Leaderboard

Salutari, Am uploadat zilele astea ~ 30 GB de carti (IT, Electronica si altele.) Cand o sa-mi mai fac ceva timp liber o sa mai completez cu altele noi. Am in jur de 300-400 Gb de carti, adunate de prin 1996-1997 pana acum. IT => Index of /IT/ Electronica, Instalatii electrice, etc => Index of /Electrotehnica/ * => Index of /Biblioteca/ Este autoindex si se poate vedea totul oricum. Index of / In directorul "Incoming" o sa adaug docs noi. Dupa sortarea acestora, vor disparea din acel director temporar si o sa apara la categoria lor. Vedem cum merge treaba si eventual poate pun la dispozitie un server cu rsync pentru cei care doresc sa aiba aceasta colectie adusa la zi. Nota: Rog un moderator sa mute acest thread intr-o categorie potrivita.

Conclusions on Windows Security Account Manager In the previous post of this series, I briefly explained what the Windows Security Account Manager (SAM) is, how to dump Windows local users' password hashes from SAM having physical access to the target system or following a remote compromise of the machine, post-exploitation. Remotely, there exist three possible techniques: legacy, volume shadow copies and in-memory dump. Lastly, I highlighted the most widely used tools for the in-memory hashes dump and I collected and released them in this spread-sheet along with other tools that I will discuss later. I want to reiterate the following concept: given file transfer ability between your machine and the target system, always prefer to copy the SAM and SECURITY files over from the target and extract the password hashes offline afterwards. Although, this safe approach to password hashes dump does not guarantee that you are going to obtain all Windows local accounts' hashes. If you suspect that this is case, you will have to dump the hashes via in-memory dump and merge the results. Odd, but I have seen this happening quite a few times already and I am still discussing standalone Windows workstations, not part of a Windows domain. Preferred tools Personally, my first choice for standalone SAM hashes dump is pwdump7: it works on all Windows version from 2000 on both 32-bit and 64-bit systems. However, this tool does not perform a real in-memory dump and could miss out hashes. I always run two or three tools to avoid this from happening: fgdump, gsecdump and PWDumpX along with pwdump7 cover both techniques across all Windows versions and architecture and carefully launched once at a time should not crash the LSASS process. When I have got a Metasploit Meterpreter shell onto the system, I rely on the post-exploitation module smart_hashdump by Carlos Perez, falling back to its predecessor post-exploitation module hashdump when it fails. Active Directory Definition from Wikipedia: This definition comes into play when you have compromised a system part of a Windows domain. In order to quickly extend your control over the whole domain, the goal is to compromise the root domain controller. If you are within a child domain, the final goal is to achieve Enterprise Domain Administrator level access onto the root domain controller of the Windows forest's parent domain. There are plenty of resources on the Internet discussing domain escalation and this is out of the scope of this post series. A blog post that summarizes the best techniques and goes straight to the point is written by pentestmonkey.net. Alternatively, you can pass the local users' hashes obtained from your entry point machines to keimpx and spray them against the domain controllers: if the system administrator reuses the same local Administrator password across all machines, you are in! Regardless of how you have compromised a domain controller, preferably the root domain controller as it is the first to get updated with changes to user accounts, the important is that you have got an administrator (local or domain) shell onto it. Database file NTDS.DIT The goal now is to dump the domain users' password hashes. These are stored, along with nearly all the information that is accessible in the Active Directory (user objects, groups, membership information, etc), in a binary file, %SystemRoot%\ntds\NTDS.DIT. This file is locked by the system. You can use the volume shadow copies technique illustrated in the previous post to copy it along with the SYSTEM file over to your machine. Alternatively, use the ntdsutil snapshot facility introduced in Windows Server 2008. It will create a snapshot of the active directory database allowing you to copy ntds.dit and SYSTEM file. This technique is detailed on a Microsoft TechNet article. Extract hashes from NTDS.DIT You can use the passcape's Windows Password Recovery tool to extract hashes from ntds.dit. Alternatively, you can use a couple of tools (ntds_dump_hash.zip) developed by Csaba Barta and documented in his paper titled Research paper about offline hash dump and forensic analysis of ntds.dit. These tools are used to: Extract the required data from ntds.dit: esedbdumphash. Decrypt the hashes and interpreting other information regarding the user account: dsdump.py, dsdumphistory.py, dsuserinfo.py. Download and compile the tool: wget http://csababarta.com/downloads/ntds_dump_hash.zip unzip ntds_dump_hash.zip cd libesedb ./configure && make Use esedbdumphash to extract the datatable from ntds.dit: cd esedbtools ./esedbdumphash -v -t /tmp/output $ ls -1 /tmp/output.export/ datatable Use dsdump.py to dump the hashes from the datatable file using the bootkey (SYSKEY) from the SYSTEM hive: cd ../../creddump/ chmod +x *.py ./dsuserinfo.py /tmp/output.export/datatable ./dsdump.py /tmp/output.export/datatable --include-locked --include-disabled > domain_hashes.txt Like standalone machines, you can use the in-memory technique too to dump the domain users' hashes. The tools are the same and work equally. Just be cautious when injecting into the LSASS process of a domain controller: in the worst case scenario, you will have to reboot an infrastructure-critical server. I have added these tools and improved the spread-sheet. Sursa

Aici gasiti toate site-urile de Hacking din "Lume" si cele mai bune... LinkBase

Poti castiga bani doar stand cu ochii pe Google si Mozilla. Nu e gluma! Stiai ca Google si Mozilla ii rasplatesc pe cei care raporteaza vulnerabilitati? In urma cu cateva saptamani, Mozilla a ridicat premiul la 3.000 de dolari pentru bug-uri depistate pe Firefox si considerate "majore", in timp ce reprezentantii Google i-au rasplatit pe utilizatorii care au stat cu ochii pe Chrome cu 3.133 de dolari. Pentru a-i impulsiona pe "hackerii plictisiti" si pe "geniile in software" sa dea o mana de ajutor la depistarea problemelor de securitate sau a oricarei alte vulnerabilitati a browserului Chrome, cei de la Google au decis sa urce bonusul la 3.133 de dolari. Iar aceasta mutare nu a fost cea care a spart gheata, ci vine dupa ce Mozilla a anuntat ca ofera recompense de 3.000 de dolari pentru aceleasi indeletniciri ale utilizatorilor. Vizate sunt produse ca: browserul Firefox, clientul de e-mail Thunderbird, versiunea mobila a Firefox si alte softuri. Desigur, "cercetasii" trebuie sa descopere probleme "majore", altfel isi pot lua gandul de la miile de dolari de la Mozilla. In schimb, Google ofera in continuare 500 de euro pentru bug-uri "obisnuite". Cei de la Microsoft nu sunt la fel de darnici cu utilizatorii care fac asemenea descoperiri. "Nu credem ca astfel de bonusuri sunt cea mai buna modalitate de a-i recompensa pe cei care descopera probleme de securitate", spune Mike Reavey, director la Microsoft Security Research Center. "Nu toata lumea se preda in fata stimulentelor de natura financiara", argumenteaza el pozitia companiei. Asta desi majoritatea expertilor considera ca hackerii lanseaza atacuri in primul rand pentru a obtine beneficii banesti, iar motivandu-i pe utilizatori sa-si canalizeze energiile in alta directie ar putea reduce frecventa ofensivelor cibernetice. Bug-urile browserelor valoreaza foarte mult pe piata neagra, de pilda, unde sunt cautate de atacatori pentru a infiltra softuri malitioase in computere. Mozilla spera ca suma oferita, 3.000 de dolari, este suficient de tentanta, astfel incat cei care detecteaza o problema de securitate sa o raporteze direct companiei. "In America de Nord, 3.000 de dolari reprezinta un mizilic. Dar in alte parti ale lumii inseamna un castig frumusel, iar contributiile ne vin din multe tari", afirma Johnathan Nightingale, directorul departamentului de dezvoltare al Firefox. Ca unii dintre utilizatori nu sunt interesati de latura financiara o arata chiar cifrele. Dintre cei care au descoperit pana acum probleme grave de securitate pentru Mozilla, 10% pana 15% au refuzat recompensa. "Multi spun: ‘Donati banii Fundatiei Electronic Frontier sau trimiteti-mi un tricou si atat’", explica Nightingale, adaugand totusi ca "programul a fost un adevarat succes" si ca Mozilla este foarte multumita de rezultate. De altfel, multe alte companii de software iau in considerare implementarea unor sisteme proprii de recompense, sustin dezvoltatorii Mozilla. Erorile Mozilla pot fi raportate pe pagina bugzilla, iar Google iti explica pe pagina proprie ce e de facut daca gasesti o problema Sursa:http://www.incont.ro/it-c/poti-castiga-bani-doar-stand-cu-ochii-pe-google-si-mozilla.html

PHPBB 3.0 0day DOWNLOAD: http://www.multiupload.com/L1483HY371

VDS/VPS in Germany from 0.98$ a month. FREE nu se gaseste deloc...