Leaderboard

Aia 1,50 o sa iti fie adaugati in contul de paypal , nu se mai intorc in card

Writing my first shellcode - iptables -P INPUT ACCEPT " I've recently started to look into basic application security concepts using the imho excellent material from OpenSecurityTraining.info. In this blogpost I'd like to share my first piece of shellcode executing iptables -P INPUT ACCEPT. **Background** After practically learning how to exploit a simple stackoverflow I wanted to see if I could write my own shellcode. I somehow came across the shellcode repository at shell-storm.org and wanted to develop something that wasn't already in there and is somehow useful. There are multiple entries which execute iptables -F. However, as far as I know, this only flushes all rules from all tables, but doesn't change the default policies. So it may drop all rules, but if a server's default policy is DROP you'll cut the machine off the internet. Mission failed. My idea was to write a piece of shellcode that would change the default policy of the INPUT chain to ACCEPT, i.e. run iptables -P INPUT ACCEPT. Writing shellcode First of all, I'd like to say that I'm not an 1337 sh3llc0d3 3Xp3rt. I read about some basics and tried to understand other people's shellcode and their tricks. So feedback is very welcome! Simply leave a comment or send me an e-mail. The goal is to run /sbin/iptables -P INPUT ACCEPT. At this point we assume that the exploited application has enough privileges to execute this command. Otherwise you might want to add some setuid(0) code or so. " Source: https://0day.work/writing-my-first-shellcode-iptables-p-input-accept/

Am reusit sa fac rost de mai multe informatii de la o sursa sigura. Aparent baietii au reusit sa extraga date destul de importante dintr-un server MySQL. Informatia era destul de importanta deoarece turneul de Solitaire era in derulare iar baza de date ce au extras-o continea evidenta scorurilor angajatilor. Revin cu update-uri cand mai primesc informatii.

"Cu ocazia percheziţiilor efectuate au fost indentificate şi ridicate mai multe sisteme informatice, harduri interne şi externe, smartphone-uri, stick-uri şi carduri de memorie, suporţi optici de tip CD/DVD, utilizate în activitatea infracţională" "harduri", ce limbaj profesional. 2017, CD/DVD, atac informatic... Nu era tocmai muzica buna pe Țedeu. A.S.I.A. - Suna Periculos trebuia sa le dea de gandit...

Aici se vor posta doar oferte valabile gasite la diferite magazine online, din tara si nu numai. Rog a se posta atat link-ul cat si pretul. Ar fi indicat sa va asigurati ca produsul respectiv nu exista la un pret mai mic la un alt magazin, altfel ar fi inutil postul. Deasemenea, reducerea sa fie semnificativa, nu de-al de 3 lei 25.

Salut si bun venit Eu personal am vazut bine ce ai scris, nu am ochelari, nu ma dor ochii, vad bine

să-l fut în inimă https://www.virustotal.com/#/file/55482d23edd8fdfeb0856e65ce74b6c192db2954575688bf4225b315b0a32620/detection https://www.virustotal.com/#/file/45e25b87f499542a47a79a261e28bedf1ccf50d878cc00a98510623a0fac4a26/detection

Description Parses 802.11 frames from multiple sources (live or PCAP files) and store them, parsed, into Elasticsearch. Visualize them with Kibana. Search using Wireshark display filters. Get alerted using ElastAlert or Elastic Watcher. Compilation Note: Installation has only been tested on Ubuntu 16.04 for now. Note: Most commands need to be run as root. Install Elasticsearch and Kibana Refer to Elasticsearch documentation on https://www.elastic.co/guide/en/elasticsearch/reference/current/_installation.html and to Kibana documentation on https://www.elastic.co/guide/en/kibana/current/setup.html Or follow the simplified installation steps below apt-get install openjdk-8-jre wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" >> /etc/apt/sources.list.d/elastic.list apt-get update apt-get install elasticsearch curl kibana Note regarding Kibana and ElasticSearch: They are often listening on 0.0.0.0, so make sure to configure the firewall to prevent access to those ports (or edit their configs) from the outside Install dependencies libtins wget https://github.com/mfontanini/libtins/archive/v3.5.tar.gz tar -zxf v3.5.tar.gz cd libtins-3.5 apt-get install libpcap-dev libssl-dev build-essential libboost-all-dev mkdir build cd build cmake ../ -DLIBTINS_ENABLE_CXX11=1 make make install ldconfig Note: Radiotap parsing may fail on 3.5. Use their git repository instead. Other dependencies YAML-cpp POCO (for elasticbeat-cpp) RapidJSON (for elasticbeat-cpp) Boost libnl v3 (and libnl-genl) libb64 Optional tsan (Thread sanitizer, for debugging) wireshark-data (manuf file): either generate it using make-manuf and put it in /usr/share/wireshark/manuf or use libwireshark-data package Debian-based OS Note: Make sure the system is up to date apt-get update && apt-get dist-upgrade then reboot before running the following command: apt-get install libyaml-cpp-dev libpoco-dev rapidjson-dev libtsan0 libboost-all-dev libb64-dev libwireshark-data build-essential Load and compile Install Codelite apt-get install codelite codelite-plugins Load projects into CodeLite Create workspace (File -> New -> New workspace) or use existing one. Take note of the directory. Clone repositories in that newly created directory git clone https://github.com/WiFiBeat/WiFiBeat git clone https://github.com/WiFiBeat/elasticbeat-cpp git clone https://github.com/WiFiBeat/simplejson-cpp Add projects to workspace: Right click on the workspace in the Workspace View on the left Click 'Add an existing project' Browse for the wifibeat.project file and click Open Repeat steps II and III for elasticbeat-cpp.project Repeat steps II and III for simplejson-cpp.project Compile Select wifibeat project by double clicking on it. It should be bold now. Now, right click on project and click on Build. Alternatively, hit the Build menu on top then click Build Project. Configure Copy configuration file (wifibeat.yml) in /etc and update it. It is fairly well documented. Limitations For now, a single wireless card (more than one untested). For now, a single elasticsearch output (more than one untested). Logstash output is not implemented yet. Persistence is not implemented yet. Usage Start Elasticsearch: service elasticsearch start Start Kibana: service kibana start Plug a wireless card, put it in monitor mode (manually or using airmon-ng). Update the configuration file with adapter name (/etc/wifibeat.yml) Run the tool with or without parameters. It is in Debug(default) or Release directory depending on how it was compiled. Open browser on http://localhost:5601/ then configure an index called wifibeat-* for time-based events with @timestamp. Also make sure 'Expand index pattern when searching' is checked. If no data is present, index cannot be created. Go to Management -> Saved Objects and import kibana visualizations, searches and dashboard (kibana.json). Parameteres WiFibeat v0.1 Options: -h [ --help ] Show this message -v [ --version ] Display version -c [ --config ] arg (=/etc/wifibeat.yml) Configuration file path -f [ --no-daemon ] Do not go in the background. -d [ --dump-config ] Display parsed configuration -p [ --pid ] arg (=/var/run/wifibeat.pid) Where to write PID file. Ignored if no-daemon is set -n [ --no-pid ] Do not write PID to file. Automatically set when no-daemon is set. -a [ --pcap-prefix ] arg Per interface export PCAP file prefix. Everything is logged in syslog, grep wifibeat /var/log/syslog or tail -f /var/log/syslog | grep wifibeat will show them. Note: If the no-daemon option is used, errors are displayed in the console too. Future WiFi-related Payload parsing (if unencrypted/decrypted) Different channel width (require support from wireless card) 5/10MHz and other unusual ones HT/VHT channel support Frequency (instead of channels) support Packet filtering at the source Multiple cards support PCAPng export/reading (including timestamp) More link types (AVS, Prism2, PPI) Automatically put cards in monitor mode Global filters (for pcap and interfaces) Support for Windows with Airpcap and NPCAP MAC address and OUI manufacturer resolution GPS ElasticSearch Templates/Mapping More configuration options SSL Support Other Unit testing More outputs (Logstash, Kafka, Redis, file, console) Packages (Ubuntu and others) Doxygen documentation CLI interface Use log4cplus for logging ElastAlert alerts Code cleanup Performance improvements Reduce dependencies Makefile Known bugs Packet captures are not fully ingested in Elasticsearch (not all packets are in Elasticsearch). Arrays are not supported in Elasticsearch. Reasons are explained in various bug reports: elastic/kibana#3333, elastic/kibana#998 and elastic/kibana#1587. If querying arrays is needed, you may look into https://github.com/istresearch/kibana-object-format (untested yet). Download WiFi-Beat-master.zip Source: https://www.wifibeat.org/

Am citit, am zis sa-l testez, dar am intrat pe git am vazut ca pe asta il cheama Faizan Ahmad si e din Pakistan, pe urma am intrat pe fsecurify.com si poftim: http://fsecurify.com/cgi-sys/suspendedpage.cgi Asta cu fsecurify e ca paypai la paypal...fsecurity. Sa-l futa sfintii si sfantu Petru sa se uite, cu tool-urile si cu firma lui de insecuritate. No hate @Fi8sVrs @restul sper sa nu va suparati pe mine pentru ceea ce am scris chiar daca va regasiti in fizicul demn de invidiat al acestui Fulbrighter.

U're so sad...https://bitcointalk.org/index.php?topic=2056996.0

Download: aHR0cHM6Ly93ZS50bC90ZWJabEpSbU9I

Da este confirmat. Banii sunt doar blocati cateva zile la platile cu cardul, nu sunt luati live din cont 100% ca si cum platesti cash.

In a mind-boggling world first, a team of biologists and security researchers have successfully infected a computer with a malicious program coded into a strand of DNA. It sounds like science fiction, but I assure you it’s quite real — although you probably don’t have to worry about this particular threat vector any time soon. That said, the possibilities suggested by this project are equally fascinating and terrifying to contemplate. The multidisciplinary team at the University of Washington isn’t out to make outlandish headlines, although it’s certainly done that. They were concerned that the security infrastructure around DNA transcription and analysis was inadequate, having found elementary vulnerabilities in open-source software used in labs around the world. Given the nature of the data usually being handled, this could be a serious problem going forward. Sure, they could demonstrate the weakness of the systems with the usual malware and remote access tools. That’s how any competent attacker would come at such a system. But the discriminating security professional prefers to stay ahead of the game. “One of the big things we try to do in the computer security community is to avoid a situation where we say, ‘Oh shoot, adversaries are here and knocking on our door and we’re not prepared,'” said professor Tadayoshi Kohno, who has a history of pursuing unusual attack vectors for embedded and niche electronics like pacemakers. From left, Lee Organick, Karl Koscher, and Peter Ney from the UW’s Molecular Information Systems Lab and the Security and Privacy Research Lab prepare the DNA exploit for sequencing “As these molecular and electronic worlds get closer together, there are potential interactions that we haven’t really had to contemplate before,” added Luis Ceze, one co-author of the study. Accordingly, they made the leap plenty of sci-fi writers have made in the past, and that we are currently exploring via tools like CRISPR: DNA is basically life’s file system. The analysis programs are reading a DNA strand’s bases (cytosine, thymine etc, the A, T, G, and C we all know) and turning them into binary data. Suppose those nucleotides were encoding binary data in the first place? After all, it’s been done before — right down the hall. Here comes the mad science Here’s how they did it. All you really need to know about the transcription application is that it reads the raw data coming from the transcription process and sorts through it, looking for patterns and converting the base sequences it finds into binary code.“The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is done in a fixed-size buffer that assumes a reasonable maximum read length,” explained co-author Karl Koscher in response to my requests for more technical information. That makes it ripe for a basic buffer overflow attack, in which programs execute arbitrary code because it falls outside expected parameters. (They cheated a little by introducing a particular vulnerability into the software themselves, but they also point out that similar ones are present elsewhere, just not as conveniently for purposes of demonstration.) After developing a way to include executable code in the base sequence, they set about making the exploit itself. Ironically, it’s inaccurate to call it a virus, although it’s closer to a “real” virus than perhaps any malicious code ever written.“The exploit was 176 bases long,” Koscher wrote. “The compression program translates each base into two bits, which are packed together, resulting in a 44 byte exploit when translated.” Given that there are 4 bases, it would make sense to have each represent a binary pair. Koscher confirmed this was the case. (If you’re curious, as I was: A=00, C=01, G=10, T=11.) “Most of these bytes are used to encode an ASCII shell command,” he continued. “Four bytes are used to make the conversion function return to the system() function in the C standard library, which executes shell commands, and four more bytes were used to tell system() where the command is in memory.” Essentially the code in the DNA escapes the program as soon as it is converted from ACGTs to 00011011s, and executes some commands in the system — a sufficient demonstration of the existence of the threat vector. And there’s plenty of room for more code if you wanted to do more than break out of the app. At 176 bases, the DNA strand comprising the exploit is “by almost any biological standard, very small,” said Lee Organick, a research scientist who worked on the project. Biopunk future confirmed In pursuance of every science journalist’s prime directive, which is to take interesting news and turn it into an existential threat to humanity, I had more questions for the team. “CONCEIVABLY,” I asked, in all caps to emphasize that we were entering speculative territory, “could such a payload be delivered via, for example, a doctored blood sample or even directly from a person’s body? One can imagine a person whose DNA is essentially deadly to poorly secured computers.” Irresponsibly, Organick stoked the fires of my fearmongering. “A doctored biological sample could indeed be used as a vector for malicious DNA to get processed downstream after sequencing and be executed,” he wrote. “However, getting the malicious DNA strand from a doctored sample into the sequencer is very difficult with many technical challenges,” he continued. “Even if you were successfully able to get it into the sequencer for sequencing, it might not be in any usable shape (it might be too fragmented to be read usefully, for example).” It’s not quite the biopunk apocalypse I envisioned, but the researchers do want people thinking along these lines at least as potential avenues of attack. “We do want scientists thinking about this so they can hold the DNA analysis software they write to the appropriate security standards so that this never makes sense to become a potential attack vector in the first place,” said Organick. “I would treat any input as untrusted and potentially able to compromise these applications,” added Koscher. “It would be wise to run these applications with some sort of isolation (in containers, VMs, etc.) to contain the damage an exploit could do. Many of these applications are also run as publicly-available cloud services, and I would make isolating these instances a high priority.” The likelihood of an attack like this actually being pulled off is minuscule, but it’s a symbolic milestone in the increasing overlap between the digital and the biological. The researchers will present their findings and process (PDF) next week at the USENIX Security conference in Vancouver. Via techcrunch.com

Si pentru ce va certati? Nu ii vad rostul?

Esti un producator ambulant de kkt, meri la pesti!

How the NSA tracks you by William Binney, former NSA & whistleblower Link: https://media.ccc.de/v/SHA2017-402-how_the_nsa_tracks_you Via: https://twitter.com/x0rz/status/894557118992396288 Imi cer scuze daca am gresit sectiunea

Nu ca ar fi o noutate insa in slide-ul cu Third Parties apare si Romania ca fiind cele care colecteaza date pentru NSA. Interesant ca si Suedia apare acolo.... Minutul 52:49

Si deci s-a conenctat cineva la vre-unul? Sau e cu parola?

paccc :)))))))))))

One of the aspects of ransomware that makes them so effective is the psychological angle: encrypting files in a computer or device plays on the victims' fears – specifically, would they lose their files if they did not pay? A new mobile ransomware called LeakerLocker (Detected by Trend Micro as ANDROIDOS_LEAKERLOCKER.HRX) takes this psychological fear one step further. It does not threaten to encrypt or delete files. Instead, it gathers personal information and threatens to expose this info to the user's contact list. LeakerLocker arrives on an Android device via Google Play. Three applications (which have since been taken down by Google) in particular were found carrying the mobile ransomware: Wallpapers Blur HD, Booster & Cleaner Pro, and Calls Recorder. Figure 1: Calls Recorder app Analysis of the Calls Recorder app shows that LeakerLocker will begin to gather personal information from the device as soon as it's downloaded. The type of data gathered includes contacts, phone calls and photographs, which it then threatens to expose, as seen from the ransom note taken from another application carrying the ransomware: Figure 2: LeakerLocker ransom screen Analyisis of the LeakerLocker code reveals that it isn't capable of actually exposing the information, but the simple threat of having potentially sensitive information exposed could be enough to scare a victim into paying the ransom. In addition to LeakerLocker, here are the other notable ransomware news from this week: SLocker While the world has had enough of Petya and its variants, it seems that cybercriminals are still trying to ride the ransomware’s popularity. In July, the veteran ransomware known as SLockerwas found copying Petya's Graphical User Interface (GUI). Recently, SLocker popped up again with a new variant (Detected by Trend Micro as ANDROIDOS_SLOCKER.OPSCB) combining the use of the China-based social networking website QQ with its screen locking and file encrypting capabilities. Figure 3: SLocker ransom note This variant features a few changes since its first iteration, particularly in how it was created. Notably, it uses the Android integrated development environment (AIDE), which makes it easier for potential attackers to create their own SLocker variants. It does come with a few kinks, and is rather incompetent when it comes to actually encrypting files – including unnecessary file types like temp, cache, and system logs. However, it combines file encryption with screen locking features, making it doubly troublesome for its targets. Cerber While the Cerber ransomware has gone through so many evolutions that it is hardly surprising to see new variants popping up, ransomware with cryptocurrency-stealing features are quite unusual. That relatively uncommon feature is what makes this new Cerber variant (Detected by Trend Micro as RANSOM_HPCERBER.SMALY5A) quite notable. Figure 4: Email containing the Cerber ransomware The new variant specifically steals cryptocurrencies by targeting three kinds of wallets—Bitcoin’s Core wallet and two third-party wallets from Electrum and Multibit—while trying to retrieve password information via files and internet browsers. In addition, Cerber will also delete the actual wallet files once the information is stolen. While this behavior in itself is unlikely to cause wide scale concerns due to the relatively small number of bitcoin users, it's still a significant threat. It's also a sign that ransomware developers are starting to look for more ways to profit, regardless if the victim chooses to avoid paying the ransom. Mobile ransomware highlight this week’s recap. Plenty of users are still unaware that ransomware can also infect mobile devices. Users should always double check any application they download, even if they come from reliable sources such as Google Play. Reading app reviews can help users distinguish legitimate applications from suspicious and potentially malicious ones. Demon Although the Demon ransomware (Detected by Trend Micro as RANSOM_DEMON family) is relatively unremarkable in terms of payload—it doesn't actually encrypt any files—it’s notable because of its unusual ransom note, which is similar to WannaCry’s: Figure 5: Demon ransom note Perhaps even stranger is the “encrypt” button located at the bottom left portion of the ransom note. Why this button exists is not clear, as obviously, no user will want to encrypt their own files. The Chinese characters found in the upper left portion of the note (blurred in the above photograph) is actually the logo of an online bookstore, which adds to the amateurish quality of this ransomware. It all points to an unsophisticated attempt at tricking users through bluffing without having routines that do any damage. Ransomware Solutions End users and enterprises can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Android™ (available on Google Play), and Trend Micro™ Mobile Security for Apple devices (available on the App Store). Trend Micro™ Mobile Security for Enterprise provide device, compliance and application management, data protection, and configuration provisioning, as well as protect devices from attacks that leverage vulnerabilities, preventing unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites Enterprises can also benefit from a multi-layered, step-by-step approach in order to best mitigate the risks brought by these threats. Email and web gateway solutions such as Trend Micro™ Deep Discovery™ Email Inspector and InterScan™ Web Security prevent ransomware from ever reaching end users. At the endpoint level, Trend Micro Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimizes the impact of this threat. Trend Micro Deep Discovery Inspector detects and blocks ransomware on networks, while Trend Micro Deep Security™ stops ransomware from reaching enterprise servers–whether physical, virtual or in the cloud. For small businesses, Trend Micro Worry-Free Services Advanced offers cloud-based email gateway security through Hosted Email Security. Its endpoint protection also delivers several capabilities such as behavior monitoring and real-time web reputation in order detect and block ransomware. For home users, Trend Micro Security 10 provides strong protection against ransomware by blocking malicious websites, emails, and files associated with this threat. Users can likewise take advantage of our free tools such as the Trend Micro Lock Screen Ransomware Tool, which is designed to detect and remove screen-locker ransomware; as well as Trend Micro Crypto-Ransomware File Decryptor Tool, which can decrypt certain variants of crypto-ransomware without paying the ransom or the use of the decryption key. Via trendmicro.com

De cand e asta informatie secreta? Majoritatea orbitelor satelitilor sunt publice. La fel si cu descriptorii si cu misiunile satelitilor. Daca stii unde sa cauti poti gasi si echipamentul de pe un satelit si frecventele de comunicare. PS: "coordonatele" vor ramane in general aceleasi. Alea nu sunt coordonate geografice, sunt parametrii de orbita. Axa majora, apogee, perigee, inclinatie, (perioada)

Identifying malicious software executables is made difficult by the constant adaptations introduced by miscreants in order to evade detection by antivirus software. Such changes are akin to mutations in biological sequences. Recently, high-throughput methods for gene sequence classification have been developed by the bioinformatics and computational biology communities. In this paper, we apply methods designed for gene sequencing to detect malware in a manner robust to attacker adaptations. Whereas most gene classification tools are optimized for and restricted to an alphabet of four letters (nucleic acids), we have selected the Strand gene sequence classifier for malware classification. Strand’s design can easily accommodate unstructured data with any alphabet, including source code or compiled machine code. To demonstrate that gene sequence classification tools are suitable for classifying malware, we apply Strand to approximately 500 GB of malware data provided by the Kaggle Microsoft Malware Classification Challenge (BIG 2015) used for predicting nine classes of polymorphic malware. Experiments show that, with minimal adaptation, the method achieves accuracy levels well above 95% requiring only a fraction of the training times used by the winning team’s method. https://jis-eurasipjournals.springeropen.com/articles/10.1186/s13635-017-0055-6

June 29, 2017 ~ R3MRUM Over the past year-or-so, there seems to have been an uptick of miscreants password protecting the malicious office documents that they send to their target victims. They do this in an effort to bypass detection and thwart analysis. This blog details a few different tools and methodologies that can be used to analyze such files. Delivery & File Type These malicious documents typically end up making their way to the end point via email. The email message typically consists of some ruse to entice the user to open the document and, conveniently, includes the password needed to decrypt it (Figure 1). Figure 1: Example email with password protected MS Office document attached and password in message body. The ‘m’ at the end of the ‘.dotm’ file extension, shown in Figure 1, tells you that the file attached is macro-enabled. In this instance, it is an MS Office Document Template file but it could have just as easily been a ‘.docm’ file, ‘.xlsm’ file, or any other macro-enabled file type supported by MS Office 2007 or newer. Feel free to read more about these file types on Microsoft’s website. Figure 2 shows the prompt that you are presented with when you open a password protected Office document: Figure 2: Password prompt received when opening a password protected office document. Failed Analysis Method #1: Copy Macros When I first encountered this type of malicious document, my first instinct was to launch the document in an isolated sandbox, enter in the password provided to me in the message body, and then copy the embedded VBA macro code from the document into notepad where I can then perform my analysis. This technically could have worked if the miscreant did not also password protect the Visual Basic Project containing the malicious VBA code with a separate unknown password (Figure 3). Figure 3: Password prompt received when attempting to gain access to macro code. Failed Analysis Method #2: Re-Save Without Password My second thought was: “After I open the document and enter in the initial password, I’ll just re-save the document without a password. Then I’ll be able to use my analysis tools to inspect the file’s contents.” Unfortunately, this doesn’t work either due to the fact that the VB Project within the encrypted document is also password protected. If you attempt this method, the contents of the document (images, text, etc…) will still be present within the unencrypted copy of the document but any embedded macros will be stripped. Successful Analysis Method #1: Decrypt with MSOffice-Crypt & Analyze w/ olevba|ViperMonkey Let me introduce you to a nifty little tool called msoffice-crypt. This bad mama jama enables you to dump a decrypted version of the encrypted office document out to a file. As a bonus, it works in both Windows and Linux! Figure 4: msoffice-crypt options & decrypting of encrypted Office document In Figure 4, I ran msoffice-crypt.exe without any arguments so that you can see the different supported options. Then, in the highlighted section, I ran the following command, which decrypted smith.dotm using the password “6429”: msoffice-crypt.exe -d -p 6429 smith.dotm If you did not provide an output file name, msoffice-crypt will default to appending an “_d” to the file name, like so: smith_d.dotm. Figure 5: Decrypted document created within the current working directory Sure enough, we see in Figure 5 that the decrypted Office document has been created. Now, if we launch this newly created document (in an isolated environment, of course!), you should no longer received the password prompt. Figure 6: Office document decrypted. Password no longer needed to open. Voilà! No password prompt received! (Figure 6) If you didn’t know, MS Office 2007+ documents are OpenXML format which means they are actually just compressed archives that you can decompress using you’re favorite archive extractor (WinZip, 7z, etc..). We can also spot the difference between the encrypted and decrypted documents by comparing the decompressed contents of both. Figure 7: Contents of decompressed encrypted Office document Figure 7 shows the contents of my encrypted Office document whereas Figure 8 shows the contents of my decrypted Office document. Figure 8: Contents of decompressed decrypted Office document The contents depicted in both Figures 7 and 8 are typical and should match what you are seeing in whatever OpenXML formatted Office document you are analyzing; not just this sample. This actually segues nicely into the next step, which is to extract out the VBA Macro code. If you recall, the malware author also password protected the VB Project containing the macro code. While I am not aware of any tool that will strip this protection from the document, it doesn’t matter as existing tools such as oletools, ViperMonkey, etc.. completely bypass it. Back in the day (like 3 months ago), I would have extracted out the VBA code by decompressing the OpenXML archive, locating the OLE binary within the “word” folder (i.e vbaProject.bin), and then using something like OfficeMalScanner (Figures 9 & 10): Figure 9: Running OfficeMalScanner against OLE binary found within OpenXML archive Figure 10: VBA code extracted from OLE binary using OfficeMalScanner … or olevba from the oletools suite (Figure 11): Figure 11: VBA code extracted from OLE binary using olevba But this is old-school. These days, all the kids are using ViperMonkey. ViperMonkey not only extracts the VBA for you but also emulates execution so that if the VBA is heavily obfuscation (in this case, it is not), you can quickly and safely derive what the code is actually doing. Also, it can handle OpenXML files so there is no need to extract the archive and locate the OLE binary. Figure 12: Analysis of the decrypted Office document using ViperMoney Figure 12 shows how ViperMoney not only extracts and displays the embedded VBA macro but it also gives you the execution flow of the malicious code in a quick and easy-to-ingest format. This dramatically reduces analysis time which, in turn, expedites time-to-respond. If I ever meet Philippe Lagadec (@decalage2), I’m going to buy that man a beer! Successful Analysis Method #2: Simply Open w/ LibreOffice Your probably going to hate me for making you step through the entire blog before mentioning – what turns out to be – the most simplest (and laziest) solution for accessing the embedded VBA code within a password protected document/project. Since REMNux doesn’t come packaged with LibreOffice, you’ll need to install it by simply running: sudo apt-get install libreoffice Once installed, open the encrypted Office document in LibreOffice by running: libreoffice smith.dotm Like when you opened the encrypted Office document within MS Office (Figure 2), you will be requested to enter in the document’s password (Figure 13). Figure 13: LibreOffice password prompt When you enter in the password, the document will successfully load. Now, you will be able to access the embedded VBA macro code by navigating to: Tools –> Macros –> Organize Macros –> LibreOffice Basic You will be presented with a pop-up window (Figure 14) where you will need to find the project containing the VBA code and hit the Edit button. Figure 14: LibreOffice’s Macro Editor Dialogue And BOOM! LibreOffice’s Basic Editor opens; giving you direct access to the VBA macro code without needing to also know the VB Project’s password (Figure 15): Figure 15: LibreOffice’s Basic Editor providing access to embedded VBA code. Bypassing password. That’s it! It’s that simple! My personal preference is the first method as I’m a command-line junkie. But, if you are more comfortable with performing your analysis via a GUI, then the LibreOffice method might be a better fit for you! Regardless, knowing multiple methods for solving single problem will only make you a better analyst. References Open XML Formats and file name extensions How to remove a password from a document MSOffice-Crypt: A tool/lib to encrypt/decrypt Microsoft Office Document Wikipedia: Office Open XML OfficeMalScanner Decalage2: oletools GitHub Decalage2: ViperMonkey GitHub LibreOffice Wiki Sursa: https://r3mrum.wordpress.com/2017/06/29/analyzing-malicious-password-protected-office-documents/

_ _ _ _ __ _ _ __| (_) ___| |_ ___ _ __ | '_ \| | | |/ _` | |/ __| __/ _ \| '__| | |_) | |_| | (_| | | (__| || (_) | | | .__/ \__, |\__,_|_|\___|\__\___/|_| |_| |___/ Email: LandGrey@qq.com Preface: Q: Why I need to use pydictor ? A: 1.it always can help you You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on; You can use the pydictor built-in tool to safe delete, merge, unique, merge and unique, count word frequency to filter the wordlist, besides, you also can specify your wordlist and use '-tool handler' to filter your wordlist; 2.highly customized You can generate highly customized and complex wordlist by modify multiple configuration files, add your own dictionary, using leet mode, filter by length、char occur times、types of different char、regex, even customized own encryption function by modify /lib/fun/encode.py test_encode function. its very relevant to generate good or bad password wordlist with your customized rules and skilled use of pydictor; 3.powerful and flexible configuration file parsing nothing to say,skilled use and you will love it 4.great compatibility whether you are using Python 2.7 version or Python 3.x version , pydictor can be run on Windows, Linux or Mac; Start: git clone --depth=1 --branch=master https://www.github.com/landgrey/pydictor.git cd pydictor/ chmod 755 pydictor.py python pydictor.py Overview: Quick to use: types of generate wordlist（14 types）and descriptions wordlist type number description base 1 basic wordlist char 2 custom character wordlist chunk 3 permutation and combination wordlist conf 4 based on configuration file wordlist sedb 5 social engineering wordlist idcard 6 id card last 6/8 char wordlist extend 7 extend wordlist based on rules scratch 8 wordlist based on web pages keywords passcraper 9 wordlist against to web admin and users handler 10 handle the input file generate wordlist uniqifer 11 unique the input file and generate wordlist counter 12 word frequency count wordlist combiner 13 combine the input file generate wordlist uniqbiner 14 combine and unique the input file generate wordlist function and scope of support wordlist number function number (wordlist) description len 1 2 3 4 5 6 7 9 10 11 12 14 lenght scope head 1 2 3 4 5 6 7 9 10 11 12 14 add items prefix tail 1 2 3 4 5 6 7 9 10 11 12 14 add items suffix encode 1 2 3 4 5 6 7 9 10 11 12 14 encode the items occur 3 4 5 7 9 10 11 12 14 filter by occur times of letter、digital、special chars types 3 4 5 7 9 10 11 12 14 filter by types of letter、digital、special chars regex 3 4 5 7 9 10 11 12 14 filter by regex level 5 7 9 set the wordlist level leet 5 7 9 1337 mode usage examples: 1: generate the basic wordlsit based on digital lenght of 4 python pydictor.py -base d --len 4 4 --output D:\exists\or\not\dict.txt 2: encode the wordlist python pydictor.py -base L --len 1 3 --encode b64 3: use d(digital) L(lowercase letter) c(capital letter) generating wordlist python pydictor.py -base dLc -o /awesome/pwd 4: use customized characters generating wordlist python pydictor.py -char "abc123._@ " --len 1 3 --tail @site 5: generate permutation and combination wordlist python pydictor.py -chunk abc ABC 666 . _ @ "'" --head a --tail 123 --encode md5 6. extend wordlist based on rules extend function mainly directed against web application administrator to generate password You can put your own weak password wordlist in wordlist/Web,extend function will auto unique them,new wordlist will contains them You can modify funcfg/extend.conf,set prefix, suffix, prefix + suffix and middle word when extended extend function support leet mode,pick by level and pick by lenght function，you can learn more in the following write the following information to '/names.txt' liwell shelly bianji webzhang run command: python pydictor.py -extend /names.txt --leet 0 1 2 11 21 --level 1 --len 4 16 --occur "<=10" ">0" "<=2" -o /possbile/wordlist.lst 7: id card last 6/8 char wordlist pydictor.py -plug pid6 --types ">=0" ">=4" ">=0" --encode b64 note: default sex ='all', it decided by lib/data/data.py default_sex, and 'm' is Male, 'f' is Female 8: using passcraper plugin crawl website generating password wordlist based on plain text found and extend rules the rules of passcraper plug and extend function are the same passcraper plug will generate two wordlist，preffix with SCRATCH is raw wordlist by website plain text， and if you feel that there are a lot of unrelated words in the SCRATCH wordlist, you can remove them, and then use the extend function to specify the new file to generate dictionary again. you can modify the funcfg/passcraper_blacklist.conf file，add or delete useless words that need to be filtered out， and also can modify lib/data/data.py file passcraper_filter argument，change the filter regular expressions with same extend function，you can put your weak password in /wordlist/Web，new wordlist will contains them python pydictor.py -plug passcraper using default file scraper.sites as multi-input file python pydictor.py -plug passcraper http://www.example.com 9. using configuration file build dictionary this function contains all of "-base" and "-char" capacities，and more precise control python pydictor.py --conf using default file funcfg/build.conf build the dictionary python pydictor.py --conf /my/other/awesome.conf using /my/other/awesome.conf build the dictionary note: parsing rules details as following，besides referred to build.conf file configuration parsing rules details: the basic unit of parsing is called an parsing element, an parsing element includes five elements, namely: head, character set, length range, encoding, tail, which can be omitted both head and tail; A standard parsing element:head[characters]{minlength,maxlength}<encode-type>tail，a example parsing element：a[0-9]{4,6}<none>_ Its meaning build a dictionary that prefix is "a" , character set is 0—9, don't encode,length range is 4—6 and suffix is "_" current is support parsing one line one line can contains 10 parsing elements such as:[4-6,a-c,A,C,admin]{3,3}<none>_[a,s,d,f]{2,2}<none>[789,!@#]{1,2}<none>,it contains three parsing elements if annotator "#" in first place, program won't parse this line conf function can build more precise dictionary up to single char about character sets： You can add the "-" in the middle of character sets beginning and ending to join them and can also use "," to separate multiple character sets, or a single character, or a single string, as an element of the character set; supported encoding: none don't encode b64 base64 md5 md5 digest algorithm output 32 char md516 md5 digest algorithm output 16 char sha1 sha1 digest algorithm url urlencode sha256 sha256 digest algorithm sha512 sha512 digest algorithm test interface for customized encode function 10. handle wordlist's tools filter tool handler specify the input file, and output the handled file python pydictor.py -tool handler /wordlist/raw.txt --len 6 16 --occur "" "=6" "<0" --encode b64 -o /wordlist/ok.txt safe delete tool shredder python pydictor.py -tool shredder delete the currently specified output path(default:results) files and all its dictionary files python pydictor.py -tool shredder base delete the files of it's prefix is "BASE" in currently specified output path prefix(case insensitive) range in 14 items: base,char,chunk,conf,sedb,idcard,extend,handler,uniqifer,counter,combiner,uniqbiner,scratch,passcraper besides，you can safe shred files or whole directory as following: python pydictor.py -tool shredder /data/mess python pydictor.py -tool shredder D:\mess\1.zip for improving the security delete speed, the default uses 1 times to erase and rewrite，you can modify lib/data/data.py file's file_rewrite_count and dir_rewrite_count value remove duplicates tool uniqifer python pydictor.py -tool uniqifer /tmp/my.dic word frequency statistics tool counter python pydictor.py -tool counter vs /tmp/mess.txt 100 select 100 words in /tmp/mess.txt file that appear in the most times and output to the terminal and saved to file note: default choose 100 items to print or save；default separator is:"\n",you can modify counter_split value in lib/data/data.py file merge dictionary tool combiner python pydictor.py -tool combiner /my/messdir note: default choose 100 items to print or save；default separator is:"\n",you can modify counter_split value in lib/data/data.py file merge dictionary tool combiner python pydictor.py -tool combiner /my/messdir remove duplicates after merging tool uniqbiner python pydictor.py -tool uniqbiner /my/messdir 11: wordlist filter filter by level function this function is currently only support extend function, passcraper plug, Social Engineering Dictionary Builder default level is 3, the lower level, the lower possibility, the more items modify funcfg/extend.conf file，customized your awesome level rules python pydictor.py -extend bob adam sarah --level 5 use leet mode this function is currently only support extend, passcraper, Social Engineering Dictionary Builder all default unable to use leet mode, when enable, you can use multiple code at one time SEDB can enable leet mode and set code in SEDB interface enable leet mode cannot make wordlist decrease，it will increase wordlist on the basis of unable to use the leet mode default leet table leet char = replace char a = 4 b = 6 e = 3 l = 1 i = 1 o = 0 s = 5 code 0 default，replace all 1 left-to-right, replace all the first encountered leet char 2 right-to-left, replace all the first encountered leet char 11-19 left-to-right, replace the first encountered leet char to maximum code-10 chars 21-29 right-to-left, replace the first encountered leet char to maximum code-20 chars code effection table code old string new string 0 as a airs trees 45 4 41r5 tr335 1 as a airs trees 4s 4 4irs trees 2 as a airs trees a5 a air5 tree5 11 as a airs trees 4s a airs trees 12 as a airs trees 4s 4 airs trees 13 as a airs trees 4s 4 4irs trees 14 as a airs trees 4s 4 4irs trees ... as a airs trees 4s 4 4irs trees 21 as a airs trees as a airs tree5 22 as a airs trees as a air5 tree5 23 as a airs trees a5 a air5 tree5 24 as a airs trees a5 a air5 tree5 ... as a airs trees a5 a air5 tree5 besides,you also can: modify /funcfg/leet_mode.conf, add or delete leet table items; modify /lib/lib/data.py, extend_leet、passcraper_leet、sedb_leet arguments, choose some functions whether default use leet mode; modify /lib/data/data.py,leet_mode_code argument, choose default mode code; filter by occur times of letter、digital、special chars --occur [scope of occur letter times] [scope of occur digital times] [scope of occur special chars times] default occur times "<=99" "<=99" "<=99" filter by types of letter、digital、special chars --types [scope of letter types] [scope of digital types] [scope of special types] default types ">=0" ">=0" ">=0" 12. social engineering dictionary python pydictor.py --sedb _ _ _ _ __ _ _ __| (_) ___| |_ ___ _ __ | '_ \| | | |/ _` | |/ __| __/ _ \| '__| | |_) | |_| | (_| | | (__| || (_) | | | .__/ \__, |\__,_|_|\___|\__\___/|_| |_| |___/ Social Engineering Dictionary Builder Build by LandGrey ----------------------------[ command ]---------------------------- [+]help desc [+]exit/quit [+]clear/cls [+]show option [+]set option arguments [+]rm option [+]len minlen maxlen [+]head prefix [+]tail suffix [+]encode type [+]occur L d s [+]types L d s [+]regex string [+]level code [+]leet code [+]output directory [+]run ----------------------------[ option ]---------------------------- [+]cname [+]ename [+]sname [+]birth [+]usedpwd [+]phone [+]uphone [+]hphone [+]email [+]postcode [+]nickname [+]idcard [+]jobnum [+]otherdate [+]usedchar pydictor SEDB>> command: help reload interface help desc view the meaning for each items exit or quit exit the program clear or cls clear screen show view the current settings set set option value rm remove option value len select the length range head add prefix tail add suffix encode encode items occur set occur times of letter、digital、special chars types set types of letter、digital、special chars regex filter by regex level select the extend level value leet enable leet mode and choose code output set output dictionary or file path run build wordlist if you have some information about someone information items value chinese name 李伟 pinyin name liwei simple name lw simple name Lwei english name zwell birthday 19880916 used password liwei123456. used password liwei@19880916 used password lw19880916_123 used password abc123456 phone number 18852006666 used phone number 15500998080 home phone 76500100 company phone 010-61599000 email account 33125500@qq.com email account 13561207878@163.com email account weiweili@gmail.com email account wei010wei@hotmail.com home postcode 663321 now place postcode 962210 common nickname zlili id card number 152726198809160571 student id 20051230 job number 100563 father birthday 152726195910042816 mother birthday 15222419621012476X boy/girl friend brithday 152726198709063846 friend brithday 152726198802083166 pet name tiger crazy something games of thrones special meaning numbers 176003 special meaning chars m0n5ter special meaning chars ppdog now, use follwing command: python pydictor.py --sedb set cname liwei set sname lw Lwei set ename zwell set birth 19880916 set usedpwd liwei123456. liwei@19880916 lw19880916_123 set phone 18852006666 set uphone 15500998080 set hphone 76500100 61599000 01061599000 set email 33125500@qq.com set email 13561207878@163.com set email weiweili@gmail.com set email wei010wei@hotmail.com set postcode 663321 962210 set nickname zlili set idcard 152726198809160571 set jobnum 20051230 100563 set otherdate 19591004 19621012 set otherdate 19870906 19880208 set usedchar tiger gof gamesthrones 176003 m0n5ter ppdog view the configuration, and build the wordlist show run if you want more items wordlist, use level 1 and, you want to filter some impossible password, set the password lenght len 1 16 at least one letter and at most three special char, occur ">0" "" "<=3" and at most two types of special char in one item, types "" "" "<=2" finaly, specify the output path, build wordlist again output D:\awesome\dict\liwei_pass.txt run note: you can modify funcfg/sedb_tricks.conf file，change the word transform prefix, suffix and prefix+suffix rules you can put your own individual weak password wordlist in wordlist/SEDB, SEDB some little rules contains extend function Destination is just a point of departure，It's your show time Download pydictor-master.zip Source: https://github.com/LandGrey/pydictor

burpa: Burp Automator A Burp Suite Automation Tool with Slack Integration Requirements burp-rest-api Burp Suite Professional slackclient Usage: python burpa.py -h ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### usage: burpa.py [-h] [-a {scan,proxy-config}] [-pP PROXY_PORT] [-aP API_PORT] [-rT {HTML,XML}] [-r {in-scope,all}] [--include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]]] [--exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]]] proxy_url positional arguments: proxy_url Burp Proxy URL optional arguments: -h, --help show this help message and exit -a {scan,proxy-config}, --action {scan,proxy-config} -pP PROXY_PORT, --proxy-port PROXY_PORT -aP API_PORT, --api-port API_PORT -rT {HTML,XML}, --report-type {HTML,XML} -r {in-scope,all}, --report {in-scope,all} --include-scope [INCLUDE_SCOPE [INCLUDE_SCOPE ...]] --exclude-scope [EXCLUDE_SCOPE [EXCLUDE_SCOPE ...]] TEST: $ python burpa.py http://127.0.0.1 --action proxy-config ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### [+] Checking the Burp proxy configuration ... [-] Proxy configuration needs to be updated [+] Updating the Burp proxy configuration ... [-] Proxy configuration updated $ python burpa.py http://127.0.0.1 --action scan --include-scope http://testasp.vulnweb.com ################################################### __ / /_ __ ___________ ____ _ / __ \/ / / / ___/ __ \/ __ `/ / /_/ / /_/ / / / /_/ / /_/ / /_.___/\__,_/_/ / .___/\__,_/ /_/ burpa version 0.1 / by 0x4D31 ################################################### [+] Retrieving the Burp proxy history ... [-] Found 4 unique targets in proxy history [+] Updating the scope ... [-] http://testasp.vulnweb.com included in scope [+] Active scan started ... [-] http://testasp.vulnweb.com Added to the scan queue [-] Scan in progress: %100 [+] Scan completed [+] Scan issues for http://testasp.vulnweb.com: - Issue: Robots.txt file, Severity: Information - Issue: Cross-domain Referer leakage, Severity: Information - Issue: Cleartext submission of password, Severity: High - Issue: Frameable response (potential Clickjacking), Severity: Information - Issue: Password field with autocomplete enabled, Severity: Low - Issue: Cross-site scripting (reflected), Severity: High - Issue: Unencrypted communications, Severity: Low - Issue: Path-relative style sheet import, Severity: Information - Issue: Cookie without HttpOnly flag set, Severity: Low - Issue: File path traversal, Severity: High - Issue: SQL injection, Severity: High [+] Downloading HTML/XML report for http://testasp.vulnweb.com [-] Scan report saved to /tmp/burp-report_20170807-235135_http-testasp.vulnweb.com.html [+] Burp scan report uploaded to Slack Download burpa-master.zip Source: https://github.com/0x4D31/burpa

Oi fi eu prost, dar din cate stiu, mai toate routerele, cand ii cer parola, au "Authentication Type" deja setat pe wpa2/wpa-psk, care necesita minim 8 caractere, de ce ar mai exista parole de <8 caractere pe https://github.com/faizann24/wifi-bruteforcer-fsecurify/blob/master/sourcecode/main/assets/passwords.txt ?

@ManutaDeAur Nu cred ca mai are somn noaptea omu' asta. Pentru un om cu doar 8 clase sau 9 clase le "da cu seen" multora de pe aici. Omu' a incercat si incearca, a mai ramas cu ceva. Nu doar laba si chat. Hai ca iar sar haterii astia pe mine. Unde esti tu aa66760fdzxza?

hello all me and my coder we are trying to do our own version of Electrum Cash wallet.... we are able to edit it little bit change the gui and so on... but we are stuck at compiling it into a exe source code : www.electroncash.org/downloads/win-linux/ please download source code and check if you are able to compile .... if yes pm me (we discuss futher)