Leaderboard

Felicitari !

Description NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipper was released at Defcon 23, Las Vegas, Nevada. Abstract The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application. https://github.com/NytroRST

Da, acolo l-am prezentat, mersi. Momentan, din cand in cand mai lucrez la el. Daca aveti sugestii, sau daca are probleme, puteti posta aici si ma ocup cand am timp de ele.

Am adaugat suport pentru Chrome 62.

About 50% of sites in the web are powered by Content Management Systems, and that trend is growing. Integrating Progressive Technologies into the workflow of platforms such as WordPress and other CMSes is of paramount importance for ensuring that users get an awesome experience in these environments. Surma and Dan Walmsley discuss the challenges involved in the integration of progressive technologies with CMSes in general and WordPress in particular, and presents a working proof of concept of how such an integration would work in the context of WordPress. Check out the code here: https://github.com/GoogleChromeLabs/progressivewordpress Check out the rest of the Chrome Dev Summit videos here: https://goo.gl/ekCoVu Subscribe to the Google Chrome Developers channel: http://goo.gl/LLLNvf

Author: Barak Tawily While we are on Facebook, we are often share links to external sources, like Youtube, Google Drive, Instagram, or any other websites. Many people think that Facebook links are quite reliable, but are they? Facebook users can send those links via post or privately over Messenger, as you can see on the following images: So how exactly preview link feature works? When a user is about to post a link, he pastes it on Facebook, which detects it as a URL, then Facebook bot called “Facebook External Hit”, fetches a GET request to the supplied link and extract the relevant data from the HTML content such as preview image, title, description, and origin domain. The link’s preview data is the only information supplied to the user before clicking it. In case the preview data is fake, it is super useful for phishing campaigns/ads/click fraud (pay-per-click)/Malvertising, just few days ago, I read this article about gigantic ad fraud on MySpace. So after exploring this feature, I managed to understand how exactly the preview data was fetched, and what Facebook bot is looking for in the HTML content. Facebook’s bot is looking for specific HTML tags, some of the tags it is looking for, are the “meta” tags, specifically with values “og:url” , “og:image” and “og:title” in the “property” attribute. Due to lack of validation between the “og:url” content attribute to the origin domain retuned the HTML, it is possible to abuse this feature via crafted meta tags, so in case someone supplies to Facebook bot a URL that returns HTML with those crafted tags which contain fake data of another website (let’s say Youtube), the preview data will look like a Youtube song (or any other targeted page over the internet), but the actual link will lead victims to the URL containing the malicious HTML. An example of HTML that fakes Youtube song link: In my opinion, all Facebook users think that preview data shown by facebook is reliable, and will click the links they are interested in, which makes them easily targeted by attackers that abuse this feature in order to perform several types of attacks as I mentioned above (phishing campaigns/ads/click fraud pay-per-click). I reported Facebook about this issue but unfortunately they refuse to recognize it as security issue and replied: In addition, Facebook replied that the links posted are validated via system called “Linkshim”, in order to avoid phishing and malicious websites, but faking the meta tags is not considered as malicious activity. I explored how Linkshim works, which is probably part of the “Facebook External Hit” bot, I tried to publish a link that redirects user’s browser to “evilzone” but it was detected and removed (as shown the PoC video), then I thought, what if I supply Facebook bot just a normal fake HTML without any malicious code, but supply victims the malicious HTML? PoC video: The following code bypasses Linkshim system by detecting the bot request via User Agent (you can do so via detecting IP) and supply HTML with non malicious content while supplying the malicious HTML to victims: https://pastebin.com/kwc3MJuv mirror: In this article I did not show real-life attack scenario and didn't abused this feature for real malicious activity, but there is plenty ways to exploit this vulnerability in order to perform several types of attacks like stealing sensitive information like credentials/credit cards. In summary, I hope this post will make Facebook users aware of this issue and make Facebook addressed those vulnerabilities. Source: https://baraktawily.blogspot.nl/2017/10/can-you-trust-facebook-links.html

Tu esti autorul proiectului ? Ai fost pana in Las Vegas, Nevada ? Felicitari !

@darius1995 facem o cheta de $50 daca rescrii asta corect - "Bine fratioare , ramai tu acolo cu Ceasca . Vad ka o dam kakolareste e klara triaba."

darius1995 oameni rai, nu-i baga in seama , ai mai jos o cale sigura de a face bani, trebuie doar ca oferta ta lucrativa, sa ajunga la client, intr-un mod in care sa devina marfa si nu prestatie gratuita.

Videochat - daca te-ai nascut in 1995 atunci ai peste 18, desi s-ar putea sa ai o intelegere libertina a termenului "adolescent" @theandruala great minds think of videochat! ha ha

Videochat.

Se pare ca HPKP o sa dispara din Chrome. Link: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/he9tr7p3rZ8

O sa fie inlocuit cu Expect-CT. https://scotthelme.co.uk/a-new-security-header-expect-ct/ https://www.certificate-transparency.org/what-is-ct

ASLRay Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - would work on any x86-64 Linux-based OS BASH - the whole script Limitations: Stack needs to be executable (-z execstack) Binary has to be exploited through arguments locally (not file, socket or input) No support for other architectures and OSes (TODO) Need to know the buffer limit/size Sursa: https://github.com/cryptolok/ASLRay#aslray

Port scanning without an IP address Posted: October 26, 2017 in midnight thoughts, security Re-evaluating how some actions are performed can sometimes lead to new insights, which is exactly the reason for this blog post. Be aware that I’ve only tested this on two ‘test’ networks, so I cannot guarantee this will always work. Worst scenario you’ll read an (hopefully) out-of-the-box blog entry about an alternative port scan method that maybe only works in weird corner cases. The source for the script can be found on my gist, if you prefer to skip my ramblings and jump directly to the source. One of the things I usually do is sniff traffic on the network that I am connected to with either my laptop or a drop device. At that point the output of the ifconfig command usually looks similar to this: eth0 Link encap:Ethernet HWaddr 00:0c:29:4b:e7:35 inet6 addr: fe80::20c:29ff:fe4b:e735/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:386316 errors:0 dropped:0 overruns:0 frame:0 TX packets:25286 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:390745367 (390.7 MB) TX bytes:4178071 (4.1 MB) Like you will notice the interface has no IPv4 IP address assigned, you can ignore the IPv6 address for now. Normally I determine which IP address or MAC address to clone based on the traffic that I captured and analysed previously. Then I’m all set to start port scanning or performing other type of attacks. This time however I wondered what type of activities I could perform without an IP address. I mean it would be pretty interesting to talk IP to devices, somehow see a response and not be traceable, right? So I decided to see if it would for example be possible to perform a port scan on the network without having an IP address configured on my network interface. Since usually when you want to perform non-standard, weird or nifty tricks with TCP/IP you have to resort to raw socketsI decided to directly jump to scapy to build a POC. My working theory was as follow: Normally when I am just sniffing traffic I see all kind of traffic that gets send to the broadcast address, so what if we perform a port scan and we specify the broadcast address as the source? I decided to test this using two virtual machine (ubuntu & Windows 10) with the network settings on ‘NAT’ and also tested with the same virtual machines while bridged to a physical network. The following oneliners can be used to transmit the raw packet: pkt = Ether(dst='00:0c:29:f6:a5:65',src='00:08:19:2c:e0:15') / IP(dst='172.16.218.178',src='172.16.218.255') / TCP(dport=445,flags='S') sendp(pkt,iface='eth0') Running tcpdump will confirm if this works or not, moment of truth: tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 23:27:21.903583 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto TCP (6), length 40) 172.16.218.255.20 > 172.16.218.178.445: Flags [S], cksum 0x803e (correct), seq 0, win 8192, length 0 23:27:21.904440 IP (tos 0x0, ttl 128, id 31823, offset 0, flags [DF], proto TCP (6), length 44) 172.16.218.178.445 > 172.16.218.255.20: Flags [S.], cksum 0x03be (correct), seq 3699222724, ack 1, win 65392, options [mss 1460], length 0 23:27:24.910050 IP (tos 0x0, ttl 128, id 31824, offset 0, flags [DF], proto TCP (6), length 44) 172.16.218.178.445 > 172.16.218.255.20: Flags [S.], cksum 0x03be (correct), seq 3699222724, ack 1, win 65392, options [mss 1460], length 0 23:27:30.911092 IP (tos 0x0, ttl 128, id 31825, offset 0, flags [DF], proto TCP (6), length 44) 172.16.218.178.445 > 172.16.218.255.20: Flags [S.], cksum 0x03be (correct), seq 3699222724, ack 1, win 65392, options [mss 1460], length 0 23:27:42.911498 IP (tos 0x0, ttl 128, id 31829, offset 0, flags [DF], proto TCP (6), length 40) 172.16.218.178.445 > 172.16.218.255.20: Flags [R], cksum 0x1af8 (correct), seq 3699222725, win 0, length 0 wOOOOOOOt!! It seems to work. We can clearly see the packet being sent to the ‘.178’ IP address from the broadcast (.255) source address and then we see the response flowing back to the broadcast address. Now that’s pretty interesting right? Essentially we can now perform port scans without being really traceable on the network. Somehow this still feels ‘weirdish’ because it just works on first try…so still thinking I missed something :/ sudo ./ipless-scan.py 172.16.218.178 00:0c:29:f6:a5:65 -p 445 3389 5000 -i eth0 2017-10-26 23:13:33,559 - INFO - Started ipless port scan 2017-10-26 23:13:33,559 - INFO - Started sniffer and waiting 10s 2017-10-26 23:13:43,568 - INFO - Starting port scan 2017-10-26 23:13:43,604 - INFO - Found open port - 445 2017-10-26 23:13:43,628 - INFO - Found open port - 3389 2017-10-26 23:13:43,645 - INFO - Found closed port - 5000 2017-10-26 23:13:43,654 - INFO - Finished port scan, waiting 5s for packets 2017-10-26 23:13:52,626 - INFO - Stopped sniffer Sursa: https://diablohorn.com/2017/10/26/port-scanning-without-an-ip-address/

Dovlecel, traiesti? PS: Nu am gasit un share OK pe care sa testez...

salut, caut smtp pentru a cumpara, proba si incerca, imi puteti sugera ceva?

Salut, Va prezint un site din categoria celor "grele" din care se pot face sute de EUR lunar - CASH4MINUTES! Pentru cunoscatori, site-ul e aproape la fel ca wetiki, un site similar care a facut furori acum vreo 7-8 ani. Doar cine n-a vrut nu a reusit sa scoata macar 200 EUR sunand cu Skype la fel si fel de numere. Cum se fac bani? Suni diferite numere de UK, Turcia, Polonia, Finlanda, Cipru, lasi linia deschisa si asculti radio (sau nu asculti, faci ce vrei tu). Esti platit in cont in unitati. 1 unitate = 1 GBP Fiecare numar primeste un numar diferit de unitati/minut, iar numerele de UK sunt cel mai bine platite. De exemplu, pentru un numar de UK se ofera 0.07 unitati/min. Daca intr-o zi stai la telefon 5 ore -> 300 minute x 0.07 = 21 GBP. Daca faci chestia asta 20 de zile => 21 GBP x 20 zile = 420 GBP, adica undeva la peste 2200 lei. Initial puteai sa castigi bani daca stateai non-stop, deci matematic puteai sa faci chiar mii de lire/luna, insa au fost probleme cu Virgin Media din UK, iar numarul maxim de minute pe care le poti acumula pe fiecare numar de telefon a fost limitat la 7500 minute. Asadar, poti castiga maxim 525 GBP/luna cu un numar. Plateste? Site-ul plateste, iar pe net sunt dovezi cu carul, doar ca nu-s usor de gasit. De fapt, daca o sa dati search pe google o sa observati ca majoritatea subiectelor sunt din 2014 sau 2015. Din aceasta cauza, multi ar putea crede ca-i un site mort, dar nu-i asa. Baietii destepti il folosesc si fac bani luna de luna, iar majoritatea nu prea se omoara sa-l promoveze fiindca le este teama ca aceasta sursa extraordinara de venit sa nu devina prea populara si sa dispara. Cei care stiu de wetiki isi amintesc ca nu se gasea pe net nicio informatie, nu era promovat nicaieri (doar pe site-urile italiene), iar romanii spuneau doar prietenilor apropiati de acest site, pe sistemul "iti zic de un site bun, dar sa nu mai zici si altora ca navalesc toti romanii si se duce dracu' site-ul". Pe vremea aia chiar era nebunie cu banii pe net in Romania, erau perioade in care prindeam la un PTC chiar si 200 de referrali intr-o zi, insa acum totu' e aproape mort, dar asta-i alta discutie. Revenind. Se poate solicita o plata de indata ce s-au strans minim 5 GBP in cont. Modalitati de plata importante: Bank Transfer , Bitcoin sau Amazon. Cat dureaza pana cand esti platit? Cei de la cash4minutes mi-au spus sa astept cel putin o luna de zile pana confirma apelurile si incaseaza banii de la posturile de radio, iar francezii care se lauda pe net cu platile confirma ca ei primesc banii cam in 35 de zile de la solicitare, deci cam asta e termenul. Daca de exemplu te apuci acum sa suni si faci vreo 100 lire intr-o saptamana, ceri plata pe 18 Septembrie, o primesti undeva in prima saptamana de dupa 18 Octombrie. Cu ce suni la acele numere? Eh, asta e problema. Am deschis acest topic nu numai pentru a va prezenta aceasta metoda super tare + si a face rost de referrali, dar si pentru a ne pune toti mintea la contributie ca sa gasim solutii. Spaniolii, de exemplu, aveau minute nelimitate la nu stiu ce operator de telefonie. pana cand operatorul s-a prins ca unii clienti abuzeaza de minute si le-au blocat. Uite asa au ramas spaniolii cu degetul in gura. Alte persoane din alte tari foloseau Skype ca sa sune gratuit la numerele din alte tari (in afara de UK), dar Skype se pare ca a blocat unele numere. Totodata, nu sunt sigur daca abonamentul cu minute nelimitate in UK functioneaza - voi incerca in curand. Am mai incercat si abonamentul de 12.59 EUR de la Skype, cu minute nelimitate catre Polonia si Turcia, dar din pacate are numerele blocate. M-am uitat pe la operatorii de la noi si nu exista nimic nelimitat, iar ceea ce e limitat nu aduce prea mare profit. De exemplu, la Vodafone ai 200 minute in UK cu 8 EUR. Daca suni 200 minute primesti 200 min x 0.07 = 14 GBP adica vreo 16 EUR. Practic iti dublezi suma investita, insa e mult prea putin. La Digi vad ca se plateste 0.024 EUR/min catre Marea Britanie. Tu primesti 0.08 EUR (0.07 GBP), deci de vreo 3 ori investitia. Daca de exemplu suni de 100 RON, intr-o luna primesti cel putin 300 RON de la cash4minutes. Eu as incerca dar n-am telefon fix sau mobil de la Digi. La orange oferta e praf. Am cateva sute de minute internationale pe care le pot folosi sa sun pe numerele de Polonia, insa nu merita pentru ca se ofera doar 0.0013 pentru numerele de Polonia. Poate stiti si voi alte solutii. Daca am gasi un serviciu bun de voip care sa ne ofere minute nelimitate catre UK (mobil/fix) contra unui abonament, ar fi extraordinar. Sper sa apreciati informatia si macar sa va inregistrati de pe link-ul meu daca doriti sa incercati acest site. Pentru inregistrare click aici : http://bit.ly/2lOxUY4 Multumesc!