Leaderboard

Am atasat implementarea AES din http://www.polarssl.org pt. cei interesati. Zippyshare.com - Aes.rar Algoritmul de encriptare AES este folosit in cheile de protectie "Dongles" Aladdin HL / SRM / Sentinel HL. Sentinel HL | USB Dongles & Hardware Keys | SafeNet Mai nou se foloseste WBAES encrytion din motive bine intemeiate deoarece cheia AES este extrasa usor.

Exista un buton pe chat (cel din colt dreapta jos) unde daca ti hover pe el scrie autoscroll on/off. Foloseste-l cu cap!

E-cigarettes have been fingered as the source of a new computer virus. "IT guy" Jrockilla told the Talesfromtechsupport forum that he suspects the malware was "hard coded" into the USB charger of his boss's electronic toker. In his post, he says: He added: During the subsequent debate on Reddit, users called for further evidence that the charger was indeed the source, and that hasn’t been forthcoming, but it does point to the danger corporates face with users plugging unauthorised devices into USB ports for charging. One user suggests that while a memory device will announce itself when plugged in, a keyboard will not, so a malevolent USB device could masquerade as a keyboard and then accept the security prompts which flashed up as the device asked for permissions. A savvy user would spot this if they were watching but not if they were busy fiddling with an e-cig (essentially a battery-powered vaporizer which has the feel of tobacco, but produces only an aerosol) at the same time. Naturally, the non-smoking sticks could be charged with a wall charger but IT professionals need to be aware that the threat exists. Again, the thread warns that it might be significant pointing to research by the German researchers SRLabs that USB devices can be made unstoppable. It has also been suggested that a device is used to limit the USB port, but that is of course moving the trust around. If you really want to investigate what a port is doing, there are devices such as Facedancer which will investigate just that sort of thing. In the meantime, it might just be easier to quit altogether. Source

XSS (Cross Site Scripting) I posted this on Byteoverflow awhile ago and DECIDED to post it here. I hope to do these for a bunch of different vulnerabilities. In this particular one I will be doing XSS aka Cross Site Scripting. Often overlooked and XSS vulnerabilities is Considered useless. This is FAR from the case. XSS vulns are very Dangerous and Need to be Taken Seriously just like sqli vulns have. The Possibilities When it comes to have endless XSS vulns. I Will Be Discussing the two types of XSS vulns today, Persistent and Non-Persistent. If you have any questions feel free to ask Them here. Non Persistent Non Persistent XSS vulnerabilities is the when user input is not sanitized and used Properly Immediately after the request is made??. THESE ARE GeneRally not as Dangerous, But definitely Need to be addressed and Taken Care of. With Persistent Non vulns Would you usually have to trick someone into Clicking the link with the XSS payload. Whereas with persistent vulns the payload is embedded in a normal page and people can stumble Across Even without knowing it, we Will talk more about That later. Here is a simple example of a Non-Persistent XSS vulnerability. I will be doing a simple search script That uses GET for this example. search.php <form action = "" method = "get"> Search Value: <input type = 'text' name = 'squery'> <input type = 'submit' name = 'search' value = 'Search'> </ form> <? php if (isset ($ _ GET ['squery'])) { $ SEARCH_QUERY = $ _GET ['squery]; echo "Search results for $ SEARCH_QUERY"; // Continue with search code here } ?> So in this simple code what's happening is it is taking the user input (the search value) then using it in a GET request to later use in a search query. To the average user this looks like a simple search That there is nothing wrong with. But the user input is not being sanitized Properly. The GET request is being used in year echo statement without being sanitized. Means That Could users input HTML and have it execute. As you can see I was Able to input HTML, in this case the font tag and have it execute. You can see When I submitted the form the WAS red font. This is a huge problem. This now allows attackers to input the which can lead to Javascript Java Drive By's, Cookie Stealing, and many other exploits. Again, you can see the JavaScript That is getting executed. In this case it is just a simple alert, But can it BE any Javascript payload year attacker might have. What Makes Non Persistent Now this is it does not Affect That any person goes to the search page. However if year attacker can get someone to click on a link it can Affect Them. Now all have to do Would attacker year is get the victim to click a link with Their malicious payload. http://example.com/search.php?squery=<script src = 'link to payload'> </ script> & search = Search And THEY always Could Shorten the link to make it less Obvious. http://goo.gl/HAKnUV Now let's look at Where the vulnerability exists in the code and how to fix it. $ SEARCH_QUERY = $ _GET ['squery]; echo "Search results for $ SEARCH_QUERY"; So Those two lines of code in what is happening is it's getting the user input via the squery GET value. It is the then echoing it out to the user. We need to Properly sanitize the $ SEARCH_QUERY variable Before we use it in year echo. We can do this using htmlspecialchars or htmlentities. $ SEARCH_QUERY = htmlspecialchars ($ _ GET ['squery']); echo "Search results for $ SEARCH_QUERY"; Or $ SEARCH_QUERY = htmlentities ($ _ GET ['squery']); echo "Search results for $ SEARCH_QUERY"; Now you can see INSTEAD of treating the variable as HTML and executing it, it is treating it as a string and Completely ignoring the FACT That it is HTML. Persistent (Stored) Persistent Stored XSS vulnerabilities occur or the when user input is Stored on the server (usually in the DB) then later displayed on a page without proper sanitation. Persistent XSS vulnerabilities is much more Dangerous than Non Persistent. THESE types of vulnerabilities do not Require anyone to click a link or Anything. THEY CAN BE browsing a site just like normal and come Across the malicious payload Even without knowing. I will be showing you a simple year with comments example script. Here is the simple script We will be using for year example. <b> <u> <font size=6> Title </font> </u> < b> <div id = "content"> sadjasldjasd asdj asdj asdas <br> d I <br> dsad sadsaldjas <br> dasdnasd ankd Kingdom <br> sadjalkjd ad asd <br> asdlas djas d <br> asd Sadki sadj <br> asd alsdksa dsadj sadj sad, sad lj <br> Sadna sdlasd <br> </ div> Grepolis <? php if (! mysql_connect ("localhost", "root", "root")) { die ('MySQL connection failed'); } // Post comment stuff if (isset ($ _POST ['submitcomment'])) { $ comment = mysql_real_escape_string ($ _POST ['comment']); if (mysql_query ("INSERT INTO xss.comments (comment) VALUES ('". $ comment. "')")) { echo "Comment posted <br>" } Else { echo "Failed to post comment <br>" } } echo "<b> <u> <font size = 4> Comments </ font> </ u> </ b> <br>" $ get_comments = mysql_query ("SELECT * FROM xss.comments"); if (mysql_num_rows ($ get_comments) == 0) { echo "No comments to display <br>" } Else { while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = $ c ['comment']; echo "$ comment <hr>"; } } ?> <form action = "" method = "post"> Submit Comment: <br> <textarea rows = "4 'cols = '50' name = 'comment'> </ textarea> <br> <input type = 'submit' name = 'submitcomment' value = 'Post Comment'> </ form> So again, to the normal user Would this look just like a normal comment section. In reality these symbols is not being sanitized Correctly comments. As you can see the comment I posted is now red. This is very bad, people can now input Their own HTML Where it is Stored in the DB and displayed to anyone That That article looks at. That goes to anyone Now That article That Will see alert box. This is a serious issue. THES is obviously not what attackers Would do though. Would THEY embed Their payload with a legit comment and you Would Never Even Know You hit it UNLESS you view the source. Now When someone Would That view article Would THEY see nothing fishy, But Would THEY have executed the attackers payload. If you inspect element the comment you can see the JavaScript That is getting executed. This is a huge issue and many innocent people Makes Victims and open for attack Even without realizing what Happened. Let's take a look at Where the vulnerability occurs. while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = $ c ['comment']; echo "$ comment <hr>"; } Right there is Where the code is fetching the comments from the database and displaying Them to the user. The comments have not being sanitized Properly Before being echo'd out to the users. Again we can use htmlspecialchars or htmlentities to sanitize the comments. while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = htmlspecialchars ($ c ['comment']); echo "$ comment <hr>"; } Or while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = htmlentities ($ c ['comment']); echo "$ comment <hr>"; } You can now see That the payload is no longer getting Treated as HTML therefore not getting executed. Keep in mind these symbols is just very simple examples I wrote up for this thread. Next time you have a web app writing or working on Something please keep in mind these symbols. THES has always overlooked Which is probably Why They are so common. You can come Across these symbols everywhere! I was recently doing work for a client and found about 12 XSS vulnerabilities. 8 or 10 of Them being persistent in Their dashboard. Which Meant Could someone have inputted the cookie stealer and wait for Them to load the page in the dashboard with the stealer. Then logged into Their panel for Them Which Would BE BAD THEY WERE STORING considering personal information of Customers there. If You Would like me to disclose my Findings in That project let me know and I will be glad to. Anyway, I hope you understand more about Some of XSS now and how to Prevent it. It's a very easy thing to Prevent, But at the same time people always forget about it. Anything I missed or if you have Anything to add feel free to post it here. Source: madleets

So, plug everything in, attach an external power supply to the graphics card, power it up, and. . . nothing. Or so it would seem. But, we’ve got a serial console on the Galileo, so we can check it out by running lspci. And there we have it! An Nvidia 0x10de standing out in a sea of Intel 0x8086. Our graphics card is connected, enumerated, and waiting for drivers. 7.3 Solemnization through Software On a normal desktop, the BIOS starts up, runs the video BIOS that initializes the display, and gets on with things. But this is supposed to be a tiny embedded system. While it does boot via EFI, it doesn’t run video BIOS or any option ROMs. We’ll have to that by hand. There’s already great instructions by Sergey Kiselev on how to build your own Linux for Galileo available.11 I mostly followed those to get a standard install working, but I had to make two changes between steps 7 and 8 of Kiselev’s tutorial. We need to add all the X11 related packages, and we need to enable nouveau, the open-source Nvidia drivers, in our kernel configuration. 7 . 1 . Add ‘ ‘ x11 ’ ’ t o the DISTRO\_FEATURES l i n e i n 2 meta?cl a n t o n \_vxxxx/meta?cl an t on?d i s t r o / c o n f / d i s t r o / cl an t on ?ti n y . c o n f 7 . 2 . C o n fi g u r e the k e r n el by runnin g ‘ ‘ bi t b a k e li n u x ?yocto?cl a n t o n ?c 4 menucon fig ’ ’ and e n a bli n g nouveau under d ri v e r s ?>g r a p hi c s ?>nouveau Copy the resulting files to a MicroSD card, pop it in your Galileo, and you are a modprobe nouveau && startx away from what might be the most inefficient way to drive a display ever devised. Of course, there’s no window manager or input devices yet configured, so you can’t do much, but that’s just a software problem, right? Read more to PoC || GTFO 0x05 1 Sacrament of Communion with the Weird Machines Neighbors, please join me in reading this seventh release of the International Journal of Proof of Concept or Get the Fuck Out, a friendly little collection of articles for ladies and gentlemen of distinguished ability and taste in the field of software exploitation and the worship of weird machines. If you are missing the first six issues, we the editors suggest pirating them from the usual locations, or on paper from a neighbor who picked up a copy of the first in Vegas, the second in S˜ao Paulo, the third in Hamburg, the fourth in Heidelberg, or the fifth in Montr´eal, or the sixth in Las Vegas. This release is dedicated to Jean Serri`ere, F8CW, who used his technical knowledge and an illegal shortwave transceiver to fight against the Nazi occupation of France. His wife Alice Serri`ere once, when asked “Where are the tubes?” showed occupying soldiers the leaky pipes in their basement. In Section 2, the Pastor reminds us that there are things that we must be thankful for, with a parable freshly drawn from the Intertubes. In Section 3, Fiora shares with us a collection of nifty tricks necessary to emulate modern Nintendo Gamecube and Wii hardware both quickly and correctly. Tricks involve fancy MMU emulation, ways to emulate PowerPC’s bl/blr calling convention without confusing an X86 branch predictor, and subtle bugs that must be accounted for accurate floating point emulation. Continuing the tradition of getting Adobe to blacklist our fine journal, pocorgtfo06.pdf is a TAR polyglot, which contains two valid PoC, as in both Pictures of Cats and Proofs of Concept. In Section 4, Ange Albertini explains how this sleight of hand is performed. In Section 5, Micah Elizabeth Scott shares the story of the Pong Easter Egg that hides in VMWare and the Pride Easter Egg that hides inside that! In Section 6, Craig Heffner shares two effective tricks for detecting that MIPS code is running inside of an emulator. From kernel mode, he identifies special function registers that have values distinct to Qemu. From user mode, he flushes cache just before overwriting and then executing shellcode. Only on a real machine—with unsynchronized I and D caches—does the older copy of the code execute. In Section 7, Philippe Teuwen extends his coloring book scripts from PoCkGTFO 5:3 to exploit the AngeCryption trick that first appeared in PoCkGTFO 3:11. In Section 8, Joe Grand presents some tricks for reverse engineering printed circuit boards with sand paper and a flatbed scanner. Continuing this issue’s theme of tricks that allow or frustrate debugging and emulation, Ryan O’Neill in Section 9 describes the internals of his Davinci self-extracting executables in Linux. Here you’ll learn how to prevent your process from being easily debugged, sidestepping LD_PRELOAD and ptrace(). In Section 10, Don A. Bailey treats us to a fine bit of Vuln Fiction, describing a frightening Internet of All Things run by a company not so different from one that shipped a malicious driver last month. Finally, in Section 11 we pass around the old collection plate, because—in the immortal words of St. Herbert—the PoC must flow! Read more to PoC || GTFO 0x06

Multumesc tuturor pentru ajutor! M-am decis in cele din urma si am facut o alegere.

.

Am votat dark in sensul in care nu le poti avea pe amandoua. Pentru mine e aproape imposibil de lucrat pe timp de noapte cu o tema light.

Am votat light. Daca ai de aface cu un panel il faci avand culori deschise sa nu deranjeze ochiul, ca doar nu-l faci forum de hacking, sa fie dark. Si, oare de ce Joomla, OpenCart, PrestaShop, Magento, Wordpress, Mybb, PHPBB, vBulletin, SMF... au toate panel light? Eu nu tin minte sa fi vazut vreun panel dark, si chiar daca sunt, probabil sunt vreo 20% maxim.

Frate, e ca si cum ai intreba: tie ce nonculoare iti place? Pai ce importanta are daca nu vezi ceva facut in acele nuante? Pune si tu macar un print screen sau ceva.

Salut, Uitandu-ma in seara aceasta prin categoria Ajutor/Cereri jumatate din raspunsuri la topicuri sunt "Nu ai 10 posturi" citeste regulamentul ! Nimic impotriva regulamentului...insa problema e veche, acum putem privi "problema" din 2 perspective : Se poate restrictiona, daca nu ai 10 postari sa nu poti deschide topic si s-a rezolvat. Se poate ca acel user fara 10 postari sa faca "spam" ca sa le obtina. Ca solutie, putem creste numarul de postari la care poti deschide un topic, astfel poate le taiem elanul spammerilor. Suntem in categoria "Sugestii" asa ca luati-o ca atare. Numai Bine.

Eu in principiu sunt de acord sa ajutam toti membrii comunitatii insa ma deranjeaza unii utilizatori care nu au decat cereri, spam si comentarii impertinente la adresa altor utilizatori.

De acord cu @SynTAX. Intr-adevar, e enervant sa vezi posturi de genul: Insa, de multe ori, sunt useri care cer chestii / informatii pertinente.

Nu sunt de acord si iti pot spune si de ce. De multe ori am avut n probleme, nu numai legate de it. Am dat search si am vazut cu surprindere ca in 90% din cazuri se mai discutase de asa ceva. Sa stii ca daca eu cer ajutorul, nu ma ajuti numai pe mine. Ajuti inca 4-5 care citesc thread-ul peste o zi, peste un an. Acum de ce eu nu cred ca e bine sa marim numarul: hai totusi sa fim realisti. Nu vindem sfaturi care ne imbogatesc sau sfaturi 100% viabile. Fiecare dintre noi am cerut la un moment dat ajutorul. Daca ar fi dupa mine, nu ar exista o limita de posturi in cazul userilor cu bun simt. Aici vorbim despre useri cu bun simt si oarecare discernamant. Un ajutor dat se va intoarce odata si odata. Asta este filosofia mea. EDIT: @tqcsu nu exista am scris in graba. Consider ca daca nu scrii corect gramatical in limba ta, nu te respecti. PUNCT.

poti reposta ?

send me please . thanks

Poti sa-mi dai un PM cu acele date , nu am ce face

Asa,daca tot e ziua nationala am decis sa va fac un cadou. Nu cred ca mai are rost sa zic ca nu le gasiti deschise la publicul larg. * Am dat sa postez fara sa scriu titlul corect,fie cu iertare 1. Toate sunt cumparate. 2. Nu-mi cereti update-uri 3. Nu faceti req-uri Wordpress themes Demo 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 Template-uri PowerPoint , 2 , 3 4Photoshop shits GoMedia Arsenal Vector Brush Set 1-13 [CreativeMarket] Christmas Scene Creator Christmas Lights Decorations Set GraphicRiver - Vintage Christmas Decoration GraphicRiver - Christmas Celebration GraphicRiver - Christmas Holiday Marathon Flyer Template GraphicRiver - Xmas Horror Flyer Template GraphicRiver - Christmas Party Flyer GraphicRiver - Winter Style Text Effects - Bundle GraphicRiver - 40 Dark Background Patterns 2 [CreativeMarket] (75% OFF) 600 PS Actions Bundle 50 HDR PREMIUM Photoshop action. MediaLoot Graphic Design - Huge Bundle - Demo MediaLoot Graphic Design - Huge Bundle Web & UI | Icons | Vectors | Brushes | Textures PSD | PNG | AI | JPG Size: 1.82 Gb Bundle includes: 40 Dark Photoshop Gradients Buttons Banners Sets Color Biz Website Template Hand Drawn Sketch Icons Hand Drawn Sketch Icons Part2 Light Pastel Gradients 10 Celestial Star Brushes 1 32x32 Sweet Icon Set Part 2 48 Gradients 60 Mini Icons Abstract Light Backgrounds Abstract Light Backgrounds Free Applied 48px Icon Pack 1, 2, 3 Authentic Feature Lists Automaton Iphone UI Kit Beautiful Web Button Styles 1 Bokeh Brushes 1 Brochure Print Business Corporate Website Template Calendar Date Pickers 1 Cd Case Template Circle Brushes Classic UI Elements 1 Cmy Stationery Pack Colorful Cv Resume Template Colorful Vcard Html Template Contact Form Kit Contemporary Print Pack 1 Corporate Identity Pack 1 Corporate Identity Pack 2 Corporate Identity Pack 4 Corporate Infographic Vectors Creative Professionals Iconset Credit Card 32px Icons Free Css3 Button Kit Cute Vector Monsters Dark Media Player UI Kit 1 Debonaire Website Template Dotted World Map Vectors Dreamweb Homepage Template 1 Elegant Room Backgrounds Featured Content Shelves Featured Content Web Sliders Filetypes Icons 1 Fix Website Template 1 Flags Of The World 1 Flat Symbols Icons All Sets Glass Text Styles Glossy 3D UI Kit Green Eco Friendly Vectors 1 Green Web UI Set Grunge Button Set 1 Grunge Web UI Set Hackney Desktop Webfont High Res Foliage And Swirls Brushes 2 Horizontal Rule Kit Html Newsletter Email Template Incredibly Detailed Drinks Icon Pack Ios App Icon Kit 1 Iphone Toolbar Icons 1 Landing Page Html Template Free Leather Ribbons Web Elements Mac App UI Starter Kit 1 Male Shirt Templates Matte Black Web Elements 1 Matte Iphone UI Kit Minimal Seamless Patterns 1 Modern Css Sign in Boxes Modern Web Store UI Set 1 Modest Web UI Elements 1 Mono Icons Part 1 Mono Icons Part 1 Free Mono Icons Part 2 Mono Icons Part 3 Multicolor Web Icons New Blue Iphone UI Kit Noire Jquery Uniform Theme Online Invoice Template Parallax Wordpress Theme Parallel UI Kit Photo Frames Plastik Iphone UI Kit Prime Ecommerce Icons Prime Vector Icons Professional Website Design Brief Programming Icons 1 Progress Loading Bar Collection 1 Realistic Wood Bookshelf 1 Renaissance Restaurant Menu 1 Restaurant Icons 1 Seamless Paper Patterns Textures 1 Seamless Wood Patterns 1 Shipping Freight Icons Signify Lite Icon Font Single Page Portfolio Site Template Sketchy Hand Drawn Icons 1 Smoke Textures Social Network Actions 1 Strange Lights Sweet Icon Set Sweet Website Headers 1 Touch Dark Ipad UI Kit Touch Light Ipad UI Kit Vector Application Icons Vector Application Icons 1 Vintage Infographic Vector Kit 1 Votes Ratings UI Kit Whiteboard Brushes Whiteboard Diagrams Wireframe Sketch Sheets Wireframe UI Kit Witty Swirls Vectors ML Hand Drawn Sketch Icons Part 1 and 2 Sleek Filetype Icons 1 Free Slick Navigation Menus Social Media Icon Set 1 Updated Stylish Navigation Menus Stylish Pricing Tables Web UI Set 1 After Effects shits Red Giant products for Adobe CS3 - CC Magic Bullet Suite * Magic Bullet Colorista II / v.1.0.5 * Magic Bullet Cosmo / v.1.0.0 * Magic Bullet Denoiser II / v.1.2.0 * Magic Bullet Frames / v.1.1.1 * Magic Bullet Instant HD / v.1.2 * Magic Bullet Looks / v.2.0.6 * Magic Bullet Mojo / v.1.2.2 Trapcode Suite * Trapcode 3D Stroke / v.2.6.1 * Trapcode Echospace / v.1.1.1 * Trapcode Form / v.2.0.2 * Trapcode Horizon / v.1.1.1 * Trapcode Lux / v.1.2.2 * Trapcode Particular / v.2.1.2 * Trapcode Shine / v.1.6.1 * Trapcode Sound Keys / v.1.2.1 * Trapcode Starglow / v.1.6.1 Keying Suite * Key Correct / v.1.2.1 * Primatte Keyer / v.5.0.0 * Warp / v.1.1.1 Effects Suite * Composite Wizard / v.1.4.6 * Holomatrix / v.1.2.1 * Image Lounge / v.1.4.6 * Knoll Light Factory / v.2.7.2 * PlaneSpace / v.1.4.1 * Psunami / v.1.4.1 * Text Anarchy / v.2.4.1 * ToonIt / v.2.1.1 * Warp / v.1.1.1 Download: http://bit.ly/12boEDs Pass: Numele tarii.