Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 07/18/17 in all areas

  1. 10 points
    vim /etc/ssh/sshd_config Ctrl+C Ctrl+C Ctrl+C Ctrl+C Ctrl+C Ctrl+C Esc Esc Esc Ctrl+X quit exit Ctrl+C :quit !quit :q :q cccc
  2. 8 points
    Am reusit sa fac rost de mai multe informatii de la o sursa sigura. Aparent baietii au reusit sa extraga date destul de importante dintr-un server MySQL. Informatia era destul de importanta deoarece turneul de Solitaire era in derulare iar baza de date ce au extras-o continea evidenta scorurilor angajatilor. Revin cu update-uri cand mai primesc informatii.
  3. 8 points
    "Cu ocazia percheziţiilor efectuate au fost indentificate şi ridicate mai multe sisteme informatice, harduri interne şi externe, smartphone-uri, stick-uri şi carduri de memorie, suporţi optici de tip CD/DVD, utilizate în activitatea infracţională" "harduri", ce limbaj profesional. 2017, CD/DVD, atac informatic... Nu era tocmai muzica buna pe Țedeu. A.S.I.A. - Suna Periculos trebuia sa le dea de gandit...
  4. 6 points
    Ocupa-te tu de tot ceea ce inseamna banu gros, fa tu platile mari care depasesc 1000 ron, nu mai lasa pe mana ei decat acolo 100-200 ron/saptamana, sa aiba bani de inghetata cand iese cu copii, verifica/cumpara programul , da-i la buci mai des, cumpara-i un vibrator si fa treesome cu ea si vibratoru, meri acasa cu flori, tort si vin, iar daca tot ai impresia ca te inseala, divorteaza sau mergi cu ea la o petrecere swing.
  5. 6 points
  6. 6 points
    burpa: Burp Automator A Burp Suite Automation Tool with Slack Integration Requirements burp-rest-api Burp Suite Professional slackclient Usage: python burpa.py -h ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### usage: burpa.py [-h] [-a {scan,proxy-config}] [-pP PROXY_PORT] [-aP API_PORT] [-rT {HTML,XML}] [-r {in-scope,all}] [--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]] [--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]] proxy_url positional arguments: proxy_url Burp Proxy URL optional arguments: -h, --help show this help message and exit -a {scan,proxy-config}, --action {scan,proxy-config} -pP PROXY_PORT, --proxy-port PROXY_PORT -aP API_PORT, --api-port API_PORT -rT {HTML,XML}, --report-type {HTML,XML} -r {in-scope,all}, --report {in-scope,all} --include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]] --exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]] TEST: $ python burpa.py http://127.0.0.1 --action proxy-config ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### [+] Checking the Burp proxy configuration ... [-] Proxy configuration needs to be updated [+] Updating the Burp proxy configuration ... [-] Proxy configuration updated $ python burpa.py http://127.0.0.1 --action scan --include-scope http://testasp.vulnweb.com ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### [+] Retrieving the Burp proxy history ... [-] Found 4 unique targets in proxy history [+] Updating the scope ... [-] http://testasp.vulnweb.com included in scope [+] Active scan started ... [-] http://testasp.vulnweb.com Added to the scan queue [-] Scan in progress: %100 [+] Scan completed [+] Scan issues for http://testasp.vulnweb.com: - Issue: Robots.txt file, Severity: Information - Issue: Cross-domain Referer leakage, Severity: Information - Issue: Cleartext submission of password, Severity: High - Issue: Frameable response (potential Clickjacking), Severity: Information - Issue: Password field with autocomplete enabled, Severity: Low - Issue: Cross-site scripting (reflected), Severity: High - Issue: Unencrypted communications, Severity: Low - Issue: Path-relative style sheet import, Severity: Information - Issue: Cookie without HttpOnly flag set, Severity: Low - Issue: File path traversal, Severity: High - Issue: SQL injection, Severity: High [+] Downloading HTML/XML report for http://testasp.vulnweb.com [-] Scan report saved to /tmp/burp-report_20170807-235135_http-testasp.vulnweb.com.html [+] Burp scan report uploaded to Slack Download burpa-master.zip Source: https://github.com/0x4D31/burpa
  7. 6 points
    Paralel rau cu geometria. 1. Ca sa trasezi o dreapta iti trebuie 2 PUNCTE!!! 27 nu este un punct! un punct e de forma (x,y) ex: (27,30) tie iti trebuie 2 puncte ex: (27,30) (28,30) 2. De ce sa trasezi dreapta? Vrei sa o afisezi utilizatorului? Daca nu o afisezi nu o trasa. Problema ta poate fi rezolvata doar cu 3 ecuatii. 3. Ce ceri tu cu (punct sub dreapta sau deasupra) e o problema de clasa a 11-a (matematica sau informatica). Ecuatiile sunt banale pentru oricine a luat bacul la mate. 4. Nu ma complic sa iti explic solutia. Tu vrei sa faci ceva bot de forex ca sa faci bani pt cabinet stomatologic. Bafta. Edit: Daca tu te chinui cu problema asta nu ai nicio sansa sa scrii cod java/c#/c++ sa o rezolve. Chiar daca iti explica cineva.
  8. 6 points
  9. 5 points
  10. 5 points
    Mi se pare incredibil cat de repede se mobilizeaza toate serviciile DIICOT, SRI si care or mai fi pentru un 'atac informatic'. Daca ar fi asa de prompti si intereasati si in alte situatii care nu sunt 'atacuri' asupra institutilor statului ci atacuri impotriva populatiei gen: diluarea substantelor folosite pt igienizarea spitalelor, ce tara misto am avea. Macar sa ne zica la ce informatii strict secrete au avut acces. Sa intelegem si noi dimensiunea acestui atac. Cate persoane a salvat aceasta operatiune, cate persoane o sa iasa pe strada incepand de azi fara frica de a le fi atacat informatic apartamentul cat timp sunt plecati. Cate persoane a salvat de la infectiile pe care le iei prin spitale. Sa dea numere, rapoarte, costuri, valoarea prejudiciului. Sa intelegem cu toti ce au facut.
  11. 5 points
    As a reverse engineer on the FLARE Team I rely on a customized Virtual Machine (VM) to perform malware analysis. The Virtual Machine is a Windows installation with numerous tweaks and tools to aid my analysis. Unfortunately trying to maintain a custom VM like this is very laborious: tools frequently get out of date and it is hard to change or add new things. There is also a constant fear that if the VM gets corrupted it would be super tedious to replicate all of the settings and tools that I’ve built up over the years. To address this and many related challenges, I have developed a standardized (but easily customizable) Windows-based security distribution called FLARE VM. FLARE VM is a freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others, FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, disassemblers, decompilers, static and dynamic analysis utilities, network analysis and manipulation, web assessment, exploitation, vulnerability assessment applications, and many others. The distribution also includes the FLARE team’s public malware analysis tools such as FLOSS and FakeNet-NG. How To Get It You are expected to have an existing installation of Windows 7 or above. This allows you to choose the exact Windows version, patch level, architecture and virtualization environment yourself. Once you have that available, you can quickly deploy the FLARE VM environment by visiting the following URL in Internet Explorer (other browsers are not going to work): http://boxstarter.org/package/url?https://raw.githubusercontent.com/fireeye/flare-vm/master/flarevm_malware.ps1 After you navigate to the above URL in the Internet Explorer, you will be presented with a Boxstarter WebLauncher dialog. Select Run to continue the installation as illustrated in Figure 1. Following successful installation of Boxstarter WebLauncher, you will be presented with a console window and one more prompt to enter your Windows password as shown in Figure 2. Your Windows password is necessary to restart the machine several times during the installation without prompting you to login every time. Figure 2: Boxstarter Password Prompt The rest of the process is fully automated, so prepare yourself a cup of coffee or tea. Depending on your connection speed, the initial installation takes about 30-40 minutes. Your machine will also reboot several times due to the numerous software installation’s requirements. During the deployment process, you will see installation logs of a number of packages. Once the installation is complete, it is highly recommended to switch the Virtual Machine networking settings to Host-Only mode so that malware samples would not accidentally connect to the Internet or local network. Also, take a fresh virtual machine snapshot so this clean state is saved! The final FLARE VM installation should look like Figure 3. NOTE: If you encounter a large number of error messages, try to simply restart the installation. All of the existing packages will be preserved and new packages will be installed. Getting Started The VM configuration and the included tools were either developed or carefully selected by the members of the FLARE team who have been reverse engineering malware, analyzing exploits and vulnerabilities, and teaching malware analysis classes for over a decade. All of the tools are organized in the directory structure shown in Figure 4. Figure 4: FLARE VM Tools While we attempt to make the tools available as a shortcut in the FLARE folder, there are several available from command-line only. Please see the online documentation at http://flarevm.info for the most up to date list. Sample Analysis In order to best illustrate how FLARE VM can assist in malware analysis tasks let’s perform a basic analysis on one of the samples we use in our Malware Analysis Crash Course. First, let’s obtain some basic indicators by looking at the strings in the binary. For this exercise, we are going to run FLARE’s own FLOSS tool, which is a strings utility on steroids. Visit http://flosseveryday.info for additional information about the tool. You can launch it by clicking on the FLOSS icon in the taskbar and running it against the sample as illustrated in Figure 5. Unfortunately, looking over the resulting strings in Figure 6 only one string really stands out and it is not clear how it is used. Figure 6: Strings Analysis Let’s dig a bit more into the binary by opening up CFF Explorer in order to analyze sample’s imports, resources, and PE header structure. CFF Explorer and a number of other utilities are available in the FLARE folder that can be accessed from the Desktop or the Start menu as illustrated in Figure 7. Figure 7: Opening Utilities While analyzing the PE header, there were several indicators that the binary contains a resource object with an additional payload. For example, the Import Address Table contained relevant Windows API calls such as LoadResource, FindResource and finally WinExec. Unfortunately, as you can see in Figure 8 the embedded payload “BIN” contains junk so it is likely encrypted. Figure 8: PE Resource At this point, we could continue the static analysis or we could “cheat” a bit by switching over to basic dynamic analysis techniques. Let’s attempt to quickly gather basic indicators by using another FLARE tool called FakeNet-NG. FakeNet-NG is a dynamic network emulation tool which tricks malware into revealing its network functionality by presenting it with fake services such as DNS, HTTP, FTP, IRC and many others. Please visit http://fakenet.info for additional information about the tool. Also, let’s launch Procmon from Sysinternals Suite in order to monitor all of the File, Registry and Windows API activity as well. You can find both of these frequently used tools in the taskbar illustrated in Figure 9. Figure 9: Dynamic Analysis After executing the sample with Administrator privileges, we quickly find excellent network- and host–based indicators. Figure 10 shows FakeNet-NG responding to malware’s attempt to communicate with evil.mandiant.com using HTTP protocol. Here we capture useful indicators such as a complete HTTP header, URL and a potentially unique User-Agent string. Also, notice that FakeNet-NG is capable of identifying the exact process communicating which is level1_payload.exe. This process name corresponds to the unique string that we have identified in the static analysis, but couldn’t understand how it was used. Figure 10: FakeNet-NG Comparing our findings with the output of Procmon in Figure 11, we can confirm that the malware is indeed responsible for creating level1_payload.exe executable in the system32 folder. Figure 11: Procmon As part of the malware analysis process, we could continue digging deeper by loading the sample in a disassembler and performing further analysis inside a debugger. However, I would not want to spoil this fun for our Malware Analysis Crash Course students by sharing all the answers here. That said all of the relevant tools to perform such analysis are already included in the distribution such as IDA Pro and Binary Ninja disassemblers, a nice collection of debuggers and several plugins, and many others to make your reverse engineering tasks as convenient as possible. Have It Your Way FLARE VM is a constantly growing and changing project. While we try to cover as many use-case scenarios as possible it is simply impossible due to the nature of the project. Luckily, FLARE VM is extremely easy to customize because it was built on top of the Chocolatey project. Chocolatey is a Windows-based package management system with thousands of packages. You can find the list here https://chocolatey.org/packages In addition to the public Chocolatey repository, FLARE VM uses our own FLARE repository which constantly growing and currently contains about 40 packages. What all this means is that if you want to quickly add some package, let’s say Firefox, you no longer have to navigate to the software developer’s website. Simply open up a console and type in the command in Figure 12 to automatically download and install any package: Figure 12: Installing packages In a few short moments, Firefox icon is going to appear on your Desktop with no user interaction necessary. Staying up to date As I’ve mentioned in the beginning, one of the hardest challenges of unmanaged Virtual Machine is trying to keep all the tools up to date. FLARE VM solves this problem. You can completely update the entire system by simply running the command in Figure 13. Figure 13: Staying up to date If any of the installed packages have newer versions, they will be automatically downloaded and installed. NOTE: Don’t forget to take another clean snapshot of an updated system and set networking back to Host-Only. Conclusion I hope you enjoy this new free tool and will adopt it as another trusted resource to perform reverse engineering and malware analysis tasks. Next time you need to set up a new malware analysis environment, try out FLARE VM! In these few pages, we could only scratch the surface of everything that FLARE VM is capable of; however, feel free to leave your comments, tool requests, and bugs on our Github issues page here: https://github.com/fireeye/flare-vm or http://flarevm.info/ Installed Tools Debuggers OllyDbg + OllyDump + OllyDumpEx OllyDbg2 + OllyDumpEx x64dbg WinDbg Disassemblers ==== IDA Free Binary Ninja Demo Java ==== JD-GUI Visual Basic ==== VBDecompiler Flash ==== FFDec .NET ==== ILSpy DNSpy DotPeek De4dot Office ==== Offvis Hex Editors ==== FileInsight HxD 010 Editor PE ==== PEiD ExplorerSuite (CFF Explorer) PEview DIE Text Editors ==== SublimeText3 Notepad++ Vim Utilities ==== MD5 7zip Putty Wireshark RawCap Wget UPX Sysinternals Suite API Monitor SpyStudio Checksum Unxutils Python, Modules, Tools ==== Python 2.7 Hexdump PEFile Winappdbg FakeNet-NG Vivisect FLOSS FLARE_QDB PyCrypto Cryptography Other ==== VC Redistributable Modules (2008, 2010, 2012, 2013) Surse: https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html https://github.com/fireeye/flare-vm
  12. 5 points
    Tutorial pentru bypass filtre XSS, in doua parti (momentan). Primul contine chestii generice (hex, control characters, octal): http://blog.rakeshmane.com/2016/11/xssing-web-part-1.html Aici se concentreaza pe Unicode (UTF-8, UTF-16, UTF-32, BOM) http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html
  13. 5 points
    Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the modern era of how we think about protecting accounts. In that post, I talked about NIST's Digital Identity Guidelines which were recently released. Of particular interest to me was the section advising organisations to block subscribers from using passwords that have previously appeared in a data breach. Here's the full excerpt from the authentication & lifecycle management doc (CSP is "Credential Service Provider"): NIST isn't mincing words here, in fact they're quite clearly saying that you shouldn't be allowing people to use a password that's been breached before, among other types of passwords they shouldn't be using. The reasons for this should be obvious but just in case you're not fully aware of the risks, have a read of my recent post on password reuse, credential stuffing and another billion records in Have I been pwned (HIBP). As I read NIST's guidance, I realised I was in a unique position to help do something about the problem they're trying to address due to the volume of data I've obtained in running HIBP. https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/ https://haveibeenpwned.com/Passwords
  14. 5 points
    :))))))))) fugi ma de aici
  15. 5 points
    Angelico, astia daca ating o femeie pe cur, nu se spala 6 luni crezand ca sunt binecuvantati apoi ies la tovarasii din cartier si le cer cate 5 lei sa-i atinga. Hahahhahaha
  16. 4 points
    "Build Your Own Linux (From Scratch)" walks users through building a basic Linux distribution. Presented by Linux Academy & Cloud Assessments. Access the main Linux Academy website to view related course videos and other content, and the Cloud Assessments website for free cloud training powered by AI. Section 1 Our Goal WHAT WE ARE BUILDING This course walks through the creation of a 64-bit system based on the Linux kernel. Our goal is to produce a small, sleek system well-suited for hosting containers or being employed as a virtual machine. Because we don't need every piece of functionality under the sun, we're not going to include every piece of software you might find in a typical distro. This distribution is intended to be minimal. Here is what our end-result will look like: 64-bit Linux 4.8 Kernel with GCC 6.2 and glibc 2.24 A system compatible with both EFI and BIOS hardware Bootable with GRUB2 A VFAT formatted partition for GRUB/UEFI A boot partition A root partition WHAT WE ARE LEARNING This course provides step-by-step instructions in an effort to build the Linux kernel, the GNU C Standard Library implementation, GCC, and user-land binaries from source. The tasks are presented in linear order, and must be followed sequentially, as later tasks have dependencies on early tasks. Do not skip around. Following this guide as intended will, in turn, enlighten you to many of the "hows" and "whys" of Linux, and assist in your ability to do tasks such as: Troubleshooting issues with the kernel Troubleshooting issues with user-land software Understanding the rationale behind various security systems and measures Performance tuning the kernel Performance tuning user-land binaries Building or "rolling" your own distribution Building user-land binaries from source Required Skills and Knowledge We make extensive use of VirtualBox in this course. Working knowledge of VirtualBox and a solid foundation in Linux and Linux troubleshooting are essential. If you're not as familiar with VirtualBox as you would like, take a look at the "How to Install CentOS 7 with VirtualBox" lesson in the "Linux Essentials Certification" course. That course, as well, provides the foundational knowledge required for this course. Standards As we progress through this course, we will adhere to the FHS (Filesystem Hierarchy Standard) specification, version 3.0. We will adhere (mostly) to the LSB (Linux Standard Base) specification, version 5.0. See the pertinent sections in this guide for more information on these two topics. Articol complet: http://www.buildyourownlinux.com/
  17. 4 points
    Ma gandeam sa fac putin misto de el pentru asta: dar vad in postarile anterioare ca si limba materna il doboara in mod.. napraznic. Tragi-comic e si (asa-zisa)conditia: Daca i-ar scrie cineva un articol, care are un vocabular mai bogat si eventual foloseste ceva epitete mai putin uzuale, cred ca s-ar speria, crezand ca il injura de mama. Trist, la 20 ani sau cat se da ca are.. flacau in toata regula si cu creierul neted Cine o sa va plateasca bre pensiile?
  18. 4 points
    Reverse Engineering Malware 102 Material Introduction Section 1) Setup Section 2) Information Gathering Section 3) Creating Travel Directions Section 4) Identifying Encryption Section 5) Evasion Techniques Section 6) Identifying Packing Section 7) Extra Fun Section 8) Conclusion Sursa: https://securedorg.github.io/RE102/
  19. 4 points
    Arbitrary code execution via crafted ssh:// in Git """ A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. """ Source: http://blog.recurity-labs.com/2017-08-10/scm-vulns https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1466490.html
  20. 4 points
  21. 4 points
    Astia-s hecari d-aia grei, cu botneti creched de pe hecforums, care au havij pro, astia-s periculosi rau, dau flud cu acordeonul din winamp, nu e de joaca, captura mare au facut baietii astia de la DIICOT.
  22. 4 points
    _ _ _ _ __ _ _ __| (_) ___| |_ ___ _ __ | '_ \| | | |/ _` | |/ __| __/ _ \| '__| | |_) | |_| | (_| | | (__| || (_) | | | .__/ \__, |\__,_|_|\___|\__\___/|_| |_| |___/ Email: LandGrey@qq.com Preface: Q: Why I need to use pydictor ? A: 1.it always can help you You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on; You can use the pydictor built-in tool to safe delete, merge, unique, merge and unique, count word frequency to filter the wordlist, besides, you also can specify your wordlist and use '-tool handler' to filter your wordlist; 2.highly customized You can generate highly customized and complex wordlist by modify multiple configuration files, add your own dictionary, using leet mode, filter by length、char occur times、types of different char、regex, even customized own encryption function by modify /lib/fun/encode.py test_encode function. its very relevant to generate good or bad password wordlist with your customized rules and skilled use of pydictor; 3.powerful and flexible configuration file parsing nothing to say,skilled use and you will love it 4.great compatibility whether you are using Python 2.7 version or Python 3.x version , pydictor can be run on Windows, Linux or Mac; Start: git clone --depth=1 --branch=master https://www.github.com/landgrey/pydictor.git cd pydictor/ chmod 755 pydictor.py python pydictor.py Overview: Quick to use: types of generate wordlist(14 types)and descriptions wordlist type number description base 1 basic wordlist char 2 custom character wordlist chunk 3 permutation and combination wordlist conf 4 based on configuration file wordlist sedb 5 social engineering wordlist idcard 6 id card last 6/8 char wordlist extend 7 extend wordlist based on rules scratch 8 wordlist based on web pages keywords passcraper 9 wordlist against to web admin and users handler 10 handle the input file generate wordlist uniqifer 11 unique the input file and generate wordlist counter 12 word frequency count wordlist combiner 13 combine the input file generate wordlist uniqbiner 14 combine and unique the input file generate wordlist function and scope of support wordlist number function number (wordlist) description len 1 2 3 4 5 6 7 9 10 11 12 14 lenght scope head 1 2 3 4 5 6 7 9 10 11 12 14 add items prefix tail 1 2 3 4 5 6 7 9 10 11 12 14 add items suffix encode 1 2 3 4 5 6 7 9 10 11 12 14 encode the items occur 3 4 5 7 9 10 11 12 14 filter by occur times of letter、digital、special chars types 3 4 5 7 9 10 11 12 14 filter by types of letter、digital、special chars regex 3 4 5 7 9 10 11 12 14 filter by regex level 5 7 9 set the wordlist level leet 5 7 9 1337 mode usage examples: 1: generate the basic wordlsit based on digital lenght of 4 python pydictor.py -base d --len 4 4 --output D:\exists\or\not\dict.txt 2: encode the wordlist python pydictor.py -base L --len 1 3 --encode b64 3: use d(digital) L(lowercase letter) c(capital letter) generating wordlist python pydictor.py -base dLc -o /awesome/pwd 4: use customized characters generating wordlist python pydictor.py -char "abc123._@ " --len 1 3 --tail @site 5: generate permutation and combination wordlist python pydictor.py -chunk abc ABC 666 . _ @ "'" --head a --tail 123 --encode md5 6. extend wordlist based on rules extend function mainly directed against web application administrator to generate password You can put your own weak password wordlist in wordlist/Web,extend function will auto unique them,new wordlist will contains them You can modify funcfg/extend.conf,set prefix, suffix, prefix + suffix and middle word when extended extend function support leet mode,pick by level and pick by lenght function,you can learn more in the following write the following information to '/names.txt' liwell shelly bianji webzhang run command: python pydictor.py -extend /names.txt --leet 0 1 2 11 21 --level 1 --len 4 16 --occur "<=10" ">0" "<=2" -o /possbile/wordlist.lst 7: id card last 6/8 char wordlist pydictor.py -plug pid6 --types ">=0" ">=4" ">=0" --encode b64 note: default sex ='all', it decided by lib/data/data.py default_sex, and 'm' is Male, 'f' is Female 8: using passcraper plugin crawl website generating password wordlist based on plain text found and extend rules the rules of passcraper plug and extend function are the same passcraper plug will generate two wordlist,preffix with SCRATCH is raw wordlist by website plain text, and if you feel that there are a lot of unrelated words in the SCRATCH wordlist, you can remove them, and then use the extend function to specify the new file to generate dictionary again. you can modify the funcfg/passcraper_blacklist.conf file,add or delete useless words that need to be filtered out, and also can modify lib/data/data.py file passcraper_filter argument,change the filter regular expressions with same extend function,you can put your weak password in /wordlist/Web,new wordlist will contains them python pydictor.py -plug passcraper using default file scraper.sites as multi-input file python pydictor.py -plug passcraper http://www.example.com 9. using configuration file build dictionary this function contains all of "-base" and "-char" capacities,and more precise control python pydictor.py --conf using default file funcfg/build.conf build the dictionary python pydictor.py --conf /my/other/awesome.conf using /my/other/awesome.conf build the dictionary note: parsing rules details as following,besides referred to build.conf file configuration parsing rules details: the basic unit of parsing is called an parsing element, an parsing element includes five elements, namely: head, character set, length range, encoding, tail, which can be omitted both head and tail; A standard parsing element:head[characters]{minlength,maxlength}<encode-type>tail,a example parsing element:a[0-9]{4,6}<none>_ Its meaning build a dictionary that prefix is "a" , character set is 0—9, don't encode,length range is 4—6 and suffix is "_" current is support parsing one line one line can contains 10 parsing elements such as:[4-6,a-c,A,C,admin]{3,3}<none>_[a,s,d,f]{2,2}<none>[789,!@#]{1,2}<none>,it contains three parsing elements if annotator "#" in first place, program won't parse this line conf function can build more precise dictionary up to single char about character sets: You can add the "-" in the middle of character sets beginning and ending to join them and can also use "," to separate multiple character sets, or a single character, or a single string, as an element of the character set; supported encoding: none don't encode b64 base64 md5 md5 digest algorithm output 32 char md516 md5 digest algorithm output 16 char sha1 sha1 digest algorithm url urlencode sha256 sha256 digest algorithm sha512 sha512 digest algorithm test interface for customized encode function 10. handle wordlist's tools filter tool handler specify the input file, and output the handled file python pydictor.py -tool handler /wordlist/raw.txt --len 6 16 --occur "" "=6" "<0" --encode b64 -o /wordlist/ok.txt safe delete tool shredder python pydictor.py -tool shredder delete the currently specified output path(default:results) files and all its dictionary files python pydictor.py -tool shredder base delete the files of it's prefix is "BASE" in currently specified output path prefix(case insensitive) range in 14 items: base,char,chunk,conf,sedb,idcard,extend,handler,uniqifer,counter,combiner,uniqbiner,scratch,passcraper besides,you can safe shred files or whole directory as following: python pydictor.py -tool shredder /data/mess python pydictor.py -tool shredder D:\mess\1.zip for improving the security delete speed, the default uses 1 times to erase and rewrite,you can modify lib/data/data.py file's file_rewrite_count and dir_rewrite_count value remove duplicates tool uniqifer python pydictor.py -tool uniqifer /tmp/my.dic word frequency statistics tool counter python pydictor.py -tool counter vs /tmp/mess.txt 100 select 100 words in /tmp/mess.txt file that appear in the most times and output to the terminal and saved to file note: default choose 100 items to print or save;default separator is:"\n",you can modify counter_split value in lib/data/data.py file merge dictionary tool combiner python pydictor.py -tool combiner /my/messdir note: default choose 100 items to print or save;default separator is:"\n",you can modify counter_split value in lib/data/data.py file merge dictionary tool combiner python pydictor.py -tool combiner /my/messdir remove duplicates after merging tool uniqbiner python pydictor.py -tool uniqbiner /my/messdir 11: wordlist filter filter by level function this function is currently only support extend function, passcraper plug, Social Engineering Dictionary Builder default level is 3, the lower level, the lower possibility, the more items modify funcfg/extend.conf file,customized your awesome level rules python pydictor.py -extend bob adam sarah --level 5 use leet mode this function is currently only support extend, passcraper, Social Engineering Dictionary Builder all default unable to use leet mode, when enable, you can use multiple code at one time SEDB can enable leet mode and set code in SEDB interface enable leet mode cannot make wordlist decrease,it will increase wordlist on the basis of unable to use the leet mode default leet table leet char = replace char a = 4 b = 6 e = 3 l = 1 i = 1 o = 0 s = 5 code 0 default,replace all 1 left-to-right, replace all the first encountered leet char 2 right-to-left, replace all the first encountered leet char 11-19 left-to-right, replace the first encountered leet char to maximum code-10 chars 21-29 right-to-left, replace the first encountered leet char to maximum code-20 chars code effection table code old string new string 0 as a airs trees 45 4 41r5 tr335 1 as a airs trees 4s 4 4irs trees 2 as a airs trees a5 a air5 tree5 11 as a airs trees 4s a airs trees 12 as a airs trees 4s 4 airs trees 13 as a airs trees 4s 4 4irs trees 14 as a airs trees 4s 4 4irs trees ... as a airs trees 4s 4 4irs trees 21 as a airs trees as a airs tree5 22 as a airs trees as a air5 tree5 23 as a airs trees a5 a air5 tree5 24 as a airs trees a5 a air5 tree5 ... as a airs trees a5 a air5 tree5 besides,you also can: modify /funcfg/leet_mode.conf, add or delete leet table items; modify /lib/lib/data.py, extend_leet、passcraper_leet、sedb_leet arguments, choose some functions whether default use leet mode; modify /lib/data/data.py,leet_mode_code argument, choose default mode code; filter by occur times of letter、digital、special chars --occur [scope of occur letter times] [scope of occur digital times] [scope of occur special chars times] default occur times "<=99" "<=99" "<=99" filter by types of letter、digital、special chars --types [scope of letter types] [scope of digital types] [scope of special types] default types ">=0" ">=0" ">=0" 12. social engineering dictionary python pydictor.py --sedb _ _ _ _ __ _ _ __| (_) ___| |_ ___ _ __ | '_ \| | | |/ _` | |/ __| __/ _ \| '__| | |_) | |_| | (_| | | (__| || (_) | | | .__/ \__, |\__,_|_|\___|\__\___/|_| |_| |___/ Social Engineering Dictionary Builder Build by LandGrey ----------------------------[ command ]---------------------------- [+]help desc [+]exit/quit [+]clear/cls [+]show option [+]set option arguments [+]rm option [+]len minlen maxlen [+]head prefix [+]tail suffix [+]encode type [+]occur L d s [+]types L d s [+]regex string [+]level code [+]leet code [+]output directory [+]run ----------------------------[ option ]---------------------------- [+]cname [+]ename [+]sname [+]birth [+]usedpwd [+]phone [+]uphone [+]hphone [+]email [+]postcode [+]nickname [+]idcard [+]jobnum [+]otherdate [+]usedchar pydictor SEDB>> command: help reload interface help desc view the meaning for each items exit or quit exit the program clear or cls clear screen show view the current settings set set option value rm remove option value len select the length range head add prefix tail add suffix encode encode items occur set occur times of letter、digital、special chars types set types of letter、digital、special chars regex filter by regex level select the extend level value leet enable leet mode and choose code output set output dictionary or file path run build wordlist if you have some information about someone information items value chinese name 李伟 pinyin name liwei simple name lw simple name Lwei english name zwell birthday 19880916 used password liwei123456. used password liwei@19880916 used password lw19880916_123 used password abc123456 phone number 18852006666 used phone number 15500998080 home phone 76500100 company phone 010-61599000 email account 33125500@qq.com email account 13561207878@163.com email account weiweili@gmail.com email account wei010wei@hotmail.com home postcode 663321 now place postcode 962210 common nickname zlili id card number 152726198809160571 student id 20051230 job number 100563 father birthday 152726195910042816 mother birthday 15222419621012476X boy/girl friend brithday 152726198709063846 friend brithday 152726198802083166 pet name tiger crazy something games of thrones special meaning numbers 176003 special meaning chars m0n5ter special meaning chars ppdog now, use follwing command: python pydictor.py --sedb set cname liwei set sname lw Lwei set ename zwell set birth 19880916 set usedpwd liwei123456. liwei@19880916 lw19880916_123 set phone 18852006666 set uphone 15500998080 set hphone 76500100 61599000 01061599000 set email 33125500@qq.com set email 13561207878@163.com set email weiweili@gmail.com set email wei010wei@hotmail.com set postcode 663321 962210 set nickname zlili set idcard 152726198809160571 set jobnum 20051230 100563 set otherdate 19591004 19621012 set otherdate 19870906 19880208 set usedchar tiger gof gamesthrones 176003 m0n5ter ppdog view the configuration, and build the wordlist show run if you want more items wordlist, use level 1 and, you want to filter some impossible password, set the password lenght len 1 16 at least one letter and at most three special char, occur ">0" "" "<=3" and at most two types of special char in one item, types "" "" "<=2" finaly, specify the output path, build wordlist again output D:\awesome\dict\liwei_pass.txt run note: you can modify funcfg/sedb_tricks.conf file,change the word transform prefix, suffix and prefix+suffix rules you can put your own individual weak password wordlist in wordlist/SEDB, SEDB some little rules contains extend function Destination is just a point of departure,It's your show time Download pydictor-master.zip Source: https://github.com/LandGrey/pydictor
  23. 4 points
    Avem un nou Moderator - @SirGod
  24. 4 points
    O mica jucarie pentru cei ce se ocupa cu Reverse Engineering. Momentan doar pentru Windows, arhitecturi x86 si x86_64. Articol: http://blog.talosintelligence.com/2017/07/pyrebox.html Repo: https://github.com/Cisco-Talos/pyrebox
  25. 4 points
    Cu ce ramanem din ce se posteaza pe forum? https://img-9gag-fun.9cache.com/photo/ad9XZjB_460sv.mp4
  26. 3 points
    Aici se vor posta doar oferte valabile gasite la diferite magazine online, din tara si nu numai. Rog a se posta atat link-ul cat si pretul. Ar fi indicat sa va asigurati ca produsul respectiv nu exista la un pret mai mic la un alt magazin, altfel ar fi inutil postul. Deasemenea, reducerea sa fie semnificativa, nu de-al de 3 lei 25.
  27. 3 points
    Learn C# by Building a Simple RPG " If you want to write a Role Playing Game, but don’t know how to program, or just want to learn how to program in C#, then you’re at right the place. These lessons will take you from a complete beginner to being an author of a Role Playing Game, for free. Now, this isn’t the world’s greatest game. In fact, it’s very short and kind of ugly. However, as you create it, you’ll learn the most common C# programming practices and techniques. Then, if you want, you can improve the game, adding more features and your own special touch to it... " Sources: [-] https://scottlilly.com/learn-c-by-building-a-simple-rpg-index/ [-] https://roguesharp.wordpress.com/
  28. 3 points
    Atata se da lumea cu fundul de pamant pe forumuri si pe net in general ca vezi-doamne, platesc bani, etc. Cateva motive pentru care nu vor plati nici un ban: - nu au nici o garantie ca se vor tine de cuvant si nu vor posta nimic in public - nu au nici o garantie ca dupa ce vor primi anumite sume nu vor cere mai mult ca sa nu posteze in public - ar fi suicid din punct de vedere PR (mai ales cum muricanii au lozinca "we don't negotiate with terrorists") si ar fi linsati mediatic, ridiculizati, etc. I-ar costa mult mai mult marketing-ul si advertising-ul dupa - ar da tonul si invita in mod indirect si alte atacuri. Daca ar vedea indienii si pakistanezii ca platesc pai ar sta in carca lor 24/7. Sa nu mai vorbim de rusi, chinezi si alte cele. - momentan probabil vor sa traga de timp caci mai sunt 2 episoade din Game of Thrones si apoi ii doare la basca. Vor sa dea si cat mai mult timp celor de la FBI care sunt pe fir - astfel de intelegeri se fac de obicei in mod foarte discret, cu oameni inteligenti pe ambele parti, fara tam-tam mediatic. Spre exemplu pe o platforma unde ma uitam sa investesc acum ceva vreme, au avut un breach si apoi extract din info ce am primit:
  29. 3 points
    A fost publicata agenda. https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_0101_talks https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_1010_talks
  30. 3 points
  31. 3 points
    Avand in vedere ca imaginile sunt injectate dinamic in pagina, nu poti folosi modulele pentru HTML DOM din PHP. Va trebui sa le iei cu regex. preg_match_all('/<img src="(.*)" id="(pic_(.*?))" (.*) \/>/', $page_contents, $matches); $imgs = [ 'src' => $matches[1], 'id' => $matches[2] ]; print_r($imgs);
  32. 3 points
    Authorities arrested the UK security researcher known for stopping the WannaCry ransomware attack in May. On Wednesday, 22-year-old Marcus Hutchins -- also known as MalwareTech -- was arrested in Las Vegas for "his role in creating and distributing the Kronos banking Trojan," according to a spokesperson from the U.S. Department of Justice. The charges relate to alleged conduct occurring between July 2014 and July 2015. According to an indictment provided to CNN Tech, Hutchins created the malware and shared it online. Earlier this year, Hutchins became an internet hero when he helped stop WannaCry, a cyberattack that targeted over 150 countries. The ransomware locked down computers and demanded $300 to get files back. Hutchins, who is a malware researcher at the Kryptos Logic security firm, created a killswitch that prevented the spread of the virus. Friends and family have not been able to speak with Hutchins, according to a person close to the situation. The news of the detention was first reported by Motherboard. This story is developing. sursa: http://money.cnn.com/2017/08/03/technology/culture/malwaretech-arrested-las-vegas-trojan/index.html acuzarea: https://www.documentcloud.org/documents/3912524-Kronos-Indictment-R.html pe acelasi subiect: https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con https://www.theguardian.com/technology/2017/aug/03/researcher-who-stopped-wannacry-ransomware-detained-in-us?CMP=share_btn_tw
  33. 3 points
    Lasand totusi mistocareala, eu trebuie sa recunosc ca ma bucur pe o parte ca si-au luat-o inca odata "institutiile". De ce? Pentru ca sumele aruncate pe site-urile alea nu sunt mici deloc in cele mai multe cazuri, fiind implicati oameni ca "Ghita" care constipa despre legi si vrajeala de dimineata pana seara in mainstream. Nu am o problema sa aloci 10.000 / 20.000 pentru un site de prezentare dar cand e facut pe Wordpress sau joomla + o tema moca si 1 plugin free si mai si semnezi cu un securist de al tau incep sa vad rosu in conditia in care "nu avem bani domle, suntem saraci suntem saraci credeti-ne pe cuvant ce dracu." . Legat de "in parnaie se ia la caca", tre' sa treceti pe acolo intai, situatii de genul mai erau prin 2005 iar acum "se mai ia la caca" doar daca se cere (bulangii pe bune, care o cer) sau chiar te vrea directoru de parnaie in celula cu cei mai al dracu care au obiceiuri de genul. Hai sa mai trecem peste filmele americane cu niggers. Is multi parametrii pana la sodomizare. Cu un ochi totusi plang pentru site-urile care nu aveau nici o legatura cu gunoiul de stat in care avem sansa sa murim de la o zi la alta. Aici s-ar explica prin hormoni si lipsa de cultura online. Decat sa se gandeasca la "manuale de sport" statul ar trebui sa se gandeasca la un manual de vorbit frumos pe internet si in caz ca are atractii pentru cracking / hacking / fucking stuff sa nu se ia de oricine amboulea si nici sa goleasca carduri.
  34. 3 points
  35. 3 points
    "Pai, o sa se poata distruge cum ar veni planeta numai prin internet. Poti, logic. Sigur poti! Daca te gandesti bine, sigur cateva rachete sunt conectate la vreun server. Care-s conectate la alt server si alt server din care unu tot e conectat la internet."
  36. 3 points
    Bati campii rau de tot cu asta. Stau in aceeasi casa, respira acelasi aer, mananca impreuna, au planuri de viata impreuna. Nu crezi ca ar fi mai ok ca ea sa dea cartile pe fata daca o arde aiurea? Se vede ca esti inca necopt. Stai o viata alaturi de un om si tot nu ajungi sa-l cunosti. Crezi ca la toate dai cu programare cand nu mai merg lucrurile sau cand nu-ti convine ceva? Internetu' nu e viata. Ce vorbeste el acolo, e viata. Mai iesi si tu din casa, du-te si imbata-te, mergi la curve, lasa fitilele astea.
  37. 3 points
    June 29, 2017 ~ R3MRUM Over the past year-or-so, there seems to have been an uptick of miscreants password protecting the malicious office documents that they send to their target victims. They do this in an effort to bypass detection and thwart analysis. This blog details a few different tools and methodologies that can be used to analyze such files. Delivery & File Type These malicious documents typically end up making their way to the end point via email. The email message typically consists of some ruse to entice the user to open the document and, conveniently, includes the password needed to decrypt it (Figure 1). Figure 1: Example email with password protected MS Office document attached and password in message body. The ‘m’ at the end of the ‘.dotm’ file extension, shown in Figure 1, tells you that the file attached is macro-enabled. In this instance, it is an MS Office Document Template file but it could have just as easily been a ‘.docm’ file, ‘.xlsm’ file, or any other macro-enabled file type supported by MS Office 2007 or newer. Feel free to read more about these file types on Microsoft’s website. Figure 2 shows the prompt that you are presented with when you open a password protected Office document: Figure 2: Password prompt received when opening a password protected office document. Failed Analysis Method #1: Copy Macros When I first encountered this type of malicious document, my first instinct was to launch the document in an isolated sandbox, enter in the password provided to me in the message body, and then copy the embedded VBA macro code from the document into notepad where I can then perform my analysis. This technically could have worked if the miscreant did not also password protect the Visual Basic Project containing the malicious VBA code with a separate unknown password (Figure 3). Figure 3: Password prompt received when attempting to gain access to macro code. Failed Analysis Method #2: Re-Save Without Password My second thought was: “After I open the document and enter in the initial password, I’ll just re-save the document without a password. Then I’ll be able to use my analysis tools to inspect the file’s contents.” Unfortunately, this doesn’t work either due to the fact that the VB Project within the encrypted document is also password protected. If you attempt this method, the contents of the document (images, text, etc…) will still be present within the unencrypted copy of the document but any embedded macros will be stripped. Successful Analysis Method #1: Decrypt with MSOffice-Crypt & Analyze w/ olevba|ViperMonkey Let me introduce you to a nifty little tool called msoffice-crypt. This bad mama jama enables you to dump a decrypted version of the encrypted office document out to a file. As a bonus, it works in both Windows and Linux! Figure 4: msoffice-crypt options & decrypting of encrypted Office document In Figure 4, I ran msoffice-crypt.exe without any arguments so that you can see the different supported options. Then, in the highlighted section, I ran the following command, which decrypted smith.dotm using the password “6429”: msoffice-crypt.exe -d -p 6429 smith.dotm If you did not provide an output file name, msoffice-crypt will default to appending an “_d” to the file name, like so: smith_d.dotm. Figure 5: Decrypted document created within the current working directory Sure enough, we see in Figure 5 that the decrypted Office document has been created. Now, if we launch this newly created document (in an isolated environment, of course!), you should no longer received the password prompt. Figure 6: Office document decrypted. Password no longer needed to open. Voilà! No password prompt received! (Figure 6) If you didn’t know, MS Office 2007+ documents are OpenXML format which means they are actually just compressed archives that you can decompress using you’re favorite archive extractor (WinZip, 7z, etc..). We can also spot the difference between the encrypted and decrypted documents by comparing the decompressed contents of both. Figure 7: Contents of decompressed encrypted Office document Figure 7 shows the contents of my encrypted Office document whereas Figure 8 shows the contents of my decrypted Office document. Figure 8: Contents of decompressed decrypted Office document The contents depicted in both Figures 7 and 8 are typical and should match what you are seeing in whatever OpenXML formatted Office document you are analyzing; not just this sample. This actually segues nicely into the next step, which is to extract out the VBA Macro code. If you recall, the malware author also password protected the VB Project containing the macro code. While I am not aware of any tool that will strip this protection from the document, it doesn’t matter as existing tools such as oletools, ViperMonkey, etc.. completely bypass it. Back in the day (like 3 months ago), I would have extracted out the VBA code by decompressing the OpenXML archive, locating the OLE binary within the “word” folder (i.e vbaProject.bin), and then using something like OfficeMalScanner (Figures 9 & 10): Figure 9: Running OfficeMalScanner against OLE binary found within OpenXML archive Figure 10: VBA code extracted from OLE binary using OfficeMalScanner … or olevba from the oletools suite (Figure 11): Figure 11: VBA code extracted from OLE binary using olevba But this is old-school. These days, all the kids are using ViperMonkey. ViperMonkey not only extracts the VBA for you but also emulates execution so that if the VBA is heavily obfuscation (in this case, it is not), you can quickly and safely derive what the code is actually doing. Also, it can handle OpenXML files so there is no need to extract the archive and locate the OLE binary. Figure 12: Analysis of the decrypted Office document using ViperMoney Figure 12 shows how ViperMoney not only extracts and displays the embedded VBA macro but it also gives you the execution flow of the malicious code in a quick and easy-to-ingest format. This dramatically reduces analysis time which, in turn, expedites time-to-respond. If I ever meet Philippe Lagadec (@decalage2), I’m going to buy that man a beer! Successful Analysis Method #2: Simply Open w/ LibreOffice Your probably going to hate me for making you step through the entire blog before mentioning – what turns out to be – the most simplest (and laziest) solution for accessing the embedded VBA code within a password protected document/project. Since REMNux doesn’t come packaged with LibreOffice, you’ll need to install it by simply running: sudo apt-get install libreoffice Once installed, open the encrypted Office document in LibreOffice by running: libreoffice smith.dotm Like when you opened the encrypted Office document within MS Office (Figure 2), you will be requested to enter in the document’s password (Figure 13). Figure 13: LibreOffice password prompt When you enter in the password, the document will successfully load. Now, you will be able to access the embedded VBA macro code by navigating to: Tools –> Macros –> Organize Macros –> LibreOffice Basic You will be presented with a pop-up window (Figure 14) where you will need to find the project containing the VBA code and hit the Edit button. Figure 14: LibreOffice’s Macro Editor Dialogue And BOOM! LibreOffice’s Basic Editor opens; giving you direct access to the VBA macro code without needing to also know the VB Project’s password (Figure 15): Figure 15: LibreOffice’s Basic Editor providing access to embedded VBA code. Bypassing password. That’s it! It’s that simple! My personal preference is the first method as I’m a command-line junkie. But, if you are more comfortable with performing your analysis via a GUI, then the LibreOffice method might be a better fit for you! Regardless, knowing multiple methods for solving single problem will only make you a better analyst. References Open XML Formats and file name extensions How to remove a password from a document MSOffice-Crypt: A tool/lib to encrypt/decrypt Microsoft Office Document Wikipedia: Office Open XML OfficeMalScanner Decalage2: oletools GitHub Decalage2: ViperMonkey GitHub LibreOffice Wiki Sursa: https://r3mrum.wordpress.com/2017/06/29/analyzing-malicious-password-protected-office-documents/
  38. 3 points
    sariti pe ele! https://mega.nz/#F!IhFg2ZbI!9DgoYtpyPTPhw6b1veuTkg!F10ERSZK
  39. 3 points
    Ce radacini mai sunt si alea. Ia de aici Si un castravete la reducere
  40. 3 points
    A couple of weeks ago I did a test installing a bare Debian 9 VM. Then I started to add top 50 tools from Kali Linux. To be honest, this VM is working like a charm atm without all the other unnecessary bull shit which is coming by default with Kali Linux. Overall, you have to understand this distro was built mainly by an Israeli dude and that should raise some concerns. Don't get me wrong, it is an amazing distro but once its popularity grew among security professionals, some interests into have it "backdoored" probably elevated as well. There is also the BlackArch alternative which overall is way more time consuming from tweaking perspective. Also, personally, I found Arch being slightly unfriendly with VMWARE workstation and very sensitive to different kernel changes. But this is just a personal opinion.
  41. 3 points
    Learn Programming in Python With the Power of Animation This is a Programming Course in Python. It will teach you coding from scratch with the Power of Animation&programming https://www.udemy.com/learn-programming-in-python-with-the-power-of-animation/?couponCode=PBCUDEMYGROUPS
  42. 3 points
    Unpacking Locky I will show you how to unpack a Locky sample with OllyDbg. This packer is indeed an easy one. But you will see for yourself. Download the sample from Hybrid-Analysis. An alternative way of unpacking this sample is in this video on my channel: The first thing I always do is a static check with a PE analysis tool like PortexAnalyzer. The image will look as follows and already tell us that the file is packed. Several sections of the file have a high entropy, including the .rdata section. Packer identifies like DIE will not know what was used to pack it, because the packer is a custom one. This is often the case with malware samples. This packer has the quirky characteristic to always add 32-bit Edition to the file version information whilst the other information changes: StringFileInfo --------------- language ID: 0x0409 code page: 0x04b0 CompanyName: Doubtsoftware.com FileDescription: Advanced Task Scheduler 32-bit Edition FileVersion: 4.1.0.612 InternalName: #dvenced Task Scheduler 32-bit Edition LegalCopyright: Copyright © Southsoftware.com, 2002-2015 OriginalFilename: Bifscheduler_edmin.exe ProductName: Advanced Task Scheduler 32-bit Edition ProductVersion: 4.1.0.612 The debug information has a strange, unknown type, hence Portex does not parse it any further: Debug Information ***************** Time Date Stamp: Thu Dec 09 05:07:00 CET 2083 Type: 4102553603 no description available If you look into the binary (tip: search for 'RSDS' to find it with the hex editor) you will see that there is debug path that has been created or modified in a random fashion: Z:\as\28cxkoao\azoozykz\l0t\jx\w9y4cni\jyc6mq3\mvnt.pdb Whilst this does not help to unpack the file, it might help to recognize this custom packer in the future. A check of the strings in the binary and the imports won't get us any further. If you get this sample in a fresh state, you will easily see that this is Locky with dynamic analysis. But once the samples are older and can't find a working C&C, they won't encrypt anymore. Now load the binary with OllyDbg. Don't forget to take a snapshot of your VM at this point. Simply step over with F8 while keeping your eyes open. If you happen to step over the following call you will see that the sample is doing a lot (reload the sample if that happens), so you should step into it instead (press f7). The same happens at the following call, also step into: Just keep on going like this, stepping over calls unless they start to do a lot, and keep your eyes open. At address 0x402364 you might notice that the code writes to the .rdata section (0x417EE on that image). Indeed, if you put a breakpoint to the instruction and watch .rdata in the dump window while running to the breakpoint (F9), you will see how .rdata gets decrypted. The jump to the .rdata section appears in 0x4020F0. Note that push followed by ret equals a jump instruction. This ret instruction will jump to 0x41577A. Compare that with the PortexAnalyzer report or the Memory window in OllyDbg to verify that this virtual address is in the .rdata section. Unfortunately we are not there yet. The decrypted code in the .rdata section is also a packer stub. Step through the code for a while. At some point you will see that the code collects addresses to common DLL functions with GetProcAddress. One of those is RtlDecompressBuffer, which is used by lots of packers to unpack their payload. Break at address 0x415B37. Right-click the value of EAX and click "Follow in Disassembler". You will now see the code of the RtlDecompressBuffer function. Break at the PUSH DWORD PTR [EBP + C] instruction: Now right-click the EDI value and Follow in Dump You will see an empty dump window And after stepping over (F8) the file will unpack in memory. The last thing to do is to open the Memory window and select the right memory area to dump the unpacked executable. Choose the location to save the dump to and you are done. The result is an unpacked Locky as you can verify by checking the strings of the dump or looking at it with a hex editor. Posted 8 hours ago by Karsten Hahn Sursa: http://struppigel.blogspot.de/2017/08/unpacking-locky.html
  43. 3 points
    Welcome to Awesome Fuzzing A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis. Table of Contents Books Courses Free Paid Videos NYU Poly Course videos Conference talks and tutorials Tutorials and Blogs Tools File Format Fuzzers Network Protocol Fuzzers Taint Analysis Symbolic Execution SAT and SMT Solvers Essential Tools Vulnerable Applications Anti-Fuzzing Contributing Awesome Fuzzing Resources Books Books on fuzzing Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini. Fuzzing for Software Security Testing and Quality Assurance by Ari Takanen, Charles Miller, and Jared D Demott. Open Source Fuzzing Tools by by Gadi Evron and Noam Rathaus. Gray Hat Python by Justin Seitz. Note: Chapter(s) in the following books are dedicated to fuzzing. The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 ) by Chris Anley, Dave Aitel, David Litchfield and others. iOS Hacker's Handbook - Chapter 1 Charles Miller, Dino DaiZovi, Dion Blazakis, Ralf-Philip Weinmann, and Stefan Esser. IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler Courses Courses/Training videos on fuzzing Free NYU Poly ( see videos for more ) - Made available freely by Dan Guido. Samclass.info ( check projects section and chapter 17 ) - by Sam. Modern Binary Exploitation ( RPISEC ) - Chapter 15 - by RPISEC. Offensive Computer Security - Week 6 - by W. Owen Redwood and Prof. Xiuwen Liu. Paid Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE ) SANS 660/760 Advanced Exploit Development for Penetration Testers Exodus Intelligence - Vulnerability development master class Videos Videos talking about fuzzing techniques, tools and best practices NYU Poly Course videos Fuzzing 101 (Part 1) - by Mike Zusman. Fuzzing 101 (Part 2) - by Mike Zusman. Fuzzing 101 (2009) - by Mike Zusman. Fuzzing - Software Security Course on Coursera - by University of Maryland. Conference talks and tutorials Youtube Playlist of various fuzzing talks and presentations - Lots of good content in these videos. Browser bug hunting - Memoirs of a last man standing - by Atte Kettunen Coverage-based Greybox Fuzzing as Markov Chain Tutorials and Blogs Tutorials and blogs which explain methodology, techniques and best practices of fuzzing [2016 articles] Effective File Format Fuzzing - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London A year of Windows kernel font fuzzing Part-1 the results - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers. A year of Windows kernel font fuzzing Part-2 the techniques - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers. Interesting bugs and resources at fuzzing project - by fuzzing-project.org. Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry. A gentle introduction to fuzzing C++ code with AFL and libFuzzer - by Jeff Trull. A 15 minute introduction to fuzzing - by folks at MWR Security. Note: Folks at fuzzing.info has done a great job of collecting some awesome links, I'm not going to duplicate their work. I will add papers missed by them and from 2015 and 2016. Fuzzing Papers - by fuzzing.info Fuzzing Blogs - by fuzzing.info Root Cause Analysis of the Crash during Fuzzing - by Corelan Team. Root cause analysis of integer flow - by Corelan Team. Creating custom peach fuzzer publishers - by Open Security Research 7 Things to Consider Before Fuzzing a Large Open Source Project - by Emily Ratliff. From Fuzzing to Exploit: From fuzzing to 0-day - by Harold Rodriguez(@superkojiman). From crash to exploit - by Corelan Team. Peach Fuzzer related tutorials Getting Started with Peach Fuzzing with Peach Part 1 - by Jason Kratzer of corelan team Fuzzing with Peach Part 2 - by Jason Kratzer of corelan team. Auto generation of Peach pit files/fuzzers - by Frédéric Guihéry, Georges Bossert. AFL Fuzzer related tutorials Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry. Fuzzing capstone using AFL persistent mode - by @toasted_flakes RAM disks and saving your SSD from AFL Fuzzing Bug Hunting with American Fuzzy Lop Advanced usage of American Fuzzy Lop with real world examples Segfaulting Python with afl-fuzz Fuzzing Perl: A Tale of Two American Fuzzy Lops Fuzzing With AFL-Fuzz, a Practical Example ( AFL vs Binutils ) The Importance of Fuzzing...Emulators? How Heartbleed could've been found Filesystem Fuzzing with American Fuzzy lop Fuzzing Perl/XS modules with AFL How to fuzz a server with American Fuzzy Lop - by Jonathan Foote libFuzzer Fuzzer related tutorials libFuzzer Tutorial libFuzzer Workshop: "Modern fuzzing of C/C++ Projects" Spike Fuzzer related tutorials Fuzzing with Spike to find overflows Fuzzing with Spike - by samclass.info FOE Fuzzer related tutorials Fuzzing with FOE - by Samclass.info SMT/SAT solver tutorials Z3 - A guide - Getting Started with Z3: A Guide Tools Tools which helps in fuzzing applications File Format Fuzzers Fuzzers which helps in fuzzing file formats like pdf, mp3, swf etc., MiniFuzz - Basic file format fuzzing tool by Microsoft. BFF from CERT - Basic Fuzzing Framework for file formats. AFL Fuzzer (Linux only) - American Fuzzy Lop Fuzzer by Michal Zalewski aka lcamtuf Win AFL - A fork of AFL for fuzzing Windows binaries by Ivan Fratic Shellphish Fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality. TriforceAFL - A modified version of AFL that supports fuzzing for applications whose source code not available. Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers. MozPeach - A fork of peach 2.7 by Mozilla Security. Failure Observation Engine (FOE) - mutational file-based fuzz testing tool for windows applications. rmadair - mutation based file fuzzer that uses PyDBG to monitor for signals of interest. honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage. Supports GNU/Linux, FreeBSD, Mac OSX and Android. zzuf - A transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. radamsa - A general purpose fuzzer and test case generator. binspector - A binary format analysis and fuzzing tool Network Protocol Fuzzers Fuzzers which helps in fuzzing applications which use network based protocals like HTTP, SSH, SMTP etc., Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers. Sulley - A fuzzer development and fuzz testing framework consisting of multiple extensible components by Michael Sutton. boofuzz - A fork and successor of Sulley framework. Spike - A fuzzer development framework like sulley, a predecessor of sulley. Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules. Nightmare - A distributed fuzzing testing suite with web administration, supports fuzzing using network protocols. rage_fuzzer - A dumb protocol-unaware packet fuzzer/replayer. Misc Other notable fuzzers like Kernel Fuzzers, general purpose fuzzer etc., KernelFuzzer - Cross Platform Kernel Fuzzer Framework. honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options. Hodor Fuzzer - Yet Another general purpose fuzzer. libFuzzer - In-process, coverage-guided, evolutionary fuzzing engine for targets written in C/C++. syzkaller - Distributed, unsupervised, coverage-guided Linux syscall fuzzer. ansvif - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code. Taint Analysis How user input affects the execution PANDA ( Platform for Architecture-Neutral Dynamic Analysis ) QIRA (QEMU Interactive Runtime Analyser) Symbolic Execution SAT and SMT Solvers Z3 - A theorem prover from Microsoft Research. SMT-LIB - An international initiative aimed at facilitating research and development in Satisfiability Modulo Theories (SMT) References I haven't included some of the legends like AxMan, please refer the following link for more information.https://www.ee.oulu.fi/research/ouspg/Fuzzers Essential Tools Tools of the trade for exploit developers, reverse engineers Debuggers Windbg - The preferred debugger by exploit writers. Immunity Debugger - Immunity Debugger by Immunity Sec. OllyDbg - The debugger of choice by reverse engineers and exploit writers alike. Mona.py ( Plugin for windbg and Immunity dbg ) - Awesome tools that makes life easy for exploit developers. x64dbg - An open-source x64/x32 debugger for windows. Evan's Debugger (EDB) - Front end for gdb. GDB - Gnu Debugger - The favorite linux debugger. PEDA - Python Exploit Development Assistance for GDB. Radare2 - Framework for reverse-engineering and analyzing binaries. Disassemblers and some more Dissemblers, disassembly frameworks etc., IDA Pro - The best disassembler binnavi - Binary analysis IDE, annotates control flow graphs and call graphs of disassembled code. Capstone - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Others ltrace - Intercepts library calls strace - Intercepts system calls Vulnerable Applications Exploit-DB - https://www.exploit-db.com (search and pick the exploits, which have respective apps available for download, reproduce the exploit by using fuzzer of your choice) PacketStorm - https://packetstormsecurity.com/files/tags/exploit/ Fuzzgoat - Vulnerable C program for testing fuzzers. Samples files for seeding during fuzzing: https://files.fuzzing-project.org/ PDF Test Corpus from Mozilla MS Office file format documentation Fuzzer Test Suite - Set of tests for fuzzing engines. Includes different well-known bugs such as Heartbleed, c-ares $100K bug and others. Anti Fuzzing Introduction to Anti-Fuzzing: A Defence In-Depth Aid Contributing Please refer the guidelines at contributing.md for details. Thanks to the following folks who made contributions to this project. Tim Strazzere jksecurity Sursa: https://github.com/secfigo/Awesome-Fuzzing/blob/master/README.md
  44. 3 points
    ‘Ghost Telephonist’ Attack Exploits 4G LTE Flaw to Hijack Phone Numbers By Waqas on July 31, 2017 Email @hackread According to UnicornTeam, a group of Chinese researchers from country’s leading security firm 360 Technology, there is a dangerous vulnerability in 4G LTE network’s Circuit Switched Fallback (CSFB) which allows hackers to hijack cell phone numbers. Unicorn Team demonstrated the findings (PDF) on Sunday at the Black Hat USA 2017 hacker summit. As per the team of researchers, CSFB’s authentication step is missing from its procedure, which can allow easy access to hackers to the phone. At the summit, Unicorn Team created a situation where a hacker could use a stolen mobile number to reset the password of a Google account. Once the phone was hijacked, all that was required to be done was to sign in to the Google Email account and click on “Forget the Password.” Huang Lin, a wireless security researcher of the team, told Chinese news site Xinhua that this particular flaw could be exploited to carry out different kinds of hack attacks. “Several exploitations can be made based on this vulnerability – We have reported this vulnerability to the Global System for Mobile Communications Alliance(GSMA),” said Lin. We do know that Google sends a verification code to the mobile before allowing password reset. If hackers have hijacked the mobile, they could easily intercept the message and get the code to reset the account’s password. All this would take place without the knowledge of the victim, and the phone will remain online in 4G network. Since a majority of internet app accounts also use the same method for resetting the password, therefore, an attacker can easily initiate the password reset process using the phone number. Moreover, attackers can perform other actions too like starting a call or sending an SMS on behalf of the victim. Using the victim’s phone number, attackers can launch advanced attacks as well. The victim will remain clueless because neither 2G nor 4G fake base station is utilized and cell re-selection is also not conducted. Attackers sometimes target a selected victim, or they may launch an attack against a randomly chosen victim. To counter the Ghost Telephonist attack, also dubbed as the Evil Attack, various measures were proposed by the team. The team is also collaborating with operators, internet service providers and terminal manufacturers for eliminating the vulnerability. They already notified the Global System for Mobile Communications Alliance (GSMA) about this flaw. WATCH THE DEMO VIDEO BELOW Sursa: https://www.hackread.com/ghost-telephonist-attack-exploits-4g-lte-flaw-to-hijack-phone-numbers/
  45. 3 points
    "inurl: *.site.com" in secolul 21. https://github.com/fathom6/2017-BSidesLV-Modern-Recon/blob/master/Modern Internet Scale Reconnaisance.pdf
  46. 3 points
    Salut, GCC nu este un crypter: https://gcc.gnu.org/ Pune aici un link cu fisierul.
  47. 3 points
    Aveti aici si articolul aferent exploitului, cu detalii pentru cei interesati: http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
  48. 3 points
    Cateva sugestii (nu sunt toate necesare, doar daca esti paranoia): - PermitRootLogin no - Nume utilizator non-standard (evita admin, system etc.) - Port non-standard (poate chiar in range-ul de porturi dinamice) - Fail2Ban - Autentificare SSH cu chei - Firewall (deschide portul SSH doar catre un IP - daca ai IP static) - Autentificare SSH in doi pasi (two-factor auth)
  49. 3 points
  50. 3 points
×