Leaderboard

jammer A Bash script to automate the continuous circular deauthentication of all the wifi networks in your reach I am not responsible for any misuses of the script Keep in mind that it is generally illegal to use the script at your neihborhood It is designed for pen-testing purposes It has only been tested on my two machines, so there may still be bugs that can even cause data loss That's why I suggest you take a good look at the code before you execute it There will be updates as soon as I fix something or make a nice improvement Not that anyone will see this Jammer v0.3 Usage: jammer [OPTION] ... Jam Wifi Networks That Your Wireless Card Can Reach. -d, --deauths: Set the number of deauthentications for each station. Default is 10 -y, --yes: Make 'Yes' the answer for everything the script asks -s, --endless: When reaching the end of the list, start again -f, --whitelist: A file with ESSID's to ignore during the attack -k, --keep: Keep the scan files after the script ends -n, --name: Choose the names the scan files are saved as -e, --ethernet: Set the name for the ethernet interface. Default is 'eth0' -w, --wireless: Set the name for the wireless interface. Default is 'wlan0' -h, --help: Show this help message Looking at this help message a suggested way to call the script is $ sudo ./jammer -y -s -d 20 -f whitelist.txt Sursa: https://github.com/billpcs/jammer

Sursa este aici: https://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html Vad ca doar pe kernel 4.x exista problema. Nu stiu de ce se grabesc pseudo distributiile astea sa puna ultimele versiuni asa repede, fara a fi testate. De exemplu, la Debian ai kernel 3.16.x pe stable. La Ubuntu ai kernel 4.x si deja a ajuns la ubuntu 16, desi este din 2004 spre diferenta de debian care e din 1994. Ma rog, eu vad asta ca pe o idiotenie. Faci un fix minor in ceva si schimbi versiunea deja. Ontopic: grsec facand restrictie pe /proc nu mai poti citi adresele acelea si rezolva 99% din problemele de genul. Linux ar trebui sa se inspire eventual din FreeBSD unde ai mai multa libertate si posibilitati mai multe de a face un sistem mai sigur. Eventual sa folosesca restrictiile default din posix si cap root/pivot_root din kernel. Linus Torvalds e prea mandru de el sa accepte faptul ca e un software engineer si nu un security guru.

http://radar.ithub.gov.ro/

Linus a spus de mai multe ori ca pe el il intereseaza mai mult ca Linux sa fie stabil, nu sigur. Cu alte cuvinte, e de preferat sa nu iei PANIC in locul a mai putine LOCAL privilege escalation.

SEC Consult has found a backdoor in Sony IPELA Engine IP Cameras, mainly used professionally by enterprises and authorities. This backdoor allows an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or to just simply spy on you. This vulnerability affects 80 different Sony camera models. Sony was informed by SEC Consult about the vulnerability and has since released updated firmware for the affected models. Further information about the backdoor, disclosure timeline, affected devices and updated firmware can be found in our advisory. This blog post has some highlights from the vulnerability analysis. This advisory is the result of research that started by uploading a recent firmware update file from a Sony camera into our cloud based firmware analysis system IoT Inspector. After a few minutes the analysis results were available. One result immediately caught our attention: Excerpt from IoT Inspector results So here we have two password hashes, one is for the user admin and was cracked immediately. The password is admin. This is no surprise as the default login credentials are admin:admin. The second password hash is much more interesting, it’s for the user root and it was found in two different files: /etc/init.d/SXX_directory and /usr/local/lib/libg5_usermanage.so.0.0.0 We can use the file system browser of IoT Inspector to have a look at the SXX_directory. Excerpt from IoT Inspector filesystem browser It looks like this startup script (called by /sbin/init/rcS during boot) is responsible for creating and populating the file /tmp/etc/passwd (/etc/passwd is a symlink to this file). A line for the user including a password hash is added, the shell is /bin/sh. Not good! So, what can we do if we can crack the hash? At this point we can assume that it's very likely we can login using UART pins on the PCB. This of course requires us to have physical access and to disassemble the device. The other locations where we could possibly use the password are Telnet and SSH, but both services are not available on the device … or are they? A quick string search in the firmware's filesystem for “telnet” shows that a CGI binary called prima-factory.cgi contains this string a few times. IDA Pro to the rescue! It seems this CGI has the power to do something with Telnet: The code in g5::cgifactory::factorySetTelnet() (in decompiled form below) is pretty straight forward. Based on input, the inetd daemon is killed or started: The inetd daemon gets its configuration from /etc/inetd.conf and inetd.conf is set up to launch Telnet So how can we reach this CGI functionality? The answer lies in the lighttpd binary. Lighttpd is an open source web server that was modified by Sony. Some custom code for HTTP request handling and authentication was added. Below is an excerpt from a data structure that maps the URI /command/prima-factory.cgi to the CGI in the file system. The authentication function is HandleFactory. HandleFactory decodes the HTTP Basic Authentication header and compares it to the username/password primana:primana. Now we have all ingredients to craft an attack that looks like this: Send HTTP requests to /command/prima-factory.cgi containing the “secret” request values cPoq2fi4cFk and zKw2hEr9and use primana:primana for HTTP authentication. This starts the Telnet service on the device. Login using the cracked root credentials via Telnet. Note: We have not cracked the root password, but it's only a matter of time until someone will. The user primana has access to other functionality intended for device testing or factory calibration(?). There is another user named debug with the password popeyeConnection that has access to other CGI functionality we didn't analyze further. We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an "unauthorized third party" like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755). We have asked Sony some questions regarding the nature of the backdoor, intended purpose, when it was introduced and how it was fixed, but they did not answer. For further information regarding affected devices and patched firmware, see our advisory. IoT Inspector now comes with a plugin that detects this vulnerability. For further information regarding affected devices and patched firmware, see our advisory. IoT Inspector now comes with a plugin that detects this vulnerability. Source

"We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing)" "We have asked Sony some questions regarding the nature of the backdoor, intended purpose, when it was introduced and how it was fixed, but they did not answer." How about mass-fucking-surveillance?? Let's not forget: https://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa and https://www.theguardian.com/uk/2013/jun/21/gchq-mastering-the-internet ---- "last year (2012) GCHQ was handling 600m "telephone events" each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time." "Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day" "The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America." "This was done under secret agreements with commercial companies, described in one document as "intercept partners" "The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. " "The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables."

Invata mai bine cu ce se mananca linux. Arhitecturi, kernel modules, kernel sysinternals, securitate, daemoni, structura si pe cat posibil instaleaza-ti aplicatiile din surse la inceput. Cel putin, orienteaza-te sa faci lucruri la inceput. Nu iti pierde timpul cu stricatul.

Quick headers settings In Nginx, you can use more_set_headers and add_header (this is built by default) Examples: # example with more_set_headers more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "X-Frame-Options: sameorigin"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-Secure-Connection: true"; more_set_headers "Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'self' 'unsafe-eval' www.google-analytics.com ajax.google apis.com; img-src 'self' data: blob: filesystem: www.google-analytics.com;"; # examples with add_header add_header Strict-Transport-Security max-age=315360000; With "headers" module, in apache. You can activate headers module with a2enmod # in htaccess, global configuration, virtualhost configuration and per Directory. Header set X-Content-Type-Options: "nosniff" Header set X-XSS-Protection: "1; mode=block" Header set X-Frame-Options: "sameorigin" Also, you can use headers for security through obscurity # examples more_set_headers "Server: Apache Tomcat"; more_set_headers "X-Powered-By: JSP/2.3"; More resources: - https://www.html5rocks.com/en/tutorials/security/content-security-policy/ - https://www.w3.org/TR/CSP/#framework - http://www.dotnetnoob.com/2012/09/security-through-http-response-headers.html

Bun venit! ai grija

uite o chestie interesanta pe care poti sa o faci cu lista de email

Si eu sunt mandru ca sunt roman, o sa va spun si de ce. Dupa ce am facut o facultate in Romania si gramada de cursuri si specializari diverse, am constatat ca nu imi pot gasi un loc de munca decent care sa-mi aduca satisfactie, asa ca mi-am deschis o firma care dupa mai putin de 2 ani am inchis-o pentru ca mi-am dat seama ca statul imi ia practic 70-80% din venituri iar eu raman cu MULT prea putin din munca mea. Am plecat prin Franta, am lucrat o scurta perioada de timp si apoi m-am mutat in Germania. Am deschis acolo o firma pe care am ridicat-o la un venit de peste 350.000 euro/anual (de la 0). Facusem in jur de +3000 clienti si ma gandeam sa ma extind, asa ca am mai deschis o firma in UK (filiala a celei din Germania) si am venit in Romania dupa aproape 5 ani cu gandul sa deschid si aici, sa angajez 2-3 studenti, sa inchiriez un spatiu frumos si sa facem o treaba. Plateam la furnizori de internet / servicii diverse din Romania in jur de 15.000 de euro (practic, era o investitie a unei firme Germane in Romania). Dupa exact 10 luni in care pregatisem toate cele, m-au arestat, au confiscat in mod abuziv toate echipamentele companiei Germane (cu datele clientilor) si s-au pisat pe mine. Deci, vreo 5 ani de munca pierduti, peste 3000 de clienti ramasi cu ochii in soare si inchis cu niste talhari, violatori, spargatori de apartamente si un pedofil. Great Chiar sunt mandru ca sunt roman. Mi-a oferit prea multe Romania sa nu fiu mandru. Am o socoteala de incheiat cu statul Roman apoi o sa pun degetul pe harta sa vad unde pot merge. Chiar si cetatenie de UNGUR daca imi iau, tot o sa fiu multumit ca nu o sa mai am acte in care sa scrie "CETATEAN ROMAN". Va doresc mult noroc, voua, celor iubitori de patrie.

Ma indoiesc ca tiganii vor mai fi in minoritate pentru mult timp in Romania, va fi exact ca si in Kosovo, unde Albanezii (tot neam de tigani) fac 2-3-4 copii in timp ce sarbii fac 1 maxim 2 (si asta daca au cu sa ii hraneasca). Este tara noastra vestita pentru munca depusa de un tigan? Nu Au contribuit cu ceva tiganii la imaginea tarii? Nu, chiar in defavoarea ei. Platesc taxe? Nu. Au venituri ilegale din furt, talharii, amenzi si taxe de protectie, inselatorii si deduceri ilegale de tva. Eu ii stiu prea bine pe tigani, cat timp le dai o singura sansa, cat timp nu esti o secunda atent vor incerca sa fure si vor argumenta mereu ca tu incerci sa ii furi pe ei si vor fi cu gura mare. Cine sustine tiganii reprezinta un pericol pentru siguranta nationala si este o javra, un trantor, un inutil, o jigodie. Daca tot este democratie iar majoritatea nu ii vrea, de ce mama dracu ne sunt bagati pe gat? Iliescu este un criminal si o cioara infecta ca si prietenul lui Petre Roman, ca si Antena3 si "domnul cu barba" ca si restul celor ce sustin cuvantul "ROM". Tiganii nu sunt romi, sunt CIORI, SUNT TIGANII, SUNT PLEBEA SOCIETATII!

Auzi, nenea, mamaia ta e tigan ? )))) - Cati Romani cu palate vezi ? - Cum poti admite ca o cioara fara ocupatie si fara meserie, fost sclav la origine pe plantatiile de bumbac are PALAT si e plin de aur? E nevoie sa iti deseneze oamenii ca veniturile lui sunt ilicite? - Cati tigani lautari contribuie la stat cu taxe si impozite ? Te-ai intrebat vreodata ca in urma neplatii impozitelor are de suferit un popor intreg ? (citeste despre inflatie si cauzele ei) - Cati c?cati de tigani care nu stiu sa scrie sau sa citeasca au permis de conducere in Tara Româneasca ? Oare cum o fi luat proba de legislatie ? - Cati tigani ai vazut sa se trezeasca la ora 6, sa bea o cafea infecta si slaba precum un ceai de sireturi si sa plece la serviciu pentru 130 de euro/lunar (600 roni) ? - Cate corturi cu Români ai vazut in Franta, Belgia, Olanda, Germania, Danemarca ... ? Sau cati cersetori Români ? - Nu te doare inima cand treci cu bicicleta pe langa o cioara semi-analfabeta care este la volanul unui Mercedes, timp in care tu ai stat 5 ani la facultate, cate 10-12 ore pe zi? (de multe ori nemancat si fara un leu nenorocit in buzunar) - Arata-mi si mie o bâhnita de cioara cu masterat; Eu stiu Români care mergeau la facultate si nu aveau bani nici macar sa-si cumpere un covrig comunist. Oare ei de ce nu s-au apucat de furturi, talharii ? Iti spun eu: Ciorile au genetic asta si ar trebui deportate in Siberia sau batute in cuie pe gard si pârjonite de vii cu arzatorul. - Unde sloboz sunt tiganii discriminati in Romania ? Nu cumva sunt discriminati Românii? Prima lege care s-a dat in România de catre Ion Iliescu, a fost "sa se dea aurul inapoi tiganilor". Cum inapoi ? De unde il aveau daca ei au fost sclavi pana in 1956?! Au spus ca aurul a fost mostenire; mostenire de la cine ? Tiganii erau Sclavi in Tara Româneasca inca din 1240! "Elementele neromanesti sa-si dea seama ca aici nu este o tara oarecare, ci este mosia unui neam" - Nicolae Iorga. Daca vrei, iti si desenez. Cel mai cinstit tigan, e tiganul mort. (ala cu toporul infipt in cap)

Malwarebytes Premium 3.0.4.1269 Multilingual + License Key FiLE SiZE: 71.26 MB INFORMATION Malwarebytes Premium 3 - Makes antivirus obsolete! Four layers of malware-crushing tech. Smarter detection. Specialized ransomware protection. It's the security youâ™ve been looking for. Real-time protection Detects malware automatically, before it can infect. Anti-exploit Shields vulnerable systems and software from exploit attacks. Anti-ransomware Stops ransomware attacks before your data is held hostage. Malicious website protection Prevents access to and from known malicious webpages. Anti-malware/Anti-spyware Detects and removes malware and advanced threats. Anti-rootkit Removes rootkits and repairs the files they damage. What it does for you: Protects you from advanced threats Detects and removes malware in real-time with advanced anti-malware, anti-spyware, and anti-rootkit technology. Scans for the newest and most dangerous threats automatically, so youâ™re protected without having to even think about it. Protects your files from being locked and held for ransom Stops unknown and known ransomware with proprietary next-gen technology that works proactively to shield your files. This is a powerful, comprehensive defense that blocks ransomware, and not a simple decryption tool. So youâ™re protected from tomorrowâ™s "Ransomware Attack!" headlines today. Prevents your programs from being used against you Wraps your browser and software programs in four layers of defense, stopping attacks that use vulnerabilities in those programs to infect your computer. Protects you from fake and infected websites Detects and prevents contact with fake websites and malicious links. You are proactively protected from downloading malware, hacking attempts, and infected advertising. Worried about wandering into a "bad" Internet neighborhood? Now you donâ™t have to be. Scans faster, scans smarter Lightning-fast Hyper Scan mode targets only the threats that are currently active. Faster analysis. Still gets results. Run a scan in the background while you boot up your favorite game. It's done by the time you're ready to play. What's New ? Software Requirements: • Windows 10 (32/64-bit) • Windows 8.1 (32/64-bit) • Windows 8 (32/64-bit) • Windows 7 (32/64-bit) • Windows Vista (Service Pack 1 or later, 32/64-bit)* • Windows XP (Service Pack 3 or later, 32-bit only)* • Active Internet connection SCREENSHOTS 1 LiNKS | Part 1 GB | NO CRC | NO PASS http://rapidgator.net/file/a7a410989fd32e7f09025c96ce14ba13/Malwarebytes_Premium_3_0_4_1269_Multilingual_License_Key.rar.html If you like my post, don't forget to say Thanks and help keep the thread alive. Thanks You!