Leaderboard

Da, cand isi vinde @Zatarra masina o sa puna in anunt: "Condusa de un batranel pana la data-center si inapoi".

Ba ce hater. De ce nu :)). Oricum Nytro e sefu la platforme dar la ce varsta avem, zi mersi ca mai putem tasta

==Phrack Inc.== Volume 0x10, Issue 0x46, Phile #0x01 of 0x0f |=-----------------------------------------------------------------------=| |=-------------------------=[ Introduction ]=----------------------------=| |=-----------------------------------------------------------------------=| |=----------------------=[ Phrack Staff ]=-------------------------=| |=-----------------------=[ staff@phrack.org ]=--------------------------=| |=-----------------------------------------------------------------------=| |=-----------------------[ October 5, 2021 ]=-------------------------=| |=-----------------------------------------------------------------------=| --[ Introduction Phrack! We're back! It was only five years ago that issue 0x45 was released. It may sound bad, but it is also, indeed, quite bad. Issue 0x45 was released four years after issue 0x44. And we are now five years after that. Just trying to set the context here. The world is so different and so many things have happened in these five years that it makes no sense trying to make any point. Phrack has always been a reflection of the hacking community, and guess what, the community is moving away from itself. By this we don't mean that there are no talented hackers, because there most definitely are (just take a look at our authors). We also don't mean that there is no exquisite public hacking, because there is (again, our articles as proof). However, there is a clear move away from the collective hacking mindset that was most prevalent in the past. The word "scene" brings only smirks to people's faces. There are many reasons for this, and we are all to blame [1]. So where is the community right now, and, most importantly, where is it going? We are all ego-driven, more so nowadays we would argue, and this has definitely made collectives much harder to thrive. We expect direct payback from our hacking, in many forms, including reputation. While it was quite common to receive anonymous papers, in the past five years we got almost none. Where is the new Malloc Maleficarum? Quality isn't the question here, we have high quality hacking, we covered that. The question is about the community and how it has changed in the last 10-15 years. And about Phrack. Phrack started as a community zine of exchanging technical information and hacking techniques in a time that it was hard to find it. It later changed. It became a symbol of achievement, eliteness, and honor to be published in Phrack. A slight but significant change happened afterwards. Phrack gravitated (willingly or not is the subject of another discussion) towards an academic medium. Academia noticed the high quality of Phrack papers, started citing them, and basing their offensive and defensive work on them. Did that alienate the underground that Phrack represented for so many years? Yes, we think it did. But the underground also changed. Some of it became involved in malware, spyware, and also the "infosec" industry. And this mutated the underground. Of course we don't judge. Shouldn't Phrack be the reflection of the community, whatever the community is? Or should Phrack be a beacon of the old school underground? Well, it remains to be seen. Phrack will always be alive as long as the community is alive, reflecting it. If the hacking community becomes "infosec" in its majority, then probably so will Phrack. If the heart of the community is CTF, Phrack will reflect that. If the community focuses on malware, so will Phrack. Isn't that what Phrack has always done? It always was and always will be "by the community, for the community". If the community has decided that Phrack has a five year release cycle, then that's where we are. Unfortunately, this issue is again an issue of eulogies; we have lost hackers that have had an enormous impact on our community. Phrack would like to say goodbye to them. Their loss saddens us deeply, and makes our community poorer in talent, ethics, and intellect. We also mourn lost communities. Segfault.net has been our home/hosting in the past and is now gone. But we also have some good news! You might have come across Phrack merchandise [2], well, yes, we have resurrected it! The original 2003 art work has been found on a backup drive. All profits go to the Electronic Frontier Foundation. The EFF is a rare example of good and simple advise for the ordinary citizens. Plus a defender of our rights online and of the freedom of information. A beacon of light to say the least. The EFF used to run one of the three FTP servers to download Phrack as well. And let's not forget that the EFF paid for the attorney of Phrack's co-founder Knight Lightning in the 1990 court case and supported him all the way. They defended against the US Secret Service, a ruthless adversary with no respect for the freedom of information or the hacking scene in general. With EFF's help the case against Knight Lighting collapsed and the US Secret Service looked like a pissed on poodle. The merchandise has the Phrack Gnome on the front and the Hacker's Manifesto on the back. And ships worldwide. [1] http://www.phrack.org/issues/69/6.html [2] https://phrack.myspreadshop.co.uk/ $ cat p70/index.txt --[ Table of contents 0x01 Introduction ........................................ Phrack Staff 0x02 Phrack Prophile on xerub ............................ Phrack Staff 0x03 Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622 .................... saelo 0x04 Cyber Grand Shellphish .............................. Team Shellphish 0x05 VM escape - QEMU Case Study ......................... Mehdi Talbi & Paul Fariello 0x06 .NET Instrumentation via MSIL bytecode injection .... Antonio 's4tan' Parata 0x07 Twenty years of Escaping the Java Sandbox ........... Ieu Eauvidoum & disk noise 0x08 Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability ................................ Adam Donenfeld 0x09 Exploiting Logic Bugs in JavaScript JIT Engines ..... saelo 0x0a Hypervisor Necromancy; Reanimating Kernel Protectors .......................................... Aris Thallas 0x0b Tale of two hypervisor bugs - Escaping from FreeBSD bhyve ....................................... Reno Robert 0x0c The Bear in the Arena ............................... xerub 0x0d Exploiting a Format String Bug in Solaris CDE ....... Marco Ivaldi 0x0e Segfault.net eulogy ................................. skyper 0x0f YouTube Security Scene .............................. LiveOverflow --[ Greetz - dakami: pure passion for hacking, will be greatly missed - navs: our condolences for this brilliant hacker - accepted authors: thanks for your work, you keep Phrack alive - rejected authors: we hope our reviews helped you in some way - past Phrack Staff members: now we know ;) --[ Phrack policy phrack:~# head -77 /usr/include/std-disclaimer.h /* * All information in Phrack Magazine is, to the best of the ability of * the editors and contributors, truthful and accurate. When possible, * all facts are checked, all code is compiled. However, we are not * omniscient (hell, we don't even get paid). It is entirely possible * something contained within this publication is incorrect in some way. * If this is the case, please drop us some email so that we can correct * it in a future issue. * * * Also, keep in mind that Phrack Magazine accepts no responsibility for * the entirely stupid (or illegal) things people may do with the * information contained herein. Phrack is a compendium of knowledge, * wisdom, wit, and sass. We neither advocate, condone nor participate * in any sort of illicit behavior. But we will sit back and watch. * * * Lastly, it bears mentioning that the opinions that may be expressed in * the articles of Phrack Magazine are intellectual property of their * authors. * These opinions do not necessarily represent those of the Phrack Staff. */ ----( Contact )---- < Editors : staff[at]phrack{dot}org > > Submissions : staff[at]phrack{dot}org < Submissions may be encrypted with the following PGP key: (Hint #1: Always use the PGP key from the latest issue) (Hint #2: ANTISPAM in the subject or face the mighty /dev/null demon) Link: http://www.phrack.org/issues/70/1.html#article ❤️

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday. "If files outside of the document root are not protected by 'require all denied' these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts." The flaw, tracked as CVE-2021-41773, affects only Apache HTTP server version 2.4.49. Ash Daulton and cPanel Security Team have been credited with discovering and reporting the issue on September 29, 2021. Source: PT SWARM Also resolved by Apache is a null pointer dereference vulnerability observed during processing HTTP/2 requests (CVE-2021-41524), thus allowing an adversary to perform a denial-of-service (DoS) attack on the server. The non-profit corporation said the weakness was introduced in version 2.4.49. Apache users are highly recommended to patch as soon as possible to contain the path traversal vulnerability and mitigate any risk associated with active exploitation of the flaw. Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post. https://securityaffairs.co/wordpress/122999/hacking/apache-zero-day-flaw.html

Interesant bug. RST nu e vulnerabil, noi suntem mai batrani si avem o versiune mai veche

Sunt persoane ce se ocupa cu trading-ul, cu minarea, cu boti, cu rug pull-uri, etc. pe crypto? Daca da, aveti ceva tips&tricks ?

Fa research inainte sa bagi bani, investeste doar in proiecte fundamentally strong. Urmarestr cum decurge proiectul. Implica-te, ajuta. Nu atinge leverage mai mare de 2x daca faci trading. Banii se fac repede si se pierd si mai repede in crypro. Scoate profiturile mereu. Nu da tepe, istoricu ramane forever in blockchain. Candva se poate intoarce si vei infunda puscaria. Daca vrei sa eviti taxele faci imprumut de usd si pui colateral crypto ul. Scoti usd ul si il declari ca bani imprumutati. Aia de ii vezi pe twitter fac bani din seeds rounds, presales si alte nebunii. Nu te gandii vreo secunda ca o sa faci banii aia. 4x presales am prins care mi au facut majoritatea banilor in crypto. Aia de ii vezi sunt invitati in toate. Si cea mai importanta; nu investi ce nu esti dispus sa piezi. Daca simti nevoia sa vinzi la -20% inseamna ca ai bagat prea multi bani. Daca developmentul merge bine prima ta grija ar trebui ss fie sa faci dca. Sa ai un exit plan. Marketu nu e up only.

La genunchi 2.0