Leaderboard

Sursa: https://pen-testing.sans.org/resources/downloads Trebuie sa va faceti cont! Pen Test: Command Line Kung Fu Attack Surfaces, Tools & Techniques Ultimate Pen Test Poster Intrusion Discovery Cheat Sheet for Windows Intrusion Discovery Cheat Sheet for Linux Windows Command Line Cheat Sheet Netcat Cheat Sheet Misc Pen Test Tools Cheat Sheet Pen Test Rules of Engagement Worksheet Pen Test Scope Worksheet Pen Test: Command Line Kung Fu Download Here Top Attack Surfaces, Tools & Techniques Download Here Top Ultimate Pen Test Poster Download Here Top Intrusion Discovery Cheat Sheet for Windows Ever wonder if your Windows machines have been compromised, but don't know where to look to find the bad guys' presence? This cheat sheet is designed to help Windows administrators and security personnel to better execute and in-depth analysisof their system in order to look for signs of compromise. Each technique is covered from both a GUI and command-line perspective, acting as a nice bridge between these two important aspects of modern Windows machines. Some organizations print out and laminate these sheets, distributing them among their operations staff to help them better understand their systems and detect attackers in their midst. Windows Cheat Sheet (279 KB) Related Course SEC504: Hacker Techniques, Exploits & Incident Handling Top Intrusion Discovery Cheat Sheet for Linux Organized along the same lines as the Windows cheat sheet, but with a focus on Linux, this tri-fold provides vital tips for system administrators and security personnel in analyzing their Linux systems to look for signs of a system compromise. Each command is described in detail, allowing users to search for unusual processes, network activity, strange files, unexpected cron jobs, and more. Linux Cheat Sheet (266 KB) Related Course SEC504: Hacker Techniques, Exploits & Incident Handling Top Windows Command Line Cheat Sheet Many tools in a penetration tester's arsenal are designed to get command shell on vulnerable target machines. And, often, Windows machines are in the crosshairs, lacking critical patches or being run by click-happy users that blindly open files sent during a carefully scoped penetration test. But, what do you do on a Windows box once you get shell? These cheat sheets help pen testers master the Windows Command Line to exercise significant control over compromised Windows machines. Windows Command Line Cheat Sheet (135 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Netcat Cheat Sheet Netcat is one of the most flexible tools in a pen tester's arsenal, but some penetration testers only scratch the surface of its capabilities. These cheat sheets describe the specific commands needed to use Netcat super effectively in penetration tests, including as an impromptu client, gender-bender relay, file transfer tool, banner grabber, port scanner, and more. If you think you know Netcat, check out this cheat sheet for even more devious uses of this remarkably powerful tool. Netcat Cheat Sheet (131 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Misc Pen Test Tools Cheat Sheet This cheat sheet provides tips for maximizing the effectiveness of some of the most useful free tools available for penetration testers and vulnerability assessment personnel: Metasploit, Meterpreter, fgdump, and hping. The sheet is a handy reference with practical, hands-on, command-line oriented tips every penetration tester should know. Misc Tools Cheat Sheet (147 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Pen Test Rules of Engagement Worksheet When planning a penetration test, if you don't formulate rules of engagement properly, you'll end up with a low-value pen test at best. At worst, you may wind up in prison! With the goal of keeping professional penetration testers out of orange jump suits at the state penitentiary, this worksheet walks a tester through a series of questions to establish a firm set of agreed-upon rules to ensure an effective penetration test. Rules Of Engagement Worksheet (8 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Pen Test Scope Worksheet Modern penetration tests can include a myriad of activities against a multitude of potential targets. Trying to hack everything or leaving something ultra-important out are a sure way to execution of a sub-optimal pen test. A penetration tester can use this worksheet to walk through a series of questions with the target system's personnel in order to help tailor a test's scope effectively for the given target organization. Scope Worksheet (12 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking

CVE OneLogin - python-saml - CVE-2017-11427 OneLogin - ruby-saml - CVE-2017-11428 Clever - saml2-js - CVE-2017-11429 OmniAuth-SAML - CVE-2017-11430 Shibboleth - CVE-2018-0489 Duo Network Gateway - CVE-2018-7340 The Security Assertion Markup Language, SAML, is a popular standard used in single sign-on systems. Greg Seador has written a great pedagogical guide on SAML that I highly recommend if you aren't familiar with it. For the purpose of introducing this vulnerability, the most important concept to grasp is what a SAML Response means to a Service Provider (SP), and how it is processed. Response processing has a lot of subtleties, but a simplified version often looks like: The user authenticates to an Identity Provider (IdP) such as Duo or GSuite which generates a signed SAML Response. The user’s browser then forwards this response along to an SP such as Slack or Github. The SP validates the SAML Responses signature. If the signature is valid, a string identifier within the SAML Response (e.g. the NameID) will identify which user to authenticate. A really simplified SAML Response could look something like: <SAMLResponse> <Issuer>https://idp.com/</Issuer> <Assertion ID="_id1234"> <Subject> <NameID>user@user.com</NameID> </Subject> </Assertion> <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="xml-c14n11"/> <Reference URI="#_id1234"/> </SignedInfo> <SignatureValue> some base64 data that represents the signature of the assertion </SignatureValue> </Signature> </SAMLResponse> This example omits a lot of information, but that omitted information is not too important for this vulnerability. The two essential elements from the above XML blob are the Assertion and the Signature element. The Assertion element is ultimately saying "Hey, I, the Identity Provider, authenticated the user user@user.com." A signature is generated for that Assertion element and stored as part of the Signature element. The Signature element, if done correctly, should prevent modification of the NameID. Since the SP likely uses the NameID to determine what user should be authenticated, the signature prevents an attacker from changing their own assertion with the NameID "attacker@user.com" to "user@user.com." If an attacker can modify the NameID without invalidating the signature, that would be bad (hint, hint)! XML Canononononicalizizization: Easier Spelt Than Done The next relevant aspect of XML signatures is XML canonicalization. XML canonicalization allows two logically equivalent XML documents to have the same byte representation. For example: <A X="1" Y="2">some text<!-- and a comment --></A> and < A Y="2" X="1" >some text</ A > These two documents have different byte representations, but convey the same information (i.e. they are logically equivalent). Canonicalization is applied to XML elements prior to signing. This prevents practically meaningless differences in the XML document from leading to different digital signatures. This is an important point so I'll emphasize it here: multiple different-but-similar XML documents can have the same exact signature. This is fine, for the most part, as what differences matter are specified by the canonicalization algorithm. As you might have noticed in the toy SAML Response above, the CanonicalizationMethod specifies which canonicalization method to apply prior to signing the document. There are a couple of algorithms outlined in the XML Signature specification, but the most common algorithm in practice seems to be http://www.w3.org/2001/10/xml-exc-c14n# (which I'll just shorten to exc-c14n). There is a variant of exc-c14n that has the identifier http://www.w3.org/2001/10/xml-exc-c14n#WithComments. This variation of exc-c14n does not omit comments, so the two XML documents above would not have the same canonical representation. This distinction between the two algorithms will be important later. XML APIs: One Tree; Many Ways One of the causes of this vulnerability is a subtle and arguably unexpected behavior of XML libraries like Python’s lxml or Ruby’s REXML. Consider the following XML element, NameID: <NameID>kludwig</NameID> And if you wanted to extract the user identifier from that element, in Python, you may do the following: from defusedxml.lxml import fromstring payload = "<NameID>kludwig</NameID>" data = fromstring(payload) return data.text # should return 'kludwig' Makes sense, right? The .text method extracts the text of the NameID element. Now, what happens if I switch things up a bit, and add a comment to this element: from defusedxml.lxml import fromstring doc = "<NameID>klud<!-- a comment? -->wig</NameID>" data = fromstring(payload) return data.text # should return ‘kludwig’? If you would expect the exact same result regardless of the comment addition, I think you are in the same boat as me and many others. However, the .text API in lxml returns klud! Why is that? Well, I think what lxml is doing here is technically correct, albeit a bit unintuitive. If you think of the XML document as a tree, the XML document looks like: element: NameID |_ text: klud |_ comment: a comment? |_ text: wig and lxml is just not reading text after the first text node ends. Compare that with the uncommented node which would be represented by: element: NameID |_ text: kludwig Stopping at the first text node in this case makes perfect sense! Another XML parsing library that exhibits similar behavior is Ruby's REXML. The documentation for their get_text method hints at why these XML APIs exhibit this behavior: [get_text] returns the first child Text node, if any, or nil otherwise. This method returns the actual Text node, rather than the String content. Stopping text extraction after the first child, while unintuitive, might be fine if all XML APIs behaved this way. Unfortunately, this is not the case, and some XML libraries have nearly identical APIs but handle text extraction differently: import xml.etree.ElementTree as et doc = "<NameID>klud<!-- a comment? -->wig</NameID>" data = et.fromstring(payload) return data.text # returns 'kludwig' I have also seen a few implementations that don’t leverage an XML API, but do text extraction manually by just extracting the inner text of a node’s first child. This is just another path to the same exact substring text extraction behavior. The vulnerability So now we have the three ingredients that enable this vulnerability: SAML Responses contain strings that identify the authenticating user. XML canonicalization (in most cases) will remove comments as part of signature validation, so adding comments to a SAML Response will not invalidate the signature. XML text extraction may only return a substring of the text within an XML element when comments are present. So, as an attacker with access to the account user@user.com.evil.com, I can modify my own SAML assertions to change the NameID to user@user.com when processed by the SP. Now with a simple seven-character addition to the previous toy SAML Response, we have our payload: <SAMLResponse> <Issuer>https://idp.com/</Issuer> <Assertion ID="_id1234"> <Subject> <NameID>user@user.com<!---->.evil.com</NameID> </Subject> </Assertion> <Signature> <SignedInfo> <CanonicalizationMethod Algorithm="xml-c14n11"/> <Reference URI="#_id1234"/> </SignedInfo> <SignatureValue> some base64 data that represents the signature of the assertion </SignatureValue> </Signature> </SAMLResponse> How Does This Affect Services That Rely on SAML? Now for the fun part: it varies greatly! The presence of this behavior is not great, but not always exploitable. SAML IdPs and SPs are generally very configurable, so there is lots of room for increasing or decreasing impact. For example, SAML SPs that use email addresses and validate their domain against a whitelist are much less likely to be exploitable than SPs that allow arbitrary strings as user identifiers. On the IdP side, openly allowing users to register accounts is one way to increase the impact of this issue. A manual user provisioning process may add a barrier to entry that makes exploitation a bit more infeasible. Sursa: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

This post requires you to click the Likes button to read this content. http://a.pomf.se/pjmwvx.png """ OLX.ro scraper Gets name, phone no., Yahoo! & Skype addresses, where applicable http://a.pomf.se/pjmwvx.png """ import re import json import requests from bs4 import BeautifulSoup as b pages = 1 # How many pages should be scraped # Category URL, a.k.a. where to get the ads from catURL = "http://olx.ro/electronice-si-electrocasnice/laptop-calculator/" # Links to the Ajax requests ajaxNum = "http://olx.ro/ajax/misc/contact/phone/" ajaxYah = "http://olx.ro/ajax/misc/contact/communicator/" ajaxSky = "http://olx.ro/ajax/misc/contact/skype/" def getName(link): # Get the name from the ad page = requests.get(link) soup = b(page.text) match = soup.find(attrs={"class": "block color-5 brkword xx-large"}) name = re.search(">(.+)<", str(match)).group(1) return name def getPhoneNum(aID): # Get the phone number resp = requests.get("%s%s/" % (ajaxNum, aID)).text try: resp = json.loads(resp).get("value") except ValueError: return # No phone number if "span" in resp: # Multiple phone numbers nums = b(resp).find_all(text=True) for num in nums: if num != " ": return num else: return resp def getYahoo(aID): # Get the Yahoo! ID resp = requests.get("%s%s/" % (ajaxYah, aID)).text try: resp = json.loads(resp).get("value") except ValueError: return # No Yahoo! ID else: return resp def getSkype(aID): # Get the Skype ID resp = requests.get("%s%s/" % (ajaxSky, aID)).text try: resp = json.loads(resp).get("value") except ValueError: return # No Skype ID else: return resp def main(): for pageNum in range(1, pages+1): print("Page %d." % pageNum) page = requests.get(catURL + "?page=" + str(pageNum)) soup = b(page.text) links = soup.findAll(attrs={"class": "marginright5 link linkWithHash \ detailsLink"}) for a in links: aID = re.search('ID(.+)\.', a['href']).group(1) print("ID: %s" % aID) print("\tName: %s" % getName(a['href'])) if getPhoneNum(aID) != None: print("\tPhone: %s" % getPhoneNum(aID)) if getYahoo(aID) != None: print("\tYahoo: %s" % getYahoo(aID)) if getSkype(aID) != None: print("\tSkype: %s" % getSkype(aID)) if __name__ == "__main__": main() Tocmai scraper: https://rstforums.com/forum/98245-tocmai-ro-scraper-nume-oras-numar-telefon.rst

Salutare vin cu un nou tutorial dupa multa inactivitate dar de folos . Am venit cu un tutorial de scoatere a contului Google Dupa un reset sau FRP/Oem unlock aceasta metoda este pentru toate Procesoarele MTK ,titlul este asa deoarece nu am gasit nicaieri fie in romana sau engleza de o modalitate pentru tableta asta momentan nu au pus developeri mana pe ea fiind lansata anul acesta in luna Mai ,o sa incep sa pun eu mana pe ea:)) Dupa o suta de mi de incercari 3 zile de nervi si 6 beri baute am data de metoda asta Bun,sa incepem 1. Instalam driverele MTK de aici: https://www.4shared.com/rar/KjRZvp_Lce/Mediatek_Preloader_USB_VCOM_dr.htm?locale=en 2. Descarcam Miracle box crack :https://docs.google.com/uc?id=0B73CdsYiX90zVkhia0dEUVBrTms&export=download (Atentie NU ne trebuie Interfata MIRACLE BOX!) 3.Instalam miracle box apoi copiem fisierul crack si loader in folderul miraclebox/programfiles 4.Deschidem Miracel box Loader selectam sectiunea MTK apoi subsectiunea Unlock/fix si selectam Clear setting/FRP 5.Apasam butonul start si conectam Tableta/device-ul la usb ATENTIE! Device-ul trebuie sa fei stins (Daca nu il recunoaste ca Mediatek preloader VCOM in timp ce il conectam apasam butonul Vol +) 6. Programul isi fa face treaba si ne va aparea mesajul Done! ATENTIE! dupa mesajul done trebuie lasata 5-10 minute conectata apoi sa o pornim! 7.Siii VOILA! avem o tableta fara cont google! P.S O sa revin si cu un UPDATE cu Firmwareul/ROM-ul dupa ce il extrag cumva sa fie compatibil cu SP flash tool SPOR la treaba! br, pHilo UPDATE: Modelul de baza este un TCL ALCATEL OT-9003 alctel pixi 4(7)

Ii facem salata din sfecla rosie. Multumesc, si multa sanatate tatalui tau, ti-am lasa in privat cartea, poate vrei sa te inspiri din ea.

A YouTuber who claimed being vegan cured her cancer has died from cancer

sa sugi pl rautatioasa mica ca vorbesti aiurea Am comanda ulei OCB pentru tatal meu,el are cancer la plamani si metastaze la mandibula. Este foarte nasol sansele sunt mici, sperantele sunt mari,este in ultimul stadiu.Citostaticile sunt apa de ploaie. Le face de 6 luni si cancerul a fost depistat din timp. Sper sa isi faca efectu' uleiul. Multa sanatate!Ca realizezi cat ai nevoie doar dupa ce o pierzi.

Sursa:http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html Spring 2014 Lectures & Videos This page contains all the lecture Lecture Slides and youtube videos for the Spring 2014 semester of this course. Course Lecture Videos / Slides / Reading: Below you can find and watch all the course videos, required reading, and lecture slides for each lecture (where applicable). The videos hosted on youtube are lower quality than the ones avaiable for direct download (see above). On the left you can find a navigation sidebar which will help you find the lectures relevant to each meta-topic. Week 1 (Intro / Overview): Lecture 1: Intro, Ethics, & Overview: This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics. Resources: [Lecture Slides] Required reading: 0x200 up to 0x260 (HAOE) Lecture 2: Secure C Coding 101: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Reading: 0x260 up to 0x280 (HAOE) Week 2 (Secure C / Code Auditing): Lecture 3: Secure C Coding 102: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Required reading: 0x280 up to 0x300 (HAOE) and 0x350 up to 0x400 Suggested reading:Understanding Integer Overflow in C/C++Integer Undefined Behaviors in Open Source Crypto Libraries Lecture 4: Code Auditing: Auditing C Code, basic tips / strategies / and exercises Resources: [Lecture Slides] Reading: article on file i/o security Week 3 (Permissions Spectrum): Holiday (No Class, Jan 20) MLK Day Holiday Lecture 5: The Permissions Spectrum: Intro to Vulnerability Research topics and the Permissions spectrum. Resources: [Lecture Slides] Week 4 (Reverse Engineering Week): Lecture 6: Reverse Engineering Workshop 1 Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Resources: [Slides (pdf)] [Slides (pptx)] Class RE Exercises (Archive) Lecture 7: Reverse Enginerring Workshop 2: Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Week 5 (Fuzzing Week): Lecture 8: Fuzzing Lecture 1 Coverage of Fuzzing techniques for SDL, VR, and other applications. [Slides] Lecture 9: MIDTERM REVIEW: [No class video, see slides!] [Midterm Review Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): MIDTERM 1 [no video for this class] Lecture 10: Fuzzing Lecture #2 and Exploitation Lecture 101: PART 1: PART 2: There are two videos for this lecture. The first half is a wrap up of fuzzing topics. The second half the beginning of the exploit development lectures. Resources: [Fuzzing Slides] [Exploitation Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): Lecture 11: Exploit Development 102 Second lecture in the exploit development lecture series. Covering the very very basics of exploitation. Concept of ret2libc is covered, examples with basic exit() shellcode, and some position-independent basic shellcode. Resources: [Slides] Reading: Read 0x500 up to 0x540 in HAOE (Writing shellcode) Read 0x6A0 up to 0x700 in HAOE This class was cancelled (postponed to next week) Week 7 (Exploit Development / Networking): Lecture 12: Exploit Development 103 Third lecture in the exploit development lecture series. Coverage of heap and format string exploition (with demos), as well as exploit mitigations (ASLR, NX/DEP, stack cookies, EMET, etc...) Resources: [Slides] Reading: Read 0x680 up to 0x6A0 in HAOE Lecture 13: Networking Lecture 101: This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122) Resources: [Lecture Slides] Required reading: Read 0x400 up to 0x450 in HAOE. Related reading (not required): Defcon 18 - How to hack millions of routers- Craig Heffner Week 8 (Exploit Dev / Web Application Hacking/Security) Lecture 14: Exploit Development 102 Resources: [Slides] Reading: Read 0x450 up to 0x500 in HAOE(27 pages) Read 0x540 up through 0x550 in HAOE(11 pages) Read Chapter 1 in WAHH (15 pages) Lecture 15: Wireshark and Web Application Hacking/Security 101 [Video on Wireshark coming soon] Its a bit shorter than other videos as the class time is split between this lecture and a wireshark/tcpflow demo. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics, as well as a very basic demo using BurpSuite as a HTTP Proxy. Resources: [SLIDES] Required Reading: Chapters 2-3 in WAHH OWASP Top 10 Related Reading: PHP: A Fractal of Bad Design Week 10 (Web Applications): Lecture 16: Web Application Hacking/Security 102 Coverage of SQLi, XSS, Metacharacter Injection, OWASP top 10, and demos. Resources: [Slides] Required Reading: Reading: Chapters 9 of WAHH Related Reading:Advaned SQLi Lecture 17: Web Application Hacking/Security 103 Resources: [SLIDES] Required Reading: "SSL and the future of Authenticity" Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL Read Chapter 10 in WAHH Week 11 (Web Applications and Exploitation): Lecture 18: Web Application Hacking/Security 104 and Exploitation 104 This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF. Resources: [Slides] Required Reading: Reading: Chapters 12 of WAHH Chapter 0x550 in HAOE Related Video: (IDS/IPS Detection, Evasion, VOIP hacking) Lecture 19: Midterm review #2 and Exploitation 105 ROP Lecture: This lecture covers ret2libc, return chaining, ROP, how calling conventions affect ROP, how ROP is used to defeat DEP, how ASLR affects ROP, how to defeat ASLR to enable ROP, stack pivoting, and etc... This lecture is just the concepts, next time is the demos. Resources: [Slides] Reading: ROPC blog post part 1 Week 12 (ROP and Metasploit): Lecture 21: Guest Lecturer Devin Cook on ROP and a brief history of exploitation Devin Cook presented a recap of all the exploitation techniques covered thusfar and lectured on ROP and presented demos on ROP exploitation. Lastly defenses against ROP were discussed. Resources: [Slides] Required Reading: ROPC part 2 blog post Lecture 22: Metasploit This lecture covers the Metasploit framework. Resources: [Slides] Week 13 (MIDTERM #2 and Post Exploitation): MIDTERM #2 [No video / lecture] Lecture 23: Meterpreter and Post Exploitation Post exploitation, Windows authentication / tokens, and pivoting techniques are covered. Demos of SET, Meterpreter, and etc are shared. Resources: Slides] Week 14 (Forensics and Incident Response): Lecture 24: Volatility and Forensics Old video covering Volatility and performing forensic analysis on hacked machines. Resources: [Slides] Lecture 25: Revisiting Old Topics Wrapping up the course, revisiting old topics: stack cookies and going in depth on how they are bypassed, covering the SSL bugs, digitally signed malware, and then the big picture. Resources: [Slides] Week 15 (Last Week: Physical Security and Social Engineering): Lecture 26: Social Engineering Lecture 27: Physical Security & Locks/Lockpicking This work is licensed under a Creative Commons license.

Salut, Nu mai sunt atat de activ ca inainte pe forum dar incerc sa intru la 2-3 zile - insa primesc in continuare mesaje pe tema dropshippingului - ce tin sa va zic ca ca aceast domeniu nu este pentru oricine - ai nevoie de ceva capital ca sa mearga treburile rapid, de o platforma, plugins etc - depinde ce folosesti - dar mai ales de cadru legal. Odata ce faci mai multi banuti incep sa apara probleme, paypal iti limiteaza contul, stripe cere dovezi si tot asa, plus taxe de platit etc. Observ ca multi nu se descurca, altii renunta cand aud de cadru legal si asa mai departe insa toata lumea vrea sa faca bani si nu inteleg de ce lumea nu merge pe "old fashion way" blog sau aflieri cu amazon sau ceva de genu pentru ca merge, eu vad asta in fiecare zi, mai exact, o simt la buzunar.. La un moment dat am renuntat la aflieri si adsense si amazon si media.net dar am reluat de cateva luni si merge chiar foarte bine a-si putea spune. Nustiu daca frecventati Flippa insa eu o fac zilnic si gasesc acolo diferite chilipiruri in materie de NISE, am si vandut cateva site-uri, am mai cumparat unele insa pentru mine acest website e ca un fel de cutia pandorei. Acum ceva timp s-a vandut un site cu 4000 de dolari daca nu ma insel, era o pagina statica, alba complet cu un articol de 700 de cuvinte... a fost mind fuck, am verificat site-ul, avea 26 de backlinkuri, pareau naturale...cele mai multe de la directoare web. Competitie 4-5 siteuri...poate.. Next Step pentru mine, am cumparat un domeniu si hosting (19$ pe an pentru amundoua de la NameCheap) am incarcat o tema, am contactat o firma care imi scrie articole (7.50$ / 500 cuvinte) si am comandat 5 articole, unul de 2000, si restul de 500. Am luat un pachet seo de pe BHW unde am platit 130$. Investitia finala a fost undeva la 200 de dolari, plus minus. Asta am facut in prima saptamana, apoi NIMIC, l-am lasat sa doarma acolo. Cati bani face? Nu mult, in a 3-a luna e ok. Si asta e doar amazon, cu ce am mai facut din media.net ajung la 200 si asta e doar un site. Trafic doar din google - organic, fara social media fara nimic, nisa e cam "strange" si nustiu ce accounturi a-si putea face. Acum inmultiti cu 4 site-ui ca atatea am pe partea asta deocamdata... ------------------------------------------------- Short Story - Cu ce ajuta 1000223 topicuri cu 12232 de intrebari daca x lucru e mort, daca se mai poate daca etc.. totul merge, doar sa te tii. Mergi pe kwfinder cautati un cuvant / nisa usor de rankat si da drumu la treaba. Un prieten ma facea idiot aseara cand eu ii spuneam ca a face bani pe net e joaca de copii - poate e doar parerea mea - aici nu vorbesc de sute mii de doalri...ci de bani in general...e simplu, doar apuca-te de treaba si tine-te de ea. Daca renunti si la fumat 1 saptamana sau la scuipat seminte s-ar putea sa ai bani de domeniu si hosting sau orice altceva. Numai Bine.

Pupy Pupy este un OpenSource , multi-platforma(WIN,Linux,OSX,Android).Este un RAT(instrument de administrare de la distanta) si un instrument de post-exploatare.In principal este scris in Python. Modulele Pupy pot accesa în mod transparent obiecte Python de la distan?ă folosind rpyc pentru a efectua diverse activită?i interactive. Pupy poate genera sarcini utile în mai multe formate, cum ar fi executabilele PE, DLL-uri, fi?iere Python pure, PowerShell, apk, ... -Alege un lansator (connect,bind...), un transport(ssl,http,rsa,obfs3,scramblesuit,...) si un numar de "scriptlets".Scriptlets sun scripturi menite sa fie incorporate pentru a efectua sarcini diverse off-line(fara a necesista o sesiune), cum ar fi adaugarea de persistenta, de a porni un keylogger, detectarea de sandbox. Caracteristici -Pe ferestre, Pupy este compilat ca un DLL si este incarcat in memorie. -Poate migra reflexiv in alte procese. -Poate importa la distanta, din memorie, pachete python pure(PY,.PYC), Pyhton C(.pyd). -Pupy este usor extensibil, foloseste[rpyc]. -Pupy poate comunica folosind si obfsproxy.Toate modulele non interactive pot fi expediate la gazde multiple intr-o singura comanda. -Multi-platforma(testat pe win 7,8,10,kali linux,ubuntu,OSX,Android) -In mai multe formate exe(x86, x64), dll (x86, x64), Python, apk, ... Transport -rsa -Un strat cu autentificare sicriptare folosind RSA si AES256, de multe ori cu alte straturi suprapuse. -Strat folosind o cheie AES256 statica -Ssl(defaut) -http - obfs3 -cu ajutorul stratului rsa pentru o securitate mai buna. -etc. Windows Specific -migreaza -functioneaza foarte bine cu [mimitakz] -screenshot -inregistrare microfon -keylogger -inregistrare tastatura -capturi de ecran la fiecare click -etc Screenshots https://github.com/n1nj4sec/pupy/wiki/Screenshots Install git clone https://github.com/n1nj4sec/pupy.git pupy cd pupy git submodule update --init --depth 1 pupy/payload_templates git submodule init git submodule update pip install -r requirements.txt

Tin de la inceput sa mentionez ca tutorialul este pentru aplicatii web. De-a lungul timpului am vazut numeroase persoane care, desi aveau cunostinte despre anumite vulnerabilitati web(de ce apar, cum se exploateaza, etc.), nu reuseau sa gaseasca mai nimic in aplicatii web reale. Acest lucru se datoreaza faptului ca au sarit peste o etapa esentiala a unui audit de securitate si anume, Information Gathering. Neavand o metodologie clara si un plan de atac bine stabilit, acestia nu erau in masura sa obtina date suficiente despre aplicatiile pe care le analizau iar ca urmare a acestui lucru nu reuseau sa identifice vulnerabilitatile. In acest tutorial vom discuta despre care sunt informatiile de care avem nevoie despre tinta si cum le putem afla astfel incat sa ne maximizam rezultatele. Asa cum spuneam la inceputul acestui tutorial, Information Gathering este etapa initiala a oricarui audit de securitate IT care poate face diferenta dintre succes si esec. Prin aceastea, pentesterul incearca sa obtina toate informatiile posibile despre tinta folosindu-se de diferite servicii (motoare de cautare, diferite utilitare, etc.). Intrucat nu exista un model standard, fiecare pentester este liber sa isi construiasca propria metodologie astfel incat rezultatele sa fie cat mai bune. In cele ce urmeaza voi prezenta modul in care obisnuiesc eu sa abordez o tinta atunci cand realizez un audit de securitate. 1.Motoarele de cautare Primul lucru pe care trebuie sa il faci este sa cauti informatii prin intermediul motoarelor de cautare folosindu-te de diferiti operatori de cautare. Astfel poti obtine subdomeniile, diferite fisiere, tehnologiile folosite de aplicatia web si chiar unele vulnerabilitati. Exemplu: diferite subdomenii ale yahoo.com Cei mai folositori operatori ai motorului de cautare Google sunt: site: - acest operator permite afisarea rezultatelor doar de pe un anumit domeniu si este extrem de folositor pentru descoperirea subdomeniilor. Exemplu: site:*.yahoo.com filetype: sau ext: limiteaza rezultatele afisand doar paginile care au o anumita extensie si pot fi folosite pentru a descoperi tehnologiile folosite in dezvoltarea aplicatiei web. Exemplu: site:*.yahoo.com ext:php – am limitat rezultatele cautarii la subdomeniile yahoo.com care au fisiere .php intext:<termen> limiteaza rezultatele afisand doar paginile in care se regaseste termenul specificat si poate fi folosit pentru a descoperi diferite vulnerabilitati. Exemplu: site:targetwebsite.com intext:”You have an error in your SQL syntax” site:targetwebsite.com intext:”Microsoft OLE DB Provider for SQL Server” site:targetwebsite.com intext:”Microsoft JET Database Engine” site:targetwebsite.com intext:”Type mismatch” site:targetwebsite.com intext:”Invalid SQL statement or JDBC” site:targetwebsite.com intext:”mysql_fetch_array()” site:targetwebsite.com intext:”mysql_” operatori logici: Google accepta anumiti operatori logici care de cele mai multe ori sunt foarte folositori. De exemplu, putem exclude din rezultate anumite subdomenii folosind operatorul - . Astfel, site:.yahoo.com -site:games.yahoo.com va returna subdomeniile yahoo.com, mai putin rezultatele care au legatura cu games.yahoo.com. Mai multe informatii despre operatorii de cautare pentru Google gasesti aici si aici. Pe langa motoarele de cautare obsnuite ca Google, Bing, Yahoo etc., foloseste si: Censys - Foarte folositor in descoperirea subdomeniilor Exemplu: https://www.censys.io/certificates?q=parsed.subject.organization%3A%22Yahoo%22 Shodan 2. Determinarea tehnologiilor folosite La acest pas va trebuie sa verifici daca: aplicatia web este protejata de vreun Web Application Firewall (WAF) Cel mai simplu mod prin care poti face acest lucru este folosind wafw00f: $ python watw00f2.py http://www.targetwebsite.com aplicatia web foloseste un Content Management System (CMS) open-source (Wordpress, Joomla, Drupal, etc.) Poti verifica acest lucru folosind whatweb, cms-explorer, CMSmap. $ whatweb -a 3 http://targetwebsite.com $ cms-explorer.pl -url http://targetwebsite.com/ -type wordpress Urmatorul pas consta in identificarea sistemului de operare, al tipului de WebServer (Apache, IIS) folosit de tinta si versiunea acestora. Daca versiunile celor doua sunt outdated, cel mai probabil exista cateva vulnerabilitati cunoscute (CVE) in acele produse. Poti descoperi acest lucru cu o simpla cautare pe http://cvedetails.com . Exemplu: Vulnerabilitatile cunoscute pentru Apache 2.3.1 Determinarea sistemului de operare se poate realiza foarte simplu folosind nmap. $ nmap -sV -O www.targetwebsite.com Metodele prin care poti identifica versiunea Webserver-ului sunt: Analizand output-ul cererilor HTTP care folosesc metoda HEAD, OPTIONS sau TRACE Raspunsul HTTP al unei cereri care foloseste una din metodele de mai sus va contine, de cele mai multe ori, si headerul Server. Analizand pagina de eroare 404 Folosind httprecon / httprint . Un alt aspect important il constituie tehnologia server-side folosita de tinta. Cel mai simplu mod in care aceasta poate fi descoperita este urmarind extensiile fisierelor. De exemplu, daca URL-ul tintei este http://targetwebsite.com/index.php , este clar ca aplicatia web a fost scrisa in limbajul PHP. Alte extensii specifice tehnologiilor server-side sunt: .py – Python .rb – Ruby .pl – Perl .php / .php3 / .php4 / .php5 / .phtml / .phps – PHP .asp – Active Server Pages (Microsoft IIS) .aspx – ASP+ (Microsoft .NET) .asmx – ASP.NET WebServer .cfm – ColdFusion .cfml – Cold Fusion Markup Language .do – Java Struts .action – Java Struts .jnpl – Java WebStart File .jsp – Java Server Page .nsf – Lotus Domino server In cazul in care extensiile nu sunt vizibile in URL, poti identifica tehnologia server-side folosita analizand cookie-ul pe care aplicatia web il seteaza. Exemplu: PHPSESSID=12355566788kk666l544 – PHP De asemenea, iti poti da seama daca o aplicatie web este scrisa in PHP si prin intermediul unui Easter Egg. Daca adaugi codul ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 la finalul unui URL iar in pagina apare o imagine amuzanta inseamna ca aplicatia respectiva a fost dezvoltata folosind PHP. Bineinteles, acest Easter Egg poate fi dezactivat din php.ini. Mai multe informatii gasesti aici. 3. Identificarea fisierelor aplicatiei web La acest pas nu trebuie decat sa accesezi cat mai multe pagini alte aplicatiei web, fara a face nimic altceva. Viziteaza fiecare pagina insa nu uita sa conectezi browserul la Burp Suite pentru a se crea site-map-ul aplicatiei web. Astfel vei avea o evidenta mult mai clara asupra fisierelor pe care urmeaza sa le testezi. Foloseste Burp Spider pe langa navigarea manuala pentru a descoperi cat mai multe fisiere. PS: verifica daca exista fisierul robots.txt Dupa ce consideri ca ai navigat suficient printre fisierele aplicatiei web, trebuie sa descoperi fisierele ascunse. Exista numeroase aplicatii care te pot ajuta: Dirbuster Functia Discover Content a aplicatiei BurpSuite Wfuzz Patator Burp Intruder Liste de cuvinte pentru scripturile de mai sus: fuzzdb gitDigger svnDigger SecLists Urmatorul pas este sa iei la rand fiecare fisier gasit si sa incerci sa intelegi cum functioneaza aplicatia web respectiva. Pentru a-ti fi mai usor sa iti dai seama unde ar putea exista o vulnerabilitate, pune-ti urmatoarele intrebari: 1. In fisierul pe care il testezi, continutul se modifica in mod dinamic in functie de anumite criterii (valoarea unui parametru din URL, cookie, user agent etc.) ? Mai exact, este posibil ca in acel fisier aplicatia web sa foloseasca informatii dintr-o baza de date? Daca da, testeaza in primul rand pentru vulnerabilitatile de tip injection (SQL, XPATH, LDAP, etc.) insa nu neglija celelalte tipuri de vulnerabilitati. S-ar putea sa ai surprize. 2. Poti controla in vreun fel continutul paginii? Ceilalti utilizatori pot vedea datele pe care le introduci tu? Daca da, testeaza in special pentru vulnerabilitati de tip Cross Site Scripting si Content Spoofing. 3. Aplicatia web poate interactiona cu alte fisiere? Daca da, testeaza in special pentru Local File Inclusion. 4. In fisierul respectiv exista functii care necesita nivel sporit de securitate (cum ar fi formular de schimbare al emailului/parolei etc.)? Daca da, testeaza in special pentru Cross Site Request Forgery. Nu uita sa testezi fiecare parametru al fiecarui fisier pe care l-ai descoperit.

60mil ii faci in 10 luni roi ma refer, indiferent de ce placi iti iei de banii aia... cam ala e roi cu, curent si net moca (dar netul e infim poti folosi si un stick rds, hai sa nu mai vb de el) Uita-te asa informativ pe olx si vezi ce poti sa cumperi: https://www.olx.ro/oferte/q-rig-minat/ (sa nu uitam ca ce e acolo e obosit si SH) ----------------vezi ca este si noi boss scrie prin descrieri

mineaza vreounu dintre cei care ati comentat?