Leaderboard

tl;dr + muie la zdreanta de ma-ta! Pentru cei care vor sa puna botul la jegosul de mai sus, treaba se aplica doar pentru cei care au minute gratuite pentru numere speciale. De exemplu in UK pentru 0870 sau 0845 sau altele de genul. Cand cineva suna pe astfel de numar, detinatorul primeste un procent din costul apelului (care apoi, sanchi, imparte cu cel ce suna). O vreme a mers mizeria si era scam pe companiile de telefon. Insa nu mai sunt atat de dobitoci si sunati si va ardeti la buzunare.

eu nu as paria pe tor, e infiltrat de cei ce ne apara de noi insine ,

Description NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipper was released at Defcon 23, Las Vegas, Nevada. Abstract The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application. https://github.com/NytroRST

sursa : https://www.crowdjustice.com/case/hacking/

Se pare ca HPKP o sa dispara din Chrome. Link: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/he9tr7p3rZ8

Ai ceva trafic?Sau vrei ca noi sa urcam filmele le postam pe site si apoi sa aducem trafic pe site ? Pm cu link

Am adaugat suport pentru Chrome 62.

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release. Changes: Added support to crack passwords and salts up to length 256. Added option --optimized-kernel-enable to use faster kernels but limit the maximum supported password- and salt-length. Added self-test functionality to detect broken OpenCL runtimes on startup. Various other additions. Download hashcat-4.0.0.tar.gz (3.7 MB) Source

plm, l-am instalat si eu, nu vad sa scrie ceva de valabilitatea licentei.

Exploiting Misconfigured CORS October 25, 2017 Hi folks, This post is about some of the CORS misconfiguration which I see frequently, mostly in Django applications. Let’s assume all the test cases have been performed on the domain example.com Following are the most common CORS configurations • Access-Control-Allow-Origin: * • Remark: In this case we can fetch unauthenticated resources only. • Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true • Remark: In this case we can fetch unauthenticated resources only. • Access-Control-Allow-Origin: null Access-Control-Allow-Credentials: true • Remark: In this case we can fetch authenticated resources as well. • Access-Control-Allow-Origin: https://attacker.com Access-Control-Allow-Credentials: true • Remark: In this case we can fetch authenticated resources as well. • Access-Control-Allow-Origin: https://example.com Access-Control-Allow-Credentials: true • Remark: Properly implemented So we usually see these type of CORS configuration in response headers and most of us don’t try to exploit it because we think it’s properly implemented. But that’s not true. Let’s study some of the weird CORS misconfiguration cases. • I have found this vulnerability in one of most popular python web hosting site which has following request and response headers shown below - Original Request and response headers GET /<redacted> HTTP/1.1 Host: dummy.example.com User-Agent: <redacted> Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: <redacted> Origin: https://www.example.com Connection: close HTTP/1.1 200 OK Server: <redacted> Date: <redacted> Content-Type: application/json; charset=UTF-8 Content-Length: 87 Connection: close Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://www.example.com Strict-Transport-Security: max-age=31536000; So looking at the response headers, you can see CORS is implemented correctly and most of us don’t test it further. At this point most of time I have seen that by changing the value of origin header would reflect back in response headers as following. Edited Request and response headers GET /<redacted>HTTP/1.1 Host: dummy.example.com User-Agent: <redacted> Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: <redacted> Origin: https://attacker.com Connection: close HTTP/1.1 200 OK Server: <redacted> Date: <redacted> Content-Type: application/json; charset=UTF-8 Content-Length: 87 Connection: close Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://attacker.com Strict-Transport-Security: max-age=31536000; • I have found this vulnerability in one of the bitcoin website which has the following request and response headers. Original Request and response headers POST /<redacted> HTTP/1.1 Host: <redacted> User-Agent: <redacted> Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded;charset=utf-8 Referer: <redacted> Content-Length: 270 Cookie: <redacted> Connection: close HTTP/1.1 200 OK Server: nginx Date: <redacted> Content-Type: application/json Connection: close Access-Control-Allow-Credentials: true Content-Length: 128 Looking at the response you can see Access-Control-Allow-Origin header is missing so I added origin header in http request which makes it vulnerable as following. Edited Request and response headers POST /<redacted>HTTP/1.1 Host: <redacted> User-Agent: <redacted> Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded;charset=utf-8 Origin: https://attacker.com Referer: <redacted> Content-Length: 270 Cookie: <redacted> Connection: close HTTP/1.1 200 OK Server: nginx Date: <redacted> Content-Type: application/json Connection: close Access-Control-Allow-Origin: https://attacker.com Access-Control-Allow-Credentials: true Content-Length: 128 Thanks for reading Sursa: http://c0d3g33k.blogspot.de/2017/10/exploiting-misconfigured-cors.html?m=1

Port scanning without an IP address Posted: October 26, 2017 in midnight thoughts, security Re-evaluating how some actions are performed can sometimes lead to new insights, which is exactly the reason for this blog post. Be aware that I’ve only tested this on two ‘test’ networks, so I cannot guarantee this will always work. Worst scenario you’ll read an (hopefully) out-of-the-box blog entry about an alternative port scan method that maybe only works in weird corner cases. The source for the script can be found on my gist, if you prefer to skip my ramblings and jump directly to the source. One of the things I usually do is sniff traffic on the network that I am connected to with either my laptop or a drop device. At that point the output of the ifconfig command usually looks similar to this: eth0 Link encap:Ethernet HWaddr 00:0c:29:4b:e7:35 inet6 addr: fe80::20c:29ff:fe4b:e735/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:386316 errors:0 dropped:0 overruns:0 frame:0 TX packets:25286 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:390745367 (390.7 MB) TX bytes:4178071 (4.1 MB) Like you will notice the interface has no IPv4 IP address assigned, you can ignore the IPv6 address for now. Normally I determine which IP address or MAC address to clone based on the traffic that I captured and analysed previously. Then I’m all set to start port scanning or performing other type of attacks. This time however I wondered what type of activities I could perform without an IP address. I mean it would be pretty interesting to talk IP to devices, somehow see a response and not be traceable, right? So I decided to see if it would for example be possible to perform a port scan on the network without having an IP address configured on my network interface. Since usually when you want to perform non-standard, weird or nifty tricks with TCP/IP you have to resort to raw socketsI decided to directly jump to scapy to build a POC. My working theory was as follow: Normally when I am just sniffing traffic I see all kind of traffic that gets send to the broadcast address, so what if we perform a port scan and we specify the broadcast address as the source? I decided to test this using two virtual machine (ubuntu & Windows 10) with the network settings on ‘NAT’ and also tested with the same virtual machines while bridged to a physical network. The following oneliners can be used to transmit the raw packet: pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S') sendp(pkt,iface='eth0') Running tcpdump will confirm if this works or not, moment of truth: tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 23:27:21.903583 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto TCP (6), length 40) 172.16.218.255.20 > 172.16.218.178.445: Flags [S], cksum 0x803e (correct), seq 0, win 8192, length 0 23:27:21.904440 IP (tos 0x0, ttl 128, id 31823, offset 0, flags [DF], proto TCP (6), length 44) 172.16.218.178.445 > 172.16.218.255.20: Flags [S.], cksum 0x03be (correct), seq 3699222724, ack 1, win 65392, options [mss 1460], length 0 23:27:24.910050 IP (tos 0x0, ttl 128, id 31824, offset 0, flags [DF], proto TCP (6), length 44) 172.16.218.178.445 > 172.16.218.255.20: Flags [S.], cksum 0x03be (correct), seq 3699222724, ack 1, win 65392, options [mss 1460], length 0 23:27:30.911092 IP (tos 0x0, ttl 128, id 31825, offset 0, flags [DF], proto TCP (6), length 44) 172.16.218.178.445 > 172.16.218.255.20: Flags [S.], cksum 0x03be (correct), seq 3699222724, ack 1, win 65392, options [mss 1460], length 0 23:27:42.911498 IP (tos 0x0, ttl 128, id 31829, offset 0, flags [DF], proto TCP (6), length 40) 172.16.218.178.445 > 172.16.218.255.20: Flags [R], cksum 0x1af8 (correct), seq 3699222725, win 0, length 0 wOOOOOOOt!! It seems to work. We can clearly see the packet being sent to the ‘.178’ IP address from the broadcast (.255) source address and then we see the response flowing back to the broadcast address. Now that’s pretty interesting right? Essentially we can now perform port scans without being really traceable on the network. Somehow this still feels ‘weirdish’ because it just works on first try…so still thinking I missed something :/ sudo ./ipless-scan.py 172.16.218.178 00:0c:29:f6:a5:65 -p 445 3389 5000 -i eth0 2017-10-26 23:13:33,559 - INFO - Started ipless port scan 2017-10-26 23:13:33,559 - INFO - Started sniffer and waiting 10s 2017-10-26 23:13:43,568 - INFO - Starting port scan 2017-10-26 23:13:43,604 - INFO - Found open port - 445 2017-10-26 23:13:43,628 - INFO - Found open port - 3389 2017-10-26 23:13:43,645 - INFO - Found closed port - 5000 2017-10-26 23:13:43,654 - INFO - Finished port scan, waiting 5s for packets 2017-10-26 23:13:52,626 - INFO - Stopped sniffer Sursa: https://diablohorn.com/2017/10/26/port-scanning-without-an-ip-address/

Race The Web (RTW) Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compares the responses from the server for uniqueness. Includes a number of configuration options. UPDATE: Now CI Compatible! Version 2.0.0 now makes it easier than ever to integrate RTW into your continuous integration pipeline (à la Jenkins, Travis, or Drone), through the use of an easy to use HTTP API. More information can be found in the Usage section below. Watch The Talk Racing the Web - Hackfest 2016 Usage With configuration file $ race-the-web config.toml API $ race-the-web Sursa: https://github.com/insp3ctre/race-the-web

Basics Draggable is a modular drag & drop library, allowing you to start small and build up with the features you need. At its most basic, Draggable gives you drag & drop functionality, fast DOM reordering, accessible markup, and a bundle of events to grab on to. Swappable The classic switcheroo. Drag one element over another and watch them trade places in the DOM. The ideal functionality for when layout dimensions need to be retained. Sortable Sort DOM nodes with style. Drag items in a collection from one spot to another and watch everything snap into place. Fast and responsive sorting that won’t leave your performance wallet strapped for frames. Collidable Start your game dev career and inject some collision detection. Collidable will prevent draggable elements from overlapping each other, firing collision events when the dragged source element enters and exits a restricted zone. Accesible Drag & drop accessibility is a delicate flower. While browsers continue to work on a reliable native solution, Draggable lends a helping hand by providing all the proper aria attributes in all the right places. Extensible Draggable is easy to extend – write a custom module that provides the functionality you need, then submit it to our Github repo for review. If you needed a feature that wasn’t already available, chances are the community needs it to. Sharing is caring. Interaction Draggable supports most of the interaction events we could think of – mouse, touch, and force touch are all available out of the box, with accessible keyboard support coming soon! Animation Let’s face it, its annoying when plugins get in the way of your personal design touch. Draggable isn’t going to try and steal the show by forcing any unruly animation styles on you. Simply take your pick from our healthy serving of CSS selectors and style to your heart’s desire. Download v1.0.0-beta.zip or git clone https://github.com/Shopify/draggable.git Sources: https://shopify.github.io/draggable/ https://github.com/Shopify/draggable/

There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide. Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Return Oriented Programming Windows memory protections Bypassing filter and protections Typical windows exploits Exploit development tutorial series Corelan Team Fuzzysecurity Securitysift Whitehatters Academy TheSprawl Expdev-Kiuhnm Tools Windows stack overflows Stack Base Overflow Articles. Win32 Buffer Overflows (Location, Exploitation and Prevention) - by Dark spyrit [1999] Writing Stack Based Overflows on Windows - by Nish Bhalla’s [2005] Stack Smashing as of Today - by Hagen Fritsch [2009] SMASHING C++ VPTRS - by rix [2000] Windows heap overflows Heap Base Overflow Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Exploiting the MSRPC Heap Overflow Part 1 - by Dave Aitel (MS03-026) [September 2003] Exploiting the MSRPC Heap Overflow Part 2 - by Dave Aitel (MS03-026) [September 2003] Windows heap overflow penetration in black hat - by David Litchfield [2004] Glibc Adventures: The Forgotten Chunk - by François Goichon [2015] Pseudomonarchia jemallocum - by argp & huku The House Of Lore: Reloaded - by blackngel [2010] Malloc Des-Maleficarum - by blackngel [2009] free() exploitation technique - by huku Understanding the heap by breaking it - by Justin N. Ferguson [2007] The use of set_head to defeat the wilderness - by g463 The Malloc Maleficarum - by Phantasmal Phantasmagoria [2005] Exploiting The Wilderness - by Phantasmal Phantasmagoria [2004] Advanced Doug lea's malloc exploits - by jp Kernel based Windows overflows Kernel Base Exploit Development Articles. How to attack kernel based vulns on windows was done - by a Polish group called “sec-labs” [2003] Sec-lab old whitepaper Sec-lab old exploit Windows Local Kernel Exploitation (based on sec-lab research) - by S.K Chong [2004] How to exploit Windows kernel memory pool - by SoBeIt [2005] Exploiting remote kernel overflows in windows - by Eeye Security Kernel-mode Payloads on Windows in uninformed - by Matt Miller Exploiting 802.11 Wireless Driver Vulnerabilities on Windows BH US 2007 Attacking the Windows Kernel Remote and Local Exploitation of Network Drivers Exploiting Comon Flaws In Drivers I2OMGMT Driver Impersonation Attack Real World Kernel Pool Exploitation Exploit for windows 2k3 and 2k8 Alyzing local privilege escalations in win32k Intro to Windows Kernel Security Development There’s a party at ring0 and you’re invited Windows kernel vulnerability exploitation A New CVE-2015-0057 Exploit Technology - by Yu Wang [2016] Exploiting CVE-2014-4113 on Windows 8.1 - by Moritz Jodeit [2016] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Windows Kernel Exploitation - by Simone Cardona 2016 Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects - by Saif Sherei 2017 Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes - by keen team [2015] Abusing GDI for ring0 exploit primitives - [2016] Windows Kernel Memory Corruption Windows Kernel Memory Corruption Exploit Development Articles. Remote Windows Kernel Exploitation - by Barnaby Jack [2005] windows kernel-mode payload fundamentals - by Skape [2006] exploiting 802.11 wireless driver vulnerabilities on windows - by Johnny Cache, H D Moore, skape [2007] Kernel Pool Exploitation on Windows 7 - by Tarjei Mandt [2011] Windows Kernel-mode GS Cookies and 1 bit of entropy - [2011] Subtle information disclosure in WIN32K.SYS syscall return values - [2011] nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques - [2011] SMEP: What is it, and how to beat it on Windows - [2011] Kernel Attacks through User-Mode Callbacks - by Tarjei Mandt [2011] Windows Security Hardening Through Kernel Address Protection - by Mateusz "j00ru" Jurczyk [2011] Reversing Windows8: Interesting Features of Kernel Security - by MJ0011 [2012] Smashing The Atom: Extraordinary String Based Attacks - by Tarjei Mandt [2012] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement - by MJ0011 [2012] MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit - [2013] KASLR Bypass Mitigations in Windows 8.1 - [2013] First Dip Into the Kernel Pool: MS10-058 - by Jeremy [2014] Windows 8 Kernel Memory Protections Bypass - [2014] An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113) - by Weimin Wu [2014] Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool - [2014] Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE 2015-0057) bug on both 32-bit and 64-bit - by Aaron Adams [2015] Exploiting MS15-061 Microsoft Windows Kernel Use-After-Free (win32k!xxxSetClassLong) - by Dominic Wang [2015] Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit - by Cedric Halbronn [2015] Abusing GDI for ring0 exploit primitives - by Diego Juarez [2015] Duqu 2.0 Win32k exploit analysis - [2015] Return Oriented Programming The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls Blind return-oriented programming Sigreturn-oriented Programming Jump-Oriented Programming: A New Class of Code-Reuse Attack Out of control: Overcoming control-flow integrity ROP is Still Dangerous: Breaking Modern Defenses Loop-Oriented Programming(LOP): A New Code Reuse Attack to Bypass Modern Defenses - by Bingchen Lan, Yan Li, Hao Sun, Chao Su, Yao Liu, Qingkai Zeng [2015] Systematic Analysis of Defenses Against Return-Oriented Programming -by R. Skowyra, K. Casteel, H. Okhravi, N. Zeldovich, and W. Streilein [2013] Return-oriented programming without returns -by S.Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy [2010] Jump-oriented programming: a new class of code-reuse attack -by T. K. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang [2011] Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection - by L. Davi, A. Sadeghi, and D. Lehmann [2014] Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard - by E. Göktas, E.Athanasopoulos, M. Polychronakis, H. Bos, and G.Portokalidis [2014] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 1 - by Marco Mastropaolo [2005] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 2 - by Marco Mastropaolo [2005] Practical Rop - by Dino Dai Zovi [2010] Exploitation with WriteProcessMemory - by Spencer Pratt [2010] Exploitation techniques and mitigations on Windows - by skape A little return oriented exploitation on Windows x86 – Part 1 - by Harmony Security and Stephen Fewer [2010] A little return oriented exploitation on Windows x86 – Part 2 - by Harmony Security and Stephen Fewer [2010] Windows memory protections Windows memory protections Introduction Articles. Data Execution Prevention /GS (Buffer Security Check) /SAFESEH ASLR SEHOP Bypassing filter and protections Windows memory protections Bypass Methods Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Creating Arbitrary Shellcode In Unicode Expanded Strings - by Chris Anley Advanced windows exploitation - by Dave Aitel [2003] Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server - by David Litchfield Reliable heap exploits and after that Windows Heap Exploitation (Win2KSP0 through WinXPSP2) - by Matt Conover in cansecwest 2004 Safely Searching Process Virtual Address Space - by Matt Miller [2004] IE exploit and used a technology called Heap Spray Bypassing hardware-enforced DEP - by Skape (Matt Miller) and Skywing (Ken Johnson) [October 2005] Exploiting Freelist[0] On XP Service Pack 2 - by Brett Moore [2005] Kernel-mode Payloads on Windows in uninformed Exploiting 802.11 Wireless Driver Vulnerabilities on Windows Exploiting Comon Flaws In Drivers Heap Feng Shui in JavaScript by Alexander sotirov [2007] Understanding and bypassing Windows Heap Protection - by Nicolas Waisman [2007] Heaps About Heaps - by Brett moore [2008] Bypassing browser memory protections in Windows Vista - by Mark Dowd and Alex Sotirov [2008] Attacking the Vista Heap - by ben hawkes [2008] Return oriented programming Exploitation without Code Injection - by Hovav Shacham (and others ) [2008] Token Kidnapping and a super reliable exploit for windows 2k3 and 2k8 - by Cesar Cerrudo [2008] Defeating DEP Immunity Way - by Pablo Sole [2008] Practical Windows XP2003 Heap Exploitation - by John McDonald and Chris Valasek [2009] Bypassing SEHOP - by Stefan Le Berre Damien Cauquil [2009] Interpreter Exploitation : Pointer Inference and JIT Spraying - by Dionysus Blazakis[2010] Write-up of Pwn2Own 2010 - by Peter Vreugdenhil All in one 0day presented in rootedCON - by Ruben Santamarta [2010] DEP/ASLR bypass using 3rd party - by Shahin Ramezany [2013] Bypassing EMET 5.0 - by René Freingruber [2014] Typical windows exploits Real-world HW-DEP bypass Exploit - by Devcode Bypassing DEP by returning into HeapCreate - by Toto First public ASLR bypass exploit by using partial overwrite - by Skape Heap spray and bypassing DEP - by Skylined First public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability Exploit codes of bypassing browsers memory protections PoC’s on Tokken TokenKidnapping . PoC for 2k3 -part 1 - by Cesar Cerrudo PoC’s on Tokken TokenKidnapping . PoC for 2k8 -part 2 - by Cesar Cerrudo An exploit works from win 3.1 to win 7 - by Tavis Ormandy KiTra0d Old ms08-067 metasploit module multi-target and DEP bypass PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass SMBv2 Exploit - by Stephen Fewer Microsoft IIS 7.5 remote heap buffer overflow - by redpantz Browser Exploitation Case Study for Internet Explorer 11 - by Moritz Jodeit [2016] Exploit development tutorial series Exploid Development Tutorial Series Base on Windows Operation System Articles. Corelan Team Exploit writing tutorial part 1 : Stack Based Overflows Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode Exploit writing tutorial part 3 : SEH Based Exploits Exploit writing tutorial part 3b : SEH Based Exploits – just another example Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Exploit writing tutorial part 7 : Unicode – from 0x00410041 to calc Exploit writing tutorial part 8 : Win32 Egg Hunting Exploit writing tutorial part 9 : Introduction to Win32 shellcoding Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s Cube Exploit writing tutorial part 11 : Heap Spraying Demystified Fuzzysecurity Part 1: Introduction to Exploit Development Part 2: Saved Return Pointer Overflows Part 3: Structured Exception Handler (SEH) Part 4: Egg Hunters Part 5: Unicode 0x00410041 Part 6: Writing W32 shellcode Part 7: Return Oriented Programming Part 8: Spraying the Heap Chapter 1: Vanilla EIP Part 9: Spraying the Heap Chapter 2: Use-After-Free Part 10: Kernel Exploitation -> Stack Overflow Part 11: Kernel Exploitation -> Write-What-Where Part 12: Kernel Exploitation -> Null Pointer Dereference Part 13: Kernel Exploitation -> Uninitialized Stack Variable Part 14: Kernel Exploitation -> Integer Overflow Part 15: Kernel Exploitation -> UAF Part 16: Kernel Exploitation -> Pool Overflow Part 17: Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit) Heap Overflows For Humans 101 Heap Overflows For Humans 102 Heap Overflows For Humans 102.5 Heap Overflows For Humans 103 Heap Overflows For Humans 103.5 Securitysift Windows Exploit Development – Part 1: The Basics Windows Exploit Development – Part 2: Intro to Stack Based Overflows Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules Windows Exploit Development – Part 4: Locating Shellcode With Jumps Windows Exploit Development – Part 5: Locating Shellcode With Egghunting Windows Exploit Development – Part 6: SEH Exploits Windows Exploit Development – Part 7: Unicode Buffer Overflows Whitehatters Academy Intro to Windows kernel exploitation 1/N: Kernel Debugging Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver Intro to Windows kernel exploitation 3/N: My first Driver exploit Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver Backdoor 103: Fully Undetected Backdoor 102 Backdoor 101 TheSprawl corelan - integer overflows - exercise solution heap overflows for humans - 102 - exercise solution exploit exercises - protostar - final levels exploit exercises - protostar - network levels exploit exercises - protostar - heap levels exploit exercises - protostar - format string levels exploit exercises - protostar - stack levels open security training - introduction to software exploits - uninitialized variable overflow open security training - introduction to software exploits - off-by-one open security training - introduction to re - bomb lab secret phase open security training - introductory x86 - buffer overflow mystery box corelan - tutorial 10 - exercise solution corelan - tutorial 9 - exercise solution corelan - tutorial 7 - exercise solution getting from seh to nseh corelan - tutorial 3b - exercise solution Expdev-Kiuhnm WinDbg Mona 2 Structure Exception Handling (SEH) Heap Windows Basics Shellcode Exploitme1 (ret eip overwrite) Exploitme2 (Stack cookies & SEH) Exploitme3 (DEP) Exploitme4 (ASLR) Exploitme5 (Heap Spraying & UAF) EMET 5.2 Internet Explorer 10 - Reverse Engineering IE Internet Explorer 10 - From one-byte-write to full process space read/write Internet Explorer 10 - God Mode (1) Internet Explorer 10 - God Mode (2) Internet Explorer 10 - Use-After-Free bug Internet Explorer 11 - Part 1 Internet Explorer 11 - Part 2 Tools Disassemblers, debuggers, and other static and dynamic analysis tools. angr - Platform-agnostic binary analysis framework developed at UCSB's Seclab. BARF - Multiplatform, open source Binary Analysis and Reverse engineering Framework. Binary Ninja - Multiplatform binary analysis IDE supporting various types of binaries and architecturs. Scriptable via Python. binnavi - Binary analysis IDE for reverse engineering based on graph visualization. Bokken - GUI for Pyew and Radare. Capstone - Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages. codebro - Web based code browser using clang to provide basic code analysis. dnSpy - .NET assembly editor, decompiler and debugger. Evan's Debugger (EDB) - A modular debugger with a Qt GUI. GDB - The GNU debugger. GEF - GDB Enhanced Features, for exploiters and reverse engineers. hackers-grep - A utility to search for strings in PE executables including imports, exports, and debug symbols. IDA Pro - Windows disassembler and debugger, with a free evaluation version. Immunity Debugger - Debugger for malware analysis and more, with a Python API. ltrace - Dynamic analysis for Linux executables. objdump - Part of GNU binutils, for static analysis of Linux binaries. OllyDbg - An assembly-level debugger for Windows executables. PANDA - Platform for Architecture-Neutral Dynamic Analysis PEDA - Python Exploit Development Assistance for GDB, an enhanced display with added commands. pestudio - Perform static analysis of Windows executables. Process Monitor - Advanced monitoring tool for Windows programs. Pyew - Python tool for malware analysis. Radare2 - Reverse engineering framework, with debugger support. SMRT - Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis. strace - Dynamic analysis for Linux executables. Udis86 - Disassembler library and tool for x86 and x86_64. Vivisect - Python tool for malware analysis. X64dbg - An open-source x64/x32 debugger for windows. Sursa: https://github.com/enddo/awesome-windows-exploitation

Ai incercat aici https://gloryholefoundation.com/ ? Ofera tool gratuit pentru ddos, e conectat la un botnet puternic.

Se refera la faptul ca utilizatorul ce a deschis threadul (adica tu) nu este de incredere iar aplicatia postata este un stealer. Tie nu iti pare ilogic sa ai username clitoris pe un forum IT ?

plz can the stealer works on all the latest browser and grab the website such as banks url and logins, email and passcode?

dovezi aici : apeluri skype actualizat

vad ca numai retardati comenteaza aiurea ...ce habar nu au cum ii cheama. ca am dat copi-paste e problema mea. doar ca cei incompetenti si distrusi cea ce nu stiu sa faca un ban cu cap comenteaza aiurea. poate ai vrea sa imi dai 2 lei saracule sa imi iau un covrig.

A încercat careva acest program ?

Salut, Va prezint un site din categoria celor "grele" din care se pot face sute de EUR lunar - CASH4MINUTES! Pentru cunoscatori, site-ul e aproape la fel ca wetiki, un site similar care a facut furori acum vreo 7-8 ani. Doar cine n-a vrut nu a reusit sa scoata macar 200 EUR sunand cu Skype la fel si fel de numere. Cum se fac bani? Suni diferite numere de UK, Turcia, Polonia, Finlanda, Cipru, lasi linia deschisa si asculti radio (sau nu asculti, faci ce vrei tu). Esti platit in cont in unitati. 1 unitate = 1 GBP Fiecare numar primeste un numar diferit de unitati/minut, iar numerele de UK sunt cel mai bine platite. De exemplu, pentru un numar de UK se ofera 0.07 unitati/min. Daca intr-o zi stai la telefon 5 ore -> 300 minute x 0.07 = 21 GBP. Daca faci chestia asta 20 de zile => 21 GBP x 20 zile = 420 GBP, adica undeva la peste 2200 lei. Initial puteai sa castigi bani daca stateai non-stop, deci matematic puteai sa faci chiar mii de lire/luna, insa au fost probleme cu Virgin Media din UK, iar numarul maxim de minute pe care le poti acumula pe fiecare numar de telefon a fost limitat la 7500 minute. Asadar, poti castiga maxim 525 GBP/luna cu un numar. Plateste? Site-ul plateste, iar pe net sunt dovezi cu carul, doar ca nu-s usor de gasit. De fapt, daca o sa dati search pe google o sa observati ca majoritatea subiectelor sunt din 2014 sau 2015. Din aceasta cauza, multi ar putea crede ca-i un site mort, dar nu-i asa. Baietii destepti il folosesc si fac bani luna de luna, iar majoritatea nu prea se omoara sa-l promoveze fiindca le este teama ca aceasta sursa extraordinara de venit sa nu devina prea populara si sa dispara. Cei care stiu de wetiki isi amintesc ca nu se gasea pe net nicio informatie, nu era promovat nicaieri (doar pe site-urile italiene), iar romanii spuneau doar prietenilor apropiati de acest site, pe sistemul "iti zic de un site bun, dar sa nu mai zici si altora ca navalesc toti romanii si se duce dracu' site-ul". Pe vremea aia chiar era nebunie cu banii pe net in Romania, erau perioade in care prindeam la un PTC chiar si 200 de referrali intr-o zi, insa acum totu' e aproape mort, dar asta-i alta discutie. Revenind. Se poate solicita o plata de indata ce s-au strans minim 5 GBP in cont. Modalitati de plata importante: Bank Transfer , Bitcoin sau Amazon. Cat dureaza pana cand esti platit? Cei de la cash4minutes mi-au spus sa astept cel putin o luna de zile pana confirma apelurile si incaseaza banii de la posturile de radio, iar francezii care se lauda pe net cu platile confirma ca ei primesc banii cam in 35 de zile de la solicitare, deci cam asta e termenul. Daca de exemplu te apuci acum sa suni si faci vreo 100 lire intr-o saptamana, ceri plata pe 18 Septembrie, o primesti undeva in prima saptamana de dupa 18 Octombrie. Cu ce suni la acele numere? Eh, asta e problema. Am deschis acest topic nu numai pentru a va prezenta aceasta metoda super tare + si a face rost de referrali, dar si pentru a ne pune toti mintea la contributie ca sa gasim solutii. Spaniolii, de exemplu, aveau minute nelimitate la nu stiu ce operator de telefonie. pana cand operatorul s-a prins ca unii clienti abuzeaza de minute si le-au blocat. Uite asa au ramas spaniolii cu degetul in gura. Alte persoane din alte tari foloseau Skype ca sa sune gratuit la numerele din alte tari (in afara de UK), dar Skype se pare ca a blocat unele numere. Totodata, nu sunt sigur daca abonamentul cu minute nelimitate in UK functioneaza - voi incerca in curand. Am mai incercat si abonamentul de 12.59 EUR de la Skype, cu minute nelimitate catre Polonia si Turcia, dar din pacate are numerele blocate. M-am uitat pe la operatorii de la noi si nu exista nimic nelimitat, iar ceea ce e limitat nu aduce prea mare profit. De exemplu, la Vodafone ai 200 minute in UK cu 8 EUR. Daca suni 200 minute primesti 200 min x 0.07 = 14 GBP adica vreo 16 EUR. Practic iti dublezi suma investita, insa e mult prea putin. La Digi vad ca se plateste 0.024 EUR/min catre Marea Britanie. Tu primesti 0.08 EUR (0.07 GBP), deci de vreo 3 ori investitia. Daca de exemplu suni de 100 RON, intr-o luna primesti cel putin 300 RON de la cash4minutes. Eu as incerca dar n-am telefon fix sau mobil de la Digi. La orange oferta e praf. Am cateva sute de minute internationale pe care le pot folosi sa sun pe numerele de Polonia, insa nu merita pentru ca se ofera doar 0.0013 pentru numerele de Polonia. Poate stiti si voi alte solutii. Daca am gasi un serviciu bun de voip care sa ne ofere minute nelimitate catre UK (mobil/fix) contra unui abonament, ar fi extraordinar. Sper sa apreciati informatia si macar sa va inregistrati de pe link-ul meu daca doriti sa incercati acest site. Pentru inregistrare click aici : http://bit.ly/2lOxUY4 Multumesc!