Leaderboard

Nu va asteptati la prea multe de la asa ceva, aici e cam tot ce face; https://github.com/zigoo0/webpwn3r/blob/master/vulnz.py Mai exact trimite cateva request-uri sa verifice cateva lucruri simple. Eu am un tool privat: ./nytro --hack ISS Hacking in progress... Getting satellite communication working... Scanning ISS... Found open ports: 69, 1337 Sending 5G payload to COVID-19 port... Hacking complete! Getting root... Got root! Dar va dati seama ca nu il pot publica...

Dragul meu, esti prea prost! Iti meriti soarta de a nu avea cont pe filelist! Sper sa tragi si sa suferi suficient de mult de-a lungul vietii, sa poti obtine o invitatie, sa te realizezi in viata!

@aismensa nu intervi, ca omu chiar a scris frumos

Mi-a lasat email si o sa ii trimit acum o invitatie.

Stiti ca schema de baza ca si concept a motoarelor ionice pe baza de rhodium - krypton figureaza intr-o carte de fizica nucleara despre plasma scrisa in Romania in anii 80"? Profesorii si cercetatorii care au scris tratatul chiar au specificat ca in viitor se vor putea utiliza pentru "rachete cosmice". Daca gasesc cartea la anticariat o voi digitaliza P.S scuze de offtopic.

WebPwn3r is a Web Applications Security Scanner coded in Python to help Security Researchers to scan Multiple links in the same time against Remote Code/Command Execution & XSS Vulnerabilities. Poza: https://imgur.com/a/fEGGAaB Tool: https://github.com/zigoo0/webpwn3r

Bun frate, de adaugat langa Acunetix, Havij si SQLI Dumper in folderul de hackereala si manele, mersi.

Ai uitat sa zici : -Cu stima userul Zatarra

@aismen Ca sa nu o dam in conspiratii prea mari, NASA nu prea construieste rachete. Nasa comanda si foloseste rachete de la alte firme. deci ei nu prea pot folosi nimic din ce ar fura. Ca exemplu SLS (o noua racheta in dezvoltare) e facuta de Boeing care e contractat de NASA. In plus 'Commercial Crew Program' in care SpaceX lanseaza astronauntii acum e vechi de zece ani. Dupa parerea mea face sens ca NASA sa incurajeze companii private sa-si dezvolte tehnologia proprie si dupa NASA sa cumpere doar cate un zbor(in loc sa cumpere toata racheta+tehnologia). Dupa parerea mea, se incearca o colaborare care sa reduca preturile pt toata lumea. Asta nu inseamna ca Boeing nu face lobby politic si nu face mizerii ca sa castige mai multi bani de la guvern... Inspector General Accuses NASA of Favoritism to Boeing Over SpaceX NASA paid SpaceX for safety review after Musk smoked pot (sponsored by boeing)

De acum vom avea multi hackeri cu tool-ul asta :)))

Am vazut ca nu e pe forum. Eu l-am folosit pe linux, e usor de folosit si ai si comanda de renew ip... Daca accesezi pe web ip-ul respectiv iti apare o pagina cu tor exit node. TorGhost is an anonymization script. TorGhost redirects all internet traffic through SOCKS5 tor proxy. DNS requests are also redirected via tor, thus preventing DNSLeak. The scripts also disables unsafe packets exiting the system. Some packets like ping request can compromise your identity. https://github.com/SusmithKrishnan/torghost

Domnul a cerut dezbatere si daca e totusi un loc democratic si nu plantatie, eu votez sa ii trimita domnul @aismen o invitatie pentru ca apelantul stie sa foloseasca corect semnele de punctuatie.

Eu cred ca vor colabora. La urma urmei, SpaceX nu prea are ce sa faca fara ajutor financiar de la NASA. Chiar daca vor oferi servicii de mers in spatiu pentru oameni simpli (e.g. pentru a filma un film porno in spatiu) sau daca vor primi bani pentru cercetare si vor trimite oameni pe Marte, ei nu au fondurile de care dispune NASA de la Guvernul american. Pe de alta parte, nu inteleg de ce NASA ar avea nevoie de ajutorul lor. La banii pe care ii au ii pot cumpara. Daca cineva stie mai multe despre colaborarea intre ei, si eu sunt interesat. Intre timp s-a cam lamurit problema: nu folosesc Windows 10 cum pare sa se vada pe acele display-uri. Ei bine, nu e garantat asta, dar nu cred ca e necesar pentru ei.

Posibil sa se lege la un nod si sa trimita nush unde parola de la mc

Also, gobuster (https://github.com/OJ/gobuster) instead of dirbuster (https://sourceforge.net/projects/dirbuster/files/DirBuster Source/1.0-RC1/)

Of

Bine ai venit! Daca nici de la mine sa nu invat, pai atunci de la cine?

Buna tuturor..!!! Sunt nou aici. Este frumos să te alăture cu tine. Sper să înveți lucruri noi de la tine. Mulțumesc.

Am gasit un post interesant: SpaceX uses an Actor-Judge system to provide triple redundancy to its rockets and spacecraft. The Falcon 9 has 3 dual core x86 processors running an instance of linux on each core. The flight software is written in C/C++ and runs in the x86 environment. For each calculation/decision, the "flight string" compares the results from both cores. If there is a inconsistency, the string is bad and doesn't send any commands. If both cores return the same response, the string sends the command to the various microcontrollers on the rocket that control things like the engines and grid fins. The microcontrollers, running on PowerPC processors, received three commands from the three flight strings. They act as a judge to choose the correct course of actions. If all three strings are in agreement the microcontroller executes the command, but if 1 of the 3 is bad, it will go with the strings that have previously been correct. The Falcon 9 can successfully complete its mission with a single flight string. The triple redundancy gives the system radiation tolerance without the need for expensive rad hardened components. SpaceX tests all flight software on what can be called a table rocket. They lay out all the computers and flight controllers on the Falcon 9 on a table and connect them like they would be on the actual rocket. They then run a complete simulated flight on the components, monitoring performance and potential failures. SpaceX engineers perform what they call "Cutting the strings" where they randomly shut off a flight computer mid simulation, to see how it responds. Dragon uses a similar triple redundant system for its flight computers. After talking with the Dragon team at GDC2016, it appears Tesla hardware is not used. They do use some interesting software on Dragon 2. They use Chromium and JavaScript for the Dragon 2 flight interface. The actual flight computers still run on C++. Source: Discussion with various SpaceX engineers at GDC 2015/2016 Via: https://space.stackexchange.com/questions/9243/what-computer-and-software-is-used-by-the-falcon-9/9446#9446

Interesant, daca ai ocazia ar fi util de stiut. Cred ca in anii "trecuti" Romania statea bine la capitolul cercetare. In prezent nu prea se pot fura bani din acest domeniu asa ca politica s-a indreptat spre altele.

Bun venit pe Internet. Acum serios, tu chiar crezi ca e mai sigur sa descarci mizerii de pe Filelist decat din surse oficiale? Acel mesaj pe care nu il intelegi desi esti la facultate se refera la un banal certificat SSL invalid. De fapt este valid, doar ca a expirat si nu a fost reinoit. Nu te afecteaza cu nimic. Nu iti bagi parola contului de NASA/SpaceX pe acel site al facultatii sa fie riscul ca cineva sa intercepteze traficul si sa ti-l fure. Deci poti sa accesezi acel site fara griji.

Nu ai nevoie de programe piratate. Iti faci un cont aici: http://ms.upt.ro/DreamSparksinglesignon/dreamspark si descarci ce ai nevoie.

Ahh, au TFTP ai naiba .... (69)

Regression testing (rarely non-regression testing one ) is re-running purposeful and non-functional tests to ensure that antecedently developed and tested software system still performs once a modification. Anytime a developer makes changes or enhancements to code, they're careful to not accidentally break or disrupt alternative functions of the application. It isn't always clear to QA that the development team may have added code in other areas of the application and if that code had impacts on other areas. NOTE: don't confuse prioritization” with risk.” Risk-based Testing doesn't apply to regression prioritization. First, confirmation testing is done to ensure that the code has successfully been fixed. It is common for companies to introduce minor changes from time to time in their products. Basically, these 2 implementation approaches depend upon the scope of changes, software development methodology, and the stage of the software process. You can find yourself guaranteeing a transparent software-development mechanical phenomenon for yourself and your dev team whereas unknowingly ignoring immense swaths of the application, letting your end users stumble upon undetected glitches at their own peril. Like i discussed higher than, regression take a look ating is associate activity of re-running test cases to create positive new changes don't break operating options. For more information on the Regression Testing (and knowing whether or not it will be helpful for you), You can find it read more here.

Cati crezi ca stau sa se uite ce e in jaruri? Cred ca majoritatea playerilor de pe mc sunt copii cu conturi premium.Sigur nu stau aia sa decompileze *.class-urile.Le e mai usor sa ceara bani la parinti pentru alt cont 😆

Vad niste chestii cu TOR in el si nu prea inteleg care e smenul cu ele. Daca e un cheat de minecraft la ce iti trebuie chestiile alea? Am decompilat "UFuckedUpSkid.class": import ..\.ဈ‮....840; public class UFuckedUpSkid { public static void main(String[] var0) { 840./$$0(var0); } } "$$840$1.class": package ..\.ဈ‮.; import java.net.Authenticator; import java.net.PasswordAuthentication; class $$840$1 extends Authenticator { // $FF: synthetic field private final String /$$0; // $FF: synthetic field private final String /$$1; $$840$1(String var1, String var2) { this./$$0 = var1; this./$$1 = var2; } protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication(this./$$0, this./$$1.toCharArray()); } } Metoda asta getPasswordAutehtication e cam dubioasa nu crezi? De exemplu in clasa "$$650.class" vad ca ar contine niste cod cu privire la partea de cheat a aplicatiei, dar fara sa decompilez toate clasele mi se pare cam dubioasa. Daca ai vrei sa faci asta extragi jarul cu 7zip si ai folderele alea, dar fara sa investighez foarte amanuntit am impresia ca pute cheatul asta, la ce ii trebuie faza cu geoIP si TOR?

https://www.virustotal.com/gui/file/9e8d0979cc6f74925c4979c38a38202c2e698d9412a3931ee4c4b98fa5cf35f2/detection https://www.hybrid-analysis.com/sample/9e8d0979cc6f74925c4979c38a38202c2e698d9412a3931ee4c4b98fa5cf35f2 Fisierul e detectat suspect/not trusted. (nu neaparat malicious) Pare a avea o parte packed. Daca deschizi arhiva jar gasesti: UFuckedUpSkid.class geoip.txt geoip6.txt tor.zip Imi ridica numeroase semne de avertisment toata treaba asta. Poate cineva se pricepe mai bine si are timp/chef sa faca o analiza si sa dea o parere mai informata. TLDR: parerea mea e ca ai vrut minecraft si te-ai ars cu un virusel

"Netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)." https://github.com/cytopia/pwncat

Anti-vaxxers research

Sal, e vorba de un program sa pot face pe un website, fake stream, sa para ca sunt live dar sa fie un video inregistrat mai demult, gen manycam am vazut ceva tutoriale pe yt dar nu functioneaza cum trebuie. site-ul este unul gen chatroulette unde vreau sa pun video inregistrat si ei sa creada ca e live :) astept sfaturi, sau chiar pe cineva care poate sa mi-l creeze contracost. multumesc 🙏👍

observ ca nu este activ de prin martie, tot ce este posibil Aviz amantorilor, asta se intampla cand va "jucati cu focul" killer-ul oricum e "ca la el acas'

Security researchers have discovered a new version of Sarwent malware that has new command functionality, such as executing PowerShell commands and preference for using RDP. Dating back to 2018, Sarwent has mostly been known as a dropper malware with a limited set of commands, such as download, update and vnc. Dropper malware is a kind of Trojan designed to install other malware on a target system. Researchers at SentinelOne warned that attackers are now using a new version of the Sarwent malware to target the Remote Desktop Protocol (RDP) port on Windows systems to execute backdoor commands. Reaves also said Sarwent uses the same binary signer as one or more TrickBot operators. Futhermore, Reaves pointed out that the “rdp” command and code execution looks to perform tasks, such as: Add users List groups and users Punch a hole in local firewall. These functions could forewarn actors are preparing to target systems for RDP access at a later time. Readers may also remember attackers have been known to exploit RDP-related vulnerabilities, such as the BlueKeep vulnerability CVE-2019-0708. In conclusion, cyber criminals likely will continue to leverage malware, like Sarwent, to leverage RDP for monetization such as selling access to systems. Via securezoo.com

OBLIGATORY INTRO Howdy! This is the first post in a multi-part series detailing steps taken, and exploits written, as part of my OSCE exam preparation. I intend to use these practice sessions to refine my exploit development process while sharing any knowledge gained. I originally wanted to take this course a few years ago, but could never quite lock it in. Recently, I was fortunate enough to have work fund the course. Since then, I’ve been spending my free time listening to Muts’ dulcet tones and working through the modules. I wrapped up the official course material yesterday and plan to work through some additional work recommended by some OSCE graduates. What makes the timing awesome for me is that I just finished up CSC 748 - Software Exploitation for my graduate course work. The course dealt with Windows x86 exploitation, fuzzing, and shellcoding. Sound familiar? It dove into some topics that OSCE doesn’t cover such as using ROP to bypass DEP. I’m incredibly happy to have been able to do both of them one right after the other. I’ll be including some of the shellcoding tricks I learned from the course in this series at some point. EXPLOIT DEVELOPMENT ENVIRONMENT This post will cover setting up a lab environment. While this may not be the most interesting topic, we’ll cover some setup tips that may be helpful. Don’t worry, we won’t go step by step through setting up all these things unless it’s warranted. OPERATING SYSTEM For these practice sessions, we’ll attempt to stick reasonably close to an OSCE environment by using a 32bit Windows 7 VM. Unfortunately, Microsoft has taken down the IE/Edge Virtual Machine images from their site. You can only get the Windows 10 images nowadays. Fear not! If you find yourself in need of an older version, they’re archived and can still be downloaded at the link below. Windows VM Images SCRIPTING LANGUAGE We’ll be writing all proof of concepts using Python 3. Python 2 still gets a lot of use in PoCs for exploits and exploit-centric tooling, however, I strongly prefer 3 as a language overall and will stick to it throughout these posts. The latest version of Python (3.8.2 at the time of this writing) can be found here. HEX EDITOR There are times we’ll need a hex editor. I prefer 010 when working on windows. NASMSHELL Part of creating shellcode is janking™ around with the instructions to find what works in the smallest amount of space without known bad characters. nasmshell makes it incredibly easy to check which opcodes are generated by which instructions. Of note, nasmshell requires python2. FUZZER For network fuzzing, we’ll be using boofuzz. It’s a fork of and the successor to the venerable Sulley fuzzing framework. Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance. Installation consists of a simple pip command. pip install boofuzz --user AUTOMATIC CRASH DETECTION & PROCESS RESTART This part is totally optional. Boofuzz offers a utility called process_monitor.py that detects crashes and restarts the target binary automatically. It requires a few additional libraries to run and must run on the target machine itself. As we’ll be doing all coding and fuzzing from the same windows environment, this is fine. The install steps are located here. I won’t copy and paste them here, however I will note something that I was forced to do during installation. All of the libraries for process_monitor.py are installed into my Python2.7 environment. Whereas boofuzz is installed into my Python3.8 environment. This is because pydasm requires Python2.7. The end result is that we’ll be scripting fuzzers in Python3, and executing process_monitor.py with Python2. Also, there is a note on the install page: I didn’t need to do anything to satisfy this requirement, as my flare-vm install script pulled it down for me. DEBUGGER The topic of which debugger to use seems to be pretty contentious in the OSCE forums/chats. We’ll be using WinDbg. The reason is that I spent 4 months using it for college and have come to like it. FLARE-VM To install WinDbg (and some other tools), I used the Flare-VM install script. Flare-VM will take a Windows 7-10 machine and install a plethora of RE tools. I modified the flare’s profile.json for a relatively light-weight installer. Flare-VM install instructions Customizing Installed Packages And if you’re feeling lazy, here’s my profile.json. { "env": { "TOOL_LIST_DIR": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\FLARE", "TOOL_LIST_SHORTCUT": "%UserProfile%\\Desktop\\FLARE.lnk", "RAW_TOOLS_DIR": "%SystemDrive%\\Tools", "TEMPLATE_DIR": "flarevm.installer.flare" }, "packages": [ {"name": "dotnetfx"}, {"name": "powershell"}, {"name": "vcbuildtools.fireeye"}, {"name": "vcpython27"}, { "name": "python2.x86.nopath.flare", "x64Only": true, "args": "--package-parameters \'/InstallDir:C:\\Python27.x86\'" }, {"name": "libraries.python2.fireeye"}, {"name": "libraries.python3.fireeye"}, {"name": "windbg.flare"}, {"name": "windbg.kenstheme.flare"}, {"name": "windbg.ollydumpex.flare"}, {"name": "windbg.pykd.flare"}, {"name": "ghidra.fireeye"}, {"name": "vbdecompiler.flare"}, {"name": "010editor.flare"}, {"name": "resourcehacker.flare"}, {"name": "processdump.fireeye"}, {"name": "7zip.flare"}, {"name": "putty"}, {"name": "wget"}, {"name": "processhacker.flare"}, {"name": "sysinternals.flare"}, {"name": "ncat.flare"}, {"name": "shellcode_launcher.flare"}, {"name": "xorsearch.flare"}, {"name": "xorstrings.flare"}, {"name": "lordpe.flare"}, {"name": "googlechrome.flare"}, {"name": "nasm.fireeye"} ] } MONA.PY Even after using Flare-VM’s installer, we’re still missing a key tool, mona.py. Mona.py is an incredible tool; it’s bonkers how many facets of exploit dev on windows are made easier with mona. To get mona up and running with WinDbg, we’ll just need to follow these steps. We can confirm everything works by opening up WinDbg, attaching to some benign process, and running the following commands: .load pykd.pyd ══════════════ Processing initial command '.load pykd.pyd' !py mona ════════ [+] Command used: !py C:\Program Files\Windows Kits\10\Debuggers\x86\mona.py 'mona' - Exploit Development Swiss Army Knife - WinDBG (32bit) Plugin version : 2.0 r605 Python version : 2.7.18 (v2.7.18:8d21aa21f2, Apr 20 2020, 13:19:08) [MSC v.1500 32 bit (Intel)] PyKD version 0.3.2.2 Written by Corelan - https://www.corelan.be Project page : https://github.com/corelan/mona |------------------------------------------------------------------| | _ __ ___ ___ _ __ __ _ _ __ _ _ | | | '_ ` _ \ / _ \ | '_ \ / _` | | '_ \ | | | | | | | | | | | || (_) || | | || (_| | _ | |_) || |_| | | | |_| |_| |_| \___/ |_| |_| \__,_|(_)| .__/ \__, | | | |_| |___/ | | | |------------------------------------------------------------------| SQLITE BROWSER We’ll need a way to look at boofuzz’s results. They’re stored in a database, and the provided web interface leaves something to be desired. As we’ll be working on windows, we’ll need to grab a sqlite database browser. One can be found here. WINDBG - QUALITY OF LIFE TWEAKS We’re going to be spending a ton of time in the debugger, so it should be a debugger that sparks joy! Typing .load pykd.pyd isn’t terribly hard, but doing it every time you restart your debugger can be irksome. We can automatically load the file with a pretty simple trick. right-click on the windbg icon in the toolbar (assuming flare-vm put it there for you) right-click on the windbg (x86) menu item select properties Once we’re in the properties menu, perform the following click on the Shortcut tab add the following command-line option to the Target field: -c ".load pykd.pyd" SANE LOGGING LOCATION Without any configuration, mona.py stores command results beside the debugger’s exe. The exe is stored six levels deep under Program Files and isn’t exactly accessible. The command below will get the logging location squared away for us. !py mona config -set workingfolder c:\monalogs\%p_%i The %p will get populated with the debuggee’s name and the %i will be replaced by the debuggee’s pid. Ex. C:\monalogs\TFTPServerSP_1300 PERSONALIZED WORKSPACE W/ SCRATCHPAD You can personalize WinDbg quite a bit. There are a few themes shipped with WinDbg, and some others can be found with google, though it’s not obvious how to work with them. WinDbg will read Workspace settings from the registry or a .wew file. If you’re loading a .reg file, you can simply double-click the file and it will load. However, we’ll be creating our own .wew file. CREATE THE LAYOUT We’ll take a look at my setup, which is pretty much default, with a slight modification. I like having WinDbg’s scratchpad open. It’s a convenient place for simple notes (usually addresses/offsets). It’s not open in the default configuration, so let’s fix that. Open WinDbg Press alt+8 to open the scratchpad Position it wherever you like My setup looks like this, with the scratchpad positioned to the right of the assembly window. ASSOCIATE THE SCRATCHPAD If the scratchpad isn’t associated to a file on disk, the information disappears when the debugger exits. Fortunately, making the scratchpad persistent is easy. First, right-click the scratchpad’s top bar and select Associate with file.... After that, simply pick a location (I store mine in C:\monalogs) SAVE THE WORKSPACE With a new layout created, we need to save it to disk. There are four different options to save a workspace… We want to use the Save Workspace to File... option. Store it wherever you like. AUTOLOAD THE WORKSPACE With the scratchpad setup and the workspace file saved somewhere, we need to configure windbg to load the workspace on startup. The premise is the same as what we used to autoload pykd. We just need to add the following command-line option to the Target field in WinDbg’s properties. -WF "C:\Users\vagrant\Desktop\with_scratchpad.WEW" FURTHER CONFIGURATION In case you want to go further, you could use some of the themes listed below as a starting point and tweak until you’re content. https://github.com/lololosys/windbg-theme https://github.com/Stolas/WinDBG-DarkTheme C:\ProgramData\chocolatey\lib\windbg.kenstheme.flare\tools\ken.reg https://www.zachburlingame.com/2011/12/customizing-your-windbg-workspace-and-color-scheme/ OBLIGATORY OUTRO The next post in this series will cover exploiting VulnServer’s TRUN command. Check it out here. Source epi052.gitlab.io

E normal sa fie prosti care viseaza ca trimitand bani nu stiu unde, se vor imbogati peste noapte, fara sa munceasca. Au fost, sunt si vor fi prostanaci in continuare. Pentru ca sunt crescuti de astfel de specimene si la randul lor vor creste astfel de specimene:

Salut, Nu luati problema de unde trebuie. Statul a crezut ca daca pulimea e dobitoaca va fi mai usor de controlat. Insa, au aparut agaricii cu "stiri false" care, ghici ce?, au inceput sa le serveasca lucruri la care sa puna botul prostimea... Si acum statul zice:"vai, coae, pai prostii mei sunt si prostii altora?!? Wtf. Tre sa puna botul doar la ce vrem noi. SÎc!" Si vai, acum brusc, trebuie sa catalogam site-uri ca fake news aka sa facem o mini cenzura. Intr-un stat cu oameni educati nu trebuia sa se implementeze astfel de masuri (cenzura). Numai educatia ne scoate din acest cerc vicios.

What we offer - BulletProof VPS - BulletProof Server & Offshore Server - Bulgaria Server & Netherland Server - Cheap Shared hosting for any project - Fully dedicated resources for every client More info pls contact me https://btcserver.info Contact me: Telegram : https://t.me/internethostingltd Jabber : kick21@exploit.im

Ba, urmaresc forumu asta din umbra de ceva timp, nu am mai postat. Dar cat puteti ba sa fiti de terminati? Oare prostia asta a voastra nu are limite? Ce baza de date ba, ca aia era cu persoane de prin anii 90'. 80% din cei care sunt in baza aia de date au murit. Numa invitatii filelist, coduri, dork-uri si baze de date visati. Sa faceti ceva pentru viitoru vostru n-ati face. Ai aici oameni care sunt guru in Linux, care stiu Python si alte lucruri utile si voi cereti baze de date.

https://9gag.com/gag/aZLVRYQ