Leaderboard

A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose. Source: SeventyFour Images via Alamy Stock Photo An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code. That's according to software supply chain security firm Legit Security, which said in an advisory published on Dec. 1 that this "artifact poisoning" weakness could affect software projects that use GitHub Actions — a service for automating development pipelines — by triggering the build process when a change is detected in a software dependency. The vulnerability is not theoretical: Legit Security simulated an attack on the project that manages Rust, causing the project to recompile using a customized — and malicious — version of the popular GCC software library, the company stated in the advisory. The problem likely affects a large number of open source projects because maintainers typically will run tests on contributed code before they actually analyze the code themselves, says Liav Caspi, chief technology officer of Legit Security. "It is a common pattern today," he says. "A lot of open source projects today, upon a change request, they run a bunch of tests to validate the request because the maintainer does not want to have to review the code first. Instead, it automatically run tests." The attack takes advantage of the automated build process through GitHub Actions. In the case of the Rust programming language, the vulnerable pattern could have allowed an attacker to execute code in a privileged way as part of the development pipeline, stealing repository secrets and potentially tampering with code, Legit Security said. "To put it simply: in a vulnerable workflow, any GitHub user can create a fork that builds an artifact," the company stated in its advisory. "Then inject this artifact into the original repository build process and modify its output. This is another form of a software supply chain attack, where the build output is modified by an attacker." The vulnerability enables an attack similar to the malware-insertion attack that targeted CodeCov and, through that company's software, its downstream customers. "[T]he lack of native GitHub implementation for cross-workflow artifacts communication led many projects and the GitHub Actions community to develop insecure solutions for cross-workflow communication and made this threat highly prevalent," Legit Security stated in the advisory. GitHub confirmed the issue and paid a bounty for the information, while Rust fixed its vulnerable pipeline, Legit Security stated. Source: Legit Security Software Supply Chain Needs Security The vulnerability is the latest security issue to affect software supply chains. Industry and government agencies have increasingly sought to bolster the security of open source software and software provided as a service. In May 2021, for example, the Biden administration released its executive order on Improving the Nation's Cybersecurity, a federal rule that, among other requirements, mandates that the government will require baseline security standards for any software its purchases. On the private industry side, Google and Microsoft have pledged billions of dollars to shore up security in the open source ecosystem, which provides the code that comprises more than three-quarters of the average application's codebase. Logical, But Vulnerable The security issue belongs to a hard-to-find class of problems known as logic issues, which include issues with permissions, the potential for forked repositories to be inserted into a pipeline, and a lack of differentiation between forked and base repositories. Because software projects often use automated scripts to check code submissions before forwarded them to the maintainers, pull requests will be run through automation before any human checks them for malicious code. While the automation saves time, it also should be considered a way for attackers to insert malicious code into the pipeline. "When you are doing open source development, the problem is bigger, because you are accepting contribution from anyone in the world," Caspi says. "You are executing things that you cannot trust." GitHub acknowledged the issue and expanded the ways of excluding submissions from outside collaborators from being automatically inserted into the Actions pipeline. The company updated its GetArtifact and ListArtifacts APIs with the goal of providing more information to help determine whether an artifact can be trusted. "Anyone that does anything like the Rust project did — trusting the input from a third party — then they are still vulnerable," Caspi says. "It is a logic problem. GitHub just made it easier to write a safer script." Via darkreading.com

Si la ce aia calului te ajuta? Iti da jos tot ce e reach la pagini. Din moment ce ai 10% profile reale si 90% fake-uri, fara interactiune, nu o sa mai ai reach pe veci

Buna RST Nu l-as numi tocmai un hack, insa mi se pare interesant cum astfel de solutii inca functioneaza in 2022. * Testat recent atat pe o masina virtuala cat si pe un PC cu Windows 10. Am inteles c-ar functiona si pe Windows 11, insa n-am testat. De retinut: - functioneaza chiar si in versiunea 22H2 - contul/utilizator trebuie sa fie local si BitLocker dezactivat Aveti nevoie de: - un stick usb de minim 6-8GB - imagine ISO Windows 10 Pasii: 1. Se creeaza un stick USB cu Windows 10 bootabil (nu voi parcurge toti pasii aici, exista tutoriale destule) 2. Se reporneste PC-ul/laptop-ul si se booteaza de pe stick 3. Odata intampinati cu fereastra de instalare Windows, dam pe Next 4. Apoi Repair your computer in partea stanga jos 5. Selectam Troubleshoot 6. Apoi System Image Recovery 7. Click pe Windows 10 sub Choose a target operating system 8. Cancel in fereastra pop-up 9. Next 10. Butonul Advanced... 11. Optiunea Install a driver 12. Butonul OK 13. Navigam in C:\ (sau orice litera aveti atribuita partiei cu sistemul de operare), apoi in folderul Windows 14. Identificam fisierul Utilman si-l redenumim in orice altceva, sa zicem Utilman_bak 15. Identificam fisierul cmd si-l redenumim in Utilman 16. Inchidem fereasta, apoi Cancel si Cancel din nou 17. Turn off your PC 18. Indepartam stickul USB si pornim PC-ul/laptop-ul normal, bootand in sistemul de operare instalat 19. La fereastra de logare identificam in dreapta jos iconita de Accesibilitate (a 2-a de la dreapta la stanga) pe care dam click, in mod repetat daca este nevoie, pana ni se deschide un terminal 20. In terminal tastam: net user (pentru a identificare utilizatorii si tasta Enter) 21. Apoi: net user numeutilizatoridentificat * (si tasta Enter( 22. Ne apare un prompt pt a modifica parola, aici tastatie de 2 ori fie o parola dorita de voi, fie Enter de 2 ori pentru a nu utiliza nici o parola 23. Inchideti terminalul 24. Introduceti parola setata ori (daca nu ati setat una) click direct pe sageata pentru a intra in cont Aceeasi metoda este promovata online ca ar functiona si fara stick bootabil USB, repornind PC-ul din interfata de logare cu tasta SHIFT. Am testat aceasta metoda, va cere parola utilizatorului dupa punctul 7. Fiti responsabili! Salutari

wa-tunnel - HTTP Tunneling through Whatsapp This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it's a WS based multi-device whatsapp library and therefore could be used in android in the future, using Termux for example. The idea is to use it with a proxy setup on the server like this: [Client (restricted access) -> Whatsapp -> Server -> Proxy -> Internet] Apologizes in advance since Javascript it's not one of my primary coding languages 😕 Use only for educational purpose. Why? I got the idea While travelling through South America network data on carriers is usually restricted to not many GBs but WhatsApp is usually unlimited, I tried to create this library since I didn't find any usable at the date. Setup You must have access to two Whatsapp accounts, one for the server and one for the client. You can forward a local port or use an external proxy. Server side Clone the repository on your server and install node dependencies. cd path/to/wa-tunnel npm install Then you can start the server with the following command where port is the proxy port and host is the proxy host you want to forward. And number is the client WhatsApp number with the country code alltogether and without +. node server.js host port number You can use a local proxy server like follows: node server.js localhost 3128 12345678901 Or you can use a normal proxy server like follows: node server.js 192.168.0.1 3128 12345678901 Client Side Clone the repository on your server and install node dependencies. cd path/to/wa-tunnel npm install Then you can start the server with the following command where port is the local port where you will connect and number is the server WhatsApp number with the country code alltogether and without +. node client.js port number For example node client.js 8080 1234567890 Usage The first time you open the script Baileys will ask you to scan the QR code with the whatsapp app, after that the session is saved for later usage. It may crash, that's normal after that just restart the script and you will have your client/server ready! It splits network packages to not get timed out by WhatsApp, at the moment it's hardcoded in wasocket.js, by default it's limited at 20k characters per message, I have done multiple tests and anything below that may get you banned for sending too many messages and any above 80k may timeout. Once you have both client and server ready you can test using curl and see the magic happen. curl -v -x proxyHost:proxyPort https://httpbin.org/ip With the example commands would be: curl -v -x localhost:8080 https://httpbin.org/ip It has been tested also with a normal browser like Firefox, it's slow but can be used. You can also forward other protocol ports like SSH by setting up the server like this: node server.js localhost 22 12345678901 And then connect to the server by using in the client: ssh root@localhost -p 8080 Disclaimer Using this library may get your WhatsApp account banned, use with a temporary number or at your own risk. TO-DO Make an Android script to install node dependencies on termux When Baileys supports calls, implement package sending through calls Implement sending files for big data packages to reduce messages and maybe improve speed Documentation License MIT Sursa: https://github.com/aleixrodriala/wa-tunnel