Leaderboard

In this series of blog posts, I’ll explain how I decrypted the encrypted PDFs shared by John August (John wanted to know how easy it is to crack encrypted PDFs, and started a challenge). Here is how I decrypted the “easy” PDF (encryption_test). From John’s blog post, I know the password is random and short. So first, let’s check out how the PDF is encrypted. pdfid.py confirms the PDF is encrypted (name /Encrypt): pdf-parser.py can tell us more: The encryption info is in object 26: From this I can conclude that the standard encryption filter was used. This encryption method uses a 40-bit key (usually indicated by a dictionary entry: /Length 40, but this is missing here). PDFs can be encrypted for confidentiality (requiring a so-called user password /U) or for DRM (using a so-called owner password /O). PDFs encrypted with a user password can only be opened by providing this password. PDFs encrypted with a owner password can be opened without providing a password, but some restrictions will apply (for example, printing could be disabled). QPDF can be used to determine if the PDF is protected with a user password or an owner password: This output (invalid password) tells us the PDF document is encrypted with a user password. I’ve written some blog posts about decrypting PDFs, but because we need to perform a brute-force attack here (it’s a short random password), this time I’m going to use hashcat to crack the password. First we need to extract the hash to crack from the PDF. I’m using pdf2john.py to do this. Remark that John the Ripper (Jumbo version) is now using pdf2john.pl (a Perl program), because there were some issues with the Python program (pdf2john.py). For example, it would not properly generate a hash for 40-bit keys when the /Length name was not specified (like is the case here). However, I use a patched version of pdf2john.py that properly handles default 40-bit keys. Here’s how we extract the hash: This format is suitable for John the Ripper, but not for hashcat. For hashcat, just the hash is needed (field 2), and no other fields. Let’s extract field 2 (you can use awk instead of csv-cut.py): I’m storing the output in file “encryption_test – CONFIDENTIAL.hash”. And now we can finally use hashcat. This is the command I’m using: hashcat-4.0.0\hashcat64.exe --potfile-path=encryption_test.pot -m 10400 -a 3 -i "encryption_test - CONFIDENTIAL.hash" ?a?a?a?a?a?a I’m using the following options: –potfile-path=encryption_test.pot : I prefer using a dedicated pot file, but this is optional -m 10400 : this hash mode is suitable to crack the password used for 40-bit PDF encryption -a 3 : I perform a brute force attack (since it’s a random password) ?a?a?a?a?a?a : I’m providing a mask for 6 alphanumeric characters (I want to brute-force passwords up to 6 alphanumeric characters, I’m assuming when John mentions a short password, it’s not longer than 6 characters) -i : this incremental option makes that the set of generated password is not only 6 characters long, but also 1, 2, 3, 4 and 5 characters long And here is the result: The recovered password is 1806. We can confirm this with QPDF: Conclusion: PDFs protected with a 4 character user password using 40-bit encryption can be cracked in a couple of seconds using free, open-source tools. FYI, I used the following GPU: GeForce GTX 980M, 2048/8192 MB allocatable, 12MCU Update: this is the complete blog post series: Cracking Encrypted PDFs – Part 1: cracking the password of a PDF and decrypting it (what you are reading now) Cracking Encrypted PDFs – Part 2: cracking the encryption key of a PDF Cracking Encrypted PDFs – Part 3: decrypting a PDF with its encryption key Cracking Encrypted PDFs – Conclusion: don’t use 40-bit keys Sursa: https://blog.didierstevens.com/2017/12/26/cracking-encrypted-pdfs-part-1/

Daca ai fi pus inca 3 fraze in titlu ti-as fi trimis eu..

In anul care a trecut, ai futut cum ai putut, cand mai bine, cand mai rau, nu prea a fost anul tau, dar in anul care vine, iti urez sa futi mai bine...blonde, tatoase, virgine! Ca sa nu te las la greu, iti urez sa le fut eu! De odihna sa ai parte ,las' ca le fut eu pe toate... Azi in zi de sarbatoare, sa ai grija la mancare. Sa nu manci multe sarmale ca se face pula moale, sa ai grija la salata daca vrei s-o vezi sculata, sa nu gusti deloc friptura, ca atunci adio pula. Fara prajituri cu nuci daca vrei sa dai la buci. Deci apuca-te si bea, daca tii la pula ta! La multi ani!

Tu ce plm crezi ca e aici, forum de ajutor social?

...Desi mai sunt vreo 4 ore eu zic ca nu vom mai fi toti in parametrii corespunzatori incat sa scriem pe forum sau cel putin nu vom avea prilejul. Propun sa curga cu "La multi ani" de pe acum, sa ne ajute Sfanta Treime, Allah, Putin si Donald Trump sa trecem cu bine si de 2018 si in rest ... atat. A da si mai multi bani. Mult mai multi. La multi ani P.S: Atentie maine la recompilare.. aia e cea mai nasoala parte.

La multi ani!

^ Dedicate speciala de la wHoIS pentru fratii de pe RST. http://www.rstelion.party/ Va invitam pe chat sa continuam traditia !

http://www.rstelion.party/

Cand furi bani nu mai tii cont de taxe Iti dai seama ca nu vrea chestii legale din cerinta.

S-ar putea sa gasesti niste site-uri de trading prin care poti face asa ceva. Din cate am inteles https://www.etoro.com are optiunea asta, dar nu stiu daca trebuie sa ai cont "verificat" (adica sa le dai copie dupa buletin si dovada de adresa) sau nu. Dar sa ne intelegem, inseamna sa depozitezi fonduri pe platforma de trading, acolo schimbi pe BTC, iar daca le vrei in alt portofel decat cel de pe platforma, trebuie sa ii trimiti de acolo. Si toate aceste tranzactii implica taxele aferente.

Trageți și voi un joint, dați și voi o muie, pișați-vă pe priză, să vă bucurați de brad!

pump & dump - inca functioneaza pe bittrex sayonara

îți dai seama ce fraude s-ar face? odată facuți btc îți iei gandul ca ii mai recupereaza paypal-ul

Fsociety Hacking Tools Pack – A Penetration Testing Framework A Penetration Testing Framework , you will have evry script that a hacker needs Fsociety Contains All Tools Used In Mr Robot Series Menu: Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Installation Linux: git clone https://github.com/Manisso/fsociety.git cd fsociety && python fsociety.py [◉] 0 : INSTALL & UPDATE [◉] -> 0 [✓] press 0 [✓] Congratulation Fsociety is Installed ! Installation Windows: [✔] Download python [✓] Download fsociety [✓] Extract fsociety into Desktop [◉]Open CMD and type the following commands: cd Desktop/fsociety-master/ python fsociety.py Usage: https://asciinema.org/a/URj2nvpbYpeJyJe43KlASZ7fz Source: https://github.com/Manisso/fsociety

........................................... http://www.radioamator.ro/ ............................................ http://www.radioamator.ro/articole/view.php?id=1164 .............................................

Din cei care ati votat iPhone X.. de curiozitate, il foloseste cineva? Ati facut ceva probe cu facial recognition? Scurt review dupa ceva saptamani/luni de folosinta? OFF: macar setati mutra sa fie cea cand ejaculati.. in caz ca vi-l fura cineva sa trebuiasca sa va faca si o laba..

Today we are going to discuss how to Detect NMAP scan using Snort but before moving ahead kindly read our privious both articles releted to Snort Installation (Manually or using apt-respiratory)and its rule configuration to enable it as IDS for your network. Basically in this article we are testing Snort against NMAP various scan which will help network security analyst to setup snort rule in such a way so that they become aware of any kind of NMAP scanning. Requirement Attacker: Kali Linux (NMAP Scan) Target: Ubuntu (Snort as IDS) Optional: Wireshark (we have added it in our tutorial so that we can clearly confirm all incoming and outgoing packet of network) Let’s Begins!! Identify NMAP Ping Scan As we know any attacker will start attack by identifying host status by sending ICMP packet using ping scan. Therefore be smart and add a rule in snort which will analyst NMAP Ping scan when someone try to scan your network for identifying live host of network. Execute given below command in ubuntu’s terminal to open snort local rule file in text editor. sudo gedit /etc/snort/rules/local.rules Now add given below line which will capture the incoming traffic coming on 192.168.1.105(ubuntu IP) network for ICMP protocol. alert icmp any any -> 192.168.1.105 any (msg: “NMAP ping sweep Scan “; dsize:0;sid:10000004; rev: 1;) Turn on IDS mode of snort by executing given below command in terminal: sudo snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 Now using attacking machine execute given below command to identify status of target maching i.e. host is UP or Down. nmap -sP 192.168.1.105 –disable-arp-ping If you will execute above command without parameter “disable arp-ping” then will work as default ping sweep scan which will send arp packets inspite of sending ICMP on targets network and may be snort not able to capture NMAP Ping scan in that sinario, therefore we had use parameter “disable arp-ping” in above command. As I had declaimed above why we are involving wireshark in this tutorial so that you can clearly see the packet sends form attacker network to targets network. Hence in given below image you can notice ICMP request packet as well as ICMP reply packets both are part of network traffic. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP Ping Sweep scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP TCP Scan Now in order to connect with target network, attacker may go with networking enumeration either using TCP Protocol or UDP protocol. Let assume attacker may choose TCP scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg: “NMAP TCP Scan”; sid:10000005; rev:2; ) Above rule is only applicable for port 22 so if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for TCP scan on port 22. nmap -sT -p22 192.168.1.105 From given below image you can observe wireshark has captured TCP packets from 192.168.1.104 to 192.168.1.105 Here you can confirm that our snort is absolutely working when attacker is scanning port 22 using nmap TCP scan and it is showing attacker’s IP from where traffic is coming on port 22. Hence you can block this IP to protect your network from further scanning. Identify NMAP XMAS Scan As we know that TCP communication follows three way handshake to established TCP connection with target machine but sometimes instead of using SYN, SYN/ACK,ACK flag attacker choose XMAS scan to connect with target by sending data packets through Fin, PSH & URG flags. Let assume attacker may choose XMAS scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg:”Nmap XMAS Tree Scan”; flags:FPU; sid:1000006; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from Fin, PSH & URG flags .So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for XMAS scan on port 22. nmap -sX -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using FIN, PSH, URG flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP XMAP scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP FIN Scan Instead of using SYN, SYN/ACK and ACK flag to established TCP connection with target machine may attacker choose FIN scan to connect with target by sending data packets through Fin flags only. Let assume attacker may choose FIN scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.1045 22 (msg:”Nmap FIN Scan”; flags:F; sid:1000008; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from Fin Flags. So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for FIN scan on port 22. nmap -sF -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using FIN flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP FIN scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP NULL Scan Instead of using SYN, SYN/ACK and ACK flag to established TCP connection with target machine may attacker choose NULL scan to connect with target by sending data packets through NONE flags only. Let assume attacker may choose NULL scanning for network enumeration then in that situation we can apply following rule in snort local rule file. alert tcp any any -> 192.168.1.105 22 (msg:”Nmap NULL Scan”; flags:0; sid:1000009; rev:1;) Again above rule is only applicable for port 22 which will listen for incoming traffic when packets come from NONE Flags. So if you want to scan any other port then replace 22 from the port you want to scan else you can also use “any” to analysis all ports. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for NULL scan on port 22. nmap -sN -p22 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send using NONE flags. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP Null scan. Hence you can block attacker’s IP to protect your network from further scanning. Identify NMAP UDP Scan In order to Identify open UDP port and running services attacker may chose NMAP UDP scan to establish connection with target machine for network enumeration then in that situation we can apply following rule in snort local rule file. alert UDP any any -> 192.168.1.105 any(msg:”Nmap UDPScan”; sid:1000010; rev:1;) Again above rule is applicable for every UDP port which will listen for incoming traffic when packets is coming over any UDP port, so if you want to capture traffic for any particular UDP port then replace “any” from that specific port number as done above. Enable NIDS mode of snort as done above. Now again using attacker machine execute the given below command for NULL scan on port 22. nmap -sU -p68 192.168.1.105 From given below image you can observe that wireshark is showing 2 packets from attacker machine to target machine has been send over UDP Port. Come back to over your target machine where snort is capturing all in coming traffic here your will observe that it is generating alert for NMAP UDP scan. Hence you can block attacker’s IP to protect your network from further scanning. Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here Source: http://www.hackingarticles.in/detect-nmap-scan-using-snort/

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect and locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection. Video: https://media.ccc.de/v/34c3-8735-spy_vs_spy_a_modern_study_of_microphone_bugs_operation_and_detection#video&t=0

oho... nu exista ceva sa pot scripta sau sa programez, am incercat... nu exista nici un patern... Pur si simplu caut pe net ce ICO-uri apar, ce software creaza, sau ce idei au... investesc in ele si astept. Iar la ICO-uri, nu e asa simplu.. trebuie sa te uiti dupa multe chestii pe care nu le pot spune aici. Dar ideea e ca functioneaza, pierzi castigi.... mai mult castigi la sfarsit de zi/saptamana/luna. Trebuie doar sa nu te panichezi si sa HODL moneda respectiva pana ajunge la un anumit prag... Uite: https://we.tl/s-idH2dUOpfV vezi astea ca sa-ti faci o idee despre trend...

BRAVO! Ia vezi, cumpara: https://bittrex.com/Market/Index?MarketName=BTC-KORE asta este ICO-ul lor: http://kore.life/ https://twitter.com/newkorecoin?lang=ro "it releases masternodes and wallet update this week" Este pretul 4.66 acum, fac pariu ca o sa faca 2X sapt viitoare Ia vezi si asta:

Ii aproape de Monaco si nu ii va mai trebuie nici o spalare de bani. Oricum statul te verifica si daca iti cumperi o casa sau o masina. La valoarea lui Monaco ii solutia. Si sa vada ca astia sunt cu ani buni in urma cand vine vorba de verificat. In 2015 verificau pe 2011-2013 https://www.avocatnet.ro/articol_41156/ANAF-incepe-verificarea-persoanelor-fizice-cu-risc-fiscal-ridicat-Ce-contribuabili-sunt-vizati-de-controale.html Am vrut sa iti zic de spalat bani noroc ca a postat @Che si m-am razgandit. Ba @Che, pe forex se tranzactioneaza doar perechi monetare, pe bursa doar actiuni. Chiar asa de greu ii? Toti scalperi sau mutat de pe forex pe bitcoin market. Si ti-am m-ai explicat o data de ce. Volatilitate mare, urca pretul cu 3-4% in cateva ore. Pe forex veizi asa ceva doar cand anunta Anglia brexitul.

tocmai m-am vazut cu un prieten cu care am pierdut legatura acum 7 luni. tranzactioneaza btc btcash, eth etc. cu leverage de 1:5, si detine 1,7 mil $ in btc, am ramas socat cand mi-a aratat contul de pe o platforma cunoscuta. face mult scalping..... a inceput cu 10k $, l-a ajutat si piata binenteles.........si cel mai important spala banii cu skrill si paypal(nu stiu cum dar aflu). asa ca succes la toata lumea care tranzactioneaza, eu credeam ca stau bine pe investitiile mele dar observ ca sunt un mic gandacel.

Va creste, dar pe termen lungul implicarea bancilor va stabiliza pretul. Va fi forex day trading pe scurt, mai ales ca ofera asa ceva. Use as a payment/forex system Ripple allows users or businesses to conduct cross-currency transactions in 3 to 5 seconds...... Ripple's Path-finding Algorithm searches for the fastest, cheapest path between two currencies.In the case of a user who wants to send a payment from USD to EUR, this could be a "one-hop" path directly from USD to EUR, or it could be a multi-hop path, perhaps from USD to CAD to XRP to EUR.Path finding is designed to seek out the cheapest conversion cost for the user. Sau o muie buna de la proprietar https://bitcointalk.org/index.php?topic=1904801.0 Lock-up, no lock-up ala face ce vrea si cand vrea. Scoate din escrow XRP cand vrea el si scade iarasi pretul. O treime din total sunt doar in circulatie. Din doua una.

Eth luat acum ceva vreme cand era 300. Pentru durata lunga, minim 5-7 ani, orice s-ar intampla, si sa ajunga la 1 cent.

Mai plateste si tu berea cand iesi in oras.

Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://xpath-blind-explorer.googlecode.com/files/Xpath%20Blind%20Explorer%201.0.zip