Leaderboard

Salutare all, In curand lansam acesta conferinta in Bucuresti, 17-18 Octombrie. HTZ pune accent foarte mare pe Ethical Hacking, iar dupa cum stim din ce in ce mai des apar incidente majore in industrie (data breaches or damage). Noi ne deosebim fata de alte conferinte prin challenge-urile de pen-testing, facute in totalitate de staff-ul nostru. Prin aceste challenge-uri va punem la incercare creativitatea si totodata skill-urile voastre de: pen-testing, scripting, social engineering, crypto si multe altele. Scopul nostru este va aruncam in mijlocul actiunii, sa ne indepartam putin de platformele online, sa interactionam mai mult face to face, sa ne cunoastem si altfel ... nu doar dupa NickName :). Challenge-urile incep in data de 11-12 Octombrie si o sa fie nevoie de deplasare prin Bucuresti, in diferite Geo Locations pentru a finaliza challenge-urile. Fiecare challenge te va ghida catre alt challenge! Evident, exista niste reguli pentru aceste challenge-uri, aceste reguli se regasesc pe website-ul nostru https://www.hackthezone.com/tickets/rules-and-tactics . La finalul acestor challenge-uri, ne vedem cu totii la conferinta din data de 17-18 Octombrie, in Crystal Palace Ballrooms, Calea Rahovei 198A, Sector 5. Da, o sa fim si noi pe scena sa va prezentam fiecare challenge cum trebuia rezolvat (walkthrough scenarios) si decernarea premiului. Premiul este luat de o singura persoana, the best of the best! Poti sa participi si cu echipa. Nu este nici o problema, dar tot cel mai bun timp facut de o persoana o sa fie premiat :D la final ... va impartiti voi premiul. La conferinta o sa avem mai speakers de top ce vor ilustra diferinte puncte de vedere despre IT Security, cum evolueaza atacatorii, cum am putea sa ne aparam mai bine si nu numai. Biletele pot fi achizitionate de aici : https://www.iabilet.ro/bilete-hackthezone-conference-challenges-43985 Website-ul nostru o sa fie in permanentat actualizat, iar mici detalii pot fie modificate sau imbunatatite. Pentru intrebari sau nelamuriri, puteti sa ne gasiti si pe canalul nostru de Slack la : https://www.hackthezone.com/slack . Have fun! AlexHTZ

Git All the Payloads! A collection of web attack payloads. payloads Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists - https://github.com/danielmiessler/SecLists xsuperbug - https://github.com/xsuperbug/payloads NickSanzotta - https://github.com/NickSanzotta/BurpIntruder 7ioSecurity - https://github.com/7ioSecurity/XSS-Payloads shadsidd - https://github.com/shadsidd shikari1337 - https://www.shikari1337.com/list-of-xss-payloads-for-cross-site-scripting/ xmendez - https://github.com/xmendez/wfuzz minimaxir - https://github.com/minimaxir/big-list-of-naughty-strings xsscx - https://github.com/xsscx/Commodity-Injection-Signatures TheRook - https://github.com/TheRook/subbrute danielmiessler - https://github.com/danielmiessler/RobotsDisallowed FireFart - https://github.com/FireFart/HashCollision-DOS-POC HybrisDisaster - https://github.com/HybrisDisaster/aspHashDoS swisskyrepo - https://github.com/swisskyrepo/PayloadsAllTheThings 1N3 - https://github.com/1N3/IntruderPayloads cujanovic - https://github.com/cujanovic/Open-Redirect-Payloads cujanovic - https://github.com/cujanovic/Content-Bruteforcing-Wordlist cujanovic - https://github.com/cujanovic/subdomain-bruteforce-list cujanovic - https://github.com/cujanovic/CRLF-Injection-Payloads cujanovic - https://github.com/cujanovic/Virtual-host-wordlist cujanovic - https://github.com/cujanovic/dirsearch-wordlist lavalamp- - https://github.com/lavalamp-/password-lists arnaudsoullie - https://github.com/arnaudsoullie/ics-default-passwords scadastrangelove - https://github.com/scadastrangelove/SCADAPASS jeanphorn - https://github.com/jeanphorn/wordlist j3ers3 - https://github.com/j3ers3/PassList nyxxxie - https://github.com/nyxxxie/awesome-default-passwords foospidy - https://github.com/foospidy/web-cve-tests OWASP dirbuster - https://www.owasp.org/index.php/DirBuster fuzzing_code_database - https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database JBroFuzz - https://www.owasp.org/index.php/JBroFuzz Other xss/ismailtasdelen.txt - https://github.com/ismailtasdelen/xss-payload-list xss/jsf__k.txt - http://www.jsfuck.com/ xss/kirankarnad.txt - https://www.linkedin.com/pulse/20140812222156-79939846-xss-vectors-you-may-need-as-a-pen-tester xss/packetstorm.txt - https://packetstormsecurity.com/files/112152/Cross-Site-Scripting-Payloads.html xss/smeegessec.com.txt - http://www.smeegesec.com/2012/06/collection-of-cross-site-scripting-xss.html xss/d3adend.org.txt - http://d3adend.org/xss/ghettoBypass xss/soaj1664ashar.txt - http://pastebin.com/u6FY1xDA xss/billsempf.txt - https://www.sempf.net/post/Six-hundred-and-sixty-six-XSS-vectors-suitable-for-attacking-an-API.aspx (http://pastebin.com/48WdZR6L) xss/787373.txt - https://84692bb0df6f30fc0687-25dde2f20b8e8c1bda75aeb96f737eae.ssl.cf1.rackcdn.com/--xss.html xss/bhandarkar.txt - http://hackingforsecurity.blogspot.com/2013/11/xss-cheat-sheet-huge-list.html xss/xssdb.txt - http://xssdb.net/xssdb.txt xss/0xsobky.txt - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot xss/secgeek.txt - https://www.secgeek.net/solutions-for-xss-waf-challenge/ xss/reddit_xss_get.txt - All XSS GET requests from https://www.reddit.com/r/xss (as of 3/30/2016) xss/rafaybaloch.txt - http://www.rafayhackingarticles.net/2016/09/breaking-great-wall-of-web-xss-waf.html xss/alternume0.txt - https://www.openbugbounty.org/reports/722726/ xss/XssPayloads - https://twitter.com/XssPayloads sqli/camoufl4g3.txt - https://github.com/camoufl4g3/SQLi-payload-Fuzz3R/blob/master/payloads.txt sqli/c0rni3sm.txt - http://c0rni3sm.blogspot.in/2016/02/a-quite-rare-mssql-injection.html sqli/sqlifuzzer.txt - https://github.com/ContactLeft/sqlifuzzer/tree/master/payloads sqli/harisec.txt - https://hackerone.com/reports/297478 sqli/jstnkndy.txt - https://foxglovesecurity.com/2017/02/07/type-juggling-and-php-object-injection-and-sqli-oh-my/ sqli/d0znpp.txt - https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f sqli/libinjection-bypasses.txt - https://gist.github.com/migolovanov/432fe28c8c7e9fa675ab3903c5eda77f traversal/dotdotpwn.txt - https://github.com/wireghoul/dotdotpwn codeinjection/fede.txt - https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/ commandinjection/ismailtasdelen-unix.txt - https://github.com/ismailtasdelen/command-injection-payload-list commandinjection/ismailtasdelen-windows.txt - https://github.com/ismailtasdelen/command-injection-payload-list ctf Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated. maccdc2010.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC maccdc2011.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC maccdc2012.txt - Mid-Atlantic CCDC (http://maccdc.org/), source: http://www.netresec.com/?page=MACCDC ists12_2015.txt - Information Security Talent Search (http://ists.sparsa.org/), source: http://www.netresec.com/?page=ISTS defcon20.txt - DEFCON Capture the Flag (https://www.defcon.org/html/links/dc-ctf.html), source: http://www.netresec.com/?page=PcapFiles Miscellaneous XSS references that may overlap with sources already included above: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet http://htmlpurifier.org/live/smoketests/xssAttacks.php Download Link : https://github.com/foospidy/payloads?fbclid=IwAR3jUysqvmVlpUCiAPY13mqJ1tCOc87omdE3x_81ReH0TC_myN6754EJmRw

Deci pana la urma cine e prostu? Tu ca nu te informezi sau noi ca ne bateam pula de tine pe buna dreptate?

VULNERABILITY DETAILS It's possible to use the NTLM reflection attack to escape a browser sandbox in the case where the sandboxed process is allowed to create TCP sockets. In particular, I was able to combine the issues mentioned below with a bug in Chromium to escape its sandbox. Link : https://www.exploit-db.com/exploits/47115

Updates: - Adaugata o tema albicioasa; - Adaugat suport de mapat starile cipherelor in URL. https://multiencoder.com/#Oi, this be great!|1,1,1,1,1:1,1,1,1,1,1,1,1,1,1

Da Ia tată! Să-ți fie de bine.

Ilegal

Scanner pentru tumilsugi ai?

Poti spune si aici despre ce e vorba. Cand postezi ceva, asigura-te ca lasi detalii pentru toti utilizatorii, de aceea s-a facut categoria locuri de munca. Nu exista proiecte private, doar tepari. De fiecare data apare unul pe aici care face pe programatorul si unul care cauta. Lasati aici sa vedem si noi despre ce e vorba.

Nu stiu care-i mai prost, tu sau virusul...

Am facut un mic update la MultiEncoder.com (fostul Krypton). Interfata e schimbata si a fost rescris cu Vue in loc de jQuery. Ar trebui sa performeze mai bine la string-uri mari. Codul sursa se poate gasi pe GitHub, aici. https://multiencoder.com/#rst+powa Anuntati-ma daca gasiti bug-uri sau sugestii.

Sunteti cei mai distrusi oameni in viata daca inca va chinuiti cu asa ceva dupa 7 ani.

Daca pui un fisier necriptat ti-l cripteaza din nou? Trebuie sa faci cumva sa ai posibilitatea de a putea urmari cand ti le recripteaza. Daca ti le mai recripteaza cu aceeasi cheie si tu il prinzi in fapt cu pantalonii in vine exista posibilitatea sa tragi cheia din rami. Daca reinstalezi sistemul adio fisiere.

Formulat si mai corect: Hello, am si eu o intrebare idioata: Se pot adauga mai multe proxy-uri intr-un program? Peace

Easy https://hackerone.com/directory?offers_bounties=true&order_direction=DESC&order_field=started_accepting_at

Vrei un cod?

Cybercrime group Sea Turtle attacked the organization ICS-Forth, which controls the Greek top-level domains .gr and .el. Cisco Talos was first talked about Sea Turtle grouping in April this year. The attackers use a very unusual technique of hacking - instead of attacking the victim directly, they gain access to domain registrar accounts and managed DNS providers and change the company's DNS settings. By modifying the DNS records of internal servers, attackers redirect traffic destined for legitimate applications and the company's mail servers to the servers they control, carry out a man-in-the-middle attack and intercept the credentials. The above attacks are short-lived (lasting from several hours to several days) and invisible (most companies do not check the DNS settings for changes). According to FireEye, the group acts in the interests of the Iranian government. In order to get to the victim, Sea Turtle does not stop hacking into the provider's network entirely. As reportedin the first Cisco Talos report, the group hacked into the Swedish organization NetNod, which manages the traffic exchange point. The attack allowed attackers to manipulate the DNS records for sa1 [.] Dnsnode [.] Net and gain access to the credentials of the top-level domain administrator of Saudi Arabia (.sa) In a new report, Cisco Talos reports a similar attack on the Greek organization ICS-Forth. At the moment, researchers find it difficult to say what the attackers did in the ICS-Forth networks after hacking. It is also unknown for which domains the attackers changed the DNS settings. After the organization notified the public about the hacking, Sea Turtle remained in its networks for another five days. Source: https://www.securitylab.ru/news/499907.php

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack. https://www.exploit-db.com/exploits/47129

M-am regăsit cu đocumentele în recycle bin :))))))))), am uitat că eu ștergeam des ce scriam ca să se salveze în recycle și uite că virusul nu a ajuns până acolo.

Vrei să spui cod?

Face si decode daca dai paste intr-un cipher.

Bravo coite! Pacat ca e doar encoder. Ar trebui sa separi inputul de output, gen sa fie undeva centrat, singur pe linie si in jos sa vina restu.

Va lingeti gaurile 69 WTF 😄😄😄😄

Mi-ai luat vorba din gură, Schimba hdd, bateria de pe placa de bază şi aşteaptă /restart -> safe mode, ai incercat? //incercati cu ceva linux live, qveti acces la fisiere, mai mult ca sigur, iar dupa ii futeti in gura

Presupun ca back-up uri nu ai....ai dat restart la pc?ai sters vreun fisier?de obicei poti gasi cheia daca nu dai restart,shutdown sau delete la fisierul initial...cel putin asa era la wcry...dar gasesti sigur pe net vreun decrypter...daca nu...fa-ti o clona si asteapta sa apara...si cand va aparea...u get the picture

Daca e pe bune, ce mancai cand erai mic?

Pot sa iti dau o invitatie la pula mea.

1) Deschideți contul AdSense, faceți clic pe "Anunțurile mele", selectați "Căutați" din stânga, faceți clic pe "Motoare de căutare personalizate" și dați clic pe "Motorul de căutare personalizat nou". 2) Completați-vă numele, cuvintele cheie și toate celelalte date. 3) În "Ce să căutați", selectați "Doar site-urile selectate" și scrieți toate URL-urile (inclusiv HTTP: //) ale site-urilor pe care doriți să le căutați. Puteți adăuga site-ul dvs. numai pentru a afișa rezultate din blogul / site-ul dvs. 4) În "Rezultatele căutării și locația anunțului", alegeți "Rezultatele căutării" și selectați "Pe site-ul meu utilizând o iframe". 5) Acum conectați-vă la tabloul de bord WordPress și creați o nouă pagină WordPress. Această pagină va fi locul în care vor fi afișate rezultatele căutării. Este mai bine să creați un nume de pagină cu "Căutare" și să nu uitați să nu utilizați nicio etichetă index pentru acea pagină. Să presupunem că numele paginii dvs. este domain.com/search 6) Deci, în imaginea de mai sus, în câmpul URL, veți adăuga http://domain.com/search. Înlocuirea numelui de domeniu cu numele dvs. real de domeniu. 7) Faceți clic pe "Salvați și obțineți codul". Veți primi două coduri. Primul cod este pentru afișarea casetei de căutare, iar cel de-al doilea va fi adăugat în pagina unde doriți să afișați rezultatele căutării, adică, pagina pe care o creați în pasul 5. 😎 Deschideți tabloul de bord WordPress și deschideți editorul HTML al paginii pe care ați creat-o în pasul 5. Inserați al doilea anunț AdSense pe care l-ați primit în pasul anterior. 9) Creați un widget de text și lipiți primul cod Adsense. 10) Totul este bine! Sunteți gata, începeți să câștigați din rezultatele căutării. Cred că CSA a devenit din ce în ce mai populară. Puteți vedea clar pe multe site-uri web, cum ar fi acest site preferat APKNite: https://apknite.com/

Ia și tu. Are balta pește.

Nowadays, IT Security industry faces new challenges, bad actors can use multiple techniques to extract sensitive data from a target, a RedTeam simulates such attack. HackTheZone has developed a RedTeam challenge for IT Security enthusiasts that lets the attendees overcome their limits and use technics like WarDriving, Social Engineering, Penetration testing and more, all those skills will be used in a real playground, Bucharest. Enrollment in the HackTheZone RedTeam challenge will be available soon on the HackTheZone conference website: https://www.hackthezone.com The conference will be held at Crystal Palace Ballrooms, Calea Rahovei 198A, Sector 5, Bucharest, among the award-winning ceremony for the HackTheZone RedTeam challenge, we will treat latest IT Security trends with the aid of our highly certified speakers. For more details about our challenges you can join our community via Slack - https://www.hackthezone.com/slack

Mi-a cerut un service 80 ron, mi-am bagat pula in mortii lui, in 3, 4, 5h il rezolvi, si ramai cu banii de senvici si tigari si bere, incearca pe https://forum.xda-developers.com/

Am gasit intre timp cdul: Daca e cineva interesat de niste cod vechi de c/c++ dar functional aveti aici: https://we.tl/t-QIh9qXS162 Parola este: "totul despre c++" fara ghilimele.

Societatea civila de sub ongurile internationale De Cornel-Dan Niculae Librarie: https://www.xn--librrie-c4a.ro/carte/societatea-civila-de-sub-ong-urile-internationale--i18981 Sau pdf: https://www.incorectpolitic.com/wp-content/uploads/2019/07/Societatea-Civila-de-sub-ONG-urile-internationale-Cornel-Dan-Niculae.pdf Merita citita si pdf. Ramai cu anumite semne de intrebare. Succes!

Du-te bai prajitule! Ce vrei tu e state of the art in securitate. Se baga milioane de $ in reserch pe subiectul asta. Daca ai access la sistemul pe care vrei sa il pacalesti, gen e open source sau are un SDK, poate poate gasesti unul sa faca un script pentru 200-500$. Daca vrei sa pacalesti un sistem mai serios, de securitate, sper ca ai buget in 5 cifre.

Du-te ba in mortii ma-tii de obosit cu anonimosu pizdii, futu-te-n gaoaza sa te fut de parlit ce esti tu.

In anul 2019 si voi tot dupa nologine si root-uri.

Cu plăcere!

Writing shellcodes for Windows x64 On 30 June 2019 By nytrosecurity Long time ago I wrote three detailed blog posts about how to write shellcodes for Windows (x86 – 32 bits). The articles are beginner friendly and contain a lot of details. First part explains what is a shellcode and which are its limitations, second part explains PEB (Process Environment Block), PE (Portable Executable) file format and the basics of ASM (Assembler) and the third part shows how a Windows shellcode can be actually implemented. This blog post is the port of the previous articles on Windows 64 bits (x64) and it will not cover all the details explained in the previous blog posts, so who is not familiar with all the concepts of shellcode development on Windows must see them before going further. Of course, the differences between x86 and x64 shellcode development on Windows, including ASM, will be covered here. However, since I already write some details about Windows 64 bits on the Stack Based Buffer Overflows on x64 (Windows) blog post, I will just copy and paste them here. As in the previous blog posts, we will create a simple shellcode that swaps the mouse buttons using SwapMouseButton function exported by user32.dll and grecefully close the proccess using ExitProcess function exported by kernel32.dll. Articol complet: https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/

Mai are careva un cod ??

https://imgur.com/QcvFHgX L-am incercat si eu dar nu merge. Cunoasteti voi cumva alt program de genu sau ceva liste de mail gratis?

wget de la arhiva gasiti pe website-ul meu oficial: https://rpgfrankfurdro.000webhostapp.com/ Nu cred ca este nevoie de un video sau poza pentru asa ceva!