Jump to content


Popular Content

Showing content with the highest reputation since 09/24/08 in all areas

  1. 14 points
    Putin whistle-blowing...share, comment & distribute Vad ca inaptii tac ca "porcul in papusoi" despre treaba asta asa ca postez aici: se pare ca au fost hackuiti si tac in privinta asta. Am aplicatia eBay pe telefon si Sambata dimineata (aproximativ ora 8.30) primesc o notificare de la app ca produsul meu s-a vandut. Nu aveam nimic postat de vanzare si nu folosisem pana atunci eBay-ul de vreo 1-2 luni. A trebuit sa astept pana la 9am sa vorbesc cu cineva de la support si tipa cica "da, stim ca sunt ceva hackeri care fac chestia asta insa se pare a fi automata". A verificat adresa de IP de unde s-a postat produsul si era de Hong Kong. Ce-i mai nasol e ca sunt foarte discreti in treburile astea - nu am primit nici o notificare referitor la schimbarea parolei, ca a fost postat un item nou, ca am vandut ceva nimic - de obicei primesc toate astea prin mail. Daca nu aveam aplicatia pe telefon nu aflam poate nimic, poate doar cand era prea tarziu. Si tipa de la eBay support cica "da, stim ca fac chestia asta, dar nu stim inca cum o fac, se pare a fi un bot care face tranzactii multe si marunte", etc. And the English version - eBay have been hacked and they seem to be keeping quiet about it. I have the eBay app on my phone and on Saturday morning (approx 8.30am) I get a notification from the app that my item has been sold. I did not have any item on sale and have not been using eBay for the past 1-2 months. I had to wait until 9am to ring their support and they were like "yeah, we know there's some hackers who are doing this, seems to be automated". And they checked the IP address from where the listing was made and it was from Hong Kong. But what's more worrying is the stealth with which they've done this - I had no notification of my account changing password, had no notification that an item has been posted for sale, etc. If I wouldn't have had the app on my phone, I would have probably not found about it until too late. And the lady on eBay support on the phone was like "yeah, we know about this, but we don't know how they're doing it, seems to be some bot as they're doing loads of small value transactions", etc.
  2. 13 points
    Daca aveti nevoie sa schimbati domeniul pentru un wordpress sau sa schimbati protocolul (din http in https), trebuie sa actualizati toate link-urile prezente in baza de date, atat de la posturi cat si cele de la optiuni. Operatiunea este foarte simpla si aveti nevoie doar de acces MySQL. Puteti utiliza atat CLI cat si phpMyAdmin. Exemplu: update wp_options set option_value = replace(option_value, 'http://rstforums.com', 'https://rstforums.com') WHERE option_name = 'home' OR option_name = 'siteurl'; update wp_posts set guid = replace(guid, 'http://rstforums.com', 'https://rstforums.com'); update wp_posts set post_content = replace(post_content, 'http://rstforums.com', 'https://rstforums.com'); update wp_postmeta set meta_value = replace(meta_value, 'http://rstforums.com', 'https://rstforums.com'); Note: - In exemplul de mai sus domeniul vechi este rstforums.com pe http iar domeniul nou este rstforums.com pe https. - Exemplul este valabil si daca schimbati numele de domeniu, nu doar protocolul - Nu se adauga slash-ul de final dupa numele domeniului. - 'wp_' din numele tabelelor reprezinta prefixul. Este posibil sa aveti wordpress instalat cu alt prefix. In fisierul de configuratie "wp-config.php" puteti vedea prefixul la "$table_prefix" sau direct in mysql.
  3. 10 points
    1- Web Application Penetration Testing eXtreme (eWPTX ) ---------------------------------------------------- 03. Website_cloning.mp4 03. From_An_XSS_To_A_SQL_Injection.mp4 03. Keylogging.mp4 09. Advanced XXE Exploitation.MP4 07. Advanced_SecondOrder_SQL_Injection_Exploitation.mp4 05. Advanced_XSRF_Exploitation_part_i.mp4 06. Advanced_XSRF_Exploitation_part_ii.mp4 09. Advanced_Xpath_Exploitation.mp4 WAPTx sec 9.pdf WAPTx sec 8.pdf WAPTx sec 2.pdf WAPTx sec 3.pdf WAPTx sec 5.pdf WAPTx sec 6.pdf WAPTx sec 4.pdf WAPTx sec 7.pdf WAPTx sec 1.pdf 2- Penetration Testing Professional (ePTPv3) 3- Web Application Penetration Testing (eWAPT v2) ---------------------------------------------------- Penetration Testing Process Introduction Information Gathering Cross Site Scripting SQL Injection Authentication and Authorization Session Security HTML5 File and Resources Attacks Other Attacks Web Services XPath https://mega.nz/#!484ByQRa!N7-wnQ3t5pMCavOvzh8-xMiMKSD2RARozRM99v17-8I Pass: P8@Hu%vbg_&{}/2)p+4T Sursa:
  4. 10 points
    Am facut un mic update la MultiEncoder.com (fostul Krypton). Interfata e schimbata si a fost rescris cu Vue in loc de jQuery. Ar trebui sa performeze mai bine la string-uri mari. Codul sursa se poate gasi pe GitHub, aici. https://multiencoder.com/#rst+powa Anuntati-ma daca gasiti bug-uri sau sugestii.
  5. 10 points
    Salut forum, as vrea sa adaugam niste linkuri de la Mega cu orice cursuri SANS (sau altele) pe care le mai gasiti pe net. O sa incep eu. Pentester Academy Abusing SQL Server Trusts in a Windows domain: https://mega.nz/#F!jjpmASIS!VTc_8DjGuExZBDv4E8-SwA SANS 642: https://mega.nz/#F!enwXQSib!uzuCIvly6E9t8cx8J1pN2Q!miAVhDKZ https://mega.nz/#F!enwXQSib!uzuCIvly6E9t8cx8J1pN2Q SANS SEC560 - 2017: https://mega.nz/#F!tO4TQbga!OvStyzKmOta6MEcZmesP7w SANS 555: https://mega.nz/#F!7KZw2AhR!hE-yr2rrxjRxpHgpt8pRGg SANS 760 vm: https://mega.nz/#!3QpCkDQA!qP24XpGeNGZ3_5EBaUULm2F23jyVbYuwP_0JDk097ts Pentester Academy cursuri: https://mega.nz/#F!2zZXwTzI!4wVK8DOAD-Dj8vsccvoKPg https://mega.nz/#F!CewXwASZ!SrQJtaL0MM9f8CqbvcqZGg Luati si adaugati cat sunt calde!
  6. 10 points
    Lamultzani! http://rstelion.cf/
  7. 10 points
    Iar mizeria asta ma oamenilor? - https://rstforums.com/forum/topic/109240-carti-alex-david/ - https://rstforums.com/forum/topic/107863-ghid-cum-sa-ti-recastigi-iubita-de-alex-david/ - https://rstforums.com/forum/topic/102896-carti-de-la-alex-david/ - https://rstforums.com/forum/topic/95847-caut-carte-de-alex-david/ - https://rstforums.com/forum/topic/81112-are-cineva-cartea-cum-să-vorbeşti-cu-o-femeie-alex-david/ - https://rstforums.com/forum/topic/92201-cerere-carti-sarut-o-si-stai-drept/ - https://rstforums.com/forum/topic/89336-cerere-carte-cum-sa-vorbesti-cu-o-femeie/ Daca te uiti pe google si cauti "Alex David carte site:rstforums.com" te ingrozesti. E simplu, vorbesti frumos. DON'T BE A DICK. Si sa-i dai limbi! :))))))
  8. 10 points
    Vezi pe https://gloryholefoundation.com/ddosforce
  9. 9 points
    What is XSS Fuzzer? XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. Why? XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features Example In order to fuzz, it is required to create placeholders, for example: The [TAG] placeholder with fuzzing list img svg. The [EVENT] placeholder with fuzzing list onerror onload. The [ATTR] placeholder with fuzzing list src value. The payloads will use the mentioned placeholders, such as: <[TAG] [ATTR]=Something [EVENT]=[SAVE_PAYLOAD] /> The [SAVE_PAYLOAD] placeholder will be replaced with JavaScript code such as alert(unescape('[PAYLOAD]'));. This code is triggered when an XSS payload is successfully executed. The result for the mentioned fuzzing lists and payload will be the following: <img src=Something onerror=alert(unescape('%3Cimg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img value=Something onerror=alert(unescape('%3Cimg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img src=Something onload=alert(unescape('%3Cimg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img value=Something onload=alert(unescape('%3Cimg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg src=Something onerror=alert(unescape('%3Csvg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg value=Something onerror=alert(unescape('%3Csvg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg src=Something onload=alert(unescape('%3Csvg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg value=Something onload=alert(unescape('%3Csvg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> When it is executed in a browser such as Mozilla Firefox, it will alert the executed payloads: <svg src=Something onload=[SAVE_PAYLOAD] /> <svg value=Something onload=[SAVE_PAYLOAD] /> <img src=Something onerror=[SAVE_PAYLOAD] /> Sending requests It is possible to use a page vulnerable to XSS for different tests, such as bypasses for the browser XSS Auditor. The page can receive a GET or POST parameter called payload and will just display its unescaped value. Contact The application is in beta state so it might have bugs. If you would like to report a bug or provide a suggestion, you can use the GitHub repository or you can send me an email to contact [a] xssfuzzer.com. Link: https://xssfuzzer.com/
  10. 9 points
  11. 9 points
    Salutare Guys, Cum se mai intampla sa te plictisesti in concediu, am facut azi, un script in python cu care poti descarca melodii de pe Tidal (https://tidal.com). Tidal este un serviciu de streaming online asemanator Spotify, doar ca are o calitate net superioara: HI-FI - 44.1 kHz/16 bit flac si mp4 si Master - 96 kHz/24 bit (MQA) - flac . Daca ai niste scule decente (fie ca e vorba de casti sau un sistem) e must have! Povestea a inceput de la nevoia de a descarca niste melodii pentru a le asculta offline, si cum nu am gasit nimic functional, am decis sa scriu eu aceasta aplicatie. Si m-am gandit sa impartasesc cu voi! Dependinte (e posibil sa imi fi scapat cateva): pip install tidalapi Unidecode ffmpeg - trebuie sa fie in system path Testand jucaria am gasit un bug in tidalapi: in cazul in care o melodie nu are relese date, va crapa, este un caz extrem de rar, si se intampla inspecial la unele melodii vechi. Daca iti place doar muzica noua si foarte comerciala cu siguranta nu ai neaparat nevoie de acest fix. # fix in tidalapi: # edit __init__.py # from line 224 # change: # if 'releaseDate' in json_obj: # try: # kwargs['release_date'] = datetime.datetime(*map(int, json_obj['releaseDate'].split('-'))) # except ValueError: # pass # return Album(**kwargs) # with: # if 'releaseDate' in json_obj: # if json_obj['releaseDate'] is None: # json_obj['releaseDate'] = '2008-10-14' # try: # kwargs['release_date'] = datetime.datetime(*map(int, json_obj['releaseDate'].split('-'))) # except ValueError: # pass # return Album(**kwargs) Salvati codul intr-un fisier .py, si rulati-l. Apropo, caile catre fisierele salvate/creerea de directoare este hardcodata in format *nix, deci nu va asteptati sa va mearga pe windoza fara mici finisaje. Este scris si testat in Python 2,7 (defaultul la macOS Majave) dar am cautat sa il tin compatibil si cu Python 3.x (sper ca mi-a iesit). # -*- coding: utf-8 -*- # RST Tidal MP4 Downloader by Cheater v1.0 (https://rstforums.com) # All tracks will be download in PCM (MPEG AAC Audio coded, MP4A) at 44100 Hz/16 bits, 320 kbps and stored in MP4 container # requirements: # pip install tidalapi Unidecode # ffmpeg # tidalapi has a bug, so if some album/playlist contains one song with no date, it will exit, this is very rare, however, there is some workaround. # fix in tidalapi: # edit __init__.py # from line 224 # change: # if 'releaseDate' in json_obj: # try: # kwargs['release_date'] = datetime.datetime(*map(int, json_obj['releaseDate'].split('-'))) # except ValueError: # pass # return Album(**kwargs) # with: # if 'releaseDate' in json_obj: # if json_obj['releaseDate'] is None: # json_obj['releaseDate'] = '2008-10-14' # try: # kwargs['release_date'] = datetime.datetime(*map(int, json_obj['releaseDate'].split('-'))) # except ValueError: # pass # return Album(**kwargs) import tidalapi import os import subprocess import errno import shlex from aigpy.cmdHelper import myinput from subprocess import Popen, PIPE, STDOUT from random import randint from time import sleep import unidecode # compatibility workaround for py27/py3 try: from subprocess import DEVNULL # py3k except ImportError: import os DEVNULL = open(os.devnull, 'wb') # fill this with your tidal user and pass tidalUser = '' tidalPass = '' cwd = os.getcwd() config = tidalapi.Config() # using HIGH quality in order to get mp4's unencrypted url instead of enctyped flac config.quality = 'HIGH' session = tidalapi.Session(config) session.login(tidalUser, tidalPass) def getTidalTrackUrl(track_id): try: url = session.get_media_url(track_id) return url except: # in case we need to retry we add a random sleep, in order to worckaround bot detection sleep(randint(1,10)) print('Tidal responds with 401. Retrying track url discovery for track id: ' + str(track_id)) generatePlaylistTrackUrl(track_id) def downloadAlbum(): while True: print("----------------ALBUM------------------") sID = myinput("Enter AlbumID(Enter '0' go back) :") if sID == '0': return tracks = session.get_album_tracks(album_id=sID) queue = [] for track in tracks: trackNo = str(tracks.index(track) + 1) # don't try to download unavailable track, it will fail if track.available is False: continue # replace utf-8 diacritics with ascii equivalent, and cleanup " and ' from album/artist/track name trackName = unidecode.unidecode(track.name).replace('"', '').replace("'", "") artistName = unidecode.unidecode(track.artist.name).replace('"', '').replace("'", "") albumName = unidecode.unidecode(track.album.name).replace('"', '').replace("'", "") print('Adding to queue: ' + artistName + ' - ' + albumName + ' - ' + trackNo + '.' + trackName) # create dw directory and subdirs if it not exits if not os.path.exists(cwd + '/tidalDownloaded/' + albumName): os.makedirs(cwd + '/tidalDownloaded/' + albumName) cmd = 'ffmpeg -y -i "rtmp://' + getTidalTrackUrl(track.id) + '" -acodec copy "' + cwd + '/tidalDownloaded/' + albumName + '/' + trackNo + '.' + artistName + ' - ' + trackName + '.mp4"' queue.append(cmd) print('All track has been added to queue successfully. Download begins....') processes = [] for cmd in queue: p = subprocess.Popen(shlex.split(cmd), shell=False, universal_newlines=True, stdout=DEVNULL, stderr=subprocess.STDOUT) processes.append(p) print('All tracks download is in progress. Please wait....') # wait for all started ffmpeg processes to be finished for p in processes: if p.wait() != 0: print("There was an error") print("Finished. All tracks has been download successfully!") return True def downloadPlaylist(): while True: print("----------------PlayList------------------") sID = myinput("Enter PlayList(Enter '0' go back) :") if sID == '0': return playlist = session.get_playlist(playlist_id=sID) tracks = session.get_playlist_tracks(playlist_id=sID) queue = [] for track in tracks: trackNo = str(tracks.index(track) + 1) # don't try to download unavailable track, it will fail if track.available is False: continue # replace utf-8 diacritics with ascii equivalent, and cleanup " and ' from playlist/artist/track name playlistName = unidecode.unidecode(playlist.name).replace('"', '').replace("'", "") trackName = unidecode.unidecode(track.name).replace('"', '').replace("'", "") artistName = unidecode.unidecode(track.artist.name).replace('"', '').replace("'", "") print('Adding to queue: ' + playlistName + ' - ' + trackNo + '.' + artistName + ' - ' + trackName) # create dw directory and subdirs if it not exits if not os.path.exists(cwd + '/tidalDownloaded/' + playlistName): os.makedirs(cwd + '/tidalDownloaded/' + playlistName) cmd = 'ffmpeg -y -i "rtmp://' + getTidalTrackUrl(track.id) + '" -acodec copy "' + cwd + '/tidalDownloaded/' + playlistName + '/' + trackNo + '.' + artistName + ' - ' + trackName + '.mp4"' queue.append(cmd) print('All track has been added to queue successfully. Download begins....') processes = [] for cmd in queue: p = subprocess.Popen(shlex.split(cmd), shell=False, universal_newlines=True, stdout=DEVNULL, stderr=subprocess.STDOUT) processes.append(p) print('All tracks download is in progress. Please wait....') # wait for all started ffmpeg processes to be finished for p in processes: if p.wait() != 0: print("There was an error") print("Finished. All tracks has been download successfully!") return True while True: print(" RST Tidal MP4 Downloader by Cheater v1.0 (https://rstforums.com)") print("=====================Choice=========================") print(" Enter '0' : Exit") print(" Enter '1' : Download Album.") print(" Enter '2' : Download PlayList.") print("====================================================") print("All tracks will be download in PCM (MPEG AAC Audio coded, MP4A) at 44100 Hz/16 bits, 320 kbps and stored in MP4 container") choice = myinput("Choice:") if choice == '0': quit() elif choice == '1': downloadAlbum() elif choice == '2': downloadPlaylist() Ce stie sa faca? 1. Poti descarca un album 2. Poti descarca un playlist 3. Adauga melodiile intr-o coada, si le descarca simultan pentru a scurta timpul de asteptare semnificativ. Daca aveti intrebari sau nu va descurcati puteti scrie aici, si va voi ajuta in limita timpului disponibil (adica sper sa nu fie nevoie :))) ). PS: Fiti blanzi cu code review, sunt programator si python nu este specialitatea mea, este al 2-lea script scris in python si prima interactiune am avut-o in decembrie. PS2: Distractie si La multi ani! PS3: Feel free to improve it! Later: Am gasit un tool functional de download scris de altcineva (daca il gaseam mai repede probabil ca nu il mai scriam eu pe asta, deci nu e neaparat bine): https://github.com/redsudo/RedSea acest tool spre deosebire de ce am scris eu, stie de si decripteze flacurile, astfel poate descarca inclusiv MQA de 92k / 24bit (cea mai intalta calitate disponibila pe tidal), si flac 44.1k / 16bit cu un bitrate de 1.411 kbps. Decriptarea nu e rocket sience, dar cu siguranta a fost nevoie de un reverse engineering serios pentru aflarea algoritmului si key de criptare (AES cu key binara, tinuta in base64 in cod).
  12. 8 points
    Over the past couple of weeks I’ve been doing a lot of CTFs (Capture the Flag) - old and new. And I honestly can’t believe what I’ve been missing out on. I’ve learned so much during this time by just playing the CTFs, reading write-ups, and even watching the solutions on YouTube. This allowed me to realize how much I still don’t know, and allowed me to see where the gaps in my knowledge were. One of the CTFs that was particularly interesting to me was the Google CTF. The reason why I really liked Google’s CTF was because it allowed for both beginners and experts to take part, and even allowed people new to CTF’s to try their hands at some security challenges. I opted to go for the beginner challenges to see where my skill level really was at - and although it was “mostly” easy, there were still some challenges that had me banging my head on the desk and Googling like a mad man. Even though the Google CTF was over and solutions were online, I avoided them at all costs because I wanted to learn the “hard way”. These beginner challenges were presented in a “Quest” style with a scenario similar to a real world penetration test. Such a scenario is awesome for those who want to sharpen their skills, learn something new about CTFs and security, while also allowing them to see a real world value and impact. Now, some of you might be wondering… “How much do I need to know or learn to be able to do a CTF?” or “How hard are CTFs? Truth be told, it depends. Some CTFs can be way more complex than other, such as DEFCON’s CTF and even Google’s CTF can be quite complex and complicated - but not impossible! It solely depends on your area of expertise. There are many CTF teams that have people who specialize in Code Review and Web Apps and can do Web Challenges with their eyes closed, but give them a binary and they won’t know there difference between the EIP and ESP. The same goes for others! Sure, there are people who are the “Jack of All Trades” and can do pretty much anything, but that doesn’t make them an expert in everything. After reading this, you might be asking me - But I’ve never done a CTF before! How do I know if I’m ready to attempt one? Honestly, you’ll never be ready! There will always be something new to learn, something new you have never seen before, or something challenging that pushes the limits of your knowledge, even as an expert! That’s the whole point of CTFs. But, there are resources that can help you get started! Let’s start by explaining what a CTF really is! CTF Time does a good job at explaining the basics, so I’m just going to quote them (with some “minor” editing)! Capture the Flag (CTF) is a special kind of information security competitions. There are three common types of CTFs: Jeopardy, Attack-Defense and mixed. Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary, PWN or something else. Teams compete against each other and gain points for every solved task. The more points for a task, the more complicated the task. Usually certain tasks appear in chains, and can only be opened after someone on the team solves the previous task. Once the competition is over, the team with the highest amount of points, wins! Attack-defense is another interesting type of competition. Here every team has their own network (or only one host) with vulnerable services. Your team has time for patching and usually has time for developing exploits against these services. Once completed, organizers connects participants of the competition to a single network and the wargame starts! Your goal is to protect your own services for defense points and to hack your opponents for attack points. Some of you might know this CTF if you ever competed in the CCDC. Mixed competitions may contain many possible formats. They might be a mix of challenges with attack/defense. We usually don’t see much of these. Such CTF games often touch on many other aspects of security such as cryptography, steganography, binary analysis, reverse engineering, web and mobile security and more. Good teams generally have strong skills and experience in all these issues, or contain players who are well versed in certain areas. LiveOverflow also has an awesome video explaining CTFs along with examples on each aspect - see below! Overall, CTFs are time games where hackers compete agasint eachother (either in teams or alone) to find bugs and solve puzzles to find “flags” which count for points. The team with the most points at the end of the CTF is the winner! Now that we have a general idea of what a CTF is and what it contains, let’s learn how we can get started in playing CTFs! Once again, LiveOverflow has an amazing video explaining why CTF’s are a great way to learn hacking. This video was a live recording of his FSEC 2017 talk that aimed to “motivate you to play CTFs and showcase various example challenge solutions, to show you stuff you hopefully haven’t seen before and get you inspired to find more interesting vulnerabilities”. There are also a ton of resources online that aim to teach you the basics of Vulnerability Discovery, Binary Exploitation, Forensics, and more, such as the following below: CTF Field Guide CTF Resources Endgame - How To Get Started In CTF CONFidence 2014: On the battlefield with the Dragons – G. Coldwind, M. Jurczyk If You Can Open The Terminal, You Can Capture The Flag: CTF For Everyone So You Want To Be a Pentester? <– Shameless plug because of resources! 😃 Out of all these resources, I believe that CTF Series: Vulnerable Machines is honestly the BEST resources for CTFs. It’s aim is mostly focused on how to approach Vulnerable VM’s like the ones on VulnHub and Hack The Box, but it still gives you a ton of example and resources on how to find certain vulnerabilities, how to utilized given tools, and how to exploit vulnerabilities. As I said time and time again, learning the basics will drastically help improve your CTF skills. Once you get enough experience you’ll start to notice “patterns” in certain code, binaries, web apps, etc. which will allow you to know if a particular vulnerability exists and how it can be exploited. Another thing that can help you prepare for CTFs is to read write-ups on new bugs and vulnerabilities. A ton of Web CTF challenges are based off of these bugs and vulnerabilities or are a variant of them - so if you can keep up with new findings and understand them, then you’re ahead of the curve. The following links are great places to read about new bugs, and vulnerabilities. They are also a good place to learn how other’s exploited known bugs. HINT: These links can also help you get into Bug Bounty Hunting! Hackerone - Hacktivity Researcher Resources - Bounty Bug Write-ups Orange Tsai Detectify Blog InfoSec Writeups Pentester Land - Bug Bounty Writeups The Daily Swig - Web Security Digest Once we have a decent understanding of a certain field such as Web, Crypto, Binary, etc. it’s time we start reading and watching other people’s writeups. This will allow us to gain an understanding on how certain challenges are solved, and hopefully it will also teach us a few new things. The following links are great places to read and watch CTF solutions: CTF Time - Writeups CTFs Github - Writeups, Resources, and more! Mediunm - CTF Writeups LiverOverflow Youtube Gynvael Coldwind Murmus CTF John Hammond Now that you have the basics skills and know a little more about certain topics it’s time we find a CTF! CTF Time is still one of the best resources for looking at upcoming events that you can participate in. You can go through the events and see what interests you! Once you choose something, follow the instruction to register and you’re done! From there, all you need to do is just wait for the CTF to start, and hack away! Okay, seems easy enough - but then again for a first time it’s still overwhelming! So what can we do to make our first CTF experience a good one? Well, that’s where the Google CTF comes in! As I stated before, the reason why I really liked Google’s CTF was because it allowed for both beginners and experts to take part, and even allowed people new to CTF’s to try their hands at some security challenges without adding too much pressure. The Beginner Quest starts off with a little back story to “lighten” the mood and let the player know that, this is just a game. We aren’t competing for a million dollars, so take it easy and have fun! The story is as follows: Once we read the story, we can start with the challenges. These beginner challenges were presented in a “Quest” style based off the story scenario. The quest has a total of nineteen (19) challenges as shown below in the quest map - with each color representing a different category as follows: Purple: Miscellaneous Green: Exploitation/Buffer Overflows & Reverse Engineering Yellow: Reverse Engineering Blue: Web Exploitation If you click on one of the circles then you will go to the respective challenge. The challenge will contain some information, along with either an attachment or a link. From there, try to solve the challenge and find the flag, which is in the CTF{} format. Submitting the correct flag will complete the challenge. Now notice how some of these challenges are “grayed out”. That’s because these challenges are “chained” to one another, meaning that you need to complete the previous one to be able to open the path to the next challenge. Also notice that Google allows you to make choices on what challenge you want to do. They don’t force you to do all of them to get to the END, but give you the ability to pick and choose another path if something is too hard. Thus, making it easier for you to feel accomplishment and to later come back and learn! Alright, that’s it for now. Hopefully you learned something new today and I sincerely hope that the resources will allow you to learn and explore new topics! The posts following this will detail how I solved the 2018 Google CTF - Beginners Quest, so stay tuned and I hope to see you on the CTF battlefield someday! Updated: February 06, 2019 Jack Halon I like to break into things; both physically and virtually. Sursa: https://jhalon.github.io/2018-google-ctf-beginners-intro/
  13. 8 points
    Salutare tuturor, A trecut ceva timp de când n-am mai postat ce am găsit pe aici. Am găsit un XSS reflected în https://pay.google.com. Din păcate, merge doar pe Internet Explorer 11 din cauză că browser-ul nu suportă CSP-ul. Partea bună, este că vulnerabilitatea pe care am găsit-o a fost validată. Cam atât pot spune în momentul de față. Numai bine.
  14. 8 points
    Am descoperit un site mai devreme care are protectie impotriva DevTools, mai exact, daca il vede deschis, se sterge tot continutul HTML automat si nu se mai incarca niciun script. Mi se pare destul de interesant, mai ales impotriva scrapangiilor, asa ca mi-am facut si eu o jucarioara bazata pe un tool open source de detectie. Il instalati cu: npm install --save devtools-detect Si il folositi astfel: const devtools = require('devtools-detect/index'); if (window.location.hostname === 'domeniu.com') { setInterval(() => { if (devtools.open) { document.body.innerHTML = ':)'; for (;;) find(); } }, 1e3); } Primul if verifica daca e pe site-ul live, pentru a putea sa-l evitam cand dezvoltam aplicatia local, cu un hostname local. Linia: document.body.innerHTML = ':)'; Sterge tot HTML-ul. Iar linia: for (;;) find(); E doar o jucarie interesanta de a tine procesorul ocupat la infinit. Practic tab-ul ingheata si nu mai reactioneaza la interactiuni. Ceva de genul: for (;;) debugger; Presupun ca ar fi la fel de enervant. Insa nu am testat asta. --- Sunt curios daca folositi si voi astfel de protectii sau daca ati observat vreunele prin alte parti.
  15. 8 points
    Salutari, Avem un moderator nou, @ThaiFight . Nu este un om cu foarte multe cunostinte tehnice dar este corect. Daca vreti sa dati de baut, cafeaua la mine iar vinul la Nytro.
  16. 8 points
    Incearca daca este prezenta o vulnerabilitate in drupal si executa prin functia passthru (php) doua comenzi: - Descarca un script perl care este un bot de IRC utilizat pentru scanning, dos - Executa acel script Vulnerabilitatea despre care este vorba este aici: https://www.drupal.org/sa-core-2018-002 Serverul de IRC ruleaza pe adresa ip / port 8080 # quick test macbook:~$ nc -vvvv 8080 found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif en0 src port 55610 dst port 8080 rank info not available TCP aux info available Connection to port 8080 [tcp/http-alt] succeeded! :irc.roirc.me NOTICE AUTH :*** Looking up your hostname... :irc.roirc.me NOTICE AUTH :*** Found your hostname (cached) Botul de irc nu are autentificare si tine cont doar de nick-ul celui ce da comenzile: my @mast3rs = ("darkness","QuaD","AntMiner"); Procesul ce ruleaza in server apare ca "/usr/sbin/sshd". Singura diferenta este ca ruleaza pe userul sub care se executa php/apache my @fakeps = ("/usr/sbin/sshd"); Scriptul perl e facut de portughezi prin 2001. A fost modificat in timp de tot felul de script kiddie.
  17. 7 points
    Autoritățile Elvețiene contestă pe oricine să-și spargă votul electoral. Un mod ciudat de a asigura securitatea sistemului lor. Și pentru a motiva hackerii, Elveția promite o recompensă de 150.000 de franci, sau 132.000 €, celor care vor ajunge acolo. Evenimentul va fi organizat în condițiile realității, între 25 februarie și 24 martie, cu un vot fals. Participanții trebuie să se înregistreze în prealabil pe acest site https://onlinevote-pit.ch/ . Cancelaria Federală afirmă în comunicatul său că hackerii vor " încerca să manipuleze voturile, să citească voturile exprimate, să încalce secretul votării și dezafectării sau să ocolească dispozitivele de securitate care protejează voturile. acele date inerente securității". Hackerii care intră în sistemul de vot vor împărți prada în funcție de nivelul lor de hacking. Oricine reușește să manipuleze voturile nedetectabil va câștiga jackpot-ul, și anume 50.000 de franci elvețieni. Cei care reușesc să încalce secretul votului vor câștiga 10.000 de franci pentru a împărți, în timp ce cei care distrug sistemul de vot electronic vor fi recompensați cu 5.000 de franci elvețieni. Din 2004, votul electronic a fost testat în Elveția și pare să atragă tot mai mulți alegători. Secțiile de votare tradiționale sunt din ce în ce mai puține, în avantajul e-mailurilor sau corespondenței, prin intermediul oficiului poștal. În 2018, guvernul a încheiat faza de testare și a inițiat un proces pentru ca votarea electronică să fie al treilea canal de votare. Acest lucru ar trebui să dureze doi ani. Rețineți că competiția este deschisă tuturor și va fi disponibilă în franceză, germană, italiană, romană, precum și documentație în limba engleză. Source : https://geeko.lesoir.be/
  18. 7 points
    Salut, Pentru fun voi da drumul la CTF-ul de mai jos. Idea e sa luati flagurile, sau sa incercati sa puneti hostul in cap (facand prostii pe containere). Sa nu schimbati parola, daca cineva schimba parola imi spuneti si voi recrea containeru fara posibilitatea de a schimba parola. Rugamintea e sa nu stricati ceva si sa ma anuntati daca ati gasit ceva vulenrabilitate. Bafta. Se accepta si writeups dar sa nu le faceti publice, cel putin nu atat timp cat ruleaza. Orice problema imi ziceti aici sau pe chat. Sau pe whatsapp. Numaru vi-l pot da in privat cine are nevoie pentru o comunicare mai usoara.
  19. 7 points
    Eu as propune sa stergem tot ce tine de filelist pentru a nu mai atrage aici miloaga.
  20. 7 points
    Mi se pare destul de ingenios doar faptul ca s-a gandit la asta. --- Here is how the entire #pewdiepie printer hack went down: I was bored after playing Destiny 2 for a continous 4 hours, and decided I wanted to hack something. So I thought of any vulnerable protocols I could find on shodan While playing around on Shodan, the idea came to me that maybe I can hack printers around the world to print something, I didn't know what at the time. After learning about the three different printing protocols (IPP, LPD, JetDirect), I went and searched those ports on shodan. I was horrified to see over 800,000 results show up in total. I was baffled, but determined to try and fix this. So I picked the first 50,000 printers I found running on port 9100 and downloaded the list off shodan. Now I had to think...What to print? It didn't take me long to realize that the most perfect thing to print would be a message supporting our dear overlord @pewdiepie himself! And so I opened up my text editor and typed up the following note: https://pastebin.com/raw/ASuKK3qL Now: I needed a tool that lets me connect to printers on this port and print...a google search and I stumbled across PRET (https://github.com/RUB-NDS/PRET ) that fulfilled all my hopes and dreams...but also my nightmares. PRET had the scariest of features. Ability to access files, damage the printer, access the internal network...things that could really cause damage. So I had to do this, to at least help organizations and people that can protect themselves. I typed up the following bash script which ironically can fit in a tweet: #!/bin/bash while read -r line; do ip="$line" torify ./PRET/pret.py $ip pjl -q -i ./commands.txt done < "./potential_bros.txt" Now what this script does, is simply take my input (potential_bros.txt) and loop through every line, running PRET against that IP with the commands in commands.txt Commands.txt contains the following: print ./message.pdf display HACKED quit That's literally it. Uploaded the script onto my server, opened a tmux session, ran the script in there and left it running. Came back to check Thursday night and just seeing the first person to be hacked by this made my entire week. Sursa, tweet + comments.
  21. 7 points
    Cum cacat sa te cheme pascal si sa ai IQ 42? Copil facut pentru alocatie
  22. 7 points
    Acesta este un forum, nu "ghiseul" unde plasezi comanda la McDonald's... Exprima si tu, in cuvinte, preferabil si cat de cat coerent, ce doresti. Acesta este un forum, nu fabrica de facut teme, nu e colegu' de clasa pe care il ameniti ca il bati daca nu iti face tema. Nu te astepta sa ne scrii enuntul problemei si noi sa ti-o rezolvam; arata si tu ca ti-ai dat un minim interes...
  23. 7 points
  24. 7 points
  25. 6 points
    Salutări! Ofer un loc de muncă pentru un student, de preferat, remote pentru proiecte mici de customizare WordPress sau site-uri HTML/CSS. Detalii: - Proiectele sunt pentru o agenție de web design (co-founder here). - Majoritatea proiectelor noastre se desfășoară pentru clienți din toată țara - Site-urile or să fie bazate cam 80% din ele pe WordPress, pe teme bazate pe Elementor/Visual Composer. - De partea tehnică mă voi ocupa eu cam tot timpul, respectiv bug-fixing și alte chestii care mai apar. - Ce am nevoie este cineva să se ocupe de customizare: după ce tema este instalată/configurată, trebuie create paginile, găsite imagini pentru site, editare texte, etc. practic temă -> site final, după un sketch făcut de mine. Model de lucru: https://imgur.com/a/N11jfiS - $$$ -> De bani discutăm on a project basis. În principiu munca nu e foarte grea, doar time consuming. Nu vreau nici să îmi bat joc de cineva, dar nici prețuri astronomice nu pot oferi de aceea caut un student, prefer pe cineva pe care chiar să îl ajute bănuții ăia. De muncă este, destul de mult acum și va fi chiar mai mult în viitor. Noi suntem momentan doi oameni, volumul de muncă e 110%, avem prea multe proiecte și nu le mai facem față. Dacă sunteți serioși și vă țineți de treabă, va fi bine pentru toată lumea. Other open positions: - Editare videouri Premiere Pro/After Effects - se dau templates, stock footage și eventual filmări făcute la diferite locații ale clienților. Trebuie produsul final. - Redactare articole bazate pe cuvinte cheie, la termene prestabilite Mulțumiri!
  26. 6 points
    The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. From a report: Source
  27. 6 points
    Programarea retelelor de calculatoare. Materie facuta in 2 ani diferiti, part1 = primul an, part2 = al doilea an. In mare parte, cam ce e in part2, e si in partea 1. https://drive.google.com/open?id=1tEbiZT6rYXgWgqFEydH3yPsEgOT-SzH9
  28. 6 points
    We are like brothers. Avoid gipsies. Romania has more gipsies than romanians. :)))))
  29. 6 points
    Tu crezi ca Elvetia e Teleorman =))) Acum doi ani au vrut sa faca transportul public gratuit si s-au opus cetatenii.
  30. 6 points
  31. 6 points
  32. 6 points
    Fii #sustinătorul nostru! Dacă îti place ceea ce facem, ne poti ajuta în mai multe moduri. Îti poti oferi ajutorul astfel: redirectionând 2% din impozitul pe venit sau 20% din impozitul pe profit, donând online o sumă modică, oferind o sumă de bani prin contract de donatie. În cazul în care vrei să te implici si fizic, ai posibilitatea de a #voluntaria în cadrul proiectelor noastre. Mai multe detalii poti gasi pe site-ul nostru -> https://www.taxigratis.ro/donatii Iti stam la dispozitie pentru orice nelamurire.
  33. 6 points
    Pai daca esti sobolan cosmic si nu te uiti cu atentie. Topicul a fost facut in Decembrie 2014. Crezi ca sunt mostenire conturile si tin o viata?
  34. 6 points
    Pentru Firefox: In adress-bar scrieti: about:config Enter - "I accept the risk!" La search: "esni.enabled" si dublu click pentru enable Dati iar la search: "trr.mode" Dublu click pentru modificare, apoi treceti 2 ( DNS Over HTTPS ) Reporniti Firefox, apoi intrati la https://encryptedsni.com , ar trebui sa apara :
  35. 6 points
    Un articol foarte interesant. Mi-a căzut ochii pe el datorită folosirii analizorului spectral Baudline, pe care-l folosesc frecvent în recepția radio în spectrul VLF. Extragerea cheii RSA prin criptanaliză acustică cu bandă scurtă. Multe computere emit un zgomot ridicat în timpul funcționării, datorită vibrațiilor în unele dintre componentele lor electronice. Aceste emisiii acustice sunt mai mult decât o provocare: pot transmite informații despre software-ul rulat pe computer și, mai ales, pot scurge informații sensibile despre calculele legate de securitate. Link: http://www.cs.tau.ac.il/~tromer/acoustic/ Baudline: http://www.baudline.com/ Și un "apropo". Unul din autori, Adi Shamir a fost implicat în scandalul prelucrării ilegale de date al firmei izraeliene de securitate în software, Black Cube.
  36. 6 points
    Acum zi-i muma-tii ca-ti pare rau c-ai facut-o proasta.
  37. 6 points
    Closed. Va creati conturi pentru o invitatie filelist. Cititi regulile, in special sectiunea despre cereri.
  38. 6 points
    can't beat this shit
  39. 6 points
    Aparent unii nu se mai complica cu VPN: https://blog.0day.rocks/hiding-through-a-maze-of-iot-devices-9db7f2067a80 si https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html.
  40. 6 points
    VPN este pentru lucru. Exemplu: Suntem 10 baieti care lucram la diverse proiecte intr-o retea si avem acces permis doar din VPN-ul nostru pentru a spori gradul de securitate. Acasa avem adrese ip dinamice, nu puteti da allow from all pe echipamente. In rest, lasati-va de rahaturi si nu aveti nevoie de VPN si altele. Nu arunc cu namol in vreo firma care furnizeaza chestii de genul. VPN-ul a fost gandit pentru altceva, nu sa bagati voi pupacei, acolade si apostroafe in fiecare input form futut. :)))
  41. 6 points
    1. Deschizi un terminal 2. Bagi comanda urmatoare: ping # username 3. (In loc de "username" pui username-ul ala gasit de tine). INFO: In response o sa vezi ca primesti niste chestii ca: 4 bytes from icmp_seq=0 ttl=64 time=0.063 ms 64 bytes from icmp_seq=1 ttl=64 time=0.080 ms 64 bytes from icmp_seq=2 ttl=64 time=0.135 ms ... 4. Lasi sa primesti vreo 300-400 de astfel de linii si parola o sa fie una din ele astfel: icmp_seq=0 + time. Exemplu 1: icmp_seq=00.063 Exemplu 2: icmp_seq=10.080 ... si tot asa. Ideea e sa ai rabdare sa le iei pe toate la mana si sa nu ratezi nici macar una. Eu asa am spart vreo 20 de d-alea. Sper sa mearga si la tine. (La asta se referea si @u0m3 cand a zis de "bruteforce" sau "phishing"). Nu te lua dupa astia de aici ca sunt rai si nu vor sa ajute oameni. Fundita pls
  42. 6 points
    Iti folosesti limba dupa cum te indrumneaza cel care ti-a dat aprobare si speri ca ii se face mila de tine
  43. 6 points
    Si pe aici cate ceva: - https://github.com/commaai/ - https://comma.ai/
  44. 6 points
    Cred ca ar trebui sa fie un filtru sau un buton ceva atunci cand iti faci cont pe forum, gen "Promit ca nu doresc invitatie pe filelist"
  45. 6 points
    Dacă a început să te frământe ideea infidelității, deja nu mai contează dacă te înșeală sau nu, pentru că nu vei mai putea avea încredere în ea vreodată. Tot ce faci de acum înainte e doar să adaugi sare la rană.
  46. 6 points
    https://www.coursera.org/learn/system-administration-it-infrastructure-services By the end of this course you’ll be able to: - utilize best practices for choosing hardware, vendors, and services for your organization. - understand how the most common infrastructure services that keep an organization running work and how to manage infrastructure servers. - manage an organization’s computers and users using the directory services, Active Directory, and OpenLDAP. - choose and manage the tools that your organization will use. - backup your organization’s data and be able to recover your IT infrastructure in the case of a disaster. - utilize systems administration knowledge to plan improve processes for IT environments.
  47. 6 points
    WikiLeaks publishes a "Highly Confidential" internal document from the cloud computing provider Amazon. The document from late 2015 lists the addresses and some operational details of over one hundred data centers spread across fifteen cities in nine countries. Amazon, which is the largest cloud provider, is notoriously secretive about the precise locations of its data centers. While a few are publicly tied to Amazon, this is the exception rather than the norm. More often, Amazon operates out of data centers owned by other companies with little indication that Amazon itself is based there too or runs its own data centers under less-identifiable subsidiaries such as VaData, Inc. In some cases, Amazon uses pseudonyms to obscure its presence. For example, at its IAD77 data center, the document states that “Amazon is known as ‘Vandalay Industries’ on badges and all correspondence with building manager”. Amazon is the leading cloud provider for the United States intelligence community. In 2013, Amazon entered into a $600 million contract with the CIA to build a cloud for use by intelligence agencies working with information classified as Top Secret. Then, in 2017, Amazon announced the AWS Secret Region, which allows storage of data classified up to the Secret level by a broader range of agencies and companies. Amazon also operates a special GovCloud region for US Government agencies hosting unclassified information. Currently, Amazon is one of the leading contenders for an up to $10 billion contract to build a private cloud for the Department of Defense. Articol complet si doc: https://wikileaks.org/amazon-atlas/ ------------ @aelius de aia e Hetnix-ul ingropat prin Bailesti, e folosit de CIA
  • Create New...