Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 10/12/19 in Posts

  1. 7 points
    Pentru ca de multe ori am cerut ajutorul aici si de prea putine ori l-am oferit inapoi, va pun la dispozitie toate cartile mele de Cisco. Doar Cisco am ca asa mananc painea zilnica. https://we.tl/t-m69KrEzFGx https://we.tl/t-HrRwcciXqn De asemenea, pentru cine merita am toate cursurile de la INE (CCNA, CCNP & CCIE), atat R&S cat si Security, CBTNuggets, GNS3WorkBench, Pearson IT Certifications, Packt, RouteHUB si IpExperts, care se gasesc foarte greu astazi, pentru ca IpExperts a fost inchis. Cine stie, cunoaste. Ca sa va incadrati la culoarea rosie nu trebuie sa fi cerut invitatii FileList si sa fiti vechi. Toate cursurile video sunt platite si downlodate, asa ca e dreptul meu sa aleg cui le dau. PS: De ceva timp am inceput sa-mi blestem zilele cu CCIE-ul si as avea mare nevoie de cursurile celor de la IpExperts. Cum ei nu mai sunt pe piata, iar eu am doar CCNP de la ei, nu prea am de unde sa le mai iau. Cine le are si crede ca le merit, multumesc.
  2. 5 points
  3. 3 points
    Am facut acest script in python pentru cei care vor sa descarce meme-uri automat , nu stiu pentru ce ar fi de folos dar este interesant de jucat putin cu el. El este destul de basic dar isi face treaba. Aveti nevoie de python3 instalat pentru al rula. Download : https://uploadfiles.io/7e94iqph
  4. 3 points
    Din ce reiese din text-ul tau de prezentare nu ai o idee clara despre "hacking" si taberele in care se imparte, e de inteles... varsta. Tinand cont ca ai 15 ani, inseamna ca ai mult timp liber. Iti sugerez sa iti faci cont pe platforme bug bounty (hackerone, bugcrowd, openbugbounty) si sa cauti vulnerabilitati cu severitate low/medium, cu timpul o sa inveti tot mai multe lucruri si inevitabil o sa faci si bani din asta. Am vazut cativa copii cu varsta apropiata de a ta, care se descurca binisor. Chiar daca sunt putini romani care se ocupa de asta, eu incurajez viitoarea generatie. Succes!
  5. 3 points
    Haxori pe RST...Imi aduce aminte de vremurile bune de acum 7-8 ani. Cu acunetix si havij te pricepi men? Imi faci si mie un tutorial te rog.
  6. 3 points
    A technique to evade Content Security Policy (CSP) leaves surfers using the latest version of Firefox vulnerable to cross-site scripting (XSS) exploits. Researcher Matheus Vrech uncovered a full-blown CSP bypass in the latest version of Mozilla’s open source web browser that relies on using an object tag attached to a data attribute that points to a JavaScript URL. The trick allows potentially malicious content to bypass the CSP directive that would normally prevent such objects from being loaded. Vrech developed proof-of-concept code that shows the trick working in the current version of Firefox (version 69). The Daily Swig was able to confirm that the exploit worked. The latest beta versions of Firefox are not vulnerable, as Vrech notes. Chrome, Safari, and Edge are unaffected. If left unaddressed, the bug could make it easier to execute certain XSS attacks that would otherwise be foiled by CSP. The Daily Swig has invited Mozilla to comment on Vrech’s find, which he is hoping will earn recognition under the software developer’s bug bounty program. The researcher told The Daily Swig about how he came across the vulnerability. “I was playing ctf [capture the flag] trying to bypass a CSP without object-src CSP rule and testing some payloads I found this non intended (by anyone) way,” he explained. “About the impact: everyone that was stuck in a bug bounty XSS due to CSP restrictions should have reported it by this time.” Content Security Policy is a technology set by websites and used by browsers that can block external resources and prevent XSS attacks. PortSwigger researcher Gareth Heyes discussed this and other aspect of browser security at OWASP’s flagship European event late last month. Sursa: https://portswigger.net/daily-swig/firefox-vulnerable-to-trivial-csp-bypass
  7. 3 points
    Consola de jocuri retro bazata pe Raspberry Pi 3 Model B - Carcasa Kintaro Super Kuma 9000, cu buton de Power on/off, buton de reset, ventilator - Raspberry Pi 3 Model B, cu card SD 16GB Toshiba - Incarcator 3A 5V bun, care nu subvolteaza Butoanele sunt functionale ambele. Carcasa are ventilator instalat, care functioneaza cand placa este solicitata, am folosit inclusiv Arctic MX-4 pentru temperaturi mai bune. Pe cardul SD am instalat Retropie si ROM-uri pentru diverse emulatoare. Practic sistemul are tot ce va trebuie pe el pentru a juca. Pret: 200 RON
  8. 3 points
    Cautam un dictionar de parole comune pentru SSH si am gasit parolele voastre. Aici e lista: https://github.com/jeanphorn/wordlist/blob/master/ssh_passwd.txt Iar aici e o lista cu parolele voastre (nu?): 123parola321esniffu321$#@!nuirootutaudeateuita#@!@#$ teiubescdartunumaiubestiasacahaidesaterminam cutiacusurprize 119.161.216.250 SCANEAA VNC deathfromromaniansecurityteamneversleepba viataeocurva-si-asa-va-ramane-totdeauna vreau.sa.urc.255.de.emechi.pe.undernet MaiDuteMaiTareSiLentDacileaWaiCacatule SugiPulaMaCaNuEastaParolaMeaDeLaSSHD Fum4tulP0@t3Uc1d3R4uD3T0t!@#$%^%^&*? [www.cinenustieparolasugepula.biz] saracutaveronicaisacamcoptpasarica p00lanmata 122.155.12.45 SCAN VNC suntcelmaitaresinimeninumadoboara doimaiomienouasuteoptzecisicinci ------Brz-O-Baga-n-Mata--------- ana.este.o.dulceata.de.fata.2011 Th3Bu1ES@VaDCuMm3RgeLak3T3LL1!!! bin;Fum4tulP0@t3Uc1d3R4uD3T0t!@ amplecat10sastingbecuinbeci2003
  9. 2 points
    Ce gluma frate, de ce il minti pe om? I-am generat invitatie, expira in 24h, lasa-l sa o activeze.
  10. 2 points
    Nu esti indexat si nu ai vizite deoarece mai sunt inca 41241242353425234234 site-uri la fel ca al tau, acceasi tema, accelasi continut, nimic unic pe el. Poti incerca sa iti scrii singur descrierile la filme si sa nu le mai copiezi din alta parte daca vrei sa ai macar o sansa.
  11. 2 points
    Discuss anonymously with nearby people Clandesto is the place where you can discuss anything, with people within your radius and get awarded with karma points. APP STORE PLAY STORE So what's Clandesto all about? Local community Clandesto is your local community that shows you a live feed from people within your radius. Share news, events, funny experiences, and jokes easier than ever! Join your community Upvote the good and downvote the bad. By voting on posts, you have the power to decide what's your community talking about. Install CLANDESTO Find your group Find your local group, wether it's a neightbourhood, college campus, district, or village. You can also start your own private or public group. Find your group Website: https://clandesto.app/ Twitter: https://twitter.com/clandestoapp Facebook: https://www.facebook.com/clandesto/ Detalii: https://start-up.ro/cand-gdpr-ul-iti-da-o-idee-de-business-clandesto-socializare-anonima/
  12. 2 points
    Da frate @SynTAX bine ca m-ai atentionat, uite @adytzu123456, am un cod de invitatie pus cu hidden sa nu vada cei neinregistrati, sa il folosesti ca expira in 24h.
  13. 2 points
    Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments—most often, for running commands as the root user. By default on most Linux distributions, the ALL keyword in RunAs specification in /etc/sudoers file, as shown in the screenshot, allows all users in the admin or sudo groups to run any command as any valid user on the system. Reference Link : https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html?fbclid=IwAR1V9EZDp75uQdBgcQxV4t4C0THHguOtNkIk7o1PfapQPJEt9FaZmFK58Mg
  14. 2 points
    Odata intrat acolo nu mai e scapare sa stii.Am supravietuit doar o saptamana pe acolo :)))
  15. 1 point
  16. 1 point
    Salutare,daca ai cunostiinte doar in SQL injection nu o sa iasa prea bine pe aici, am patit-o pe pielea mea sa stii.
  17. 1 point
    ./ pune captcha pe wp-admin
  18. 1 point
  19. 1 point
  20. 1 point
    @aismen vezi ca vrea omu invitatie. Parca tu aveai.
  21. 1 point
    https://discord.gg/t87wsU
  22. 1 point
    Avem pe cineva din echipa pe aici??
  23. 1 point
    Pentru cei care nu au aflat inca, echipa Romaniei a obtinut primul loc. Felicitari!
  24. 1 point
    E simplu, Iohannis cu Barna in turu 2, castiga Iohannis. EOF
  25. 1 point
  26. 1 point
    <website>https://android-1.com/en/tags/MOD/ <app>https://gameguardian.net/download <app> https://www.luckypatchers.com/download/ <app> https://www.tutuapp.vip/pc/
  27. 1 point
    Lasa baietii sa ceara invitatii ca le dau eu, am multe, invitatii speciale pentru baietii fini de pe RST.
  28. 1 point
    Sursa Financial Times. La revedere cryptografie asa cum o stim? ...
  29. 1 point
    A powerful small guide to deal with Cross-Site Scripting in web applications bug hunting and security assessments Download Link : https://www.pdfdrive.com/xss-cheat-sheet-d158319463.html
  30. 1 point
  31. 1 point
    Cam liniste pe aici
  32. 1 point
    Mi-a cerut un service 80 ron, mi-am bagat pula in mortii lui, in 3, 4, 5h il rezolvi, si ramai cu banii de senvici si tigari si bere, incearca pe https://forum.xda-developers.com/
  33. 1 point
    Salutare. Am doua conturi deinstagram de vanzare ! 1.Cont instagram cu peste 4300 followers. -Toti adaugati manual. -100% romani. -primeste in jur de 400-1500 likeuri pe post. -Nisa este comedie. -Il puteti transforma in contul vostru personal. -Pret: 40 euro. Nu negociez,acesta este pretul pe piata + am muncit o luna la el...si lucrul cel mai important sunt adaugati manual 2.Cont cu peste 2500 followers. -Adaugati manual -50%romani - 50 straini. -Strange pe post in jur de 300 likeuri. -Nisa fan Inna. Pret:15 euro. Daca le cumparati pe amandoua,le las la 50 euro. Link in pm
  34. 1 point
    Sursa: https://m.habr.com/ru/company/dsec/blog/452836/ Digital Security Company Blog Information Security Network technologies forkyforky may 28 Web tools, or where to start pentester? We continue to talk about useful tools for pentester. In the new article we will look at tools for analyzing the security of web applications. Our colleague BeLove already did a similarselection about seven years ago. It is interesting to see which tools have retained and strengthened their positions, and which have faded into the background and are now rarely used. Note that the Burp Suite also applies here, but there will be a separate publication about it and its useful plugins. Content: Amass Altdns aquatone MassDNS nsec3map Acunetix Dirsearch wfuzz ffuf gobuster Arjun LinkFinder Jsparser sqlmap NoSQLMap oxml_xxe tplmap CeWL Weakpass AEM_hacker Joomscan WPScan Amass Amass is a Go tool for searching and iterating DNS subdomains and mapping an external network. Amass is an OWASP project created to show how organizations on the Internet look to an outsider. Amass gets the names of subdomains in various ways, the tool uses both recursive enumeration of subdomains and search in open sources. To find connected network segments and autonomous system numbers, Amass uses the IP addresses obtained during operation. All found information is used to build a network map. Pros: Information collection techniques include: * DNS - enumeration of subdomains in a dictionary, bruteforce subdomains, “smart” enumeration using mutations based on the found subdomains, reverse DNS requests and search for DNS servers on which it is possible to request a zone transfer request ( AXFR); * Search for open sources - Ask, Baidu, Bing, CommonCrawl, DNSDB, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ThreatCrowd, VirusTotal, Yahoo; * Search TLS certificate databases - Censys, CertDB, CertSpotter, Crtsh, Entrust; * Using the API of search engines - BinaryEdge, BufferOver, CIRCL, HackerTarget, PassiveTotal, Robtex, SecurityTrails, Shodan, Twitter, Umbrella, URLScan; * Search the web archives of the Internet: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback; Integration with Maltego; Provides the most complete coverage for the task of finding DNS subdomains. Minuses: Be careful with amass.netdomains — he will try to access each IP address in the identified infrastructure and obtain domain names from reverse DNS queries and TLS certificates. This is a "loud" technique, it can reveal your intelligence actions in the organization under study. High memory consumption can consume up to 2 GB of RAM in different settings, which will not allow running this tool in the cloud on a cheap VDS. Altdns Altdns is a Python tool for compiling dictionaries for brute force DNS subdomains. Allows you to generate many options for subdomains using mutations and permutations. To do this, use words that are often found in subdomains (for example: test, dev, staging), all mutations and permutations are applied to already known subdomains, which can be submitted to the input of Altdns. The output is a list of variations of subdomains that may exist, and this list can later be used for DNS brute force. Pros: Works well with large data sets. aquatone aquatone - was previously better known as another tool for finding subdomains, but the author himself abandoned this in favor of the aforementioned Amass. Now aquatone is rewritten to Go and more geared for pre-exploration of websites. To do this, aquatone passes through the specified domains and searches for websites on different ports, after which it collects all the information about the site and makes a screenshot. Convenient for quick preliminary exploration of websites, after which you can select priority targets for attacks. Pros: At the output, it creates a group of files and folders that are conveniently used for further work with other tools: * HTML report with collected screenshots and response headers grouped by similarity; * File with all the URLs on which the websites were found; * File with statistics and data page; * Folder with files containing the response headers from the found targets; * Folder with files containing the response body from the found targets; * Screenshots of found websites; Supports work with XML reports from Nmap and Masscan; Uses headless chrome / chromium for screenshots rendering. Minuses: It may attract the attention of intrusion detection systems, and therefore requires adjustment. The screenshot was made for one of the old versions of aquatone (v0.5.0), in which the search for DNS subdomains was implemented.Older versions can be found on the release page. Screenshot aquatone v0.5.0 MassDNS MassDNS is another tool for finding DNS subdomains. Its main difference is that it makes DNS queries directly to many different DNS resolvers and does so with considerable speed. Pros: Fast - able to resolve more than 350 thousand names per second. Minuses: MassDNS can cause a significant load on the DNS resolvers used, which can lead to a ban on these servers or complaints to your provider. In addition, it will cause a large load on the company's DNS servers, if they have them and if they are responsible for the domains you are trying to resolve. The list of resolvers is currently outdated, but if you select broken DNS resolvers and add new known ones, everything will be fine. nsec3map nsec3map is a Python tool to get a complete list of DNSSEC protected domains. Pros: Quickly detects hosts in DNS zones with a minimal number of queries if DNSSEC support is enabled in the zone; As part of the plugin for John the Ripper, which can be used to crack the resulting NSEC3 hashes. Minuses: Many DNS errors are handled incorrectly; There is no automatic parallelization of processing NSEC records - you have to split the namespace manually; High memory consumption. Acunetix Acunetix is a web vulnerability scanner that automates the process of checking web application security. Tests the application for SQL injection, XSS, XXE, SSRF, and many other web vulnerabilities. However, just like any other scanner of multiple web vulnerabilities does not replace the pentester, since complex chains of vulnerabilities or vulnerabilities in logic cannot be found. But it covers a lot of different vulnerabilities, including different CVEs, which the pentester could have forgotten, therefore, it is very convenient to get rid of routine checks. Pros: Low level of false positives; Results can be exported as reports; Performs a large number of checks for different vulnerabilities; Parallel scanning of multiple hosts. Minuses: There is no de-duplication algorithm (Acunetix pages that are of the same functionality will be considered different, because different URLs lead to them), but the developers are working on it; Requires installation on a separate web server, which makes it difficult to test client systems with a VPN connection and use the scanner in an isolated segment of the local client network; It can “rustle” the service under study, for example, send too many attacking vectors to the communication form on the site, thereby greatly complicating business processes; It is a proprietary and, accordingly, non-free solution. Dirsearch Dirsearch is a Python tool for brute force directories and files on websites. Pros: It can distinguish real “200 OK” pages from “200 OK” pages, but with the text “page not found”; Comes with a handy dictionary that has a good balance between size and search efficiency. Contains standard paths typical of many CMS and technology stacks; Its dictionary format, which allows to achieve good efficiency and flexibility of searching files and directories; Convenient output - plain text, JSON; Able to do throttling - a pause between requests, which is vital for any weak service. Minuses: Extensions must be passed as a string, which is inconvenient if you need to transfer many extensions at once; In order to use your dictionary, it will need to be slightly modified to the format of the Dirsearch dictionaries for maximum efficiency. wfuzz wfuzz - Python-fazzer web applications.Probably one of the most famous web phasers.The principle is simple: wfuzz allows phasing any place in an HTTP request, which allows phasing of GET / POST parameters, HTTP headers, including Cookies and other authentication headers. At the same time, it is convenient for simple brute force directories and files, for which you need a good dictionary. It also has a flexible filter system, with which you can filter the responses from the website by different parameters, which allows you to achieve effective results. Pros: Multifunctional - modular structure, assembly takes several minutes; Convenient filtering and fuzzing mechanism; You can phase out any HTTP method, as well as any place in the HTTP request. Minuses: In the state of development. ffuf ffuf - a web-fazer on Go, created in a similar fashion to wfuzz, allows files, directories, URL paths, names and values of GET / POST parameters, HTTP headers, including the Host header for virtual hosts brute-force. Wfuzz differs from its colleague by higher speed and some new features, for example, Dirsearch format dictionaries are supported. Pros: Filters are similar to wfuzz filters, allow flexible configuration of brute force; Allows fuzzing HTTP header values, data from POST requests and various parts of the URL, including the names and values of GET parameters; You can specify any HTTP method. Minuses: In the state of development. gobuster gobuster - a tool for Go for intelligence, has two modes of operation. The first one is used for brute-force files and directories on the website, the second one is used to iterate over the DNS subdomains. The tool initially does not support recursive enumeration of files and directories, which, of course, saves time, but on the other hand, the brute force of each new endpoint on the website needs to be launched separately. Pros: High speed for both brute force DNS subdomains, and for brute force files and directories. Minuses: The current version does not support the installation of HTTP headers; By default, only some of the HTTP status codes (200,204,301,302,307) are considered valid. Arjun Arjun is a tool for brute-force hidden HTTP parameters in GET / POST parameters, as well as in JSON. The built-in dictionary has 25,980 words that Ajrun checks in almost 30 seconds.The trick is that Ajrun does not check each parameter separately, but checks immediately ~ 1000 parameters at a time and looks to see if the answer has changed. If the answer has changed, then divides this 1000 parameters into two parts and checks which of these parts affects the answer. Thus, using a simple binary search, a parameter or several hidden parameters are found that influenced the answer and, therefore, can exist. Pros: High speed due to binary search; Support for GET / POST parameters, as well as parameters in the form of JSON; By the same principle, the Burp Suite plugin also works - param-miner , which is also very good at finding hidden HTTP parameters. We will tell you more about it in the upcoming article about Burp and its plugins. LinkFinder LinkFinder is a Python script for searching links in JavaScript files. Useful for finding hidden or forgotten endpoints / URLs in a web application. Pros: Fast; There is a special plugin for Chrome based on LinkFinder. . Minuses: Inconvenient final conclusion; Does not analyze JavaScript in dynamics; Quite simple link search logic - if JavaScript is obfuscated in some way, or the links are initially missing and dynamically generated, you will not be able to find anything. Jsparser JSParser is a Python script that uses Tornadoand JSBeautifier to analyze relative URLs from JavaScript files. Very useful for detecting AJAX requests and compiling a list of API methods with which the application interacts. Effectively paired with LinkFinder. Pros: Quick parsing javascript files. sqlmap sqlmap is probably one of the most well-known tools for analyzing web applications. Sqlmap automates the search and operation of SQL injections, works with several SQL dialects, has in its arsenal a huge number of different techniques, ranging from quotes head-on and ending with complex vectors for time-based SQL injections. In addition, it has many techniques for further exploitation for various DBMS, therefore, it is useful not only as a scanner for SQL injections, but also as a powerful tool for exploiting already found SQL injections. Pros: A large number of different techniques and vectors; Low number of false positives; Many possibilities for fine tuning, various techniques, target database, tamper scripts for bypassing WAF; Ability to create dump output data; Many different operating possibilities, for example, for some databases - automatic file upload / download, command execution ability (RCE) and others; Support for direct connection to the database using the data obtained during the attack; At the entrance, you can submit a text file with the results of the work Burp - no need to manually compile all the attributes of the command line. Minuses: It is difficult to customize, for example, to write some of your checks due to poor documentation for this; Without the appropriate settings conducts an incomplete set of checks, which can be misleading. NoSQLMap NoSQLMap is a Python tool for automating the search and operation of NoSQL injection. It is convenient to use not only in NoSQL databases, but also directly when auditing web applications using NoSQL. Pros: As well as sqlmap, it allows not only to find a potential vulnerability, but also checks the possibility of its exploitation for MongoDB and CouchDB. Minuses: Does not support NoSQL for Redis, Cassandra, is being developed in this direction. oxml_xxe oxml_xxe is a tool for embedding XXE XML exploits into various file types that use an XML format in some form. Pros: It supports many common formats, such as DOCX, ODT, SVG, XML. Minuses: Not fully supported PDF, JPEG, GIF; Creates only one file. To solve this problem, you can use the docem tool , which can create a large number of files with paylodes in different places. The aforementioned utilities do an excellent job with XXE testing when loading documents containing XML. But also do not forget that XML format handlers can occur in many other cases, for example, XML can be used as a data format instead of JSON. Therefore, we recommend to pay attention to the following repository containing a large variety of payloads: PayloadsAllTheThings . tplmap tplmap is a Python tool to automatically detect and exploit Server-Side Template Injection vulnerabilities. It has settings similar to sqlmap and flags. It uses several different techniques and vectors, including blind-injections, and also has techniques for executing code and loading / unloading arbitrary files. In addition, it has in its arsenal techniques for a dozen different engines for templates and some techniques for searching eval () - like code injections in Python, Ruby, PHP, JavaScript. In case of successful operation, opens an interactive console. Pros: A large number of different techniques and vectors; Supports many engines for rendering templates; A lot of maintenance techniques. CeWL CeWL is a Ruby dictionary generator, created to extract unique words from a specified website, following links on a website to a specified depth.Compiled dictionary of unique words can be used later for brute-force passwords on services or brute-force files and directories on the same web site, or to attack hashes obtained using hashcat or John the Ripper. Useful in compiling a “target” list of potential passwords. Pros: Easy to use. Minuses: You need to be careful with the depth of search, so as not to capture an extra domain. Weakpass Weakpass is a service containing many dictionaries with unique passwords. It is extremely useful for various tasks related to password cracking, ranging from simple online brute-force accounts to target services, ending off-line brute-force hashes obtained usinghashcat or John The Ripper . There are about 8 billion passwords in length from 4 to 25 characters. Pros: Contains both specific dictionaries and dictionaries with the most common passwords - you can choose a specific dictionary for your own needs; Dictionaries are updated and updated with new passwords; Dictionaries are sorted by efficiency. You can choose the option for quick online brute, as well as for a detailed selection of passwords from the extensive dictionary with the latest leaks; There is a calculator showing the time for password brutus on your hardware. In a separate group, we would like to bring the tools for CMS checks: WPScan, JoomScan and AEM hacker. AEM_hacker AEM hacker is a tool for detecting vulnerabilities in Adobe Experience Manager (AEM) applications. Pros: Can detect AEM-applications from the list of URLs submitted to the entrance; It contains scripts for obtaining RCE by loading a JSP shell or using SSRF. Joomscan JoomScan is a Perl tool to automate the detection of vulnerabilities when deploying a Joomla CMS. Pros: Able to find configuration flaws and problems with admin settings; Lists Joomla versions and related vulnerabilities, similar for individual components; Contains more than 1000 exploits for Joomla components; The output of final reports in text and HTML-formats. WPScan WPScan - a tool for scanning sites on WordPress, has in its arsenal vulnerabilities for the WordPress engine itself, as well as for some plugins. Pros: Able to list not only unsafe WordPress plugins and themes, but also to get a list of users and TimThumb files; Can conduct brute force attacks on WordPress sites. Minuses: Without the appropriate settings conducts an incomplete set of checks, which can be misleading. In general, different people prefer different tools for work: they are all good in their own way, and what one person liked, may not suit another. If you think that we have undeservedly bypassed some good utility, write about it in the comments! +43 3748 +43 11.3k374 20 Karma 56,8 Rating @forkyforky User 6 subscribers Share publication Comments 8 Открой дропшиппингмагазинДропшиппинг сотрудничество. Открывай свой магазин с популярными товарами у нас!Дропшиппинг сотрудничество. Открывай свой магазин с популярными товарами у нас!azimut-shop17.tkПерейтиЯндекс.Директ RELATED PUBLICATIONS December 30, 2015 Security of web resources of banks of Russia August 24, 2015 SCADA and mobile phones: safety assessment of applications that turn a smartphone into a plant control panel September 24, 2013 Information security in Australia, and why pentest there is no longer a cake POPULAR PER DAY yesterday at 10:10 Akihabara: Otaku nesting site yesterday at 01:22 PHP Digest number 157 (May 20 - June 3, 2019) yesterday at 14:22 GandCrab authors stop working: they claim they stole enough 2 June About the engineering approach I put in a word yesterday at 14:24 How we made a safe deal for freelance: give a choice, cut features, compare commissions Language settings Full version 2006-2019 © « TM »
  35. 1 point
    Ceva nou: hackyard. Ceva etic: hackpedia Ceva bun: RST Comparati si voi. Cam asta imi placea aici, partea de blackhat. Asa inveti mult mai multe decat pe partea etica. Libertate. Partea cu parolele suna bine, o sa vad ce facem zilele astea, inca nu e totul gata. Si am mai multe idei.
  36. 0 points
    Da' cum bineinteles, uite aici am generat o invitatie, tot asa stiti, pus cu hidden sa nu se indexeze pe google @Dnmafiotu:
  37. 0 points
    Salut,as avea si eu nevoie de o invitatie va rog
  38. 0 points
    Vreau sa inchid contul pe Romanian Security Team Security, cum procedez?
  39. 0 points
    Hai ca incerc eu. Din moment ce n-ai mentionat limbaju', o sa aleg Brainfuck: ++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>>++++++++++++.++.---------.+++++.++++++.<<++++++++++.------.>+++++++.>-------------------.+++++++++++++++++.+.<<--.>>.----------.<<.>>---.-----.<<+++++++++++++.>>+++++++++++++++++++.-----------.<<-------------.>>+++++++++++.---------------.++++++++.--------.+++++++.-------.<<.>>++++++++++++++.----------.+++++.-------.++++++++++++++.---.<<.>>---------------.--.<<.>>+++.---.++.--.<<.>>+++++++++++++.+++++++.<<.>>+.-----------------.++++.<<.>>++++.++++++++.---.---------.<<.>>+++++++.++.---.++++.+.<<++++++++++++++.--------------.>++++++++++++++++++.>++++++++.<.<.>------------------.>-------.------------.----.<<++.+++++++.
  40. 0 points
    Recomand xda cum a zis QKQL cauta un tutorial cu reviews pozitive ca daca il faci gresit root-u o sa stai 2-3-4 zile poate sa il faci inapoi ^^
  41. -1 points
    salut,am mare nevoie de o invitatie pe filelist .mersi anticipat
  42. -1 points
    logic cum ai vrea sa traduc ,,handshake" daca vrei pun si handshake
  43. -1 points
    daca vrei pun si in engleza dar este un forum in romana si app articolul a fost facut de mine in engleza nu trebuie sa judeci o carte dupa coperta
  44. -1 points
    si 2...ce plm e asta? https://8ez.com/8xs kali download? kali Linux sistem de operare pentru hacking
  45. -1 points
    pentru ca asa vreau eu
  46. -1 points
    În acest post vă voi învăța un mod de hacking Wi-Fi FĂRĂ folosirea tehnicilor de forță brută! Există o mulțime de cerințe prealabile necesare cu terminologia și, vă rog, nu uitați, acest lucru nu va funcționa, deoarece nu toți oamenii sunt suficient de nebuni să se încadreze în acest sens. Cu toate acestea, cel mai probabil va funcționa, așa că vă rugăm să nu vă puneți în dificultate și nu sunt responsabil pentru nimic ce faceți! Luați acest post ca cunoștințe În primul rând, veți avea nevoie de o Mașină Virtuală sau un computer care rulează orice tip de Linux, de preferință Kali Linux: Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution După ce aveți asta, continuați să descărcați instrumentul: jefuitor Deci, înainte de a începe, vă voi explica cum funcționează acest instrument: • Scanați rețelele. • Capturați o strângere de mână (nu poate fi utilizată fără o strângere de mână validă, este necesar să verificați parola) • Utilizați interfața WEB • Lansați o instanță FakeAP pentru a imita punctul de acces inițial â € ¢ Procesează un proces MDK3, care deutentifică toți utilizatorii conectați la rețeaua țintă, astfel încât aceștia pot fi ademeniți să se conecteze la Fake-AP și să introducă parola WPA. • Un server DNS fals este lansat pentru a capta toate cererile DNS și redirecționarea acestora către gazda care rulează scriptul • Un portal captiv este lansat pentru a servi o pagină, ceea ce îi solicită utilizatorului să introducă parola WPA • Fiecare parolă trimisă este verificată de strângerea de mână capturată mai devreme â € ¢ Atacul se va încheia automat, de îndată ce este trimisă o parolă corectă TLDR: Scanează Wi-Fi, captează un pachet care este folosit pentru autentificarea parolei, apoi creează un punct de acces Wi-Fi „Fake” care acționează ca cel original și îi aruncă simultan pe toți de pe rețeaua inițială. Acest lucru face ca oamenii să se alăture punctului dvs. de acces fals în loc de punctul de acces real. Apoi, atunci când vor accesa punctul tău wireless fals, vor fi întâmpinați cu un „login” care necesită să-și pună datele de autentificare Wi-Fi, care apoi sunt trimise la tine prin validarea pachetului de captare pe care l-ai luat la început. Acum aveți acces la rețeaua Wi-Fi! Acum, această tehnică nu este întotdeauna garantată să funcționeze, ci este o metodă de inginerie socială! (Trucuri persoane) Îți recomand să îți direcționezi mai întâi propria rețea pentru a juca cu ea și să o testezi mai întâi înainte de a o încerca pe țintă. -------------------------------------------------- ------------------------ Pasi ------------------------- -------------------------------------------------- - PASUL 1: https://i.imgur.com/C4xoWI3.png Selectați toate canalele pentru a căuta Wi-Fi PASUL 2: https://i.imgur.com/dZ18Wf4.png Găsiți-vă rețeaua Wi-Fi țintă PASUL 3: https://i.imgur.com/B4IIdBc.png Alegeți prima opțiune pentru conexiune medie și a doua pentru conexiune mai lentă PASUL 4: https://i.imgur.com/7n5KDw4.png PASUL 5: https://i.imgur.com/Ha5r0U1.png PASUL 6: https://i.imgur.com/ufJrNvs.png Alegeți ambele, vedeți care funcționează mai bine, încercați primul, apoi încercați mkdr3. (Ambele ar trebui să funcționeze bine) PASUL 7: https://i.imgur.com/U4uT8yR.png PASUL 8: după așteptarea 1-2 minute; https://i.imgur.com/Krk0Q2M.png PASUL 9: https://i.imgur.com/gpLXeHh.png Acesta este punctul din ghid, după care trebuie să vă alegeți interfața web. Spuneți că sunteți în Australia, un mare furnizor de internet este Telstra. Există câteva interfețe web premade disponibile pentru selecție. PASUL 10: https://i.imgur.com/Ege9NDL.png PASUL 11: https://i.imgur.com/3BG17cb.png PASUL 12: https://i.imgur.com/QZZdghc.png Iată cele două rețele, dintre care una inaccesibilă (cea reală) și a ta (cea falsă) PASUL 13: https://i.imgur.com/KVE7CJO.png Dacă reușește, ținta va introduce parola WPA pe site-ul fals, care apoi vă va fi redirecționat. PASUL 14: https://i.imgur.com/GUVFgyt.png Dacă are succes, această fereastră va apărea. Apoi, puteți prelua parola din folderul salvat din directorul dvs. / root / .. Eu am fost JJ4TheHack...probabil am fost de folos
  47. -1 points
    Da, un milog este o persoana care se milogeste, care cere anumite beneficii in schimbul a NIMIC. Adica, si un strain ar stii ce inseamna asta, fara sa cautr in Dex. Si acum sa revenim, tu ce faci aici? Produci ceva in urma cererii tale? Oferi ceva la schimb? Nu, doar ceri mila. Adica milog.
  48. -1 points
    Does anyone have Core Impact Pro?
  49. -2 points
    Daca poate sa imi dea si mie cnv un cod de FileList va rog
×
×
  • Create New...