Leaderboard

In this series of blog posts, I’ll explain how I decrypted the encrypted PDFs shared by John August (John wanted to know how easy it is to crack encrypted PDFs, and started a challenge). Here is how I decrypted the “easy” PDF (encryption_test). From John’s blog post, I know the password is random and short. So first, let’s check out how the PDF is encrypted. pdfid.py confirms the PDF is encrypted (name /Encrypt): pdf-parser.py can tell us more: The encryption info is in object 26: From this I can conclude that the standard encryption filter was used. This encryption method uses a 40-bit key (usually indicated by a dictionary entry: /Length 40, but this is missing here). PDFs can be encrypted for confidentiality (requiring a so-called user password /U) or for DRM (using a so-called owner password /O). PDFs encrypted with a user password can only be opened by providing this password. PDFs encrypted with a owner password can be opened without providing a password, but some restrictions will apply (for example, printing could be disabled). QPDF can be used to determine if the PDF is protected with a user password or an owner password: This output (invalid password) tells us the PDF document is encrypted with a user password. I’ve written some blog posts about decrypting PDFs, but because we need to perform a brute-force attack here (it’s a short random password), this time I’m going to use hashcat to crack the password. First we need to extract the hash to crack from the PDF. I’m using pdf2john.py to do this. Remark that John the Ripper (Jumbo version) is now using pdf2john.pl (a Perl program), because there were some issues with the Python program (pdf2john.py). For example, it would not properly generate a hash for 40-bit keys when the /Length name was not specified (like is the case here). However, I use a patched version of pdf2john.py that properly handles default 40-bit keys. Here’s how we extract the hash: This format is suitable for John the Ripper, but not for hashcat. For hashcat, just the hash is needed (field 2), and no other fields. Let’s extract field 2 (you can use awk instead of csv-cut.py): I’m storing the output in file “encryption_test – CONFIDENTIAL.hash”. And now we can finally use hashcat. This is the command I’m using: hashcat-4.0.0\hashcat64.exe --potfile-path=encryption_test.pot -m 10400 -a 3 -i "encryption_test - CONFIDENTIAL.hash" ?a?a?a?a?a?a I’m using the following options: –potfile-path=encryption_test.pot : I prefer using a dedicated pot file, but this is optional -m 10400 : this hash mode is suitable to crack the password used for 40-bit PDF encryption -a 3 : I perform a brute force attack (since it’s a random password) ?a?a?a?a?a?a : I’m providing a mask for 6 alphanumeric characters (I want to brute-force passwords up to 6 alphanumeric characters, I’m assuming when John mentions a short password, it’s not longer than 6 characters) -i : this incremental option makes that the set of generated password is not only 6 characters long, but also 1, 2, 3, 4 and 5 characters long And here is the result: The recovered password is 1806. We can confirm this with QPDF: Conclusion: PDFs protected with a 4 character user password using 40-bit encryption can be cracked in a couple of seconds using free, open-source tools. FYI, I used the following GPU: GeForce GTX 980M, 2048/8192 MB allocatable, 12MCU Update: this is the complete blog post series: Cracking Encrypted PDFs – Part 1: cracking the password of a PDF and decrypting it (what you are reading now) Cracking Encrypted PDFs – Part 2: cracking the encryption key of a PDF Cracking Encrypted PDFs – Part 3: decrypting a PDF with its encryption key Cracking Encrypted PDFs – Conclusion: don’t use 40-bit keys Sursa: https://blog.didierstevens.com/2017/12/26/cracking-encrypted-pdfs-part-1/

Daca ai fi pus inca 3 fraze in titlu ti-as fi trimis eu..

In anul care a trecut, ai futut cum ai putut, cand mai bine, cand mai rau, nu prea a fost anul tau, dar in anul care vine, iti urez sa futi mai bine...blonde, tatoase, virgine! Ca sa nu te las la greu, iti urez sa le fut eu! De odihna sa ai parte ,las' ca le fut eu pe toate... Azi in zi de sarbatoare, sa ai grija la mancare. Sa nu manci multe sarmale ca se face pula moale, sa ai grija la salata daca vrei s-o vezi sculata, sa nu gusti deloc friptura, ca atunci adio pula. Fara prajituri cu nuci daca vrei sa dai la buci. Deci apuca-te si bea, daca tii la pula ta! La multi ani!

Tu ce plm crezi ca e aici, forum de ajutor social?

...Desi mai sunt vreo 4 ore eu zic ca nu vom mai fi toti in parametrii corespunzatori incat sa scriem pe forum sau cel putin nu vom avea prilejul. Propun sa curga cu "La multi ani" de pe acum, sa ne ajute Sfanta Treime, Allah, Putin si Donald Trump sa trecem cu bine si de 2018 si in rest ... atat. A da si mai multi bani. Mult mai multi. La multi ani P.S: Atentie maine la recompilare.. aia e cea mai nasoala parte.

La multi ani!

^ Dedicate speciala de la wHoIS pentru fratii de pe RST. http://www.rstelion.party/ Va invitam pe chat sa continuam traditia !

http://www.rstelion.party/

Cand furi bani nu mai tii cont de taxe Iti dai seama ca nu vrea chestii legale din cerinta.

S-ar putea sa gasesti niste site-uri de trading prin care poti face asa ceva. Din cate am inteles https://www.etoro.com are optiunea asta, dar nu stiu daca trebuie sa ai cont "verificat" (adica sa le dai copie dupa buletin si dovada de adresa) sau nu. Dar sa ne intelegem, inseamna sa depozitezi fonduri pe platforma de trading, acolo schimbi pe BTC, iar daca le vrei in alt portofel decat cel de pe platforma, trebuie sa ii trimiti de acolo. Si toate aceste tranzactii implica taxele aferente.

Trageți și voi un joint, dați și voi o muie, pișați-vă pe priză, să vă bucurați de brad!

pump & dump - inca functioneaza pe bittrex sayonara

îți dai seama ce fraude s-ar face? odată facuți btc îți iei gandul ca ii mai recupereaza paypal-ul

Fsociety Hacking Tools Pack – A Penetration Testing Framework A Penetration Testing Framework , you will have evry script that a hacker needs Fsociety Contains All Tools Used In Mr Robot Series Menu: Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Installation Linux: git clone https://github.com/Manisso/fsociety.git cd fsociety && python fsociety.py [◉] 0 : INSTALL & UPDATE [◉] -> 0 [✓] press 0 [✓] Congratulation Fsociety is Installed ! Installation Windows: [✔] Download python [✓] Download fsociety [✓] Extract fsociety into Desktop [◉]Open CMD and type the following commands: cd Desktop/fsociety-master/ python fsociety.py Usage: https://asciinema.org/a/URj2nvpbYpeJyJe43KlASZ7fz Source: https://github.com/Manisso/fsociety

........................................... http://www.radioamator.ro/ ............................................ http://www.radioamator.ro/articole/view.php?id=1164 .............................................

oho... nu exista ceva sa pot scripta sau sa programez, am incercat... nu exista nici un patern... Pur si simplu caut pe net ce ICO-uri apar, ce software creaza, sau ce idei au... investesc in ele si astept. Iar la ICO-uri, nu e asa simplu.. trebuie sa te uiti dupa multe chestii pe care nu le pot spune aici. Dar ideea e ca functioneaza, pierzi castigi.... mai mult castigi la sfarsit de zi/saptamana/luna. Trebuie doar sa nu te panichezi si sa HODL moneda respectiva pana ajunge la un anumit prag... Uite: https://we.tl/s-idH2dUOpfV vezi astea ca sa-ti faci o idee despre trend...

BRAVO! Ia vezi, cumpara: https://bittrex.com/Market/Index?MarketName=BTC-KORE asta este ICO-ul lor: http://kore.life/ https://twitter.com/newkorecoin?lang=ro "it releases masternodes and wallet update this week" Este pretul 4.66 acum, fac pariu ca o sa faca 2X sapt viitoare Ia vezi si asta:

Ii aproape de Monaco si nu ii va mai trebuie nici o spalare de bani. Oricum statul te verifica si daca iti cumperi o casa sau o masina. La valoarea lui Monaco ii solutia. Si sa vada ca astia sunt cu ani buni in urma cand vine vorba de verificat. In 2015 verificau pe 2011-2013 https://www.avocatnet.ro/articol_41156/ANAF-incepe-verificarea-persoanelor-fizice-cu-risc-fiscal-ridicat-Ce-contribuabili-sunt-vizati-de-controale.html Am vrut sa iti zic de spalat bani noroc ca a postat @Che si m-am razgandit. Ba @Che, pe forex se tranzactioneaza doar perechi monetare, pe bursa doar actiuni. Chiar asa de greu ii? Toti scalperi sau mutat de pe forex pe bitcoin market. Si ti-am m-ai explicat o data de ce. Volatilitate mare, urca pretul cu 3-4% in cateva ore. Pe forex veizi asa ceva doar cand anunta Anglia brexitul.

tocmai m-am vazut cu un prieten cu care am pierdut legatura acum 7 luni. tranzactioneaza btc btcash, eth etc. cu leverage de 1:5, si detine 1,7 mil $ in btc, am ramas socat cand mi-a aratat contul de pe o platforma cunoscuta. face mult scalping..... a inceput cu 10k $, l-a ajutat si piata binenteles.........si cel mai important spala banii cu skrill si paypal(nu stiu cum dar aflu). asa ca succes la toata lumea care tranzactioneaza, eu credeam ca stau bine pe investitiile mele dar observ ca sunt un mic gandacel.

Va creste, dar pe termen lungul implicarea bancilor va stabiliza pretul. Va fi forex day trading pe scurt, mai ales ca ofera asa ceva. Use as a payment/forex system Ripple allows users or businesses to conduct cross-currency transactions in 3 to 5 seconds...... Ripple's Path-finding Algorithm searches for the fastest, cheapest path between two currencies.In the case of a user who wants to send a payment from USD to EUR, this could be a "one-hop" path directly from USD to EUR, or it could be a multi-hop path, perhaps from USD to CAD to XRP to EUR.Path finding is designed to seek out the cheapest conversion cost for the user. Sau o muie buna de la proprietar https://bitcointalk.org/index.php?topic=1904801.0 Lock-up, no lock-up ala face ce vrea si cand vrea. Scoate din escrow XRP cand vrea el si scade iarasi pretul. O treime din total sunt doar in circulatie. Din doua una.

Eth luat acum ceva vreme cand era 300. Pentru durata lunga, minim 5-7 ani, orice s-ar intampla, si sa ajunga la 1 cent.

Mai plateste si tu berea cand iesi in oras.

Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://xpath-blind-explorer.googlecode.com/files/Xpath%20Blind%20Explorer%201.0.zip