Leaderboard

Download 103_top_shell rar, fast and secure downloading from crocko.com cGFzc3dvcmQgaGFja2ludHJ1dGhzIA==

Hacking Awards : Best of Year 2011 2011 has been labeled the “Year of the Hack” or “Epic #Fail 2011”. Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security. Every year there are always forward advancements in the tools and programs that can be used by the hackers. At the end of year 2011 we decided to give “The Hacker News Awards 2011“. The Hacker News Awards will be an annual awards ceremony celebrating the achievements and failures of security researchers and the Hacking community. The THN Award is judged by a panel of respected security researchers and Editors at The Hacker News. Year 2011 came to an end following Operation Payback and Antisec, which targeted companies refusing to accept payments to WikiLeak’s, such as, Visa and Amazon. Those attacks were carried out by Anonymous & Lulzsec. This year corporations, international agencies, and governments are now experiencing a flood of what is called Advanced Persistent Threats. APTs refer to a group of well-funded, highly capable hackers pursuing a specific agenda, often organized by a nation or State. Sony somehow pissed off the hacking group LulzSec, which downloaded information for millions of users, while posting to Sony’s system: “LulzSec was here you sexy bastards! Stupid Sony, so very stupid.“ The Hacker News Awards Categories & Winners 1.) Person of the Year : Julian Paul Assange He is, of course, the lean, tall, and pale 39-year-old Australian master hacker at the white-hot center of the whistle-blowing website WikiLeaks and, after revealing thousands of secret Afghan battlefield reports this week, the subject of investigation by U.S. authorities. 2011 could also be called the “Age of WikiLeaks”. Assange described himself in a private conversation as “the heart and soul of this organisation, its founder, philosopher, spokesperson, original coder, organizer, financier, and all the rest”. Wikileaks celebrate its 5th Birthday on 4th October 2011, for being only 5 years old they have done a remarkable and outstanding job of serving the people. The one thing most governments in the world have left off their agenda’s. Keep up the good work Wikileaks and we stand in support and behind you. 2.) Best Hacking Group of the Year 2011 : ANONYMOUS DECK THE HALLS AND BATTON DOWN THE SECURITY SYSTEMS…..THEY AIN’T GOIN AWAY! Anonymous hackers have gained world wide attention because of their hacktivism. Anonymous is not an organization. Anonymous has no leaders, no gurus, no ideologists. Anonymous has performed many operations like Attack on HBGary Federal, 2011 Bank of America document release, Operation Sony, Operation Anti-Security and lots more. Complete Coverage on all Anonymous related news is here. 3.) Best Whitehat hacker of the Year 2011 : CHARLIE MILLER CHARLIE SHOWS TUNA ISN’T THE ONLY THING TO PROFIT FROM! Charlie Miller is a former hacker who has become an information security consultant now working with the Department of Defense (DOD) and helping out with cyber security. He spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 he found a security hole in an iPhone’s or iPad’s security. Charlie Miller gets a kick of out defeating Apple’s security mechanisms, using his hacking skills to break into Macbooks and iPhones. 4.) Best Leak of the year 2011 : HBGARY FEDERAL EMAILS LEAKED BY ANONYMOUS GEE GREG, YOU THOUGHT WE JUST PLAYED WITH MATEL COMPUTERS! NOT!!!!! HBGary Federal who was helping the federal government track down cyber activists was itself hacked by the very same activists! Gotta love these guys. Through an elegant but by the numbers social engineering effort those fun fellas at Anonymous, hacked and publicly shamed poor little HBGary Federal. Massive reputation damage and tons of turn-over in executive leadership resulted. Anonymous released 27,000 emails from the server of Greg Hoglund, chief executive of the software security firm HBGary. They posted 50,000 emails of Aaron Barr from the CEO of its sister organization, HBGary Federal. They obtained the emails by hacking into Hoglund’s email. 5.) Best Defacement of the Year 2011 : DNS HIJACKING OF HIGH PROFILE SITES BY TURKGUVENLIGI TURKGUVENLIGI……..THE GIFT THAT KEEPS ON GIVING!! Turkguvenligi also known by the name “TG Hacker’ hacked some very high profile sites using DNS Hijacking. Sites included, Theregister.co.uk , Vodafone, Telegraph, Acer, National Geographic. He diverted visitors to a page declaring it was “World Hackers Day”. TurkGuvenligi has claimed credit for dozens of similar defacement attacks since late 2008. 6.) Craziest Hack of the year: INMOTION HOSTING (Over 700,000 Websites Hacked) BEWARE OF TIGER’S IN MOTION…….COMING TO YOUR WEBSITE SOON! InMotion’s data center got hit by the hacker that calls himself TiGER-M@TE, leaving a few hundred thousand website owners with nonfunctional pages and 700,000 web Pages defaced . He is also the one responsible for the attack carried out on Google Bangladesh. In our humble opinion, this is the craziest hack of the year. 7.) Malware of Year 2011 : DuQu ALAH CAN’T HELP IRAN…….NOT WITH DuQu ON THE LOOSE! This year was really hot on malware discovery and analysis. DuQu became the first known network modular rootkit. DuQu has flexibility for hackers to help remove and add new features quickly and without special effort. Some experts have doubts on relation between the Stuxnet and DuQu creators as they both aim for stealing and collecting data related to Iranian agencies activities. 8.) Best Hacking Tool of the Year 2011 – ANTI (Android Network Toolkit) HEY CYBER WORLD, STICK THIS IN YOUR TOOL BELT! ANTI is the smallest but most powerful hacking tool developed by the company Zimperium. Anti-Android Network Toolkit is an app that uses WiFi scanning tools to scan networks. You can scan a network that you have the phone connected to or you can scan any other nearby open networks. Security admins can use Anti to test network host vulnerabilities for DoS attacks and other threats. Features : OS detection, traceroute, port connect, Wi-Fi monitor, HTTP server, man-in-the-middle threats, remote exploits, Password Cracker and DoS attack and plugins. 9.) High Profile Hacker of the Year 2011 : LULZSEC LULZSEC KEEPS US LAUGHING ALL THROUGH 2011! Lulz Security, commonly abbreviated as LulzSec, is a computer hacker group that claims responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. The group’s first recorded attack was against Fox.com’s website. LulzSec does not appear to hack for financial profit. The group’s claimed main motivation is to have fun by causing mayhem. They do things “for the lulz” and focus on the possible comedic and entertainment value of attacking targets. 10.) Biggest Victim of the Year 2011 : SONY SONY SHINES AS THE BIGGEST VICTIM OF ALL! Sony gets the Most Epic fail award so we want to give the Best Victim of the year award to Sony. Almost all Sony’s websites including Indonesia, Japan, Thailand, Greece, Canada, Netherlands, Europe, Russia, Portugal & Sony PlayStation Network were Hacked. Defacement of various domains of Sony and Personal information of 77 million people, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, user names, online handles and possibly credit cards were exposed. Sony expects the hack of the PlayStation Network and cost at ¥14 billion (US$170 million) . 11.) Most Spamy Social Network : FACEBOOK FACEBOOK OUTTA FACE IT……..IT’S A RIPE TARGET FOR 2012 Social network sites such as Facebook, Google+ or Twitter are gaining popularity. But the ‘Web 2.0? presents new dangers. The wave of pornographic and violent images, Spam messages, Virus and various Worms that flooded Facebook over the past year, make it the Most Spamy Social Network of the Year. Social media is the new frontier for all of this spam. The attack tricked users into clicking on a story they thought would bring them a related video or picture. Instead, Facebook members were taken to websites that attacked their browsers with malicious software and posted violent and disturbing images to their news feeds. 12.) Most Vulnerable Mobile OS of Year 2011 : ANDROIDS MALWARE GETS A FREE RIDE ON MOBILE DEVICES! Mobile devices are seeing a record number of Malware attacks, with Androids leading the way as the mobile operating systems are the most likely to be targeted. Android’s vulnerability to malicious content including third-party apps, SMS Trojan viruses and unexpected bugs distributed through free Wi-Fi connections has risen by 45% in 2011. This year we have seen record-breaking numbers of Malware, especially on mobile devices, where the uptake is in direct correlation to popularity. 13.) Best Hacking Book of the Year: BACKTRACK 5 WIRELESS PENETRATION TESTING ATTENTION CLASS, VIVEK RAMACHANDRAN HAS ENTERED THE ROOM! Vivek Ramachandran is a world renowned security researcher and evangelist, who is well known for his discovery of the Wireless Caffe Latte attack, and author of the most amazing book “BackTrack 5 Wireless Penetration Testing. This book is written completely from a practical perspective. The book wastes no time in delving into a hands-on session with wireless networking. All the way through there are lots of screengrabs, so you can see what should be happening on your screen. 14.) Most Innovative Hack : DIGITAL CERTIFICATES SPOOFING BY COMODO HACKER COMODOHACKER BRINGS OUT THE DRAGON IN CYBER SECURITY CONCERNS The name “Comodohacker” gets the most Innovative Hacker award from THN for the breach of the Internet’s trust system arising from an outmoded method for assuring that a Web site is authentic. A breach that let a hacker spoof digital certificates for Google.com, Yahoo.com, and other Web sites is prompting browser makers to rethink security. A 21-year-old Iranian patriot took credit saying he was protesting US policy and retaliating against the US for its alleged involvement with last year’s Stuxnet, which experts say was designed to target Iran’s nuclear program. 15.) Biggest hack of the Year 2011 : SONY PLAYSTATION SONY, SONY, WE PLAY YOUR LEAKS ON OUR OWN STATIONS! The PlayStation Network is an online multiplayer gaming and digital media delivery service owned and run by Sony Computer Entertainment .On April 26, 2011 Sony Playstation announced its network and Qriocity had both been compromised by hackers between April 17 and April 19 allowing access to 70 million user accounts. Get full coverage on this News. “TRUTH IS THE MOST POWERFUL WEAPON AGAINST INJUSTICE” http://www.exploit-id.com/news/the-hacker-news-hacking-awards-best-of-year-2011?utm_medium=twitter&utm_source=twitterfeed

Quick fix - Install suhosin. - Read the fine manual Demo: ~ # tail -f /var/log/user.log ==> /var/log/user.log <== Jan 1 19:18:44 saturn suhosin[1465271]: ALERT - configured POST variable limit exceeded - dropped variable 'EzEzEzFYEzEzEzEz' (attacker '78.42.187.xx', file '/home/tex/www/<hidden>') Jan 1 19:18:51 saturn suhosin[1465326]: ALERT - configured POST variable limit exceeded - dropped variable 'EzEzEzFYEzEzEzEz' (attacker '78.42.187.xx', file '/home/tex/www/<hidden>')

Posted by Ax0n I am by no means an expert on this stuff. A few weeks ago, I ran across some suspicious links in spam and decided to see where they led. Some of them claimed to be from financial institutions that I have absolutely no connection to, and claimed that some transaction had failed to occur. Others were variants of shipping confirmation scams, pharmacy junk, etc. I wish I could say that I have no idea how people fall for these, but the fact is that some people will literally click on anything that shows up in their inbox, open any attachment and follow any link, no matter how blatantly fake we professionals think these scams are. What lay at the tail end of all the script="http://some-site/whatever.js" includes and document.location redirects? A webpage that'd been owned, filled with a huge pile of nonsensical jibberish that could barely pass as javascript, which happened to be part of the Blackhole Exploit Kit. I've done my share of picking apart obfuscated javascript before, but it had been a while. I gave a presentation of this same thing at KC2600 a few weeks ago. Then, this week, a colleague of mine who missed the meeting ran into the same thing in the wild. I passed on what I'd learned, and decided it might be time to write it up with a little more detail than I did a few weeks back. He made this quick video that covers how he was able to de-obfuscate this particular sample: By now, I've seen several different obfuscation schemes for BlackHole, but once it's decoded, it all looks about the same. The introductory basics are simple. Minimize the potential of infection by using a non-privileged account (and perhaps an OS other than Windows) and/or minimize the impact of a successful infection by running a virtual machine that you can blow away or revert to a snapshot of a known clean state. For the malware I'm using in this example, either (or both) of the above criteria will be ample to keep things from getting out of control. Other malware may be more insidious or may target non-Windows platforms. I have a few friends that have unwittingly infected their own workstations while trying to analyze things. Play safe. Once you have a safe lab environment, your goal is to examine a suspicious link and dissect it. In my case, I was able to find a few links to malware in my personal mail's spam folder. For the demo at KC2600, I used Malware Domain List to find some Blackhole samples. In the wild, there may be any number of redirects ahead of the malware. You may see a shortened URL (through goo.gl, tinyurl, etc) which goes to a sparse HTML page with several calls to javascripts hosted on various sites, and those javascripts may simply be a document.location pointing to the malware. I usually stick with curl or wget to pull down suspicious links, and then I keep looking at the content and following the redirects until I strike gold. The javascript itself is ugly once you get to it. Sometimes, the byte array is only a few (really long) lines. Other times, like this sample, each byte of the obfuscated data is on a new line, like this: You'll see a few interesting things. There's an "e=eval;" line near the bottom, and then "e©;" after that. It doesn't take a coding genius to realize that this is a way to call eval© without triggering some IDS signatures that look for "eval(". Many samples I saw weren't quite this obvious. In fact, the script in the video has the eval alias in a different part of the script and varies in several other ways if you look closely. To turn this cryptic payload into something that resembles actual javascript, there's a post on SANS ISC from several years ago covering a few methods. I went with the so-called Tom Liston Method, essentially trying to wrangle the decoded stuff that was destined for the eval function into a document.write within a textarea box instead. Note: I ran into one sample of BlackHole that has a /textarea tag near the beginning, which would keep someone from using this trick to easily view the code with this trick, but I don't think it will eval the stuff behind it since it's been changed to a document.write. In the above example (and in the video), the content that is destined for eval is stored in variable "c", so you simply replace "e©;" with: document.write("<textarea cols="150" rows="100">" + c + "</textarea>"); But obviously, you need to use some brain power here to figure out what trickery they're using to call eval, and what the variable is that needs to be wrapped up in the above document.write command. You may also wish to mess with the rows and columns on the textarea. I know on my netbook, that textarea size is far too unweildy. On my desktop, it's almost perfect. Make sure the file is renamed as a .html, then load it up in your safe lab environment's browser, just in case something goes wrong. Voila. If you scroll through recent versions of BlackHole Exploit Kit, you'll see that it tries to load an embedded java applet and a PDF, both of which are designed to exploit recent vulnerabilities in JRE and Adobe Reader. Since I don't have Windows running in a VM environment (and I'm not keen on actually infecting any of my Windows boxes) I'm not entirely sure what gets loaded from there. I'm guessing the carberp trojan, given most of what I've read lately. If that's the case, a successful infection would likely block access to anti-malware sites, try to sabotage existing security software, and start gathering sensitive data such as card numbers and online banking credentials. http://www.h-i-r.net/2011/12/intro-to-javascript-malware-analysis.html

imi pare rau pentru triplu post scuze...dar nu stiu de ce s-a facut asa :shock:

Toti aia de pe 4metin sunt niste ratati iar daca TinKode e cu adevarat cel care are contul acolo (ceea ce nu cred) e si el un ratat.

De la un timp v?d "nu mai" fraze duse spre semi-analfabetism pe forumurile române?ti.Defapt frazele exist? ?i pe messenger,?i pe re?elele de socializare dar ?i în caietele a?a-zi?ilor elevi. Fraze de genul "Numai vin la tine." ?i "Am luat decât o amend?." se g?sesc peste tot ?i sunt total gre?ite. Fenomenul "Numai încap banii în buzun?ri la câ?i minte are mine.": "Numai " se scrie "numai " când poate fi înlocuit de "doar",?i are acela?i în?eles cu acesta. Exemple: "Ai f?cut numai 6 ture?" "Numai merg acolo." "Nu mai " se scrie "nu mai " în contexte de genul: " înainte mergeam des la film, acum nu mai merg deloc." Adic? atunci când e o opozi?ie între un "înainte" când se întâmpl? ceva ?i un "acum", când acel ceva nu se mai întâmpl?. Ca not anymore din englez?. Sau non plus în francez?. Fenomenul "Am nevoi decât de bani,restul nu mai conteste,minte are.": "Decât" se folose?te doar în propozi?ii NEGATIVE (care au un "nu" strecurat printre alte cuvinte) Exemple: "Nu am decât o zi liber?." "Am decât 6 ani." Excep?ii: "Decât s? plec,mai bine mor." "Doar" se folose?te ?i în propozi?ii negative dar ?i în cele afirmative. În propozi?iile negative: "Nu vreau doar s? beau,vreau ?i s? m?nânc." În propozi?iile afirmative: "Mai vin doar 2 prieteni." Nu ?tiu cât de multe a?i în?eles,nu m? pricep s? dau explica?ii,nu e pasiunea mea. Totu?i,sper c? v-a r?mas ceva în cap ?i c?-i ve?i corect? ?i voi pe al?ii,ca s? nu moar? pro?ti.