Leaderboard

Ca orice serviciu gratuit si cel oferit de https://www.vpnbook.com/ are mici "imperfectiuni", in cazul de fata, unul din ele fiind necesitatea de a vizita site-ul in mod regulat pentru obtinerea datelor de login. Prin aceasta automatizare vom elimina acest mic dezavantaj. Se presupune ca este folosit open vpn Modificarea fisierului config (Locatie: C:\Program Files\OpenVPN\config\) - pentru utilizarea datelor de logare dintr-un fisier - in fisierul ".ovpn" vom inlocui linia: auth-user-pass cu : auth-user-pass "D:\\vpn_book.txt" Automatizare: #Python 2.7 import urllib2 import re vpn = "http://www.vpnbook.com/" response = urllib2.urlopen(vpn) data = response.read() u = re.search("Username: (\w+)<", data) if u: utilizator = u.group(1) p = re.search("Password: (\w+)<", data) if p: parola = p.group(1) with open("D:\\vpn_book.txt", "w") as login_file: login_file.write(utilizator +"\n" + parola) login_file.close() La fiecare rulare a scriptului de mai sus datele de login din fisierul d:\\vpn_book.txt for fi improspatate

"...and it can be easily installed using latest apk 2017 file." This was the official website if I remember well: http://droidsheep.de Andreas Koch a abandonat proiectul si l-a sters. Conturile lui pe git: https://github.com/koch86 https://github.com/droidsheep AVETI GRIJA LA CE INSTALATI!!!

@M4T3! Nu am vandut niciodata linkuri pe blog, nici nu vand si am grija de trimiterile pe care le fac. Am doar doua site-uri in blogroll: un blogger si RST. Oferta mea: un an de zile, dofollow, index, blogroll, gratis. In semn de multumire ca l-ai ajutat pe tatal meu. Nu v-am uitat, va am in lista. Daca pot sa ajut, ajut. Daca esti de acord, da-mi un mesaj privat cu site-ul. Sunt sigur ca este in regula, insa vreau sa arunc o privire pe el, sa ma asigur eu.

Asa cum exista un topic de "Fun stuff", asa ar fi ok sa avem si lucruri interesante de urmarit. Postati aici lucruri UTILE si INTERESANTE, nu neaparat legate de IT, ci legate de viata, fizica, curiozitati, orice va trece prin cap si ar putea fi interesant si pentru alte persoane. De exemplu: Alt exemplu: [h=1]A fost inventat combustibilul "solar" pentru aeronave[/h] Un proiect de cercetare, finan?at de UE, a dus la ob?inerea, în premier? la nivel mondial, a unui combustibil „solar” pentru aeronave, pe baz? de ap? ?i dioxid de carbon (CO2). Cercet?torii au realizat pentru prima dat? întregul lan? de produc?ie a kerosenului regenerabil, utilizând lumina concentrat? ca surs? de energie cu temperatur? înalt?. Proiectul, denumit Solar-Jet, se afl? înc? în faza experimental?. Astfel, în condi?ii de laborator, cu ajutorul luminii solare simulate, s-a ob?inut un pahar de combustibil. Cu toate acestea, având în vedere rezultatele ob?inute, se poate spera c?, în viitor, to?i combustibilii lichizi pe baz? de hidrocarburi ar putea fi produ?i din lumin? solar?, dioxid de carbon ?i ap?. Mai multe: https://ro.stiri.yahoo.com/a-fost-inventat-combustibilul--solar--pentru-aeronave-135052375.html?cmp=rofb Nu va bateti joc de acest topic. Veti primi warn/ban daca postati porcarii.

Offtopic: tatal tau e ok?

In cazul asta, asta ar fi ideea mea: https://codeshare.io/G6AOyg Formatul JSONului (pe care in cod l-am lasat sub forma de array in php) este putin modificat fata de cum l-ai pus tu ca sa poata permite mai multe grupuri de conditii pe acelasi nivel cu acelasi operator (ex: nu poti avea in json doua chei "AND" ca altfel s-ar suprascrie una pe alta). Am pus si doua exemple, unu cu modelul tau de mai sus si unu cu mai multe conditii nested.

Poi d'aia ti-ai facut cont, pentru cersit numa? Nici macar bunu simt sa te mai uiti pe forum, sa mai postezi altundeva ceva interesant, o idee,parere bla bla, meh. sa-si screme D-zeu pula-n plamanul mamei tale dragi.

Este o carte ce contine SCRIE CARTE BOUL BALTII. NU VEZI CA E POSTAT IN 2008?

ziVA: Zimperium’s iOS Video Audio Kernel Exploit Adam Donenfeld Aug 23 2017 Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver. The exploit will be covered in depth in my HITBGSEC talk held on August 25th. For those of you who are not interested in iOS research and would like to protect themselves against these vulnerabilities, we urge you to update your iOS device to the latest version. Without an advanced mobile security and mitigation solution on the device (such as Zimperium zIPS), there’s little chance a user would notice any malicious or abnormal activity. The POC is released for educational purposes and evaluation by IT Administrators and Pentesters alike, and should not be used in any unintended way. The CVEs explanations, as written by Apple, can be found here. iOS vulnerabilities discovered and reported to Apple AVEVideoEncoder Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to gain kernel privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CVE-2017-6994: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CVE-2017-6995: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CVE-2017-6996: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CVE-2017-6997: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CVE-2017-6998: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CVE-2017-6999: Adam Donenfeld (@doadam) of the Zimperium zLabs Team IOSurface Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to gain kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-6979: Adam Donenfeld (@doadam) of the Zimperium zLabs Team I will provide an in depth analysis of the vulnerabilities and exploitation techniques at HITBGSEC. After the conference, I will publish the rest of the disclosures as well as my slides and whitepaper. A brief description of one of the vulnerabilities, CVE-2017-6979: The function IOSurfaceRoot::createSurface is responsible for the creation of the IOSurface object. It receives an OSDictionary, which it forwards to the function IOSurface::init. IOSurface::init parses the properties and in case one of these are invalid (e.g, a width that exceeds 32 bits), returns 0, and the creation of the IOSurface is halted. The IOSurfaceRoot object must hold a lock while calling IOSurface::init because IOSurface::init adds the IOSurface object to the IOSurfaceRoot’s list of surfaces. Here’s the code that used to call IOSurface::init before Apple’s fix: surface = (IOSurface *)OSMetaClass::allocClassWithName(“IOSurface”); IORecursiveLockLock(provider->iosurface_array_lock); if ( !surface ) { IORecursiveLockUnlock(provider->iosurface_array_lock); return 0; } init_ret_code = surface->init(surface, provider, task_owner, surface_data); /* At this point, the surfaces’ list is unlocked, and an invalid IOSurface object is in the list */ IORecursiveLockUnlock(provider->iosurface_array_lock);if ( !init_ret_code ) { surface->release(surface); return 0; } In case the IOSurface::init function fails, IORecursiveLockUnlock will be called. A bogus IOSurface object will still be in the system and in the IOSurfaceRoot’s list of surfaces (thus accessible to everyone). At this particular moment, an attacker can increase the refcount of the IOSurface (creating, for instance, an IOSurfaceSendRight object attached to the surface) and prevent the bogus IOSurface object from being destroyed. This leads to the creation and existence of an IOSurface in the kernel which the attacker controls its properties (IOSurface->width = -1 for example). Such an IOSurface object can be given to other mechanisms in the kernel which might rely on a valid width/height/one of the properties to work, thus causing heap overflows/other problems that might lead to an elevation of privileges by the attacker. Our proposed solution to Apple was to call IOSurface::release while the lock provider->iosurface_array_lock is still held. Therefore moving the IORecursiveLockUnlock call just below IOSurface::release and putting it after the entire if statement would fix the problem because the IOSurfaceRoot’s list of surfaces will only be available once the bogus IOSurface is already cleaned up. Further reverse engineering of the function reveals that Apple changed the code according to our suggestions: surface = (IOSurface *)OSMetaClass::allocClassWithName(“IOSurface”); IORecursiveLockLock(provider->iosurface_array_lock); if ( !surface ) { IORecursiveLockUnlock(provider->iosurface_array_lock); return 0; } init_ret_code = surface->init(surface, provider, task_owner, surface_data);if ( !init_ret_code ) { surface->release(surface); /* Here our bad surface is freed *before* the kernel unlocks the surfaces’ list, Hence our bad surface is not accessible at anytime in case IOSurface::init fails. */ IORecursiveLockUnlock(provider->iosurface_array_lock); return 0; } IORecursiveLockUnlock(provider->iosurface_array_lock); The issues are severe and could lead to a full device compromise. The vulnerabilities ultimately lead to an attacker with initial code execution to fully control any iOS device on the market prior to version 10.3.2. Fortunately, we responsibly disclosed these bugs to Apple and a proper fix was coordinated. iOS users that update their device to the latest iOS version should be protected. We discovered more vulnerabilities, and the written exploit POC didn’t take advantage of CVE-2017-6979! The vulnerabilities used for the POC will be covered in depth. We plan to release the security advisories as we sent them to Apple right after my talk at HITBGSEC Zimperium’s patented machine-learning technology, z9, detects the exploitation of this vulnerability. We recommend to strengthen iOS security using a solution like Zimperium zIPS. Powered by z9, zIPS offers protection against known and unknown threats targeting Apple iOS and Google Android devices. z9 has detected every discovered exploit over the last five years without requiring updates. The exploit source code is available here. Disclosure timeline: 24/01/2017 – First Bug discovered 20/03/2017 – Shared bugs with Apple 29/03/2017 – Apple confirmed the bugs 15/05/2017 – Apple distributed patches I would like to thank Apple for their quick and professional response, Zuk Avraham (@ihackbanme) and Yaniv Karta (@shokoluv) that helped in the process. Sursa: https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/

Summary: " SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to quickly create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events. " Source: https://github.com/cliffe/SecGen

Official Black Hat Arsenal Tools Github Repository This github account maps to the Black Hat Arsenal tools since its inception in 2011. For readibility, the tools are classified by category and not by session. This account is maintained by ToolsWatch.org the official organizer of the Black Hat Arsenal event Disclaimer: Tools not demonstrated during a Black Hat Arsenal session will not be accepted How to Submit ? Submit your template to the most one representative category as a pull request. After review, we will reflect the change on the repo. Use the given template tool_name.md . Change tool_name.md to your tool name (ex: lynis.md) Missing a category ? If you think we missed a category, do not hesitate to contact us (or push request). Contact us Twitter Email Link: https://github.com/toolswatch/blackhat-arsenal-tools

Parerea mea, nu stiu de ce va aruncati catre rami cu frecventa de 3k, banii aceia ar putea fii investiti in alte componente sau periferice, diferenta e usor sesizabila, maxim 10-12 fps in jocuri, bine pentru cei care fac si streaming si gaming dupa acelasi pc, acea diferenta conteaza. Dar, daca te joci doar nu se merita. In rest, mi se pare un pc destul de bun si ti-ar putea rula lejer urmatoarele jocuri de peste 4-5 ani.(Nu spun ca pe high sau ultra). Tin cu aismen la faza cu hdd-ul, am avut western, nu-l recomand. **E doar parerea mea.

Bun. Omul nu cunoaste mersul. Vrea sa invete. Il poti ajuta cu ceva?

mai este de interes anuntul? mai ai contul?

Tare asta !

Salutare! Milioane de scuze..Nu stiu unde sa postez.. Caut un site cu PROXY socks fresh us..Ma ajutati si pe mine va rog din toata inima mea! Jur ca va cinstesc!!! Multumesc! Din nou, SCUZE pentru acest top.. dar chiar sunt in mare cautare...:( O zi spledida! :X:X

new Priv8 Mailer Inbox 2015 .message decode (base64,7bit,8bit,binary,quoted-printable) .subject decode ( =?utf-8?Q?subject?= ) .header decode .Text to Encrypt .Select Sender Name,Select Sender Email,Select Subject .Smtp .SSL Priv8 Mailer Inbox 2015 - Pastebin.com [/b][/center]