Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 10/16/19 in Posts

  1. 5 points
  2. 3 points
    Daca inveti C++ o sa iti fie usor pe viitor sa inveti orice alt limbaj.
  3. 3 points
    Copile, aveam aceeasi mentalitate acum 6-7 ani, tot pe la 16-17 ani. Eu zic sa faci ceva mai util pentru viitorul tau, nu pierde timpul aiurea de care dispui. Aici toti sunt pusi pe caterinca si mistouri exact ca-n fotbal, daca castiga Romania se bucura, daca pierde incepe si injura, aceleasi reguli sunt si aici. E normal sa faci asa ceva din moment ce in scoli nimeni nu te invata ce e bine, exact cum e lipsa de educatie sexuala, raman astea gravide la 13 ani. Lasa "hecareala" si invata ceva ce crezi ca te-ar putea ajuta in viitor.
  4. 3 points
    Am facut acest script in python pentru cei care vor sa descarce meme-uri automat , nu stiu pentru ce ar fi de folos dar este interesant de jucat putin cu el. El este destul de basic dar isi face treaba. Aveti nevoie de python3 instalat pentru al rula. Download : https://uploadfiles.io/7e94iqph
  5. 3 points
    Din ce reiese din text-ul tau de prezentare nu ai o idee clara despre "hacking" si taberele in care se imparte, e de inteles... varsta. Tinand cont ca ai 15 ani, inseamna ca ai mult timp liber. Iti sugerez sa iti faci cont pe platforme bug bounty (hackerone, bugcrowd, openbugbounty) si sa cauti vulnerabilitati cu severitate low/medium, cu timpul o sa inveti tot mai multe lucruri si inevitabil o sa faci si bani din asta. Am vazut cativa copii cu varsta apropiata de a ta, care se descurca binisor. Chiar daca sunt putini romani care se ocupa de asta, eu incurajez viitoarea generatie. Succes!
  6. 3 points
    Haxori pe RST...Imi aduce aminte de vremurile bune de acum 7-8 ani. Cu acunetix si havij te pricepi men? Imi faci si mie un tutorial te rog.
  7. 2 points
    1. Intrati pe Cuyahoga County Public Library 2. Click pe "My Account" si apoi "Create Account" 2. Deschideti Fake Name Generator 3. Introduceti datele de pe Fake Name Generator in contul de Cuyahoga Library, cu doua mentiuni: puneti cod postal de Ohio si adresa de e-mail la care sa aveti acces. 4. Intrati pe E-Mail si copiati Acces Number-ul, dupa care va logati pe Cuyahoga County Public Library, introduceti doar Acces Number-ul, dupa care va pune sa va creati un PIN Number format din 4 cifre. 5. Intrati pe Lynda.com, selectati "Sign In", dupa care selectati "Sign in with your organization portal". Acolo introduceti link-ul de la librarie, dupa care Acces Number-ul si PIN-ul pe care tocmai vi l-ati ales. Si gata, aveti cont. Daca aveti intrebari, intrebati-ma in mod inteligent. Daca stiati deja asta, puteti sari peste topic. Nu stiu cat dureaza chestia asta, insa chiar si o luna daca aveti acces, este ok. Va ia maxim 5 minute sa creati tot ceea ce am explicat mai sus. Hai bafta. EDIT: Nu numai la Cuyahoga Library merge. Puteti intra pe Free Library si va alegeti de acolo o librarie, insa una care sa emita card online. Cu tot cu AN si PIN.
  8. 2 points
    Date-n pula mea de hater! Ba se pare ca incet incet reinvine comunitatea. Cine vrea sa facem un grup de Whatsapp sa dea numaru in privat. Fara troll ca va pis in freza.
  9. 2 points
    Eu as recomanda sa pui mana sa inveti dezvoltare in loc de securitate. Nu o sa fii capabil sa-ntelegi nimic oricum nici daca parcurgi ce au zis baietii mai sus, degeaba rezolvi challenges de securitate daca habar nu ai ce se-ntampla. O sa ajungi ca si @KRONZY. Sunt doua variante: Inveti foarte bine networking sau Inveti foarte bine Reverse Engineering. Indiferent de cat de bun "hacker" ai fi, o sa ramai mereu la un nivel mediocru daca nu o sa ai si cunostiinte de dezvoltare. "Hackerii" aia smecheri trebuie sa fie si programatori buni in primul rand. Pe langa alte lucruri, trebuie sa stii sa scrii si tu cod secure, sa fii capabil sa-ti creezi propriile tool-uri si mai mult de atat, sa stii sa-i educi si pe altii sa faca asta. Iar toate aceste lucruri includ mai multe skill-uri. Atat soft-skills cat si hard-skills. Asa ca iesi din casa si comunica cu lumea. Asta te va ajuta atat la interviuri cat si la avansat in cariera. Eu am ajuns sa dau bani grei pe cursuri ca sa nu mai fiu inapt social. Ai 15 ani, asta inseamna ca mai ai 1 an pana cand te poti angaja legal 6h / zi. Si mai ai inca 3 ani pana cand te poti angaja 8h/zi. Daca pui mana si incepi acum sa inveti programare 100h pe saptamana, in 4 luni ai sa-nveti cat invata altii intr-un an ( asumand 40h/saptamana la restul). Si poate ai noroc sa prinzi o pozitie de junior peste un an, daca stii sa-ti "vinzi potentialul". Eu la 16-17 ani lucram deja ca si Mobile Dev. Incepe cu ceva usor, poate front-end. Apoi invata si back-end. Fa aplicatii simple si apoi invata si notiuni de system design / arhitectura ca mai apoi sa refactorizezi ce ai facut deja. Limbajul este destul de irelevant dar mie mi s-a parut mai usor sa fac totul in Javascript de exemplu.
  10. 2 points
    Ce gluma frate, de ce il minti pe om? I-am generat invitatie, expira in 24h, lasa-l sa o activeze.
  11. 2 points
    Nu esti indexat si nu ai vizite deoarece mai sunt inca 41241242353425234234 site-uri la fel ca al tau, acceasi tema, accelasi continut, nimic unic pe el. Poti incerca sa iti scrii singur descrierile la filme si sa nu le mai copiezi din alta parte daca vrei sa ai macar o sansa.
  12. 1 point
    Super. hai ca iti dau add sa te am. nu sti cand ai nevoie de cate ceva.
  13. 1 point
  14. 1 point
    Fara Recon pls. Lasa-l in Spania unde ii este locul. Avem discord, doar ca se face mult troll acolo. Idea ar fi sa vorbim chestii interesante.
  15. 1 point
    Lasa ma oamenii sa hackuie, nu ii inchide nimeni, cel putin nu pana la 18 ani
  16. 1 point
    Cand e vorba de astfel de discutii apar si oamenii dornici sa "discute".
  17. 1 point
    Dear Adrian-Daniel Bacanu, Thank you for your time and discussion on social media platform LinkedIn. As we agreed, please let me provide you with the program and further information of our 2nd Annual Cyber Security Conference, that will be held on 14th November in Sofia (Hotel InterContinental*****)! 😊 Conference will be bring together 130+ senior level cyber security experts from the SEE region, UAE, but also central Europe, will offer you educational sessions related to critical topics in the field, 3 highly practical pre-conference workshops and unforgettable networking events for establishing long-term professional relationships! Join the Conference and become part of growing QuBit cyber security community in Bulgaria! 😊 In order to develop cooperation with cyber professionals from Romania, we are offerring 10 limited passes for following discounted investment: Conference Pass (14th November): 243 Eur (from 10th August: 333 Eur) Combo Pass: Training + Conference (13th – 14th November): 342 Eur (from 10th August: 540 Eur) *the investment includes all conference sessions, luncheon, refreshment, networking dinner, presentations for downloading, materials, brochure Please let me know if you have any further questions. Looking forward to hearing from you soon. Best regards, ________________________________________________ Daca e cineva interesat sa-mi spuna.
  18. 1 point
    Stiu ca la noi nu au ajuns, dar vecinii de langa au probleme minore. Poate va intereseaza acest articol: https://thehackernews.com/2019/10/simjacker-vulnerability-exploit.html?m=1
  19. 1 point
    Pai asta vreau sa zic, Cu niste SQL-uri si deface-uri nu ajungi nicaieri...
  20. 1 point
    Cand ai venit aici ai pus 40 de site-uri vulnerabile...asa si? ce ai rezolvat? cine a invatat ce? cu ce scop ai facut asa ceva? faci ce au facut si cei din trecut care au tras forumul in jos... de s-a ales praful si au plecat toti...fuck this shit.... Cum spunea cineva, aici avem profesori in linux in programare etc etc...si tu pui site-uri gasite cu havjij,sqlmap,scanuri gosh etc,hackerul p*lii mele. Lasa dreacu prostiile si pune mana si fa ceva folositor cu viitorul tau.
  21. 1 point
    ce plm cunostinte in sql sa ai cand futi tool-uri automate? daca tot vrei sa faci ceva...pune mana si invata
  22. 1 point
    Si daca sunt pe telefon si am termux?
  23. 1 point
    Salutare,daca ai cunostiinte doar in SQL injection nu o sa iasa prea bine pe aici, am patit-o pe pielea mea sa stii.
  24. 1 point
    Discuss anonymously with nearby people Clandesto is the place where you can discuss anything, with people within your radius and get awarded with karma points. APP STORE PLAY STORE So what's Clandesto all about? Local community Clandesto is your local community that shows you a live feed from people within your radius. Share news, events, funny experiences, and jokes easier than ever! Join your community Upvote the good and downvote the bad. By voting on posts, you have the power to decide what's your community talking about. Install CLANDESTO Find your group Find your local group, wether it's a neightbourhood, college campus, district, or village. You can also start your own private or public group. Find your group Website: https://clandesto.app/ Twitter: https://twitter.com/clandestoapp Facebook: https://www.facebook.com/clandesto/ Detalii: https://start-up.ro/cand-gdpr-ul-iti-da-o-idee-de-business-clandesto-socializare-anonima/
  25. 1 point
    Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments—most often, for running commands as the root user. By default on most Linux distributions, the ALL keyword in RunAs specification in /etc/sudoers file, as shown in the screenshot, allows all users in the admin or sudo groups to run any command as any valid user on the system. Reference Link : https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html?fbclid=IwAR1V9EZDp75uQdBgcQxV4t4C0THHguOtNkIk7o1PfapQPJEt9FaZmFK58Mg
  26. 1 point
    Pentru ca de multe ori am cerut ajutorul aici si de prea putine ori l-am oferit inapoi, va pun la dispozitie toate cartile mele de Cisco. Doar Cisco am ca asa mananc painea zilnica. https://we.tl/t-m69KrEzFGx https://we.tl/t-HrRwcciXqn De asemenea, pentru cine merita am toate cursurile de la INE (CCNA, CCNP & CCIE), atat R&S cat si Security, CBTNuggets, GNS3WorkBench, Pearson IT Certifications, Packt, RouteHUB si IpExperts, care se gasesc foarte greu astazi, pentru ca IpExperts a fost inchis. Cine stie, cunoaste. Ca sa va incadrati la culoarea rosie nu trebuie sa fi cerut invitatii FileList si sa fiti vechi. Toate cursurile video sunt platite si downlodate, asa ca e dreptul meu sa aleg cui le dau. PS: De ceva timp am inceput sa-mi blestem zilele cu CCIE-ul si as avea mare nevoie de cursurile celor de la IpExperts. Cum ei nu mai sunt pe piata, iar eu am doar CCNP de la ei, nu prea am de unde sa le mai iau. Cine le are si crede ca le merit, multumesc.
  27. 1 point
    Lasa baietii sa ceara invitatii ca le dau eu, am multe, invitatii speciale pentru baietii fini de pe RST.
  28. 1 point
  29. 1 point
    Cam liniste pe aici
  30. 1 point
    Mi-a cerut un service 80 ron, mi-am bagat pula in mortii lui, in 3, 4, 5h il rezolvi, si ramai cu banii de senvici si tigari si bere, incearca pe https://forum.xda-developers.com/
  31. 1 point
    Sursa: https://m.habr.com/ru/company/dsec/blog/452836/ Digital Security Company Blog Information Security Network technologies forkyforky may 28 Web tools, or where to start pentester? We continue to talk about useful tools for pentester. In the new article we will look at tools for analyzing the security of web applications. Our colleague BeLove already did a similarselection about seven years ago. It is interesting to see which tools have retained and strengthened their positions, and which have faded into the background and are now rarely used. Note that the Burp Suite also applies here, but there will be a separate publication about it and its useful plugins. Content: Amass Altdns aquatone MassDNS nsec3map Acunetix Dirsearch wfuzz ffuf gobuster Arjun LinkFinder Jsparser sqlmap NoSQLMap oxml_xxe tplmap CeWL Weakpass AEM_hacker Joomscan WPScan Amass Amass is a Go tool for searching and iterating DNS subdomains and mapping an external network. Amass is an OWASP project created to show how organizations on the Internet look to an outsider. Amass gets the names of subdomains in various ways, the tool uses both recursive enumeration of subdomains and search in open sources. To find connected network segments and autonomous system numbers, Amass uses the IP addresses obtained during operation. All found information is used to build a network map. Pros: Information collection techniques include: * DNS - enumeration of subdomains in a dictionary, bruteforce subdomains, “smart” enumeration using mutations based on the found subdomains, reverse DNS requests and search for DNS servers on which it is possible to request a zone transfer request ( AXFR); * Search for open sources - Ask, Baidu, Bing, CommonCrawl, DNSDB, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ThreatCrowd, VirusTotal, Yahoo; * Search TLS certificate databases - Censys, CertDB, CertSpotter, Crtsh, Entrust; * Using the API of search engines - BinaryEdge, BufferOver, CIRCL, HackerTarget, PassiveTotal, Robtex, SecurityTrails, Shodan, Twitter, Umbrella, URLScan; * Search the web archives of the Internet: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback; Integration with Maltego; Provides the most complete coverage for the task of finding DNS subdomains. Minuses: Be careful with amass.netdomains — he will try to access each IP address in the identified infrastructure and obtain domain names from reverse DNS queries and TLS certificates. This is a "loud" technique, it can reveal your intelligence actions in the organization under study. High memory consumption can consume up to 2 GB of RAM in different settings, which will not allow running this tool in the cloud on a cheap VDS. Altdns Altdns is a Python tool for compiling dictionaries for brute force DNS subdomains. Allows you to generate many options for subdomains using mutations and permutations. To do this, use words that are often found in subdomains (for example: test, dev, staging), all mutations and permutations are applied to already known subdomains, which can be submitted to the input of Altdns. The output is a list of variations of subdomains that may exist, and this list can later be used for DNS brute force. Pros: Works well with large data sets. aquatone aquatone - was previously better known as another tool for finding subdomains, but the author himself abandoned this in favor of the aforementioned Amass. Now aquatone is rewritten to Go and more geared for pre-exploration of websites. To do this, aquatone passes through the specified domains and searches for websites on different ports, after which it collects all the information about the site and makes a screenshot. Convenient for quick preliminary exploration of websites, after which you can select priority targets for attacks. Pros: At the output, it creates a group of files and folders that are conveniently used for further work with other tools: * HTML report with collected screenshots and response headers grouped by similarity; * File with all the URLs on which the websites were found; * File with statistics and data page; * Folder with files containing the response headers from the found targets; * Folder with files containing the response body from the found targets; * Screenshots of found websites; Supports work with XML reports from Nmap and Masscan; Uses headless chrome / chromium for screenshots rendering. Minuses: It may attract the attention of intrusion detection systems, and therefore requires adjustment. The screenshot was made for one of the old versions of aquatone (v0.5.0), in which the search for DNS subdomains was implemented.Older versions can be found on the release page. Screenshot aquatone v0.5.0 MassDNS MassDNS is another tool for finding DNS subdomains. Its main difference is that it makes DNS queries directly to many different DNS resolvers and does so with considerable speed. Pros: Fast - able to resolve more than 350 thousand names per second. Minuses: MassDNS can cause a significant load on the DNS resolvers used, which can lead to a ban on these servers or complaints to your provider. In addition, it will cause a large load on the company's DNS servers, if they have them and if they are responsible for the domains you are trying to resolve. The list of resolvers is currently outdated, but if you select broken DNS resolvers and add new known ones, everything will be fine. nsec3map nsec3map is a Python tool to get a complete list of DNSSEC protected domains. Pros: Quickly detects hosts in DNS zones with a minimal number of queries if DNSSEC support is enabled in the zone; As part of the plugin for John the Ripper, which can be used to crack the resulting NSEC3 hashes. Minuses: Many DNS errors are handled incorrectly; There is no automatic parallelization of processing NSEC records - you have to split the namespace manually; High memory consumption. Acunetix Acunetix is a web vulnerability scanner that automates the process of checking web application security. Tests the application for SQL injection, XSS, XXE, SSRF, and many other web vulnerabilities. However, just like any other scanner of multiple web vulnerabilities does not replace the pentester, since complex chains of vulnerabilities or vulnerabilities in logic cannot be found. But it covers a lot of different vulnerabilities, including different CVEs, which the pentester could have forgotten, therefore, it is very convenient to get rid of routine checks. Pros: Low level of false positives; Results can be exported as reports; Performs a large number of checks for different vulnerabilities; Parallel scanning of multiple hosts. Minuses: There is no de-duplication algorithm (Acunetix pages that are of the same functionality will be considered different, because different URLs lead to them), but the developers are working on it; Requires installation on a separate web server, which makes it difficult to test client systems with a VPN connection and use the scanner in an isolated segment of the local client network; It can “rustle” the service under study, for example, send too many attacking vectors to the communication form on the site, thereby greatly complicating business processes; It is a proprietary and, accordingly, non-free solution. Dirsearch Dirsearch is a Python tool for brute force directories and files on websites. Pros: It can distinguish real “200 OK” pages from “200 OK” pages, but with the text “page not found”; Comes with a handy dictionary that has a good balance between size and search efficiency. Contains standard paths typical of many CMS and technology stacks; Its dictionary format, which allows to achieve good efficiency and flexibility of searching files and directories; Convenient output - plain text, JSON; Able to do throttling - a pause between requests, which is vital for any weak service. Minuses: Extensions must be passed as a string, which is inconvenient if you need to transfer many extensions at once; In order to use your dictionary, it will need to be slightly modified to the format of the Dirsearch dictionaries for maximum efficiency. wfuzz wfuzz - Python-fazzer web applications.Probably one of the most famous web phasers.The principle is simple: wfuzz allows phasing any place in an HTTP request, which allows phasing of GET / POST parameters, HTTP headers, including Cookies and other authentication headers. At the same time, it is convenient for simple brute force directories and files, for which you need a good dictionary. It also has a flexible filter system, with which you can filter the responses from the website by different parameters, which allows you to achieve effective results. Pros: Multifunctional - modular structure, assembly takes several minutes; Convenient filtering and fuzzing mechanism; You can phase out any HTTP method, as well as any place in the HTTP request. Minuses: In the state of development. ffuf ffuf - a web-fazer on Go, created in a similar fashion to wfuzz, allows files, directories, URL paths, names and values of GET / POST parameters, HTTP headers, including the Host header for virtual hosts brute-force. Wfuzz differs from its colleague by higher speed and some new features, for example, Dirsearch format dictionaries are supported. Pros: Filters are similar to wfuzz filters, allow flexible configuration of brute force; Allows fuzzing HTTP header values, data from POST requests and various parts of the URL, including the names and values of GET parameters; You can specify any HTTP method. Minuses: In the state of development. gobuster gobuster - a tool for Go for intelligence, has two modes of operation. The first one is used for brute-force files and directories on the website, the second one is used to iterate over the DNS subdomains. The tool initially does not support recursive enumeration of files and directories, which, of course, saves time, but on the other hand, the brute force of each new endpoint on the website needs to be launched separately. Pros: High speed for both brute force DNS subdomains, and for brute force files and directories. Minuses: The current version does not support the installation of HTTP headers; By default, only some of the HTTP status codes (200,204,301,302,307) are considered valid. Arjun Arjun is a tool for brute-force hidden HTTP parameters in GET / POST parameters, as well as in JSON. The built-in dictionary has 25,980 words that Ajrun checks in almost 30 seconds.The trick is that Ajrun does not check each parameter separately, but checks immediately ~ 1000 parameters at a time and looks to see if the answer has changed. If the answer has changed, then divides this 1000 parameters into two parts and checks which of these parts affects the answer. Thus, using a simple binary search, a parameter or several hidden parameters are found that influenced the answer and, therefore, can exist. Pros: High speed due to binary search; Support for GET / POST parameters, as well as parameters in the form of JSON; By the same principle, the Burp Suite plugin also works - param-miner , which is also very good at finding hidden HTTP parameters. We will tell you more about it in the upcoming article about Burp and its plugins. LinkFinder LinkFinder is a Python script for searching links in JavaScript files. Useful for finding hidden or forgotten endpoints / URLs in a web application. Pros: Fast; There is a special plugin for Chrome based on LinkFinder. . Minuses: Inconvenient final conclusion; Does not analyze JavaScript in dynamics; Quite simple link search logic - if JavaScript is obfuscated in some way, or the links are initially missing and dynamically generated, you will not be able to find anything. Jsparser JSParser is a Python script that uses Tornadoand JSBeautifier to analyze relative URLs from JavaScript files. Very useful for detecting AJAX requests and compiling a list of API methods with which the application interacts. Effectively paired with LinkFinder. Pros: Quick parsing javascript files. sqlmap sqlmap is probably one of the most well-known tools for analyzing web applications. Sqlmap automates the search and operation of SQL injections, works with several SQL dialects, has in its arsenal a huge number of different techniques, ranging from quotes head-on and ending with complex vectors for time-based SQL injections. In addition, it has many techniques for further exploitation for various DBMS, therefore, it is useful not only as a scanner for SQL injections, but also as a powerful tool for exploiting already found SQL injections. Pros: A large number of different techniques and vectors; Low number of false positives; Many possibilities for fine tuning, various techniques, target database, tamper scripts for bypassing WAF; Ability to create dump output data; Many different operating possibilities, for example, for some databases - automatic file upload / download, command execution ability (RCE) and others; Support for direct connection to the database using the data obtained during the attack; At the entrance, you can submit a text file with the results of the work Burp - no need to manually compile all the attributes of the command line. Minuses: It is difficult to customize, for example, to write some of your checks due to poor documentation for this; Without the appropriate settings conducts an incomplete set of checks, which can be misleading. NoSQLMap NoSQLMap is a Python tool for automating the search and operation of NoSQL injection. It is convenient to use not only in NoSQL databases, but also directly when auditing web applications using NoSQL. Pros: As well as sqlmap, it allows not only to find a potential vulnerability, but also checks the possibility of its exploitation for MongoDB and CouchDB. Minuses: Does not support NoSQL for Redis, Cassandra, is being developed in this direction. oxml_xxe oxml_xxe is a tool for embedding XXE XML exploits into various file types that use an XML format in some form. Pros: It supports many common formats, such as DOCX, ODT, SVG, XML. Minuses: Not fully supported PDF, JPEG, GIF; Creates only one file. To solve this problem, you can use the docem tool , which can create a large number of files with paylodes in different places. The aforementioned utilities do an excellent job with XXE testing when loading documents containing XML. But also do not forget that XML format handlers can occur in many other cases, for example, XML can be used as a data format instead of JSON. Therefore, we recommend to pay attention to the following repository containing a large variety of payloads: PayloadsAllTheThings . tplmap tplmap is a Python tool to automatically detect and exploit Server-Side Template Injection vulnerabilities. It has settings similar to sqlmap and flags. It uses several different techniques and vectors, including blind-injections, and also has techniques for executing code and loading / unloading arbitrary files. In addition, it has in its arsenal techniques for a dozen different engines for templates and some techniques for searching eval () - like code injections in Python, Ruby, PHP, JavaScript. In case of successful operation, opens an interactive console. Pros: A large number of different techniques and vectors; Supports many engines for rendering templates; A lot of maintenance techniques. CeWL CeWL is a Ruby dictionary generator, created to extract unique words from a specified website, following links on a website to a specified depth.Compiled dictionary of unique words can be used later for brute-force passwords on services or brute-force files and directories on the same web site, or to attack hashes obtained using hashcat or John the Ripper. Useful in compiling a “target” list of potential passwords. Pros: Easy to use. Minuses: You need to be careful with the depth of search, so as not to capture an extra domain. Weakpass Weakpass is a service containing many dictionaries with unique passwords. It is extremely useful for various tasks related to password cracking, ranging from simple online brute-force accounts to target services, ending off-line brute-force hashes obtained usinghashcat or John The Ripper . There are about 8 billion passwords in length from 4 to 25 characters. Pros: Contains both specific dictionaries and dictionaries with the most common passwords - you can choose a specific dictionary for your own needs; Dictionaries are updated and updated with new passwords; Dictionaries are sorted by efficiency. You can choose the option for quick online brute, as well as for a detailed selection of passwords from the extensive dictionary with the latest leaks; There is a calculator showing the time for password brutus on your hardware. In a separate group, we would like to bring the tools for CMS checks: WPScan, JoomScan and AEM hacker. AEM_hacker AEM hacker is a tool for detecting vulnerabilities in Adobe Experience Manager (AEM) applications. Pros: Can detect AEM-applications from the list of URLs submitted to the entrance; It contains scripts for obtaining RCE by loading a JSP shell or using SSRF. Joomscan JoomScan is a Perl tool to automate the detection of vulnerabilities when deploying a Joomla CMS. Pros: Able to find configuration flaws and problems with admin settings; Lists Joomla versions and related vulnerabilities, similar for individual components; Contains more than 1000 exploits for Joomla components; The output of final reports in text and HTML-formats. WPScan WPScan - a tool for scanning sites on WordPress, has in its arsenal vulnerabilities for the WordPress engine itself, as well as for some plugins. Pros: Able to list not only unsafe WordPress plugins and themes, but also to get a list of users and TimThumb files; Can conduct brute force attacks on WordPress sites. Minuses: Without the appropriate settings conducts an incomplete set of checks, which can be misleading. In general, different people prefer different tools for work: they are all good in their own way, and what one person liked, may not suit another. If you think that we have undeservedly bypassed some good utility, write about it in the comments! +43 3748 +43 11.3k374 20 Karma 56,8 Rating @forkyforky User 6 subscribers Share publication Comments 8 Открой дропшиппингмагазинДропшиппинг сотрудничество. Открывай свой магазин с популярными товарами у нас!Дропшиппинг сотрудничество. Открывай свой магазин с популярными товарами у нас!azimut-shop17.tkПерейтиЯндекс.Директ RELATED PUBLICATIONS December 30, 2015 Security of web resources of banks of Russia August 24, 2015 SCADA and mobile phones: safety assessment of applications that turn a smartphone into a plant control panel September 24, 2013 Information security in Australia, and why pentest there is no longer a cake POPULAR PER DAY yesterday at 10:10 Akihabara: Otaku nesting site yesterday at 01:22 PHP Digest number 157 (May 20 - June 3, 2019) yesterday at 14:22 GandCrab authors stop working: they claim they stole enough 2 June About the engineering approach I put in a word yesterday at 14:24 How we made a safe deal for freelance: give a choice, cut features, compare commissions Language settings Full version 2006-2019 © « TM »
  32. 1 point
    In ultimele 2 saptamani am facut putin research in zona quantum computing si singura aplicatie la care m-am putut gandi avand in vedere statutul experimental al tehnologiei a fost un RNG. Proiectul este la nivel de hobby, scopul nu a fost sa treaca testele statistice NIST, ci doar "for fun" https://github.com/cionutmihai/tigon Aveti acolo si jurnalul in format PDF, are 57 pag, contine repo-uri, link-uri cu resurse si bibliografia completa (70 titluri). Evident ca nu poti sa reinventezi informatica la tine in sufragerie (cu 200 EUR, cateva carti si niste cursuri pe Youtube sau Coursera) deci subliniez din nou ca e la nivel de amator. In plus, mare parte din librariile disponibile fie sunt in alpha, fie sunt abandonate sau sunt axate strict pe mediul academic si simulari. Take care
  33. 0 points
    Tag Heuer fac ceasuri foarte bune si apreciate, imi plac.
  34. 0 points
    Da' cum bineinteles, uite aici am generat o invitatie, tot asa stiti, pus cu hidden sa nu se indexeze pe google @Dnmafiotu:
  35. 0 points
    Salut,as avea si eu nevoie de o invitatie va rog
  36. 0 points
    Recomand xda cum a zis QKQL cauta un tutorial cu reviews pozitive ca daca il faci gresit root-u o sa stai 2-3-4 zile poate sa il faci inapoi ^^
  37. -1 points
    salut,am mare nevoie de o invitatie pe filelist .mersi anticipat
  38. -1 points
    Consola de jocuri retro bazata pe Raspberry Pi 3 Model B - Carcasa Kintaro Super Kuma 9000, cu buton de Power on/off, buton de reset, ventilator - Raspberry Pi 3 Model B, cu card SD 16GB Toshiba - Incarcator 3A 5V bun, care nu subvolteaza Butoanele sunt functionale ambele. Carcasa are ventilator instalat, care functioneaza cand placa este solicitata, am folosit inclusiv Arctic MX-4 pentru temperaturi mai bune. Pe cardul SD am instalat Retropie si ROM-uri pentru diverse emulatoare. Practic sistemul are tot ce va trebuie pe el pentru a juca. Pret: 200 RON
  39. -1 points
    SEO, Benone mai respiri? Ai pe aici categoria de blog
  40. -1 points
    Da frate @SynTAX bine ca m-ai atentionat, uite @adytzu123456, am un cod de invitatie pus cu hidden sa nu vada cei neinregistrati, sa il folosesti ca expira in 24h.
  41. -1 points
    Daca poate sa imi dea si mie cnv un cod de FileList va rog
  42. -1 points
    Salut, Github ai? Stii ca puteai sa iti faci un dualboot linux/windows, si cand era absolut necesar sa ai si windows la dispozitie. Ai studii in acest domeniu?
  43. -1 points
    Ti-am dat follow pe github, mult succes.
  44. -2 points
  45. -2 points
  46. -2 points
    ./ pune captcha pe wp-admin
  47. -2 points
    I-ai dat hard reset? Intră in safe mode
  48. -2 points
  49. -2 points
    Una e sa bagi haviji sa furi datele oamenilor și să stai cu morcovul în cur, alta e sa ceri un ebook, sa lucrezi intr-o instituție
×
×
  • Create New...