Leaderboard

XSS Reflected - api.office.com = 500$. XSS Reflected - [*].live.com = 1.200$ recompensa. Aceasta problema necesita interactiunea utilizatorului.

Am dezvoltat o aplicatie pentru hackeri, dar nu o pot publica deoarece ar afecta tot Internetul... ./nytro --exploit https://nasa.gov Hacking in progres... Got access to admin panel: admin : WeWereNotReallyOnTheMoon@Fake Got root! ssh root@nasa.gov... root@nasa.gov:/ ./nytro --hack-facebook https://facebook.com/profile/MarkZukuBergu Hacking in progress... Got account password: IAmZaBossOfZaMoney2020 ./nytro --hack-my-firend Gigel Hacking in progress... Finding home address: Str. Tuicii, Nr. 2, Casa 3 Finding naked pictures... Holy shit, you don't want to see them... Este foarte periculoasa. Desi unii nu o sa creada, este mai pericoloasa chiar si decat Coailii v10.

Prezent

Daca venea si cerea o invitatie filelist era mai bine? Bravo, man. Continua tot asa, e un inceput totusi! Daca ai nevoie de idei de proiecte cu complexitate mica da mi un mesaj si unde nu sti te ajut cu placere.

Cred ca aceasta unealta m-ar ajuta sa dau lovitura de gratie alora de la NASA si jplului mortilor mamelor lor ca au vrut sa ma bage la bulau pentru el. Am incercat Coailii dar e nevoie de ceva mai puternic. As dori sa colaboram.

ma baieti, am intrat cu vpn de China, Japonia, am buchisit pe acolo stirile, Stirea e pentru prosti, si e veche de prin 2017 mureau toti din emisiunea Asia Express, Pepe, Capatos, Maruta.. cameramani producatori pana acum, ah.. si toti care va imbracati din Dragonul Rosu (Bucuresti) Cius, avezi grije

In sfarsit un post demn de Fun stuff.

Una dintre aplicaţiile preinstalate pe telefoanele Samsung, descoperită trimiţând datele utilizatorilor unei companii chinezeşti Aurelian Mihai - 7 Feb 2020 Problemele pentru Samsung au apărut după ce o investigaţie a arătat că funcţia de curăţare a spaţiului de stocare de fişiere nedorite este implementată cu ajutorul unui software furnizat de o companie din China cu reputaţie dubioasă, Qihoo 360, cunoscută pentru practicile abuzive de colectare a datelor despre utilizatori, cu scopul vânzării acestora către companii de publicitate. În mod predictibil, vestea nu a fost bine primită de comunitatea Android, iar clarificările oferite de Samsung, cum că întreg procesul de scanare şi înlăturare a fişierelor junk este gestionat pe dispozitiv iar pe serverele Qihoo sunt încărcate doar informaţii generice, nu a mulţumit pe toată lumea. Pentru a elimina orice îndoieli rămase, Samsung a mers mai departe creând o actualizare de Android 10 care înlătură software-ul furnizat de Qihoo 360 de pe dispozitivele utilizatorilor, chiar dacă asta înseamnă şi dispariţia funcţiei respective din aplicaţia Device Care. Este de aşteptat ca Samsung să reintroducă funcţia de curăţare a fişierelor redundante cu o actualizare viitoare a aplicaţiei Device Care, folosind software dezvoltat de inginerii companiei sau comandat de la alt furnizor cu reputaţie ceva mai bună. Sursa: https://www.go4it.ro/aplicatii/una-dintre-aplicatiile-preinstalate-pe-telefoanele-samsung-descoperita-trimitand-datele-utilizatorilor-unei-companii-chinezesti-18808744/

Un plugin de Wordpress poate permite atacatorilor să preia controlul site-urilor. Utilizatorii ar trebui să îl actualizeze imediat Cătălin Niţu - 4 Feb 2020 Dacă aveţi un site realizat pe platforma Wordpress, probabil că ar trebui să faceţi update cât mai rapid la unul dintre plugin-urile foarte populare, pe care s-ar putea să îl folosiţi. Este vorba despre Code Snippets, un plugin foarte util, care permite rularea de cod PHP fără a necesita editarea fişierului de funcţii din Wordpress. Problema a fost depistată de cercetători în securitate, care au descoperit că prin intermediul acestui plugin, poţi integra cod nesemnat care să permită atacatorilor să preia controlul site-ului. Din fericire, dezvoltatorii Code Snippets au rezolvat deja problema şi nu mai permit rularea de cod care necesită drepturi de administrator. Astfel, este de ajuns să intri în dashboard-ul Wordpress şi să cauţi secţiunea de actualizare, unde ar trebui să apară update-ul pentru Code Snippets. Pentru cei care preferă metoda manuală, este de ajuns să descarci Code Snippets în format .zip de pe site-ul oficial şi să îl instalezi manual tot din dashboard. Conform informaţiilor disponbile în acest moment, există mai mult de 200.000 de site-uri care folosesc acest plugin şi care pot fi vulnerabile la un astfel de atac. Totuşi, codul maliţios trebuie introdus manual de către administrator, deci pericolul nu este atât de iminent pentru toţi utilizatorii. Dacă nu aveţi posibilitatea de a face update prea curând, încercaţi în schimb să nu introduceţi cod PHP din surse care nu sunt de încredere, sau care nu ştiţi exact ce face, în acest plugin. Totuşi, vulnerabilităţile în platforma Wordpress şi în diverse plugin-uri populare nu sunt tocmai ieşite din comun. În trecut au fost realizate atacuri folosind un plugin pentru un formular de contact şi vulnerabilităţi care au fost corectate în timp. Este indicat să aveţi întotdeauna versiunea Wordpress la zi şi plugin-urile actualizate. Uneori însă, compatibilitatea dintre platformă şi plugin-uri se strică la update. Cel mai indicat este însă să folosiţi cât mai puţine plugin-uri complexe, pentru a asigura o viteză de încărcare mai mare. Sursa: https://www.go4it.ro/internet/un-plugin-de-wordpress-poate-permite-atacatorilor-sa-preia-controlul-site-urilor.-utilizatorii-ar-trebui-sa-il-actualizeze-imediat-18787594/?

Take a chill pill dude, era doar hiperbola si nu stii contextul. Am folosit-o pentru a sintetiza ceva plictisitor si lung in cateva fraze si pentru a sublinia faptul ca am nevoie de om priceput care chiar stie cu ce se mananca astea, no time wasters. Pentru ca am adus consultanti carora le-am dat bani grei si s-au impotmolit ca erau habarnisti si cu parere de rau m-au lasat cu ochii in soare. Se apucau sa dea search pe Google la unele intrebari ce li se puneau in p... mea. Si pe hartie au venit cu tona de experienta si recomandati de multi. P. S. - Nu ar fi angajat propriu-zis ci trebuie sa livreze ceva ca parte a unui contract de consultanta

Da a-m avut

Si eu sper.

Caut hackeri Ramnicu Vâlcea sau alte forumuri de hackeri românești

Salutare, ma numesc Cosmin, fost membru pe aceasta comunitate acum aproximativ 4-5 ani, dar din pacate nu reusesc sa-mi recuperez contul. Bine v-am gasit!

Salut, iti trimit de indata.

Mi s-a parut interesanta ideea. Software developers can accidentally leak sensitive information, particularly secret keys for third party services, across code hosting platforms such as GitHub, GitLab and BitBucket. https://shhgit.darkport.co.uk/

Daca... - mananci Cloud (Azure) si on-prem ADFS pe paine la micul dejun - te speli pe dinti pe sunetul de audio books cu Active Directory - apare poza ta in dictionar la definitia "Azure AD connectors, forests, domains guru" - ai firma platitoare de TVA ... da-mi un pm pentru un proiect de consultanta remote. Easy $$ daca indeplinesti criteriile de mai sus.

A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways. When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. Discovered by PerimeterX researcher Gal Weizman and tracked as CVE-2019-18426, the flaws specifically resided in WhatsApp Web, a browser version of the world's most popular messaging application that also powers its Electron-based cross-platform apps for desktop operating systems. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users. In the case when an unsuspecting victim views the malicious message over the browser, the flaw could have allowed attackers to execute arbitrary code in the context of WhatsApp's web domain. Whereas, when viewed through the vulnerable desktop application, the malicious code runs on the recipients' systems in the context of the vulnerable application. Moreover, the misconfigured content security policy on the WhatsApp web domain also allowed the researcher to load XSS payloads of any length using an iframe from a separate attacker-controlled website on the Internet. "If the CSP rules were well configured, the power gained by this XSS would have been much smaller. Being able to bypass the CSP configuration allows an attacker to steal valuable information from the victim, load external payloads easily, and much more," the researcher said. As shown in the screenshot above, Weizman demonstrated the remote file read attack over WhatsApp by accessing the content of the hosts file from a victim's computer. Besides this, the open-redirect flaw could have had also been used to manipulate URL banners, a preview of the domain WhatsApp displays to the recipients when they receive a message containing links, and trick users into falling for phishing attacks. Weizman responsibly reported these issues to the Facebook security team last year, who then patched the flaws, released an updated version of its desktop application, and also rewarded Weizman with $12,500 under the company's bug bounty program. Source: https://thehackernews.com/2020/02/hack-whatsapp-web.html

Desktop Goose Check me out on twitter at @samnchiet HONK HONK, HEAR YE. I have created a goose for your desktop. He'll nab your mouse, track mud on your screen... leave you a message, deliver you memes? Play video games with a desktop buddy who will attack you if you poke him. Fill out spreadsheets while your screen fills up with instances of Goose Notepad. STREAMERS/YOUTUBERS - DM me on twitter for a custom build, with AI written to be more antagonistic towards gameplay. This is not a final itch page - just trying to get something up so I can upload the project tonight! More information Download Download NowName your own price Click download now to get access to the following files: Desktop Goose v0.13 MB Sursa: https://samperson.itch.io/desktop-goose

Troubleshoothing with the Windows Sysinternals Tools - Microsoft

Niste tepari ordinari. Am cumparat un laptop lenovo ce teoretic trebuia sa suporte 16 gb ram ( https://i.imgur.com/VT2afiK.png ). Pun frumos placuta de 16gb, bluescreen. Deschid ticket, imi spun sa trimit produsul in garantie la Depanero, ceea ce si fac ( https://i.imgur.com/pjxrbRp.png ). La ticket mi-au raspuns dupa 2 luni si mi-au spus ca sunt nefericitul posesor unui laptop cu maximum 8gb de ram pentru ca nu se mai poate face retur (am depasit termenul de 14 zile). Iti urez faliment rapid, Tiberiu Pop (si multa muie)

28 Jan 20 Wawa Breach May Have Compromised More Than 30 Million Payment Cards In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. On the evening of Monday, Jan. 27, a popular fraud bazaar known as Joker’s Stash began selling card data from “a new huge nationwide breach” that purportedly includes more than 30 million card accounts issued by thousands of financial institutions across 40+ U.S. states. The fraud bazaar Joker’s Stash on Monday began selling some 30 million stolen payment card accounts that experts say have been tied back to a breach at Wawa in 2019. Two sources that work closely with financial institutions nationwide tell KrebsOnSecurity the new batch of cards that went on sale Monday evening — dubbed “BIGBADABOOM-III” by Joker’s Stash — map squarely back to cardholder purchases at Wawa. On Dec. 19, 2019, Wawa sent a notice to customers saying the company had discovered card-stealing malware installed on in-store payment processing systems and fuel dispensers at potentially all Wawa locations. Pennsylvania-based Wawa says it discovered the intrusion on Dec. 10 and contained the breach by Dec. 12, but that the malware was thought to have been installed more than nine months earlier, around March 4. The exposed information includes debit and credit card numbers, expiration dates, and cardholder names. Wawa said the breach did not expose personal identification numbers (PINs) or CVV records (the three-digit security code printed on the back of a payment card). A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019. “We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information,” Wawa said in a statement released to KrebsOnSecurity. “We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.” “We continue to encourage our customers to remain vigilant in reviewing charges on their payment card statements and to promptly report any unauthorized use to the bank or financial institution that issued their payment card by calling the number on the back of the card,” the statement continues. “Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges. In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges.” Gemini Advisory, a New York-based fraud intelligence company, said the biggest concentrations of stolen cards for sale in the BIGBADABOOM-III batch map back to Wawa customer card use in Florida and Pennsylvania, the two most populous states where Wawa operates. Wawa also has locations in Delaware, Maryland, Virginia and the District of Columbia. According to Gemini, Joker’s Stash has so far released only a small portion of the claimed 30 million. However, this is not an uncommon practice: Releasing too many stolen cards for sale at once tends to have the effect of depressing the overall price of stolen cards across the underground market. “Based on Gemini’s analysis, the initial set of bases linked to “BIGBADABOOM-III” consisted of nearly 100,000 records,” Gemini observed. “While the majority of those records were from US banks and were linked to US-based cardholders, some records also linked to cardholders from Latin America, Europe, and several Asian countries. Non-US-based cardholders likely fell victim to this breach when traveling to the United States and utilizing Wawa gas stations during the period of exposure.” Gemini’s director of research Stas Alforov stressed that some of the 30 million cards advertised for sale as part of this BIGBADABOOM batch may in fact be sourced from breaches at other retailers, something Joker’s Stash has been known to do in previous large batches. Gemini monitors multiple carding sites like Joker’s Stash. The company found the median price of U.S.-issued records in the new Joker’s Stash batch is currently $17, with some of the international records priced as high as $210 per card. “Apart from banks with a nationwide presence, only financial institutions along the East Coast had significant exposure,” Gemini concluded. Representatives from MasterCard did not respond to requests for comment. Visa declined to comment for this story, but pointed to a series of alerts it issued in November and December 2019 about cybercrime groups increasingly targeting fuel dispenser merchants. A number of recent high-profile nationwide card breaches at main street merchants have been linked to large numbers of cards for sale at Joker’s Stash, including breaches at supermarket chain Hy-Vee, restaurant chains Sonic, Buca di Beppo, Krystal, Moe’s, McAlister’s Deli, and Schlotzsky’s, retailers like Bebe Stores, and hospitality brands such as Hilton Hotels. Most card breaches at restaurants and other brick-and-mortar stores occur when cybercriminals manage to remotely install malicious software on the retailer’s card-processing systems. This type of point-of-sale malware is capable of copying data stored on a credit or debit card’s magnetic stripe when those cards are swiped at compromised payment terminals, and that data can then be used to create counterfeit copies of the cards. The United States is the last of the G20 nations to make the shift to more secure chip-based cards, which are far more expensive and difficult for criminals to counterfeit. Unfortunately, many merchants have not yet shifted to using chip-based card readers and still swipe their customers’ cards. According to stats released in November by Visa, more than 3.7 million merchant locations are now accepting chip cards. Visa says for merchants who have completed the chip upgrade, counterfeit fraud dollars dropped 81 percent in June 2019 compared to September 2015. This may help explain why card thieves increasingly are shifting their attention to compromising e-commerce merchants, a trend seen in virtually every country that has already made the switch to chip-based cards. Many filling stations are upgrading their pumps to include more cyber and physical security — such as end-to-end encryption of card data, custom locks and security cameras. In addition, newer pumps can accommodate more secure chip-based payment cards that are already in use and in some cases mandated by other G20 nations. But these upgrades are disruptive and expensive, and many fuel station owners are putting them off until it is absolutely necessary. Prior to late 2016, fuel station owners in the United States had until October 1, 2017 to install chip-capable readers at their pumps. Station owners that didn’t have chip-ready readers in place by then would have been on the hook to absorb 100 percent of the costs of fraud associated with transactions in which the customer presented a chip-based card yet was not asked or able to dip the chip. Yet in December 2016, Visa — by far the largest credit card network in the United States — delayed the requirements, saying fuel station owners would be given until October 1, 2020 to meet the liability shift deadline. Either way, Wawa could be facing steep fines for failing to protect customer card data traversing its internal payment card networks. In addition, at least one class action lawsuit has already been filed against the company. Finally, it’s important to note that even if all 30 million of the cards that Joker’s Stash is selling as part of this batch do in fact map back to Wawa locations, it’s highly unlikely that more than a small percentage of these cards will actually be purchased and used by fraudsters. In the 2013 megabreach at Target Corp., for example, fraudsters stole roughly 40 million cards but only ended up selling between one to three million of those cards. Source: https://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/

Multora ne lipseste timpul, dar incept de azi vom fi activi (again) in zona de VIP. Deci cine crede ca e suficient de bun incat sa aduca valoare dati-mi un PM si vedem ce putem face. Vom incepe prin a discuta chestii de bug bounty care nu le putem exploata si prin putin brainstorming, poate obtinem ceva. Am recreat grupul de VIPs, se pare ca nu il aveam pe aceasta platforma. Am sa incep sa dau VIP la membrii vechi + activi in BugBounty/Pentest. Momentan au VIP urmatorii: @SynTAX @0xStrait @Fi8sVrs @akkiliON @MrGrj Daca mai e cineva care e vechi pe aici si vrea sa participe sa-mi dea PM. Pentru cei noi, ma voi gandi la ceva teste pentru a putea fi acceptati ca si membri. P.S. Daca vi se pare o initiativa proasta de a reactiva asta va rog sa va abtineti si sa ne lasati sa ne facem damblaua. Mersi

Fa abonament pe netflix si ai filme, calitate, fara reclame fara nimic si e si legal. De ce ai sta pe semi-laba aia de sait?

Top 25 RCE Bug Bounty Reports The reports were disclosed through the HackerOne platform and were selected according to their upvotes, bounty, severity level, complexity, and uniqueness. #1 Title: Potential pre-auth RCE on Twitter VPN Company: Twitter Bounty: $20,160 Link: https://hackerone.com/reports/591295 #2 Title: RCE on Steam Client via buffer overflow in Server Info Company: Valve Bounty: $18,000 Link: https://hackerone.com/reports/470520 #3 Title: Struct type confusion RCE Company: Shopify Bounty: $18,000 Link: https://hackerone.com/reports/181879 #4 Title: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution Company: Valve Bounty: $12,500 Link: https://hackerone.com/reports/351014 #5 Title: Git flag injection — local file overwrite to remote code execution Company: GitLab Bounty: $12,000 Link: https://hackerone.com/reports/658013 #6 Title: Remote Code Execution on www.semrush.com/my_reports on Logo upload Company: SEMrush Bounty: $10,000 Link: https://hackerone.com/reports/403417 #7 Title: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message Company: Valve Bounty: $9,000 Link: https://hackerone.com/reports/631956 #8 Title: RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) Company: LocalTapiola Bounty: $6,800 Link: https://hackerone.com/reports/303061 #9 Title: Remote Code Execution at http://tw.corp.ubnt.com Company: Ubiquiti Inc. Bounty: $5,000 Link: https://hackerone.com/reports/269066 #10 Title: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability Company: Flash (IBB) Bounty: $5,000 Link: https://hackerone.com/reports/139879 #11 Title: RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` Company: Imgur Bounty: $5,000 Link: https://hackerone.com/reports/212696 #12 Title: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/ Company: Starbucks Bounty: $4,000 Link: https://hackerone.com/reports/502758 #13 Title: [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File Company: Mail.ru Bounty: $4,000 Link: https://hackerone.com/reports/683957 #14 Title: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice Company: Starbucks Bounty: $4,000 Link: https://hackerone.com/reports/592400 #15 Title: Attention! Remote Code Execution at http://wpt.ec2.shopify.com/ Company: Shopify Bounty: $3,000 Link: https://hackerone.com/reports/73567 #16 Title: Unchecked weapon id in WeaponList message parser on client leads to RCE Company: Valve Bounty: $3,000 Link: https://hackerone.com/reports/513154 #17 Title: Drupal 7 pre auth sql injection and remote code execution Company: The Internet Bug Bounty Program Bounty: $3,000 Link: https://hackerone.com/reports/31756 #18 Title: RCE via ssh:// URIs in multiple VCS Company: The Internet Bug Bounty Program Bounty: $3,000 Link: https://hackerone.com/reports/260005 #19 Title: Remote Code Execution on Git.imgur-dev.com Company: Imgur Bounty: $2,500 Link: https://hackerone.com/reports/206227 #20 Title: GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] Company: PHP (IBB) Bounty: $1,500 Link: https://hackerone.com/reports/198734 #21 Title: Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE Company: Lob Bounty: $1,500 Link: https://hackerone.com/reports/520717 #22 Title: Remote code execution using render :inline Company: Ruby on Rails Bounty: $1,500 Link: https://hackerone.com/reports/113928 #23 Title: RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage) Company: Ruby on Rails Bounty: $1,500 Link: https://hackerone.com/reports/473888 #24 Title: Remote code execution on rubygems.org Company: RubyGems Bounty: $1,500 Link: https://hackerone.com/reports/274990 #25 Title: WordPress SOME bug in plupload.flash.swf leading to RCE Company: Automattic Bounty: $1,337 Link: https://hackerone.com/reports/134738 Bonus: 10 Zero Dollars RCE Reports #1 Bonus Title: Read files on application server, leads to RCE Company: GitLab Bounty: $0 Link: https://hackerone.com/reports/178152 #2 Bonus Title: XXE in DoD website that may lead to RCE Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/227880 #3 Bonus Title: Remote Code Execution (RCE) in a DoD website Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/248116 #4 Bonus Title: Remote Unrestricted file Creation/Deletion and Possible RCE. Company: Twitter Bounty: $0 Link: https://hackerone.com/reports/191884 #5 Bonus Title: RCE on via CVE-2017–10271 Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/576887 #6 Bonus Title: Ability to access all user authentication tokens, leads to RCE Company: GitLab Bounty: $0 Link: https://hackerone.com/reports/158330 #7 Bonus Title: Remote Code Execution via Extract App Plugin Company: Nextcloud Bounty: $0 Link: https://hackerone.com/reports/546753 #8 Bonus Title: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/678496 #9 Bonus Title: Remote Code Execution in Rocket.Chat Desktop Company: Rocket.chat Bounty: $0 Link: https://hackerone.com/reports/276031 #10 Bonus Title: [npm-git-publish] RCE via insecure command formatting Company: Node.js third-party modules Bounty: $0 Link: https://hackerone.com/reports/730121 Source

https://thehelloworldprogram.com/python/python-game-rock-paper-scissors/ Nu vreau sa te descurajez, dar postezi si tu aici cand e ceva facut de tine, astfel incat sa ne uitam si noi peste cod si poate sa te ajutam cu solutii mai bune la ceea ce vrei sa faci. Pana atunci, ceea ce ai postat mai sus nu are nici o valoare pentru noi, nici macar pentru tine.

Da, insa conteaza foarte multe numele acelor subdomenii. Nu ar trebui sa fie out of scope, insa payout-ul ar trebui sa fie in functie de numele subdomeniului si riscul pe care il aduce.

A joint group of researchers from the Ruhr and New York Universities has developed a new attack method that makes it possible to impersonate a legitimate user on a mobile network. The technique, called IMP4GT (IMPersonation Attacks in 4G NeTworks), exploits a vulnerability in 4G LTE, namely, the lack of protection of the integrity of user data in LTE. At the time of connecting or activating subscriber equipment in the network, the network starts the authentication procedure and key agreement agreement AKA (Authentication and Key Agreement). The purpose of this procedure is the mutual authentication of the subscriber and the network and the development of the KASME intermediate key. In LTE networks, mutual authentication occurs on the control plane, however, on the user plane there is no verification of the integrity of user data, which an attacker can use to manipulate and redirect IP packets. In addition to the lack of integrity checking, the IMP4GT attack exploits the reflection mechanism in the IP stack of the mobile operating system. Specialists described two attack scenarios affecting the upstream and downstream channels of the network. In the first case, the attacker pretends to be a legitimate device on the network and can use any site disguised as a victim. In this case, all traffic generated by the attacker will be associated with the IP address of the victim. In the second case, the attacker can establish a TCP / IP connection with the phone and bypass any mechanism of the LTE network firewall (does not apply to protective mechanisms above the IP level). According to researchers, an attacker can impersonate a device or network at an IP level and send or receive IP packets under the guise of a stolen identity, but an attacker will not be able to access private e-mail accounts or instant messengers, make calls or crack TLS encryption. In addition, such an attack is quite difficult to implement, since it will require special skills and equipment, and the attacker himself must be close to the victim. Specialists will present more detailed information about the IMP4GT method at the NDSS Symposium 2020 conference, which will be held in San Diego in late February. Source: https://www.securitylab.ru/news/505155.php

1 Sunt o droaie de ele. Primedice si bitkong am incredere in ele ca am folosit si dat withdraw la multi btc fara probleme. Aveau ceva restrictii in EU dar vezi ca merge cu vpn de Ucraina, Georgia, etc. Poti seta riscul/payout dupa cum doresti, casa are doar 1% edge. Mai erau si ceva cazino-uri de bitcoin pe care jucam blackjack si Texas hold'em 😉 . Get rich or die tryin'

Pentru istoricii romani adevarati, va recomand cu caldura: https://web.archive.org/ ... lasati imaginile trecutului sa vorbeasca. https://web.archive.org/web/20100811013338/http://www.insecurity.ro/ https://web.archive.org/web/20100615223647/http://www.hellsoft.ro/board/ https://web.archive.org/web/20090629111418/http://www.hellsoft.ro:80/news.php

Mie imi place la android ca urla cand imi pun un certificat in users certificates, insa la tona de certificate din system nu sufla o vorbulita.

Tare. Ce am mai gasit: https://books.google.ro/books?id=U8VUaUiYohIC&pg=PA220&lpg=PA220&dq=crypto+ag+backdoor&source=bl&ots=_ZsWOLlTwp&sig=ACfU3U0Tfj1GP1jvKO9whpgEcIKNAQHNig&hl=en&sa=X&ved=2ahUKEwjZ6oXf9sznAhVRAxAIHUCnC0A4FBDoATAAegQIBhAE#v=onepage&q=crypto ag backdoor&f=false Si sursa carti aici: https://b-ok.cc/book/988008/d46f11 Cartea e din 2000 si gigelul ala care a scris-o a mentionat ceva de '95. Citez: 6.1.1. Privacy dangers n 1995, Der Spiegel and The Baltimore Sun reported that the NSA since 1957 had a secret deal with the Swiss cryptography company Crypto AG, under which Crypto AG built backdoor access into its encryption products; see Bam- ford [19, Chapter 8], Global Network Navigator [188], Strehle [364], the Bal- timore Sun [371], and Madsen [254]. 2000? 2020? WTF?!?!?!

Salut. Daca vrei un profesionist, poti apela cu incredere la @Gecko

Se supara ca datele ajung SI LA CHINA.

Nimic nou sub soare. https://www.oscar-tech.com/blog/2016/11/700-million-android-phones-secretly-sending-data-to-china Sunt convins ca si Huawei-ul meu face la fel. Insa citind cu atentie leakurile Wikileaks nici muricanii nu sunt mai prejos. Dar cum nu vreau sa ma intorc la Nokia 3310... compromit asa.

Researcher published details about a backdoor mechanism he found in HiSilicon chips, but he did not report it to the vendor due to the lack of trust in it. The Russian security expert Vladislav Yarmak has published technical details about a backdoor mechanism he discovered in HiSilicon chips. The backdoor mechanism could allow attackers to gain root shell access and full control of device. The expert also published a Proof of concept code for the vulnerability. The expert did not disclose the flaw to HiSilicon due to the lack of trust in the vendor to address the issue. HiSilicon is a Chinese fabless semiconductor company based in Shenzhen and owned by Huawei, it is the largest domestic designer of integrated circuits in China. HiSilicon is the largest domestic designer of integrated circuits in China, its chips are used by millions of IoT devices worldwide, including security cameras, DVRs, and NVRs. The presence of backdoor mechanisms in the HiSilicon chips was already documented by other experts in the past. More recent versions of the devices had access enabled with a static root can be recovered from with (relatively) little computation effort. More recent firmware versions had Telnet access and debug port (9527/tcp) disabled by default, but they had open port 9530/tcp that could be exploited by attackers to send a special command to start telnet daemon and enable shell access with a static password ([1], [2], [3]). Yarmak explained that it is possible to exploit the backdoor by sending a series of commands over TCP port 9530 to devices based on HiSilicon chips. The commands allow the attacker to enable the Telnet service on a flawed device, then the attacker could log in using one of the following six Telnet credentials, and gain access to a root account. Login Password root xmhdipc root klv123 root xc3511 root 123456 root jvbzd root hi3518 Below the backdoor activation process described by the expert: Client opens connection to port TCP port 9530 of device and sends string OpenTelnet:OpenOnce prepended with byte indicating total message length. This step is last for previous versions of backdoor. Probably telnetd was already started if there no response after this step. Server (device) anwers with string randNum:XXXXXXXX where XXXXXXXX is 8-digit random decimal number. Client uses it’s pre-shared key and constructs encryption key as concatenation of received random number and PSK. Client encrypts random number with encryption key and sends it after string randNum:. Entire message is prepended with byte indicating total length of message. Server loads same pre-shared key from file /mnt/custom/TelnetOEMPasswd or uses default key 2wj9fsa2 if file is missing. Server performs encryption of random number and verifies result is identical with string from client. On success server sends string verify:OK or verify:ERROR otherwise. Client encrypts string Telnet:OpenOnce, prepends it with total length byte, CMD: string and sends to server. Server extracts and decryptes received command. If decryption result is equal to string Telnet:OpenOnce it responds with Open:OK, enables debug port 9527 and starts telnet daemon. Yarmak pointed out that despite the presence of backdoor mechanism was reported by experts in the past, the vendor was not able to address them and only opted to disable the Telnet service. The bad news for the users is that currently even if no patch is available for the backdoor, the expert decided to publish a proof-of-concept (PoC) code. As mitigation, users are recommended to “completely restrict network access to these devices to trusted users.” According to the expert, there are dozens of brands and hundreds of model vulnerable to hack, he referred to previous research conducted by another researcher that listed some of the vulnerable brands. window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = “3121199”; try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”); }); } catch (error) {} Via

Cred ca si in aplicatiile de android poti gasi api keyuri. Stiu ca gasisem intr-o aplicatie un api key de la google care iti returna coordonatele geografice pe baza codului postal.

# Title: Sudo 1.8.25p - Buffer Overflow # Author: Joe Vennix # Software: Sudo # Versions: Sudo versions prior to 1.8.26 # CVE: CVE-2019-18634 # Reference: https://www.sudo.ws/alerts/pwfeedback.html # Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting # their password. For each key press, an asterisk is printed. This option was added in # response to user confusion over how the standard Password: prompt disables the echoing # of key presses. While pwfeedback is not enabled by default in the upstream version of sudo, # some systems, such as Linux Mint and Elementary OS, do enable it in their default sudoers files. # Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow. # This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled. The folowing sudoers configuration is vulnerable: $ sudo -l Matching Defaults entries for millert on linux-build: insults, pwfeedback, mail_badpass, mailerpath=/usr/sbin/sendmail User millert may run the following commands on linux-build: (ALL : ALL) ALL # Exploiting the bug does not require sudo permissions, merely that pwfeedback be enabled. # The bug can be reproduced by passing a large input to sudo via a pipe when it prompts for a password. $ perl -e 'print(("A" x 100 . "\x{00}") x 50)' | sudo -S id Password: Segmentation fault If pwfeedback is enabled in sudoers, the stack overflow may allow unprivileged users to escalate to the root account. # 0day.today [2020-02-05] # Source

Eu folosesc Kaspersky Security Cloud Free de pe vremea cand a aparut prima data varianta free de la ei, care se numea Free Antivirus... Si nu mi-e rusine sa recunosc ca m-a scos din cateva situatii, cu toate ca sunt vigilent si am experienta in domeniu... Mentalitatea asta ca nu ai nevoie de o solutie de securitate pe Windows, mai avansata decat Defender, mi se pare gresita. Nu exista solutie de securitate infailibila, dar sa ai un nivel de securitate cat de cat eu zic ca nu afecteaza cu nimic, mai ales pe un sistem cu resurse destule... Eu pe 2 sisteme, ambele cu 16gb ram, unul cu 4c/8t si altul cu 8c/16t nu simt ca programul ruleaza... Si din punct de vedere al cunoscatorilor, ca tot m-ai provocat, un malware care este rezident pe sistem, chiar daca e criptat si trece de detectia initiala, are toate sansele sa fie detectat de mecanismele behavioral blocker al solutiilor bune de securitate. Deci scanarea ta statica nu sta in picioare.

Povestea explicata e aici - https://www.techradar.com/uk/news/whats-the-truth-about-the-nordvpn-breach-heres-what-we-now-know Personal nu am fost afectat caci nu folosesc servere de Finlanda. Nu fac balarii dar platesc contul de Nord doar cu bitcoin (dat prin tumbler) si e inregistrat pe un mail.ru facut (printr-un onion) doar pentru acest scop. Da, il folosesc in continuare caci imi pare cea mai buna oferta din mai multe puncte de vedere: calitate-pret, numar de servere, aplicatia mobila, etc.

Exact asta fac cu NordVPN care imi reinnoiesc de BlackFriday pe cate 3 ani si apoi doar schimb regiunile si pot vedea ce continut am chef.

General Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601. The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory. The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory. Vulnerability explanation NSA description: NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities. Examples where validation of trust may be impacted include: HTTPS connections Signed files and emails Signed executable code launched as user-mode processes The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners. If you really want to deep dive in the cryptographic part and understand better the root cause of this vulnerability, Tal Be'ery published today a very didactic explanation: Tal Be'ery Medium BlogPost Part 1 Tal Be'ery Medium BlogPost Part 2 EXPLOIT Publicly available: YES PoC published the 2020-01-16 1208 AM GMT+1 (PoC1) Interesting nuggets: RSA 2048, use NIST P-384 (secp384r1) curve, 365 days default expire date. 1 Sample uploaded on VTI, seems related to the previous PoC, but no confirmation https://www.virustotal.com/gui/file/95597ed5ed579d4fe1e9a2177c29178038e4f837998bc058c94ede6ec55b7547/details Updated PoC (2020-01-16 1448) Updated include new nuggets: 10000 days default expire date, now abuse CA: "Microsoft ECC Product Root Certificate Authority 2018", still use NIST P-384 (secp384r1) curve, added a mark in the end "Signed by ollypwn" PoC published the 2020-01-16 1214 AM GMT+1 [PoC2] Interesting nuggets: default serial number = 0x5c8b99c55a94c5d27156decd8980cc26, use NIST P-384 (secp384r1) curve, 500 days default expire date, configured to abuse USERTrust ECC Certification Authority, some others hardcoded information but could be changed easily, C = CH, ST = Vaud, L = Lausanne, O = Kudelski Security, CN = 85.184.255.36. Privately available: YES (Around 10 private PoC) In The Wild Exploitation: YES Source : https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d