile sunt libere doar pe hartie, dar de fapt manipulate prin propaganda si populism? Sau poate cea in care institutiile, platite din bani publici, se autointituleaza democratice, dar sunt ineficiente si corupte? Ori preferati varianta in care drepturile sunt garantate, dar raman inaccesibile pentru pulime?10 points
-
Cum e fratilor? Unde e democratia? 5 oameni s-au pisat pe milioane de romani. Din pix. Lovitura de stat fara armata, fara nimic. Indiferent cu cine ati votat sau ce favorit ati avut. Democratia s-a dovedit o carpa de sters la cur, asa cum spuneam "Ministrul Justiției: Românii trebuie să voteze în cunoștință de cauză, să afle adevărul despre ce s-a întâmplat" Romanii ar trebui sa-i alerge si sa-i incendieze, baga-si-ar pula in ea de capusala. Sa dea socoteala pentru toti anii de hotie, pentru coruptie, nepotism si 7 generatii din familiile politicienilor ce ar fi trebuit sa-si serveasca tara sa fie batuti in cuie, rastigniti si incendiati.9 points
-
Campania lui CG a fost prea bine pusa la punct si el e prea retardat ca sa faca asa ceva. Cand el se plange de cezariana ca se rupe firul devin desi nevasta-sa a facut de 2 ori cezariana, cand zice ca apa contine informatii dar nu daca e imbuteliata, cand zice ca nu exista Covid ca nu l-a vazut nimeni, cand nevasta-sa zice sa porti fusta ca de jos vine energia in corp si o gramada de alte mizerii, incepi sa realizezi ca cea mai buna alegere e oricine altcineva.4 points
-
S-a dus creditul de pe cartela reîncărcabilă 🤣 Luna viitoare cand produce 5.95 usd, ne viziteaza iar4 points
-
In 2014 era OK când licuriciul cel mare (albastru) de la care luam lumina manipula alegerile prin Facebook. Își mai aduce aminte cineva de puie monta ? In 2024 nu mai e OK când licuriciul rosu de la Beijing manipulează alegerile prin TikTok. E doar praf in ochi pentru prosti. Documentul de CSAT ne arata ca "niste rusi au intrat pe platforma, nu au schimbat nimic", dar curtea constitutionala da o lovitura de stat sa anuleze votul popular. Statul s-a pisat pe toti prostii care au o sug pe la televizor si pe tiktok/youtube cu statul de drept, democratie, ue. Alegerile prezidentiale au fost manipulate de chineji dar alea parlamentare nu ? Tinand cont ca Romania e Republica Parlamentara unde premierul are mult mai multa putere decand presedintele care e doar de forma si excursii. Mesajul asta e pt fraierii aia de lucreaza prin institutii si au bale la gura cu democratia, ue, statul de drept.3 points
-
Dupa cum zici tu, nu e vina UE, e vina romanilor. Da, nu a celor de la PSD si PNL ca si-au facut averi si au spart bani intre ei, ci ai romanilor ca i-au votat timp de 35 de ani. CG nu e Pro UE cand urmarind videoclipuri cu el de acum 2-3 ani vezi ca e fan Rusia. Sputnik a scris ca e sustinator rus, asta nu am vazut in vreo stire ci am verificat eu. Cat despre CG, nu doar asta e problema, ci ca e si retardat, la fel ca nevasta-sa. Zice ca s-a intalnit cu o civilizatie care nu e umana, ca apa are informatii, daca o imbuteliezi nu mai are si o gramada de alte bazaconii pe care nici Andrei de la Insula Iubirii nu le putea scoate nici pe LSD. Sa nu mai zic ca trebuie sa purtam fuste ca din pamant vine energia sau ce sloboz zicea nevasta-sa aia. Sa fim seriosi, daca ar stii toate lucrurile astea, nu ar mai vota nimeni cu el, dar in "reclamele" de pe tik tok nu apare nimic negativ. Si asa cum daca vezi o reclama la un produs nu te arunci sa il cumperi ci iti pierzi putin timp sa vezi review-uri, asa nu ar trebui nici sa votezi, doar ca ai vazut un filmulet cu un Gigel si ca pare de treaba sau ca pare destept sau mai stiu eu ce. Si Floricica Dansatoarea daca se imbraca mai elegant si citeste un discurs pare la fel. Tara merge prost pentru ca unii sa o duca bine, asa a fost mereu. Si aici discutia e foarte lunga si nu are rost. De aceea inteleg perfect nevoie de schimbare, dar daca facem o schimbare, sa nu alegem un nebun sa ne conduca si sa ne reprezinte. Cel putin sa ne mai documentam inainte de a pune acea stampila, ca nu votam un concurent la Puterea Dragostei ci ne alegem presedintele.3 points
-
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," the Russian Ministry of Internal Affairs said in a statement. Matveev has been charged under Part 1 of Article 273 of the Criminal Code of the Russian Federation, which relates to the creation, use, and distribution of computer programs that can cause "destruction, blocking, modification or copying of computer information." He was previously charged and indicted by the U.S. government in May 2023 for launching ransomware attacks against "thousands of victims" in the country and across the world. He is also known by various online aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar, and Orange. Matveev has also gone public about his criminal activities, stating that "his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia." He was sanctioned by the U.S. Treasury and has been the subject of a reward of up to $10 million for any information that could lead to his arrest or conviction. A subsequent report from Swiss cybersecurity firm PRODAFT revealed that Matveev has been leading a team of six penetration testers to carry out the ransomware attacks. Besides working as an affiliate for Conti, LockBit, Hive, Trigona, and NoEscape ransomware groups, he is said to have had a management-level role with the Babuk ransomware group up until early 2022. Furthermore, he is believed to have deeper ties with the Russian cybercrime group known as Evil Corp. The development comes a little over a month after four members of the now-defunct REvil ransomware operation were sentenced to several years in prison in Russia after they were convicted of hacking and money laundering charges. Update# A security research community that goes by the alias "club1337" said in a post on X that they received confirmation from Matveev that he had been charged in Russia, and that he had paid two fines and forfeited a chunk of the cryptocurrency earned. "He is currently out on bail, unharmed, and awaiting the next steps in the legal process," the researcher said. In a related law enforcement action, Stanislav Moiseyev, the founder of the now-defunct Hydra darknet marketplace, has been sentenced to life in prison. He has also been ordered to pay a fine of 4 million rubles. The recent wave of arrests and prosecution of Russian cybercriminals are an unusual departure from the norm, as it's uncommon for the Kremlin to prosecute its own hackers as long as they stay out of targeting companies and individuals located within its borders. Source: https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html3 points
-
Cand faci lucruri care nu sunt legale puscaria este inevitabila. Tot ce scrii tu aici sunt frustrari acumulate pentru ca pe tine nu te duce capul iar pe altii ii duce dar il folosesc intr-un scop bun pentru ei si familia lor. Eu sunt din Dragasani si sunt unul dintre aia care nu a facut puscarie pentru ca am stat departe de prostii si am ajuns sa o duc chiar bine.3 points
-
In lumea noastra, la specimene de genul le spunem escroci. Ei se considera hackeri 🤣 Ma bucur ca ai pus titlul prin care iti faci descrierea, fie ea si putin eronata. Lasa-ne ma nene cu sfaturi dinastea. Vezi-ti de banii tai, de cartela ta reincarcabila de la vodafone sau ce valori consideri tu ca ai. Pentru noi esti doar un tomberon de gunoi.3 points
-
De foarte multi ani (2006) se cunoaste ca Intel ME ( AMT) si AMD PSP (2013) sunt co-procesoare de tipul spyware care au access la placa de retea si la memoria RAM. Dar inafara de acestea, un calculator contine o gramada de coduri gata compilate si care nu sunt open source... gen BIOS-ul. Acestea ar putea fii folosite ca spyware pentru tinte foarte importante gen "accidente" la reacte nucleare - presupun ca sunt deconectate de la internet, insa cu o prezenta fizica, un conector JTAG poti comprimite tot calculatorul fara sa stii vreo parola. Nu stiu daca stiti, dar si unele self encrypted devices aveau conectori JTAG sub carcasa ce facilitau posibilitatea sa accessi versiunea de debug si sa citesti cheia de criptare a dispozitivului. Alte modele foloseau cheia privata pregenerata de la producator. Din punctul meu de vedere producatorii de hardware closed source nu prezinta mare incredere pentru ca implementeaza astfel de solutii de tipul spyware. Lanseaza Open Source ce nu e interesant si important, iar lucrurile importante (de ce un coprocesor are access la placa de retea si la memoria RAM) nimic - zero informatie publica. La Intel ME (AMT) exista ceva documentatie si tutoriale despre cum se poate dezactiva co-procesorul ME. Insa la AMD PSP nu exista nimic. Ambele corporatiile se fac ca ploua, dar Intel-ul mai face cate un update la generatiile noi de procesor facand dezactivarea Intel ME si mai dificila. Despre Intel ME initial s-a aflat ca se poate dezactiva dintr-un PDF redactat de NSA fiind un feature optional al procesorului, insa dezactivarea necesita access fizic si nu este usor de loc. De ceva vreme niste baieti dezvolta coreboot si libreboot - un sistem de tip BIOS open source ce permite instalarea de linux pe masina fara sa ai nimic vreun cod sursa ascuns. Gen poti sterge bios-ul existent de producatorul placii de baze si poti instala coreboot/libreboot. Tot de ceva vreme exista si laptop-uri, telefoane si calculatore cu sistemul coreboot preinstalat. https://slimbook.com/en/# https://www.tuxedocomputers.com/en/Linux-Hardware/Linux-Notebooks.tuxedo https://system76.com/laptops/darter https://shop.libiquity.com/product/taurinus-x200 Exista si telefoane https://puri.sm/products/librem-5/ Unele dintre laptopuri au si Intel ME dezactivat (hardware/software). Preturile sunt un pic piperate dar vrei privacy, scoti un ban si stai in fata.2 points
-
Ce draq' ma, ai creat doua conturi sa iti dai reply singur sau..? Topicul asta e de carton.2 points
-
CUM SE FAC BANI IN CRYPTO IN 2024-2025? Furi curent si minezi , ca si pana acum.2 points
-
sefule ai intrebat care e metoda ceea mai simpla de facut bani din crypto. Tocmai ce ti-am spus-o. Daca vei studia cel putin 5 ani de zile cybersecurity si devii un expert atunci te vei putea apuca linistit de chestia asta sau de altele mai banoase. LE ceilalti membri (inspecial adminii) de pe forum sunt niste corporatristi care investesc 10% din salariu in crypto.2 points
-
E scam. Foloseste Hostinger ce accepta plati crypto pentru host, intrucat la whois nu iese privacy chipurile dar nici ei nu stiu defapt cine le ia serverul in primire pentru gazduire si nu cred ca ii intereseaza. E un serviciu olandez (culmea, nu?), poate unul din cele foarte putine de acest fel in Europa. IP-ul de server bineinteles ca e blacklisted si el, nu mai pun amatorismul in sine al site-ului. L.E: Totodata, atentie mare la renumitul site "ScamAdviser", la o analiza mai ampla facuta de mine acum vreun an, in spate se afla un soi de ONG-uri de tipul 'black african people can code too' si alte labe triste d'astea, ce sa vezi, sustinute tocmai de statul Olandez cu fonduri. Nu are nici dracu o pregatire acolo reala sa realizeze vreun sistem de detectie a unui scam, is cateva zeci de VPS-uri ce acceseaza un link si face niste estimari sparte'n PHP cel mai probabil. Prostii de la noi, ca asa e ei, prosti l-au prezentat imediat la stiri si emisiuni dedicate IT ca fiind vreun mare serviciu de baza anti-scam, in realitate, multe scam-uri au scor mare la ei pe site si daca continui sa sapi fara oboseala, ajungi la concluciza ca aia is sefii la scameri, aia mari nu oricare. ScamAdviser e cel mai grandios si inteligent scam posibil aparut in ultimii ani.2 points
-
Bine punctat, uitasem de aspectul asta. Nu mai poti crea 5 adrese de email de pe un amarat de IP ca intri-n tot felul de verificari. Recorder e un ziar bun, nimic de spus, dar hai sa o luam tehnic, cumatru' din videoclip cam fura chifteaua, pe orice parte o gandesti, iti trebuie dita' infrastructura sa realizezi ceva de o magnitudine rezonabila din care obtii de obicei pana in 10% rezultat (optimist) Si de ar fi doar de IP problema in ziua de astazi.. dar is multe, multe altele. (Un captcha nu a nimerit, nimic.....? ) De era asa simplu cum povesteste pustiul ala in videoclip, ma cacam pe ea de munca, o pocneam de 2 mil (e) si ma mutam in padure dupa un scam obosit dar bine executat.2 points
-
@Nytro Practic ce explica recorder spune ca: scriptul ala a generat 3000 de conturi de pe acelasi IP si tiktok nu verifica si acest detaliu ? pana si tu verifici aici pe rst daca vin mai multe reply de pe acelasi ip ... te lasa pentru o perioada scurta de timp sa tii video pana til da jos pun pariu ...2 points
-
Ziceti voi cum s-ar face un pentest dosarului cu sina? Romania nu e vulnerabila, e doar de moda veche.2 points
-
L-a favorizat o pula. CSAT e o dugheana infiintata de scarba tiganeasca si evreiasca de Ion Iliescu George Simion a avut 396 milioane de vizualizări Tik Tok Marcel Ciolacu a avut – 328 milioane de vizualizări. Elena Lasconi a avut 202 milioane de vizualizări. Călin Georgescu a avut 135 milioane de vizualizări.2 points
-
2 points
-
2 points
-
2 points
-
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9935.yaml Patch your sh*t up, or enjoy your hunt, either way, hf.2 points
-
Stau si eu cu mana intinsa sa primesc o moneda. Bitcoin. Ca are de unde. ❤️2 points
-
2 points
-
2 points
-
Pacat ca monedele alea, bitoin cum le ziceti, nu intra in carucioarele de la Lidl.2 points
-
Side-channel attacks. Trebuie sa invatati hardware ca cine stie ce face acel mic chip de pe placa, cine stie cum WiFi trimite date. Snowden leaks au aratat multe lucruri misto. Inclusiv monitorizare "remote" (de la mica distanta) folosind undele electromagnetica de la cablu VGA. V-am zis mai sus care e singura solutie.1 point
-
Bai frate puneti oleaca de frana cu analfabetata aia si cu "vin rusii! CG, vin rusii!", grav e ca povestea asta cu anulatul de voturi, fara dar si poate va deveni obisnuinta si pe viitor. Nu esti cu noi, esti impotriva noastra, nu esti cu rusii, esti cu martienii si tot nu esti bun. Mai degraba ii trimitea o duba neagra decat sa se procedeze la asa ceva. Si vizavi ca mai debita si ala cate o prostie, macar debita ca l-a semi-innebunit cartea si nu combinatiile cu statul si partidul. Pozitia de capra in fata Europei deodata a devenit subiect tabu, toti se simt egali, nu mai e o problema, toti viseaza rusi. Si eu am vazut ieri un agent matrix pe strada apropo. Bine ca am intrat in Schengen, ma pun sa imi lustruiesc mansa la avion, maine am treaba (by the fucking way). La urma urmei, majoritatea a decis, intelege careva ce cacat inseamna in mod real "democratie" sau dupa o sesiune fierbinte de google decidem ca ceilalti is prosti pur si simplu? Ne cacam pe noi acei rusi dar tocmai s-a aplicat metoda lor de a elimina concurenta, nu cumva ipocrizia a atins cota 2000 sau m-am imbatat eu de la 2 beri? Ce-i drept astea au fost mai fini, nu l-au invitat la ceai dar au dat o 'hotarare' (ce sa vezi ).1 point
-
Pai si CG zice ca e pro-UE. Asta e o lozinca ca aia cu anti-coruptie. Nu inseamna nimic. Eu ziceam ca e penibil sa vii sa imi ceri sa te votezi ca esti pro-UE. De ce au votat CG? Ca nu e niciun fel de bunastare in tara asta si nu ii mai suporta pe astia. 15% din forta de munca e saraca din cauza salariilor mici si a taxelor mari pe munca salariata. https://www.europeandatajournalism.eu/cp_data_news/working-poverty-is-still-a-problem-in-europe/ Inflatia e cum e (cea mai mare din UE). Salariul median e pe la 3200 lei sau cat dracu e. Nu s-a gazificat suficient, nu s-a tras apa, nu s-au facut drumuri, cai ferate. In schimb avem coruptie, pensii speciale, evaziunie fiscala. Educatia e sub pamant. Cel mai prost scor PISA. Cel mai mic nr. de absolventi de studii superioare. Cel mai mic nr. de angajati in acelasi domeniu unde au terminat facultatea. Cel mai mare abandon scolar. Cel mai mare grad de analfabetism. Cei mai reticenti fata de consumul de carte. Sanatatea la fel. Cel mai bolnav popor. Pe 47/55 la life expectancy in UE. Locul 1 la infectii nosocomiale in spitale. Mai tre' sa dai si spaga dupa ce-ai cotizat o viata ca nu te baga nimeni in seama. Bonus un prim-ministru prost bata care nu stie ce e aia inflatie si zice ca o familie poate sa traiasca cu 3k lei, un presedinte arogant si prost care se plimba pe banii lor si mai nou isi face si palat.1 point
-
Astazi am avut nevoie sa trimit niste notificari la 1000 de persoane si am scris prostia asta pentru trimis: package main import ( "bufio" "encoding/json" "errors" "fmt" "log" "math/rand" "net/http" "net/smtp" "os" "path/filepath" "strings" "time" "mime/multipart" "github.com/gorilla/mux" ) type spaHandler struct { staticPath string indexPath string } // ServeHTTP inspects the URL path to locate a file within the static dir // on the SPA handler. If a file is found, it will be served. func (h spaHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { path := filepath.Join(h.staticPath, r.URL.Path) fi, err := os.Stat(path) if os.IsNotExist(err) || fi.IsDir() { http.ServeFile(w, r, filepath.Join(h.staticPath, h.indexPath)) return } if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } http.FileServer(http.Dir(h.staticPath)).ServeHTTP(w, r) } type loginAuth struct { username, password string } // LoginAuth is used for smtp login auth func LoginAuth(username, password string) smtp.Auth { return &loginAuth{username, password} } func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) { return "LOGIN", []byte(a.username), nil } func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) { if more { switch string(fromServer) { case "Username:": return []byte(a.username), nil case "Password:": return []byte(a.password), nil default: return nil, errors.New("Unknown from server") } } return nil, nil } // Function to read email credentials from the file func readEmailCredentials(filename string) ([]string, error) { file, err := os.Open(filename) if err != nil { return nil, err } defer file.Close() var credentials []string scanner := bufio.NewScanner(file) for scanner.Scan() { credentials = append(credentials, scanner.Text()) } if err := scanner.Err(); err != nil { return nil, err } return credentials, nil } // Function to read email addresses from an uploaded file func readEmailAddressesFromFile(file multipart.File) ([]string, error) { var emailAddresses []string scanner := bufio.NewScanner(file) for scanner.Scan() { emailAddresses = append(emailAddresses, scanner.Text()) } if err := scanner.Err(); err != nil { return nil, err } return emailAddresses, nil } // Function to send an email using random credentials func sendEmail(fromAddr, password, smtpServer, port, toAddr, subject, body string) error { smtpAddr := fmt.Sprintf("%s:%s", smtpServer, port) // Use the custom LOGIN authentication method auth := LoginAuth(fromAddr, password) msg := []byte(fmt.Sprintf("From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n%s\r\n", fromAddr, toAddr, subject, body)) err := smtp.SendMail(smtpAddr, auth, fromAddr, []string{toAddr}, msg) return err } func main() { router := mux.NewRouter() router.HandleFunc("/api/health", func(w http.ResponseWriter, r *http.Request) { json.NewEncoder(w).Encode(map[string]bool{"ok": true}) }) // New API endpoint for sending email using email addresses from the uploaded file and the user-written message router.HandleFunc("/api/send-email", func(w http.ResponseWriter, r *http.Request) { // Parse the form data err := r.ParseMultipartForm(10 << 20) // Limit the file size to 10MB if err != nil { http.Error(w, "Error parsing form", http.StatusBadRequest) return } // Get the uploaded file file, _, err := r.FormFile("emails") if err != nil { http.Error(w, "Error getting file", http.StatusBadRequest) return } defer file.Close() // Read email addresses from the uploaded file emailAddresses, err := readEmailAddressesFromFile(file) if err != nil { http.Error(w, fmt.Sprintf("Error reading email addresses: %v", err), http.StatusInternalServerError) return } // Read the credentials from the file credentials, err := readEmailCredentials("smtps.txt") if err != nil { http.Error(w, fmt.Sprintf("Error reading credentials: %v", err), http.StatusInternalServerError) return } // Select a random credential line credential := credentials[rand.Intn(len(credentials))] parts := strings.Split(credential, "|") if len(parts) != 4 { http.Error(w, "Invalid credential format", http.StatusInternalServerError) return } // Extract the SMTP server, port, and email credentials smtpServer := parts[0] port := parts[1] fromAddr := parts[2] password := parts[3] // Use a random email from the uploaded file if len(emailAddresses) == 0 { http.Error(w, "No email addresses found in the uploaded file", http.StatusBadRequest) return } // Get the user-written message from the form message := r.FormValue("message") // Loop through all email addresses and send an email to each for _, email := range emailAddresses { err = sendEmail(fromAddr, password, smtpServer, port, email, "Sorry :( I'm not sure what to do with the information I've found !", message) if err != nil { // If an email fails, log the error and continue with the next email log.Printf("Failed to send email to %s: %v\n", email, err) } else { log.Printf("Successfully sent email to %s\n", email) } } // Return success w.Write([]byte("Emails sent successfully")) }) // Serve SPA (static) files spa := spaHandler{staticPath: "build", indexPath: "index.html"} router.PathPrefix("/").Handler(spa) // Start the server srv := &http.Server{ Handler: router, Addr: "0.0.0.0:8001", WriteTimeout: 15 * time.Second, ReadTimeout: 15 * time.Second, } log.Fatal(srv.ListenAndServe()) } Si pentru verificat liste prostia asta: package main import ( "bufio" "errors" "fmt" "net" "net/smtp" "os" "strings" "sync" "time" ) const maxWorkers = 2 // Limit the number of concurrent workers type loginAuth struct { username, password string } // LoginAuth is used for smtp login auth func LoginAuth(username, password string) smtp.Auth { return &loginAuth{username, password} } func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) { return "LOGIN", []byte(a.username), nil } func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) { if more { switch string(fromServer) { case "Username:": return []byte(a.username), nil case "Password:": return []byte(a.password), nil default: return nil, errors.New("Unknown from server") } } return nil, nil } func processCredential(line string, successChan chan<- string, failedChan chan<- string, wg *sync.WaitGroup) { defer wg.Done() // Split the line based on the pipe delimiter "|" parts := strings.Split(line, "|") if len(parts) != 4 { fmt.Printf("Invalid line format: %s\n", line) failedChan <- line return } // Extract the SMTP server, port, email address, and password smtpServer := parts[0] port := parts[1] fromAddr := parts[2] password := parts[3] smtpAddr := smtpServer + ":" + port // Check port availability with a timeout fmt.Printf("Trying to connect to %s for %s\n", smtpAddr, fromAddr) conn, err := net.DialTimeout("tcp", smtpAddr, 5*time.Second) if err != nil { fmt.Printf("Connection to %s failed: %v\n", smtpAddr, err) failedChan <- line return } conn.Close() fmt.Printf("Connection to %s succeeded for %s\n", smtpAddr, fromAddr) // Prepare SMTP authentication using LOGIN method auth := LoginAuth(fromAddr, password) // Message msg := []byte("From: " + fromAddr + "\r\n" + "To: stefan@izdrail.com\r\n" + "Subject: Test Email\r\n" + "\r\n" + "This is a test email.\r\n") // Attempt to send the email err = smtp.SendMail(smtpAddr, auth, fromAddr, []string{"stefan@izdrail.com"}, msg) if err != nil { fmt.Printf("Failed to send email for %s using server %s: %v\n", fromAddr, smtpServer, err) failedChan <- line } else { fmt.Printf("Email sent successfully for %s using server %s\n", fromAddr, smtpServer) successChan <- line } } func main() { // Open the credentials file file, err := os.Open("verify.txt") if err != nil { fmt.Println("Error opening file:", err) return } defer file.Close() // Open success log file for writing successFile, err := os.OpenFile("success.txt", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) if err != nil { fmt.Println("Error opening success file:", err) return } defer successFile.Close() // Open failed log file for writing failedFile, err := os.OpenFile("failed.txt", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) if err != nil { fmt.Println("Error opening failed file:", err) return } defer failedFile.Close() successChan := make(chan string, maxWorkers) failedChan := make(chan string, maxWorkers) var wg sync.WaitGroup // Worker to write successes go func() { for success := range successChan { if _, err := successFile.WriteString(success + "\n"); err != nil { fmt.Printf("Error writing to success file: %v\n", err) } } }() // Worker to write failures go func() { for failed := range failedChan { if _, err := failedFile.WriteString(failed + "\n"); err != nil { fmt.Printf("Error writing to failed file: %v\n", err) } } }() // Read the file line by line scanner := bufio.NewScanner(file) for scanner.Scan() { line := scanner.Text() wg.Add(1) go processCredential(line, successChan, failedChan, &wg) } if err := scanner.Err(); err != nil { fmt.Println("Error reading file:", err) } wg.Wait() close(successChan) // Close the channel when all work is done close(failedChan) // Close the channel when all work is done } formatul pentru smtp trebuie sa fie de tipul acesta : smtp.adress|port|email|password1 point
-
Sunteți o generație pierduta de hackeri si experți in IT. A-ți fi putut sa apăsați pe butoane si sa va vina milioane de dolari. Aia prosti de aveau capul calculator de prin Alexandria, Pitești, Valcea, si Drăgășani de s-au crezut mari pianisti ca știu ei sa apese pe butoane ca sa producă bani pe eBay... uni s-au ars cu câțiva ani pentru 50 de mii de coco. Ceilalți care aveau ceva experienta in programare, IT si hacking au fost prea speriati si nu au încercat niciodată. Voi, mari experți in ethical hacking, v ati ales o viata de cacat sa faceți laba șefilor pe la corporațiile din Pipera si Germania. Nu știu daca știți, dar aia de s-au crezut pianiști pe eBay, lucrau pentru șefi din lumea interlopa locala. Ce dracu de digital forensics știe unu cu ceafa lata care a aflat el ca eBay e fabrica de bani si ca cardurile pot fi clonate cu MSR de $100. In anii 2000, in Romania exista lume interlopa locala. In anii aia interlopii locali se stiau cu gaborii, procurorii, si judecătorii. Ce dracu nu v-ati prins ca șefi tzepariilor de pe eBay sunt atehnici si sunt o grămada de oportunități in cybersecurity. Fraților, de când cu cripto criminalitatea cibernetica BUBUIE. Apucați-va dracului de făcut bani ca altfel, o sa muriți flamanzi când ieșiți la pensie.1 point
-
Another day of college, another day of hell—I mean, a beautiful day to write a blog! Now, I may not know much about the ’90s, but for sure, nowadays people use mechanisms to defend their software against reverse engineering. However, that doesn’t mean they’re safe. Don’t take me wrong, but if you have a house made out of sticks, it will break easily. Therefore, there are higher and more complex mechanisms to defend themselves from the same branch. Yeah, I’m talking about anti-debugging, even though real-time debugging is so helpful. Signed by Cringe Blogger (i mean me ) Would you liek to tkae a look here? (#full blog post) Blog What is Anti-Debugging? So let’s stop the chitchat and get to the main point: what is this thing called anti-debugging? The name speaks for itself — anti + debugging, meaning “no debugging.” To achieve this, we use various anti-debugging techniques. This term refers to methods a program can use to detect if it is running under the control of a debugger (e.g., attach + exe [x32dbg]). What is Debugging? Stop asking too many questions! Debugging software lets you run the program step by step, checking each instruction as it goes. This helps you see how the program uses the stack, heap, and registers, and how memory and settings change during runtime. You can follow function calls, track data flow, and find potential weaknesses or hidden features in the program. In short, debugging gives you a peek into the program's inner workings, helping you understand its logic, find flaws, or reverse-engineer its functionality. In the end, anti-debugging is meant to ensure that a program isn’t running under a debugger. But still, it's better to have a house made of stones than one made of sticks. It holds the damage better. Debug flags Let's not rush directly to the implementation or bypass, let's talk about debug flags too (I mean, it's a part of anti-debugging, right?). Now of course we dont have a flag here but something like an indicator used to detect the presence of a debugger. It's a special type of flag that is used to signal whether a program is being "analyzed" by a debugger. #debuger-present .(How? Usually by checking specific memory location, registers, or certain conditions in the system.) Most of the time that flag / indicator or binary indicator is set to 0 or 1. These flags can be set in the process environment block (PEB) or in the thread environment block (TEB). If you're wondering: the PEB is a structure that contains information about the process, such as the process ID, the base address of the process, and the path of the executable. The TEB is a structure that contains information about the thread, such as the thread ID, the stack base, and the stack limit. `NtGLobalFlag` : The NtGlobalFlag is a system-wide flag stored in the PEB (Process Environment Block) structure. It is used to indicate whether a process is being debugged or not. The value of it is 0 by default, but it can be changed to some degree under process control. Environment and System-Level Checks Before we dive into the code, let's talk about some environment and system-level checks that can be used to detect a debugger. Debugger-Specific Environment Variables Some debuggers set environment variables to indicate that a debugger is attached. The program can query the system for the presence of these variables to determine if a debugger is attached. Checking for Debugger Processes Another way to detect a debugger is by checking for the presence of debugger processes. This can be done by enumerating the running processes and checking for the presence of known debuggers, such as OllyDbg, x64dbg, or IDA Pro. Enumerate processes using `CreateToolhelp32Snapshot` and check for known debugger process names. Detecting Debugger-Specific System Calls Some debuggers use specific system calls or insert their own hooks. By checking or analyzing the behavior of these system calls, we can detect the presence of a debugger. Functions that may help: NtQueryInformationProcess System Calls: NtCreateThread NtReadVirtualMemory NtWriteVirtualMemory Detection Techniques: IsDebuggerPresent One of the easiest ways to detect a debugger is by using the `IsDebuggerPresent` function. This function checks whether the calling process is being debugged by a user-mode debugger. If the function returns a non-zero value, the process is being debugged. Otherwise, the process is not being debugged. if (IsDebuggerPresent()) return -1; At a lower level, specifically in assembly language, the code would appear as follows: call IsDebuggerPresent test eax, eax jne debugger_detected debugger_detected: mov eax, -1 ret What’s happening here? The code is calling `kernel32!IsDebuggerPresent`, which generally checks the `BeingDebugged` flag in the PEB (Process Environment Block). If the flag is set, it jumps to the `debugger_detected` label, sets `eax` to `-1`, and returns. Otherwise, it continues execution." CheckRemoteDebuggerPresent Another way to detect a debugger is by using `CheckRemoteDebuggerPresent()`, which checks whether a process is being debugged by a remote debugger. This function takes a process handle as input and returns a non-zero value if the process is being debugged. Otherwise, it returns zero. BOOL ProcessIsBeingDebugged; if(CheckRemoteDebuggerPresent(GetCurrentProcess(), &ProcessIsBeingDebugged)) { if(ProcessIsBeingDebugged) { return -1; } } At a lower level, the code would look like this: lea eax, [ProcessIsBeingDebugged] push eax push -1; ;GetCurrentProcess() ;or mov edi, esp call CheckRemoteDebuggerPresent cmp [ProcessIsBeingDebugged], 1 jz debugger_detected debugger_detected: push -1 call ExitProcess What about x86-64?? lea rdx, [ProcessIsBeingDebugged] mov rcx, -1 call CheckRemoteDebuggerPresent cmp [ProcessIsBeingDebugged], 1 jz debugger_detected debugger_detected: mov eax, -1 call ExitProcess What can we observe here? The code is invoking `kernel32!CheckRemoteDebuggerPresent`, a function that determines if the process is being debugged by a remote debugger. This function is also part of Windows API (the same as `IsDebuggerPresent`). If the process is being debugged, it triggers the `debugger_detected` label, sets `eax` to `-1`, and exits the process. Most of the time the logic behind these functions is the same, but the implementation may differ by that i mean the logic of the code. PEB!BeingDebugged Flag We talked about IsDebuggerPresent and CheckRemoteDebuggerPresent, but what about the PEB (Process Environment Block)? The PEB is a structure that contains information about the process, such as the process ID, the base address of the process, and the path of the executable. The PEB also contains a flag called `BeingDebugged` that indicates whether the process is being debugged. If the flag is set, the process is being debugged. Otherwise, the process is not being debugged. By using this method we dont need to call any function. We can directly check the flag in the PEB. #ifdef _WIN64 PEB pPEB = (PPEB)__readgsqword(0x30); #else PPEB pPEB = (PPEB)__readfsdword(0x60); #endif if (pPEB->BeingDebugged) { return -1; } 32-bit: mov eax, fs:[30h] cmp bye ptr [eax+2], 0 jne debugger_detected 64-bit: mov rax, gs:[60h] cmp byte ptr [rax+2], 0 jne debugger_detected In both cases, the PEB address is fetched from the FS or GSsegment, depending on the architecture: For 32-bit, the PEB address is stored at offset `0x30` in the FS segment. For 64-bit, the PEB address is stored at offset `0x60` in the GS segment. FS is used to store the base address of the Process Environment Block (PEB) in 32-bit Windows. GS is used to store the base address of the PEB in 64-bit Windows. The BeingDebugged flag is located at offset `0x2` in the PEB. If this flag is set (non-zero), it indicates that the process is being debugged. If the flag is not set (zero), the process is not being debugged. Bypassing Anti-Debugging Techniques We took a look at some of the most common anti-debugging techniques, but how can we bypass them? Let's take IsDebuggerPresent as an example. call IsDebuggerPresent test eax, eax jne debugger_detected ... [code] We will analyse the code again and see how can we "bypass" it. The code calls `IsDebuggerPresent` to check if the process is being debugged. It tests the return value of `IsDebuggerPresent` by performing a bitwise AND operation with itself. 3. If the result is non-zero, it jumps to the `debugger_detected` Now , IsDebuggerPresent is one of the easiest anti-debugging techniques to bypass. Why? because we can patch the jump instruction to skip the `debugger_detected` label. call IsDebuggerPresent test eax, eax nop ... [code] Final Thoughts You might be wondering, "What about the other functions?" It's important to recognize that not all anti-debugging mechanisms are implemented in the same way. For instance, while an if statement can often be bypassed by patching the jump instruction, a while statement presents a different challenge. This is why I'm preparing a new blog post focused on bypassing various anti-debugging techniques (though not all of them). The examples I'll be discussing will be drawn from PicoCTF and Crackmes. P.S: I'm not going to post only about bypassing anti-debugging techniques, but also about how to implement them. I’m also looking forward to meeting people with experience in Reverse Engineering. I see myself as an amateur that whishes to learn more and more, day by day.1 point
-
Imediat iti zice ala ca te doare lombarul pentru ca nu ai pus o compresa cu teancuri de euro la el 🤣1 point
-
1 point
-
1 point
-
1 point
-
incredibil, nimeni nu a mentionat cazinoul nu ar fi o metoda buna de a face bani online?1 point