Leaderboard

Mailul users@site.ro de obicei face doar forward, astfel incat destinatarii vad mailul original de pe care s-a trimis mesajul.

Majoritatea dintre noi ne abon?m la diverse servicii online pentru a primi ultimele nout??i sau oferte. Dar nu toate serviciile ce ofer? newsletter sunt ?i sigure. Am descoperit întâmpl?tor aceast? metod? când citeam newsletter-ul de la academia de Cisco unde am f?cut cursurile. M-am uitat s? v?d dac? apar email-urile cursan?ilor în câmpul de destinatar. Am fost suprins s? v?d c? în loc de emailurile cursan?ilor a ap?rut un alt email: cursanti[at]techadviser[dot]ro. De curiozitate, am trimis un mail cu titlul test la acest email ?i în câteva zile am primit zeci de mailuri de la cursan?i, întrebându-m? ce e cu mesajul trimis de mine. Am luat ulterior la puricat toate newsletterele pe care le primesc ?i, spre surprinderea mea, am g?sit aceea?i modalitate de trimitere a mailurilor la câteva firme mari din lume. Am luat leg?tura cu ele, explicându-le de ce nu e bine s? fac? acest lucru. De la unii am primit r?spuns cu mul?umiri, de la al?ii nu am primit nimic. Aceast? tehnic? pe care v-am prezentat-o este folosit? la ora actual? de spammeri, îns? dac? o pune?i ?i voi în aplicare, o face?i pe barba voastr?. http://dragosgaftoneanu.com/insecuritatea-newsletterelor.dg

The Peensy In one of our recent engagements, we had the opportunity to test the physical security of an organization. This assessment presented an excellent scenario for a USB HID attack, where an attacker would stealthily sneak into a server room, and connect a malicious USB device to a server with logged on console, thus compromising it. From here, the “Peensy” (Penetration Testing Teensy?) was born. The impatient can find the video demo below. Previous work There has been a significant amount of previous talk about using the Teensy device to emulate PC keyboards, as well as various methods of delivering malicious payloads to computers from the Teensy. Most notably, there are IronGeeks PHUKD library, SET Teensy payloads, and Kautilya. By cannibalizing code and ideas from various projects and web resources, we were able to improve and refine our Peensy payload to suit our needs. Design Goals Our goal was to make a custom, “uber” Teensy, which would provide dynamic and reliable functionality in the field. The Teensy would target Windows machines only (in our case, Windows 2008 servers), and should be able to cope with variables such as the architecture of the machine being attacked, whether UAC should be bypassed or not, etc. The device should also be able to cope with advanced and complex payloads, while still retaining a small form factor. Building the hardware The hardware required for this project is readily available through pjrc.com and amazon. In order to meet our design goals, we realized we would need to add an SD card reader to the teensy, as well as add a DIP switch, which would allow us to configure basic payload settings before plugging in the Teensy into a victim computer an initiating an attack. The SD card and DIP switch mount nicely on the Teensy, with no extra wiring needed. The DIP switch needs to be grounded on one side, which was achieved by cutting off two pins from the one side, and connecting them with the last pin, which ends up in the Teensy ground. The SD card can be connected easily, as shown on the PJRC site. Payload Design The basic functionality of our Teensy payload is to act as a “Trojan Dropper” for Windows based machines. We needed to address these goals specifically: Reliable deployment of the payload. Leave little to chance. The payload should be persistent and survive reboots. Should use little to no foreign executables on the victim machine. Should be able to cope with different Windows architectures and versions. Payload reliability – Execution and Deployment This is probably one of the most challenging aspects of the design. The Teesny has little support for input (NumLock, ScrollLock, CapsLock Leds) – making it harder to know if a specific operation has succeeded or not. For example, once we plug in the Teensy to a victim machine, how can it know when Windows has initialized the required drivers and is ready to accept keystrokes from it? Another good example would be opening a Windows command prompt through the Teensy – which requires a sequence of keyboard commands, timed in a certain manner. If for some reason this sequence were to be interfered with or some other mishap should occur – the Teensy keyboard commands would go out of context and probably not produce our required results. Initial Windows Initialization of the Teensy An elegant solution for figuring out when the Windows drivers are initialized and ready was found in a code snippet we found floating on the interwebz. Once the Teensy is plugged in, this function will continuously check to see if the Keyboard is reacting to a “Num Lock” key press (by checking if the corresponding Led lights up). Once the Teensy senses a reaction, it can then continue sending keyboards commands safely. void wait_for_drivers(int speed) { bool numLockTrap = is_num_on(); while(numLockTrap == is_num_on()) { blink_fast(5,80); press_numlock(); unpress_key(); delay(speed); } press_numlock(); unpress_key(); delay(speed); } void unpress_key(void) { Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); delay(500); } Successful command feedback Opening a Windows command prompt is the foundation for all our attacks. Without this functionality, we are very limited in our payload deployment. For this reason, we need a feedback mechanism to know whether a command prompt was opened successfully and provide some “error correction” to the Teensy. One solution for this (derived from the code above) is to have Windows programmatically press num/scroll/caps keys once a command is successful – allowing the Teensy to then sense the num/scroll/caps LEDs, and make the appropriate conclusions. The following pseudo code provides an example for attempting to open a command prompt, while accepting feedback on a successful event. bool secure_prompt(int reps, int millisecs) { make_sure_numlock_is_off(); ... initialise SD card, DIP switches ... open a command prompt ... write a vbscipt that turns on numlock and execute it. check_for_numlock_sucess_teensy(reps,millisecs); } // loop (repeat) times for (speed) milliseconds bool check_for_numlock_sucess_teensy(int reps, int millisecs) { int i = 0; do { delay(millisecs); if (is_num_on()) { make_sure_numlock_is_off(); delay(700); return true; } i++; } while (!is_num_on() && (i<reps)); return false; } This feedback mechanism can be extended to other functionalities, such as downloading files, checking for internet connectivity, checking OS and CPU architecture or running other commands which take an unpredictable amount of time. For example, we might want to know if the target Windows machine has powershell installed: bool check_for_powershell(int reps, int millisecs) { bool success; make_sure_numlock_is_off(); Keyboard.println("powershell"); delay(1000); Keyboard.println("$wsh = New-Object -ComObject WScript.Shell;$wsh.SendKeys('{NUMLOCK}')"); // "press numlock via powershell" delay(200); success=check_for_numlock_sucess_teensy(reps,milli secs); if (success) // if powershell is available we want to exit the PS prompt (but not the CMD prompt). { Keyboard.println("exit"); } return success; } Video Demo Finally, a quick video demonstration of the “Penetration Testing Teensy Payload” is in order. In the following video, we intentionally disrupted the execution flow of the keyboard commands, to see if the Teensy would “auto correct” itself. Best viewed in full screen. Alternatively, you can download the movie too. http://www.offensive-security.com/movies/teensy-offsec-payload.mp4 Peensy code Note: We did *not* extend functionality for “non powershell enabled machines” (XP, etc), however this can be added easily. We’ve released a sample sketch which contains several useful functions, as well as a skeleton demonstrating the use of the Peensy features. For those who do not care for the SD and DIP switch – we’ve also added a “stand-alone” payload which will work perfectly on a bare Teensy. We have tried to keep the code as simple and as readable as possible. You can download the Peensy sketch and utility tools from github – comments are in the code: git clone [URL]https://github.com/offensive-security/peensy.git[/URL] Future work This code is presented as a rough proof of concept for more reliable payload delivery with a Teensy. Command delays are over exaggerated and not optimized, and no attempts are made to hide the process from the screen. There are many possible improvements that can be made to this whole process, as well as additional features. One of the interesting feature we have not yet added to this version of Peensy is a simple, optimized communication protocol between the Teensy and victim computer using the keyboard LEDs. We will introduce this feature in future code updates. Sursa Offensive Security

This information is found on the internet, there are also several topics posted on the same. But I found this information quite good and explanatory and even brings a videotutorial. want to inform this forum that this information does not incite others to commit crimes, is pure information so that users are aware of the dangers that exist on the Internet. And that users to be aware of this are more careful where you surf. First of all, I am not responsible for the use that give this information to access this site, it is assumed that they are older, and have " certain "knowledge of the Internet, this post is for information only and no incentive for users to make contact with any of the illegal activities that can be found on the Web Deep The Deep Web - Dark Side of the Internet - WEB IS DEEP Known Internet Internet as deep or invisible (in English: Deepnet, Invisible Web, Hidden Web or Dark Web) to all Internet content that is not part of the Internet Superficial, ie the network pages indexed by search engines Internet. This is due to the limitations of the network to access all websites for various reasons. How is originated the Deep Web? The Deep Web (Deep Red), in (1994) called the Invisible Web, has been named to Thus in 2001 because it is not directly accessible through the use of surface primary means of navigation in these times. The reason for this is usually divided into three factors. The first is technical or inadvertent, and is due to a lack of upgrading to new standards in terms of indexing or by the dynamic nature of a website (content change constantly, renewed through visitor interaction, etc..) The second case is that of private and protected sites or those containing documents in formats that can not be indexed. In these two cases, the search engine will not find in the code that read their content associable robots which refer directly static or can not access the protected databases (libraries, dictionaries, etc.), Thus " will pass "at that site. The other case involved a deliberate decision, because the same developer can tell the search engine that your code does not check periodically for changes through a variable as Follow / No Follow on If Google. If you choose not Follow, robots ignore the site and it will remain hidden, invisible, in the depth to which few have access. Having defined the Surface Web and the Deep Web, the question arises what is in all this we do not see. What are we missing? To understand what is at the bottom, it's best to imagine that only in 2001 (where personal sites like blogs and the like had not exploited at all) the information to be found on the Deep Web was 500 times higher than in the surface, taking the first few Terabytes 91,000 against 197. Extrapolating the numbers in a more traditional (no current data about it, same for the Deep Web properties), growth was undoubtedly immense, while recognizing that in 10 years of tracking systems and evolved much about education and information gigas and gigas profound Network are now visible. Substantively, the Deep Web is made ??up of all kinds of information, which when all these multiple, categorization becomes mandatory. Thus, between what is not in the superficial, we file formats with no HTML or text type (primary failure of complete websites in Flash) and some multimedia documents that are not indexed. As mentioned earlier, the dynamic content will be plentiful as well as private or personal sites. Also access the web called contextual varies whom or from where the visit and do not forget the limited content through techniques, etc.. THE DARK SIDE OF THE WEB After reading the above you've probably been thinking that maybe it was missing most shocking of all that is left out of the search engines, and in this respect the illegal and forbidden taking a leading role in harnessing the intentions of the Deep Web. Thus, in the same you get to find places traded drugs, weapons and even criminal services. Also no place for the exchange of pedophilia and any other illegal activity you have to stay very attentive, as well as contribute passively to these horrific practices continue nurturing public, you will also be exposed to all kinds of cyber-threats. Undiscounted constant infiltration and investigation of security agencies in these sites. But not all bad, because alongside the more objectionable aspects that may have the Hacking in general (as will be seen in sites that offer services to destroy servers, hack accounts, create viruses in community, etc.), Also shared knowledge systems, security and much more that is undoubtedly very interesting and generates no consequences for the average user.. S IN THE DEEP WEB Well for starters there is everything from useful things to the most atrocious and ill imaginable and Guides phone lists, e-mail, and all kinds of directories; - "People Finders" ie lists professionals from all the disciplines - Laws, decrees, general legal information, but some can be found in static web; - Patents ; - Dictionaries, glossaries although many are available, and do not forget that Wikipedia has a bit of everything - selling products through e-commerce; - graphics and multimedia files that do not have the keyword metadata that clearly identified; - business sites; - Digital books and journals; - yellow or white pages (Yellow / White pages) - Libraries; - Bookstores. . The most dangerous thing you can find * Sale of drugs (eg , the Silk Road is a famous page deep within the site, which sells all kinds of drugs) • Pornography Pornography Cp * - This is highly dangerous and sick so if time stands CP NOT ENTER • The option to hire hitmen • Jackers (as I read, easily take your IP but this is under proxy, and also can take most of the personal data of anyone) Most of the transactions in the Deep Web are carried out by the Bitcoins. You can buy virtually anything with this coin. Anyway, questions whether remains anonymous. (1 Bitcoin -> $ 14). URLs are characterized the deep web by: be the set of non-text files called, ie media files, graphics, software, and documents in Portable Document. Having the. onion (unlike the sites of the "surface" ending in. com) Be content databases accessible via web: the information is structured in tables of data created and managed with programs such as Access, Oracle, SQL Server, MySql. This information can only be filed if it is required by a query, a query. To do this you must make a deposit, login to a special area of the site, sometimes free, sometimes paid. It has been estimated that the site content databases is 500 times larger than the static web. This database of companies, organizations, institutions, and can take the form of database management support, customer catalogs and even specialized bibliographic databases on particular themes: medical, business, space, and even virtual libraries of universities and research centers. It is said that this information is invisible, hidden or deep because search engines can not enter them to extract the data. ADVANTAGES AND DISADVANTAGES OF THE DEEP INTO WEB When you enter search information to the Deep Web are the advantages that make the podium, it has been shown that the range of options open to choice, quality rates increase considerably. Given the network conditions and taking into account that the search engines are not necessarily qualifiers quality information is more likely to find quality items in a database of 100,000 in 1000. As research on various topics, get better results, and most original, with a search in this part of the web. Moreover it is possible to identify the anonymity, privacy, and the opportunities it can give before coarctation situations of oppression and freedom of expression. Disadvantages could be staged by the difficulty of access to the invisible web by users most laymen, for the abundance of information and processes you need to do to access it could be overwhelming and uncomfortable (the amount of data currently in the Deep Web, outweigh all printed information in the world). We also have to tell you how dangerous is this part of the site that is not controlled by standards at the browsers themselves or by computer security organizations. THINGS YOU SHOULD AVOID First of all we have as initial Because CP can be harmful for you in many ways, in addition to affecting your mental and secondly because it is illegal and you condemn puden all over the world for it. Disable images (for Chrome enter advanced tools, privacy settings, disable images) by doubts, in the deep web and many pedophiles are really unpleasant images. Disconnect / put the other way (eg wall) the webcam. As I read, some hackers take control of webcams. Do not enter any BBS or forum that contains "CP" in its name, or enter anything related to porn. Knowing what we click. VISUAL VIDEO INFORMATION AND SUMMARY