Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 06/21/19 in Posts

  1. 8 points
    Sa va dau la muie. Sunteti amandoi prosti, facuti gramada.
  2. 7 points
    Cam liniste pe aici
  3. 6 points
    Daca ti-ai cumparat si camera buna te poti apuca de videochat.
  4. 6 points
    Scuze frate, de abea am venit de pe baltă. Ca sa compensez pentru intarziere, al doilea cod e din partea casei.
  5. 5 points
    După ce faceți muncă pe 2 lei, mai luați și țeapă. Bravo, așa meritați.
  6. 5 points
    Salutare all, In curand lansam acesta conferinta in Bucuresti, 17-18 Octombrie. HTZ pune accent foarte mare pe Ethical Hacking, iar dupa cum stim din ce in ce mai des apar incidente majore in industrie (data breaches or damage). Noi ne deosebim fata de alte conferinte prin challenge-urile de pen-testing, facute in totalitate de staff-ul nostru. Prin aceste challenge-uri va punem la incercare creativitatea si totodata skill-urile voastre de: pen-testing, scripting, social engineering, crypto si multe altele. Scopul nostru este va aruncam in mijlocul actiunii, sa ne indepartam putin de platformele online, sa interactionam mai mult face to face, sa ne cunoastem si altfel ... nu doar dupa NickName :). Challenge-urile incep in data de 11-12 Octombrie si o sa fie nevoie de deplasare prin Bucuresti, in diferite Geo Locations pentru a finaliza challenge-urile. Fiecare challenge te va ghida catre alt challenge! Evident, exista niste reguli pentru aceste challenge-uri, aceste reguli se regasesc pe website-ul nostru https://www.hackthezone.com/tickets/rules-and-tactics . La finalul acestor challenge-uri, ne vedem cu totii la conferinta din data de 17-18 Octombrie, in Crystal Palace Ballrooms, Calea Rahovei 198A, Sector 5. Da, o sa fim si noi pe scena sa va prezentam fiecare challenge cum trebuia rezolvat (walkthrough scenarios) si decernarea premiului. Premiul este luat de o singura persoana, the best of the best! Poti sa participi si cu echipa. Nu este nici o problema, dar tot cel mai bun timp facut de o persoana o sa fie premiat :D la final ... va impartiti voi premiul. La conferinta o sa avem mai speakers de top ce vor ilustra diferinte puncte de vedere despre IT Security, cum evolueaza atacatorii, cum am putea sa ne aparam mai bine si nu numai. Biletele pot fi achizitionate de aici : https://www.iabilet.ro/bilete-hackthezone-conference-challenges-43985 Website-ul nostru o sa fie in permanentat actualizat, iar mici detalii pot fie modificate sau imbunatatite. Pentru intrebari sau nelamuriri, puteti sa ne gasiti si pe canalul nostru de Slack la : https://www.hackthezone.com/slack . Have fun! AlexHTZ
  7. 4 points
    Git All the Payloads! A collection of web attack payloads. payloads Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists - https://github.com/danielmiessler/SecLists xsuperbug - https://github.com/xsuperbug/payloads NickSanzotta - https://github.com/NickSanzotta/BurpIntruder 7ioSecurity - https://github.com/7ioSecurity/XSS-Payloads shadsidd - https://github.com/shadsidd shikari1337 - https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/ xmendez - https://github.com/xmendez/wfuzz minimaxir - https://github.com/minimaxir/big-list-of-naughty-strings xsscx - https://github.com/xsscx/Commodity-Injection-Signatures TheRook - https://github.com/TheRook/subbrute danielmiessler - https://github.com/danielmiessler/RobotsDisallowed FireFart - https://github.com/FireFart/HashCollision-DOS-POC HybrisDisaster - https://github.com/HybrisDisaster/aspHashDoS swisskyrepo - https://github.com/swisskyrepo/PayloadsAllTheThings 1N3 - https://github.com/1N3/IntruderPayloads cujanovic - https://github.com/cujanovic/Open-Redirect-Payloads cujanovic - https://github.com/cujanovic/Content-Bruteforcing-Wordlist cujanovic - https://github.com/cujanovic/subdomain-bruteforce-list cujanovic - https://github.com/cujanovic/CRLF-Injection-Payloads cujanovic - https://github.com/cujanovic/Virtual-host-wordlist cujanovic - https://github.com/cujanovic/dirsearch-wordlist lavalamp- - https://github.com/lavalamp-/password-lists arnaudsoullie - https://github.com/arnaudsoullie/ics-default-passwords scadastrangelove - https://github.com/scadastrangelove/SCADAPASS jeanphorn - https://github.com/jeanphorn/wordlist j3ers3 - https://github.com/j3ers3/PassList nyxxxie - https://github.com/nyxxxie/awesome-default-passwords foospidy - https://github.com/foospidy/web-cve-tests OWASP dirbuster - https://www.owasp.org/index.php/DirBuster fuzzing_code_database - https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database JBroFuzz - https://www.owasp.org/index.php/JBroFuzz Other xss/ismailtasdelen.txt - https://github.com/ismailtasdelen/xss-payload-list xss/jsf__k.txt - http://www.jsfuck.com/ xss/kirankarnad.txt - https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester xss/packetstorm.txt - https://packetstormsecurity.com/files/112152/Cross-Site-Scripting-Payloads.html xss/smeegessec.com.txt - http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html xss/d3adend.org.txt - http://d3adend.org/xss/ghettoBypass xss/soaj1664ashar.txt - http://pastebin.com/u6FY1xDA xss/billsempf.txt - https://www.sempf.net/post/Six-hundred-and-sixty-six-XSS-vectors-suitable-for-attacking-an-API.aspx (http://pastebin.com/48WdZR6L) xss/787373.txt - https://84692bb0df6f30fc0687-25dde2f20b8e8c1bda75aeb96f737eae.ssl.cf1.rackcdn.com/--xss.html xss/bhandarkar.txt - http://hackingforsecurity.blogspot.com/2013/11/xss-cheat-sheet-huge-list.html xss/xssdb.txt - http://xssdb.net/xssdb.txt xss/0xsobky.txt - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot xss/secgeek.txt - https://www.secgeek.net/solutions-for-xss-waf-challenge/ xss/reddit_xss_get.txt - All XSS GET requests from https://www.reddit.com/r/xss (as of 3/30/2016) xss/rafaybaloch.txt - http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html xss/alternume0.txt - https://www.openbugbounty.org/reports/722726/ xss/XssPayloads - https://twitter.com/XssPayloads sqli/camoufl4g3.txt - https://github.com/camoufl4g3/SQLi-payload-Fuzz3R/blob/master/payloads.txt sqli/c0rni3sm.txt - http://c0rni3sm.blogspot.in/2016/02/a-quite-rare-mssql-injection.html sqli/sqlifuzzer.txt - https://github.com/ContactLeft/sqlifuzzer/tree/master/payloads sqli/harisec.txt - https://hackerone.com/reports/297478 sqli/jstnkndy.txt - https://foxglovesecurity.com/2017/02/07/type-juggling-and-php-object-injection-and-sqli-oh-my/ sqli/d0znpp.txt - https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f sqli/libinjection-bypasses.txt - https://gist.github.com/migolovanov/432fe28c8c7e9fa675ab3903c5eda77f traversal/dotdotpwn.txt - https://github.com/wireghoul/dotdotpwn codeinjection/fede.txt - https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/ commandinjection/ismailtasdelen-unix.txt - https://github.com/ismailtasdelen/command-injection-payload-list commandinjection/ismailtasdelen-windows.txt - https://github.com/ismailtasdelen/command-injection-payload-list ctf Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated. maccdc2010.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC maccdc2011.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC maccdc2012.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC ists12_2015.txt - Information Security Talent Search (http://ists.sparsa.org/), source: http://www.netresec.com/?page=ISTS defcon20.txt - DEFCON Capture the Flag (https://www.defcon.org/html/links/dc-ctf.html), source: http://www.netresec.com/?page=PcapFiles Miscellaneous XSS references that may overlap with sources already included above: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet http://htmlpurifier.org/live/smoketests/xssAttacks.php Download Link : https://github.com/foospidy/payloads?fbclid=IwAR3jUysqvmVlpUCiAPY13mqJ1tCOc87omdE3x_81ReH0TC_myN6754EJmRw
  8. 4 points
    Deci pana la urma cine e prostu? Tu ca nu te informezi sau noi ca ne bateam pula de tine pe buna dreptate?
  9. 4 points
    Vezi ca oricine poate face videochat, nu doar aitistii.
  10. 4 points
    Writing shellcodes for Windows x64 On 30 June 2019 By nytrosecurity Long time ago I wrote three detailed blog posts about how to write shellcodes for Windows (x86 – 32 bits). The articles are beginner friendly and contain a lot of details. First part explains what is a shellcode and which are its limitations, second part explains PEB (Process Environment Block), PE (Portable Executable) file format and the basics of ASM (Assembler) and the third part shows how a Windows shellcode can be actually implemented. This blog post is the port of the previous articles on Windows 64 bits (x64) and it will not cover all the details explained in the previous blog posts, so who is not familiar with all the concepts of shellcode development on Windows must see them before going further. Of course, the differences between x86 and x64 shellcode development on Windows, including ASM, will be covered here. However, since I already write some details about Windows 64 bits on the Stack Based Buffer Overflows on x64 (Windows) blog post, I will just copy and paste them here. As in the previous blog posts, we will create a simple shellcode that swaps the mouse buttons using SwapMouseButton function exported by user32.dll and grecefully close the proccess using ExitProcess function exported by kernel32.dll. Articol complet: https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
  11. 4 points
    Salutare, Acum ceva timp Kfollow a făcut acest topic topic în care mă acuza de faptul că sunt țepar. După incidentul respectiv am decis să ignor situația deoarece eu știam ce am livrat și că nu mi-am bătut joc de el. Cu toate aceste lucruri KFollow a continuat mai apoi cu tot felul de amenințări pe Facebook la adresa iubitei mele și alte lucruri de acest gen, însa acestea sunt detalii irelevante. Ce este relevant este faptul că recent un alt membru de aici, mi s-a plâns recent de el ( De @Kfollow) că acesta i-a dat țeapă. Dupa un mic research @Kfollow este de fapt un utilizator destul de vechi de pe RST. Numele lui este Stan Alexandru Cosmin, poate ati auzit de el. De unde știu că el este acesta? Ei bine, cu mine a discutat de pe contul lui de Facebook "Alexandru Cosmin Aris". Ca și dovadă pentru asta, aici se află un screenshot cu o conversație de a mea cu el: https://i.imgur.com/dv4LL4p.png conversația nu este prea relevantă, însă fix aceeași conversație apare postată de el în topicul în care mă acuză el pe mine. Am lăsat acel screenshot aici ca să dovedesc că îi aparține contul de Facebook. Dacă dăm un mic search pe Google cu numele lui, găsim următoarele: http://forum.seopedia.ro/bar-lobby/35485-teapa-sau-nu.html https://www.roforum.net/threads/ameninţare-firmă-seo-beseo-ro.6137 Iar aici pe RST găsim următoarele despre el: Strategia lui este una destul de simplă. Îi pune pe oameni să muncească, iar apoi îi acuză de țeapă ca să nu-i mai plătească. În cazul meu i-am livrat 90% din aplicație cum am spus pentru 100 Euro, și pentru a nu mă plătii cu restul, s-a decis să mă acuze de țeapă. În cazul meu a avut puțin noroc deoarece în general încerc să nu pierd timp pe astfel de tâmpenii, iar suma era prea mică cât sa-mi bat capul. Ce mi se pare că depășește orice limită este că acesta lasă comentarii cu amenintări iubitei mele pe Facebook, și vorbește cu membrii de aici spunându-le că-mi face nu știu ce plângeri. Toate aceste lucruri cu scopul ca eu să-i returnez înapoi chiar și acei 100 euro. Atât am avut de spus. Oi fi eu țigan dar țepar nu sunt .
  12. 4 points
  13. 4 points
    Ne doare-n PULA! Deja ma plictisiti cu discutiile voastre intelectuale. @Kfollow tu esti bre Alexandru Cosmin Stan? Futu-te sa te futa de tepar. Nu la faza asta, dar la fazele cu aelius. Hai gata cu vrajeala! @c3m3d3 sa te inveti minte sa cauti persoanele pentru care lucrezi inainte. Sa-ti respecti termenele si sa nu mai umblii cu vrajeli ca si tu ai fost mare bulangiu. @Kfollow sa te inveti sa nu mai fii tigan. Nu zic la faza asta, dar se pare din ce a aparut ca esti un jeg libidinos. Poate va ganditi sa va certati prin PM. sau mai bine poate va linistiti, pizda ma-sii va trebie voua sute de euro. Asa e viata mai iei si teapa. Eu cand mi-am luat teapa nu am venit la altii sa plang. Te inveti minte si taci din gura.
  14. 4 points
    #Tutoriale Video #OSCP Prep - PWK - Penetration with Kali - Offensive Security #Information Security #CTF's #Hints & Tuts Weekly Uploads Link : https://www.youtube.com/channel/UCGGUum0880LJxnwLA8wJbNw
  15. 3 points
    Omu vrea un cod, nu-i da nimeni?
  16. 3 points
    Poti spune si aici despre ce e vorba. Cand postezi ceva, asigura-te ca lasi detalii pentru toti utilizatorii, de aceea s-a facut categoria locuri de munca. Nu exista proiecte private, doar tepari. De fiecare data apare unul pe aici care face pe programatorul si unul care cauta. Lasati aici sa vedem si noi despre ce e vorba.
  17. 3 points
    VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combine the issues mentioned below with a bug in Chromium to escape its sandbox. Link : https://www.exploit-db.com/exploits/47115
  18. 3 points
    Am facut un mic update la MultiEncoder.com (fostul Krypton). Interfata e schimbata si a fost rescris cu Vue in loc de jQuery. Ar trebui sa performeze mai bine la string-uri mari. Codul sursa se poate gasi pe GitHub, aici. https://multiencoder.com/#rst+powa Anuntati-ma daca gasiti bug-uri sau sugestii.
  19. 3 points
    Updates: - Adaugata o tema albicioasa; - Adaugat suport de mapat starile cipherelor in URL. https://multiencoder.com/#Oi, this be great!|1,1,1,1,1:1,1,1,1,1,1,1,1,1,1
  20. 3 points
    Da Ia tată! Să-ți fie de bine.
  21. 3 points
  22. 3 points
    Stan Alexandru Cosmin din Giurgiu (@Kfollow aici), tu dai de ani de zile tepe cu munca pe rst, esti handicapat (si chiar ai un handicap fizic. nu o sa pun poze cu tine aici, acum). Veziti in pula mea de saracia ta si de boala ta, ai dat tepe la n useri. Te duci in cap daca se pun toti userii pe care i ai ars sa iti faca reclamatii la Politie. sau daca intra peste ma-ta in casa. Tu realizeaza ca mai sunt si oameni puternici aici, nu toti sunt cocosati cu ecuson la gat si cu par crescut pe gat care lucreaza la corporatie. Eu nu inteleg cum ai tupeu sa dai tepe cu numele tau real, asta e cam cea mai proasta combinatie pe care o puteai face. Sau te da cineva in judecata pentru o teapa de-aia de 200 de lei de-a ta si te face kebab la tribunal. Sau te bate de față cu politia cum ii bate si pe parcangii, ca si tu esti ca si aia.
  23. 3 points
    Mai bine stergem topicurile astea de rahat. Se infesteaza forumul. Nu e vina noastra ca nu lucrati prin firme sau termeni clari
  24. 3 points
    Scanner pentru tumilsugi ai?
  25. 2 points
    Cand veti invata..in meseria asta nu exista asa ceva. Nu dai munca inainte sa vezi banii. Esti pe internet, nu-l opreste nimic sa nu mai plateasca.
  26. 2 points
    Astia de filelist sunt mai rari. Sper sa-ti faci treaba cu el.
  27. 2 points
    Link to PDF : https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-rdp-exposed-the-threats-thats-already-at-your-door-wp.pdf?fbclid=IwAR1Gj_oOa-2uuqEjqQCsO2l5nug2_LMPicIk-k3OQ1CDshpMThzQSmJTt18
  28. 2 points
    Nytro said: Inainte de a posta: - verifica data ultimului post, nu redeschide un topic fara un motiv serios - daca e cazul vezi mai intai ce zice prietenul Google - gandeste-te daca postul tau e util sau postezi doar ca sa te afli in treaba - asigura-te ca nu incalci regulile - fii atent la limbajul folosit, vorbeste frumos si cat mai corect gramatical - pentru orice problema legata de forum, contacteaza-ma
  29. 2 points
    Plin de frilensari. Sa moara jana bine-am ras. Bwahahahahahahaahahah
  30. 2 points
  31. 2 points
    Sunteti cei mai distrusi oameni in viata daca inca va chinuiti cu asa ceva dupa 7 ani.
  32. 2 points
    Formulat si mai corect: Hello, am si eu o intrebare idioata: Se pot adauga mai multe proxy-uri intr-un program? Peace
  33. 2 points
    Easy https://hackerone.com/directory?offers_bounties=true&order_direction=DESC&order_field=started_accepting_at
  34. 2 points
    Vrei un cod?
  35. 2 points
    Putin off-topic, daca-mi este permis. Intotdeauna am apreciat oamenii care se refera la instrumentele cu care fac femeile fericite (sau nu) ca fiind ceva divin, in consecinta, se apeleaza cu majuscula. KAPPA.
  36. 2 points
    http://matrimoniale.3xforum.ro/topic/2/Femei/
  37. 2 points
    Mi-e lene sa dau explicatii https://www.ericsson.com/en/events/eia/ericsson-innovation-awards-semi-finalists-2019 daca intelegi bine, daca nu intelegi tot bine ii.
  38. 2 points
    Rhino Security Labs is happy to announce the release of CloudGoat 2, the next generation of our “vulnerable by design” AWS deployment tool. Penetration testing in AWS is still very new. There is an absence of tools to aid in learning and practicing the wide spectrum of skills required to conduct a thorough AWS pentest. In other areas of pentesting, this isn’t a problem. For example, people interested in learning web application pentesting have many resources for directly learning and testing skills and techniques in a repeatable way. There are capture-the-flag competitions and vulnerable-by-design virtual machines or web applications that provide local sandboxed environments for learning. CloudGoat brings the same idea to the cloud and allows users to create intentionally vulnerable AWS environments based on vulnerabilities observed in the wild by Rhino Security Labs researchers. Link : https://rhinosecuritylabs.com/aws/introducing-cloudgoat-2/ Download link : https://github.com/RhinoSecurityLabs/cloudgoat
  39. 2 points
    python,selenium,proxies.
  40. 2 points
  41. 2 points
    Aici iti da toata lumea dreptate. Fie ca esti tigan sau nu Pana la urma, tu ai lucrat acolo ...
  42. 2 points
    Wild West Hackin' Fest 2017 Presented by Deviant Ollam: https://enterthecore.net/ Many organizations are accustomed to being scared at the results of their network scans and digital penetration tests, but seldom do these tests yield outright "surprise" across an entire enterprise. Some servers are unpatched, some software is vulnerable, and networks are often not properly segmented. No huge shocks there. As head of a Physical Penetration team, however, my deliverable day tends to be quite different. With faces agog, executives routinely watch me describe (or show video) of their doors and cabinets popping open in seconds. This presentation will highlight some of the most exciting and shocking methods by which my team and I routinely let ourselves in on physical jobs. ________________________________________________________________ While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a GSA certified safe and vault technician and inspector. At multiple annual security conferences Deviant runs the Lockpick Village workshop area, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th. Deviant's first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology's Science, Technology, & Society program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. While earning his BS degree at NJIT, Deviant also completed the History degree program at Rutgers University.
  43. 2 points
    Spam-uri si tentative de tepe trimise de Cosmin Alexandru Stan catre adrese de email generice (office at nume_domeniu). -
×
×
  • Create New...