Jump to content


Popular Content

Showing content with the highest reputation on 10/22/16 in all areas

  1. Avantaje: - poți folosi telefonul pentru a stoca fișiere .iso si pentru a boota de pe ele, ca si usb stick (drivedroid) - poți să trimiți pachete raw (arp spoof, udp spoof, s.a.) - poți să pui servicii pe porturi mai mici de 1024 - poți să editezi fișiere de system - poți să pui xposed cu modulele care le dorești (xprivacy, Youtube adblock, Youtube background player, s.a.) Dezavantaje: - tre sa ai grija ce rulezi - Root tre sa fie sfânt, nu dai la nici o aplicație dacă nu e strict necesar - tre neapărat să dai bani pe supersu premium, pentru pin si log cu comenzi
    2 points
  2. A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade. What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild. “It’s probably the most serious Linux local privilege escalation ever,” Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. “The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as “important.” As their names describe, privilege-escalation or privilege-elevation vulnerabilities allow attackers with only limited access to a targeted computer to gain much greater control. The exploits can be used against Web hosting providers that provide shell access, so that one customer can attack other customers or even service administrators. Privilege-escalation exploits can also be combined with attacks that target other vulnerabilities. A SQL injection weakness in a website, for instance, often allows attackers to run malicious code only as an untrusted user. Combined with an escalation exploit, however, such attacks can often achieve highly coveted root status. The in-the-wild attacks exploiting this specific vulnerability were found by Linux developer Phil Oester, according to an informational site dedicated to the vulnerability. It says Oester found the exploit using an HTTP packet capture, but the site doesn’t elaborate. Update: In e-mails received about nine hours after this post went live, Oester wrote: Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff. The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works. The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable. For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers. The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only. More technical details about the vulnerability and exploit are available here, here, and here. Using the acronym derived from copy on write, some researchers have dubbed the vulnerability Dirty COW. Disclosure of the nine-year-old vulnerability came the same week that Google researcher Kees Cook published research showing that the average lifetime of a Linux bug is five years. “The systems using a Linux kernel are right now running with security flaws,” Cook wrote. “Those flaws are just not known to the developers yet, but they’re likely known to attackers.” Sursa: http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/
    1 point
  3. SHA256: 2e7984cf02eaacc5d2c777b5823cdc96e3b88c011947f8650e58cfca9aff48cf File name: instagram_locked.exe Detection ratio: 0 / 53 Analysis date: 2016-07-04 23:13:28 UTC ( 1 minut ago ) @INNORATU
    1 point
  4. Daca vreti sa fiti sclavi pentru un tricou, inscrieti-va in site-ul asta fantoma. Daca vreti sfatul meu: cititi un rand dintr-o carte de programare sau orice altceva va pasioneaza, in loc sa completati chestionarul ala. Mai tarziu, daca adunati si comparati, o sa iesiti in plus. PS: Trist ca in ziua de azi lumea inca se gandeste sa faca bani cu adfly, chestionare, concursuri de like-uri sau vizite pe site-uri. Ma gandeam ca daca tot suntem in 2015 si avem acces la toate informatia de pe pamant de cel putin 10 ani, sa fim putin mai smecheri. E la fel ca la futut baieti: mai bine astepti si ii place si p*lii si sufletului.
    1 point
  5. thanks for this am going to try it
    -1 points
  • Create New...