begood

Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password. Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities. In password creation, as in many aspects of life, everybody tends to the original solution, but thanks to human nature, we all tend to originality in the same way, leading to almost absolute predictability. http://www.remote-exploit.org/wp-content/uploads/2010/04/cupp-3.0.tar.gz

Features: *common text processing features *working with multiple wordlist files *option to manipulate file on disk rather than loading them in the editor *advanced wordlist sorting:sorting alphabetically,by word length, by user or pass *randomizing lists to obfuscate server log files *anagrams *splitting combo files in single lists and vice versa *fast duplicate remover allows to use reference lists and to save duplicates *powerful and customizable filters to remove unwanted words or combos *customizable wordlist manipulations to enrich and enlarge your wordlists *wordlist and URL converters *online and file password leecher *and many more http://rapidshare.com/files/34245710/Raptor_3.rar

Velocity Cracking Utilities (VCU) is a suite of utilities to aid in cracking UNIX password files. This is accomplished with tools that create and manipulate wordlists, as well as some front-ends for popular DOS based cracking programs. VCU attempts to make the cracking of passwords a simple task for computer users of any experience level. http://www.packetstormsecurity.org/groups/wiltered_fire/NEW/vcu/vcu10.exe

RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras. The main new feature is permutations mode which takes each word in the list and combines it with the others to produce all possible permutations (not combinations, order matters). For example the words freds, fresh, fish will produce the following list: freds fresh fish fredsfresh fredsfish freshfreds freshfish fishfreds fishfresh fredsfreshfish fredsfishfresh freshfredsfish freshfishfreds fishfredsfresh fishfreshfreds Each of these new words is then subject to the other mangles, because of this we strongly recommend with permutations mode enabled (default) you use a very small wordlist, 3 start words create a final list containing 4245 words and 5 start words creates a list containing 91975. As a test we tried it with a few hundred words and gave up when the output file got to 3G. If you try to use a file with more than 5 words you will get a warning and the option to abort. Other mangles include adding the numbers 1 to 123 to the start and end, 01 to 09 to the start and end, various case manipulations, leet speak, word reversal, ed and ing on the end and doubling words up. The initial wordlist can either be specified as a file or can be piped in through STDIN. Installation RSMangler is written in Ruby and therefore needs Ruby to be installed and working. The script needs to be made executable and it doesn't rely on any gems or anything external. Download: http://www.randomstorm.com/tools/rsmangler_1.1.tar.bz2 Source: RSMangler Keyword Based Wordlist Generator

Gen is a small password/wordlist generator written in Perl. The generator can be used as the input for many types of purposes, from administration security tasks to brute force tools utility. Note: While compiling, if you come across a syntax error on line 88, replace every instance of &quote; with a single quote ('). Source: SecuriTeam - Gen - Random Password/Wordlist Generator

This tool dissects each word into parts based on the number of characters in the word. Then, each combination of those characters are placed into every order possible. Example: root@dev:~/oclHashcat-0.22# echo 'an12!Qi' | ./expander.bin (Only using the word "an12!Qi") a n 1 2 ! Q i an 12 !Q n1 2! Qi an1 2!Q n12 !Qi 12! Qia an12 n12! 12!Q 2!Qi an12! n12!Q 12!Qi 2!Qia !Qian an12!Q n12!Qi 12!Qia 2!Qian !Qian1 Qian12 an12!Qi n12!Qia 12!Qian 2!Qian1 !Qian12 Qian12! ian12!Q Usage on a small dictionary: Word count before use of expander: 11,584 Word count after use of expander: 112,158 Download: hashcat - advanced password recovery

L517 is small (considering what it does), it is fast (considering it's a Windows app), and it is lightweight (when not loading astronomically large lists). A user-friendly GUI requires no memorization of command-line arguments! L517 contains hundreds of options for generating a large, personalized, and/or generic wordlist. With L517, you can generate phone numbers, dates, or every possible password with only a few clicks of the keyboard; all the while, filtering unwanted passwords. Features: -Collecting- * Gathers words from many different file-types, 1. .txt 2. .mp3 3. .pdf 4. .ppt 5. .srt 6. .rtf 7. .doc / .docx 8. .htm / .html 9. .jpg / .jpeg 10. and many more * Can handle both unix and windows text file types, * Collect from every file in a directory (and subdirectories), * Collect words from a website (strips HTML code), good for personalized wordlists (myspace, facebook, etc), * Collect from dragged-and-dropped selected text or files, * Collect words from pasted text (Ctrl+V). -Generating- * Generate any string of any length (an exhaustive 26-pattern character set is included), o New in v0.91: L517 can pause and resume list generation! Simply click 'Cancel' while generating a list, and L517 will prompt to pause. * Generate dates in different formats over any time period, 1. mm/dd/yy : 12/31/10 2. mm/dd/yy : 12/31/2010 3. dd/mm/yy : 31/12/10 4. dd/mm/yyy : 31/12/2010 5. mmm/dd/yy : december/10/10 6. mmm/dd/yyy : december/10/2010 7. dd/mmm/yy : 10/december/10 8. dd/mmm/yyy : 10/december/2010 * Generate phone numbers based on location (United States only). Input a city and the L517 will look-up all area-codes and prefixes of that city, then generate every possible phone-number based on those prefixes. * "Analyze" is a new option in v0.2; when "analyzing," L517 discovers and extracts patterns in the list by looking at both prefixes (beginning) and postfixes (end) of items. The analysis results in two lists of commonly used prefixes and postfixes. Great for actual password lists. -Filtering- * Filter by length (minimum/maximum). * Convert list to lowercase, UPPERCASE. * Copy words to new formats: First Letter Upper and/or eVeRy OtHeR lEtTeR. * 13375P34K (leetspeak) case mutator. o Reads from 'leetspeak.txt' (included at program start-up, can be edited by the user). o Generates every possible mutation of a word. For example: If the 'leetspeak.txt' file has "a,A,@,4" as different values for 'a', then L517 would generate the following for the item "aa": + aa + Aa + @a + 4a + aA + AA + @A + 4A + a@ + and so on... * Strip out certain text from items that already exist, and also as they are added. * Convert special characters to the hex equivalent. i.e. convert !@#$%^& to %20%40%21%22%23. * Include foreign characters. this gathers words that are beyond the scope of the alphabet and 0-9 number syetem, such as àçéîÿöû. -Mutating- Add mutations to items already on the list -- append right-side and/or prepend left-side. These are useful when generating a password list: 1. Add each number 0-9 to every item on the list, 2. Add every letter (a-z) to each item on the list, 3. Add every word from L517's default prefix/postfix wordlist to every item in the list, 4. Add every word from your own wordlist to every item in the current list. -List options- * Sort alphabetically (automatic). * Remove duplicate entries, (slow, but accurate and stable). * Find item in list, Find Next. * Remove, Remove by string, and Clear. * Save list to files in sections (split by number of items in each file). o i.e. L517 can save any number of items per file, so no wordlist file will grow to be too large (L517 will save to many smaller files). * Save in Windows/DOS text format, or *nix format. Download: http://l517.googlecode.com/files/L517%20v0.92.exe Source: l517 - Project Hosting on Google Code

InsidePro (MD5, NTLM, LM) Rainbowtables.Shmoo (LM, WPA) Hak5 (WPA) Hak5.Rainbow.Table.-.LM.All.1-7.120GB (LM) Garr/freerainbowtables (LM, NTLM, MD5, MySQL, SHA1) Fpux/Rainbow_Tables (SHA1, Cisco, LM, MD5, MSCache, NTLM, WPA) Offensive Security - WPA Rainbow Tables (WPA)

FreeRainbowTables HashKiller InsidePro APassCracker Openwall ftp.ox.ac.uk GDataOnline Cerias.Purdue Outpost9 VulnerabilityAssessment PacketStormSecurity ai.uga.edu-moby cotse1 cotse2 VXChaos Wikipedia-wordlist-Sraveau CrackLib-words SkullSecurity Rapidshare-Wordlist.rar Packetstorm_dic_john_1337 Megaupload-birthdates.rar Megaupload-default-001.rar Megaupload-BIG-WPA-LIST-1.rar Megaupload-BIG-WPA-LIST-2.rar Megaupload-BIG-WPA-LIST-3.rar WPA-PSK-WORDLIST-40-MB-rar WPA-PSK-WORDLIST-2-107-MB-rar Article7 Rapidshare-Bender-ILLIST Milw0rm Rohitab DualisaNoob Naxxatoe-dict-total-new-unsorted DiabloHorn-wordlists-sorted Bright-Shadows MIT.edu/~ecprice NeutronSite ArtofHacking CS.Princeton Spacebar textfiles-suzybatari2 labs.mininova-wordmatch BellSouthpwp Doz.org.uk ics.uci.edu/~kay inf.unideb.hu/~jeszy openDS sslmit.unibo.it/~dsmiraglio informatik.uni-leipzig-vn_words.zip cis.hut.fi Wordlist.sf.cz john.cs.olemiss.edu/~sbs Void.Cyberpunk CoyoteCult aima.eecs.berkeley.edu andre.facadecomputer aurora.rg.iupui.edu/~schadow cs.bilkent.edu.tr/~ccelik broncgeeks.billings.k12.mt.us/vlong IHTeam Leetupload-Word Lists Offensive-Security WPA Rainbow Tables Password List depositfiles/1z1ipsqi3 MD5Decrypter/Passwords depositfiles/qdcs7nv7x ftp.fu-berlin.de Rapidshare.com/Wordlist.rar Rapidshare.com/Password.zip Megaupload/V0X4Y9NE Megaupload/0UAUNNGT Megaupload/1UA8QMCN md5.Hamaney/happybirthdaytoeq.txt sites.Google.com/ReusableSec Megaupload.com/SNK18CU0 Hotfile.com/Wordlists-20031009-iso.zip Rapidshare.com/Wordlist_do_h4tinho.zip Rapidshare.com/pass50.rar sweon.net/wordlists Skullsecurity.org/fbdata.torrent Uber.7z freqsort_dictionary.txt SXDictionaries.zip Leetupload.com/WordLists Passwords: to0l-base, zmetex, mrdel2000 Rapidshare.com/BIG_PASSWORD_LIST.rar Pass:bodyslamer@warezshares.com Rapidshare.com/dictionaries-vince213333.part01.rar Rapidshare.com/dictionaries-vince213333.part02.rar Rapidshare.com/dictionaries-vince213333.part03.rar Rapidshare.com/Wordlist_Compilation.part1.rar Rapidshare.com/Wordlist_Compilation.part2.rar Rapidshare.com/Wordlist_Compilation.part3.rar Rapidshare.com/Wordlist_Compilation.part4.rar Rapidshare.com-word.lst.s.u.john.s.u.200.part01.rar Rapidshare.com-word.lst.s.u.john.s.u.200.part02.rar Rapidshare.com-word.lst.s.u.john.s.u.200.part03.rar Rapidshare-Purehates_word_list.part1.rar Rapidshare-Purehates_word_list.part2.rar Rapidshare-Purehates_word_list.part3.rar Rapidshare-Purehates_word_list.part4.rar Rapidshare-Purehates_word_list.part5.rar Rapidshare-_Xploitz_-_Master_Password_Collection.part1.rar Rapidshare-_Xploitz_-_Master_Password_Collection.part2.rar Rapidshare-_Xploitz_-_Master_Password_Collection.part3.rar Rapidshare-_Xploitz_-_Master_Password_Collection.part4.rar Rapidshare-_Xploitz_-_Master_Password_Collection.part5.rar Rapidshare-_Xploitz_-_Master_Password_Collection.part6.rar Rapidshare-_Xploitz_-_Master_Password_Collection.part7.rar Pass: Remote Exploit Forums - Home of BackTrack Rapidshare-_Xploitz_-_PASSWORD_DVD.part01.rar Rapidshare-_Xploitz_-_PASSWORD_DVD.part02.rar Rapidshare-_Xploitz_-_PASSWORD_DVD.part03.rar Rapidshare-_Xploitz_-_PASSWORD_DVD.part04.rar Rapidshare-_Xploitz_-_PASSWORD_DVD.part05.rar Rapidshare-_Xploitz_-_PASSWORD_DVD.part06.rar Rapidshare-_Xploitz_-_PASSWORD_DVD.part07.rar Pass: Remote Exploit Forums - Home of BackTrack

MD5 Freerainbowtables.com Freerainbowtables.com/phpBB3/ MD5Decrypter(uk) project-rainbowcrack Plain-Text Crackfoo -NNC Hashcrack Gdata MD5this MD5crack Noisette Joomlaaa Igrkio MD5decrypter Shell-Storm NetMD5crack XMD5 TheKaine InsidePro MD5pass Generuj AuthSecu MD5decryption Schwett Victorov Kerinci Crackfor.me MD5-db Drasen Gromweb MD5hood MD5.my-addr MD5online Macrosoftware Bokehman MD5-decrypter Thoran C0llision Rednoize web-security-services MD5-lookup CMD5 Tmto Shalla Hash-Database Alimamed Bokehman Benramsey Idiobase Hard-core ThePanicRoom Kalkulators StringFunction Toolz Fox21 Gat3way Sans Appspot HashCracking.ru Anqel Offensive-Security Altervista Xanadrel Beeeer Idiobase Kinginfet AskCheck hash-cracker.com agilobable.pl (IRC Bots) Overclock plain-text.info (irc.Plain-Text.info #rainbowcrack - irc.rizon.net #rainbowcrack) md5.overclock.ch (irc.rizon.net #md5) c0llision.net (irc.after-all.org #md5crack - ircd.hopto.org #md5crack - ix.dal.net #md5crack) NTLM Freerainbowtables.com Freerainbowtables.com/phpBB3/ MD5decrypter(uk) Plain-Text NiceNameCrew HashCrack Tmto AstaLaVista Fox21 LMCrack hash-cracker.com LM Freerainbowtables.com Freerainbowtables.com/phpBB3/ Plain-Text NiceNameCrew HashCrack Milw0rm C0llision Tmto AstaLaVista Fox21 LMCrack Offensive-Security SHA1 Freerainbowtables.com Freerainbowtables.com/phpBB3/ MD5Decrypter(uk) Rednoize Web-Security-Services SHA1-Lookup CMD5 Blacklight Tmto Hash-Database X-Attack Toolz Sans HashCracking.ru AskCheck Sha1 Decrypter - Sha1 Reverse Lookup - Online Sha1 Decoder hash-cracker.com SHA 256-512 Blacklight Shalla Hash-Database AskCheck MySQL Freerainbowtables.com Freerainbowtables.com/phpBB3/ HashCrack CMD5 X-Attack AstaLaVista HashCracking.ru MassOwnage WPA-PSK (free) MD5Decrypter(uk) WPA2Crack.com (costs $$$) WPACracker Question-Defense

I. BACKGROUND --------------------- Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the ability to create and share documents by combining a comprehensive set of writing tools with the easy-to-use Microsoft Office Fluent user interface. II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Word. The vulnerability is caused by a memory corruption when parsing certain data in a Word document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Word file. III. AFFECTED PRODUCTS --------------------------- Microsoft Office 2004 for Mac Microsoft Office 2003 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Word Viewer http://packetstormsecurity.org/1010-advisories/vupen-msossmc.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory SQL Injection in Oracle Database CREATE_CHANGE_SET procedure Oct. 13 2010 Affected versions: Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Mart?nez Fay? of Application Security Inc. Details: Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in CREATE_CHANGE_SET procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Impact: To exploit this vulnerability EXECUTE permission on the SYS.DBMS_CDC_PUBLISH package is required. By default users granted the EXECUTE_CATALOG_ROLE role have this permission granted. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_CDC_PUBLISH package. Fix: Apply Oracle Critical Patch Update October 2010 available at Oracle Metalink. CVE: CVE-2010-2415 Links: http://www.appsecinc.com/resources/alerts/oracle/2010-03.shtml http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Timeline: Vendor Notification - 10/16/2009 Vendor Response - 10/22/2009 Fix - 10/12/2010 Public Disclosure - 10/13/2010 Application Security, Inc's database security solutions have helped over 2000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) iEYEARECAAYFAky3W8QACgkQRx91imnNIgHAAwCgwt3gB2IDlUbFgOw0AhLFRM1T I9UAoNax7F1vmtk2EgAbbR6OLEbnOx8K =K3D1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://packetstormsecurity.org/1010-advisories/shatter-oracle.txt

Phoenix exploit kit is one of the best Browser Exploit Pack (BEP) in the market nowadays. Looking at the pace of development, it seems like we are going to see plethora of advancements in this BEP. In this post , we are aiming to disclose some of the findings and reviews about the latest Phoenix BEP version 2.4. Primarily, we will be talking about the following metrics in detail to discuss the impact of this BEP. 1. Exploitation Success Rate (ESR). 2. Loader Infection Success Rate (LISR). The most critical part of testing BEP's is to determine the success rate of loading a bot or executable once the target is exploited in real time environment. This metric is quite important because number of browser exploit packs suffer from huge loss in loading activity even after the exploitation. However, many times it has been noticed that most of the statistics provided by BEP's claiming the fact that infection rate based on ESR to be thousands of machines. But the installation rate is very less. Based on our analysis, we are raising a point on the effectiveness of BEP. If the exploitation rate is high it means the BEP has to be robust enough to perform the successful installs. A generic experiment was conducted on some of the samples of Phoenix Exploit Kit 2.x - 2.4 in a controlled environment to detect the possible rates of infection. The output is presented as follows [1] Browser Exploitation Ration (BER) Microsoft Internet Explorer (IE6+IE7+IE8) - 25% Firefox (All Versions) - 17% - 22% [2] Operating Systems Exploitation Rate (OSER) Windows XP : 25% - 30% Windows Vista : 18% - 22% Windows 7 : 5% - 8% [3] Traffic Infection Rate (TIR) Mixed Traffic Rate (Hard+Generic) = 70% - 80% [4] Loader Infection Success Rate (LISR) Loader Installation Rate after exploitation - 90% This gives us an indication about the exploitation ratios of browsers and operating systems. Windows 7 shows less vulnerable because of the protection mechanisms developed in it. Phoenix BEP converts 70%-80% of traffic to be infected. As it has been discussed above, the loader installation loss is quite less as compared to other BEP's. We can consider the fact of firewalls and other possible scenarios where security mechanisms can reduce the loader installation rate to 10%-15%.However, considering the stats the rate is still high. Note: The infection rate varies depending on the rate of traffic but the overall stats remain the same. With the release of version 2.4 we will be encountering following exploits and codes Added JAVA TC (privilege escalation) which works instead of JAVA DE-SERIALIZE and JAVA GSB exploits.It breaks JRE/JDK 1.5.0-1.5.0_23 and 1.6.0-1.6.0_18 on Win XP/VISTA/7. Added QUICKTIME exploit for QUICKTIME PLAYER v. 7.6.6-7.6.7 on Win XP for IE 6/7/8. Added PDF FONT exploit for ADOBE READER 9.3.1-9.3.4 on Win XP/VISTA/7. Vulnerability is not patched yet! (Hitting Anti Viruses Hard) Random file-names of BEP structure. (Stealth Technique) Link Encryption in JAVA exploit. Phoenix 2.4 has shown good advancements. So overall this exploit pack is building really good codes to dismantle the web. Malware at Stake: Phoenix Exploit Kit (2.4) - Infection Analysis

Interesting new technology. Squarehead's new system is like bullet-time for sound. 325 microphones sit in a carbon-fiber disk above the stadium, and a wide-angle camera looks down on the scene from the center of this disk. All the operator has to do is pinpoint a spot on the court or field using the screen, and the Audioscope works out how far that spot is from each of the mics, corrects for delay and then synchronizes the audio from all 315 of them. The result is a microphone that can pick out the pop of a bubblegum bubble in the middle of a basketball game.... [...] Audio from all microphones is stored in separate channels, so you can even go back and listen in on any sounds later. Want to hear the whispered insult that caused one player to lose it and attack the other? You got it. Schneier on Security: Picking a Single Voice out of a Crowd

In its Q3 analysis of security trends, F-Secure says that, alongside spam attacks on social networks, the Stuxnet worm has been targeting industrial systems, proving that the malware has become one of the key developments in the IT security industry of the last decade. According to the IT security vendor, the highly complex Stuxnet Windows worm - discovered in June 2010 - is the first malware to target specific industrial systems. The malware, says F-Secure, spreads via USB sticks and can also spread by copying itself to network shares if users have weak passwords once it is inside an organisation. After infecting the system, Stuxnet hides itself with a rootkit and checks if the infected computer is connected to a Siemens Simatic factory system. Stuxnet can then make complex modifications to the system. The veteran IT security firm says that its research suggests that Stuxnet has infected hundreds of thousands of computers around the world, but the large number of infections in Iran has led to speculation that it was designed by a government trying to sabotage Iran's nuclear programme. It's not all about Stuxnet, however, as the report notes that there is a real danger of a global worm outbreak on iOS, whilst spam on social networks is fast becoming a serious problem. The quarterly report notes that websites like Facebook and Twitter are attractive to malware writers because they spread information quickly, but this also means that Twitter and Facebook users can stop the spread of malware faster than before. Sean Sullivan, a security advisor at F-Secure, said that social networks have built-in antibodies - their users. "Whereas the malicious attacks of yesteryear took weeks or even months to develop, the recent Twitter attacks peaked and ebbed in just two and a half hours", he explained. The biggest security story on the mobile front during Q3 has been the jailbreakme.com website, which made it possible to jailbreak an iPhone, iPad or iPod Touch simply by visiting the website with the device. F-Secure notes that Jailbreakme.com used an exploit to execute code on the device and, according to Mikko Hypponen, the firm's chief research officer, anyone could have used the same vulnerability to execute malicious code on iPhones and iPads, which could have resulted in the first global mobile worm outbreak. "Luckily this did not happen and Apple released a new version of iOS to patch the vulnerability on most of their platforms", he said, adding that, since 2004 there have only been 517 families of mobile viruses, worms and trojans. Infosecurity (UK) - F-Secure says the emergence of Stuxnet is one of the main security developments of the decade

L’utilisation de scripting et d’outil développé sur mesure, est courant dans le domaine du test d’intrusion. Afin de répondre à un besoin spécifique et surtout pour le faire la main en python, j’ai développé un scanner de vulnérabilité de type LFI (Local File Inclusion). Ce scanner est développé en python, pour sa portabilité et sa facilité d’écriture. Les fonctionnalités sont encore sommaire mais elles ne demandent qu’a être améliorées (selon le temps que j’aurai de dispo, si vous n’avez rien a faire ?). Les dépendances sont quasiment toutes satisfaites mise à part optparse qu’il vous faudra installer. J’ai embarqué une version de BeautifullSoup car il subsiste un bug lors du « parsing » des pages m’obligeant à utiliser une version inférieur à la version stable. Le scanner utilise donc une ancienne version de BeautilFullSoup cela le temps de corriger le bug. La lib termcolor n’est pas indispensable, mais elle apporte un gain en lecture. Le tools fonctionne de la manière suivante. root@corbier-laptop:/home/corbier/Dropbox/python/LfiScan# ./main.py -h Usage: main.py -h for help Options: -h, –help show this help message and exit -U HOST, –url=HOST Set url to scan france -P PROXY, –proxy=PROXY Set proxy localhost:9050 for Tor Le support de tor est complet, j’ai donc utiliser la lib pycurl car urllib et urllib2 ne supporte pas les proxy sock. Voici l’utilisation du scanner dans un exemple : root@corbier-laptop:/home/corbier/Dropbox/python/LfiScan# ./main.py -U http://127.0.0.1/ +[Crawler]+ Trying to get page ==> http://127.0.0.1/ +[Crawler]+ Trying to get page ==> http://127.0.0.1/40ff8f74f40925e361f150ca6999ddeb.php?pages=test +[Crawler]+ Trying to get page ==> http://127.0.0.1/ +[Crawler]+ Trying to get page ==> http://127.0.0.1/40ff8f74f40925e361f150ca6999ddeb.php?pages=test&t=o&d=k +[Crawler]+ Mail Found ==> aito@fw.ipsj.or.jp +[Crawler]+ Trying to get page ==> w3mhelp-w3m_ja.html +[Crawler]+ Trying to get page ==> http://127.0.0.1/40ff8f74f40925e361f150ca6999ddeb.php?pages=test&x=p +[Crawler]+ Mail Found ==> aito@fw.ipsj.or.jp +[Crawler]+ Mail Found ==> aito@fw.ipsj.or.jp +[Main]+ Trying LFI attack !!! +[injector]+ Trying to get page ==> http://127.0.0.1/40ff8f74f40925e361f150ca6999ddeb.php?pages=../../../../../../../../etc/passwd&t=../../../../../../../../etc/passwd&d=../../../../../../../../etc/passwd&x=../../../../../../../../etc/passwd& +[injector]+ Trying to get page ==> http://127.0.0.1/40ff8f74f40925e361f150ca6999ddeb.php?pages=../../../../../../../../etc/passwd%00&t=../../../../../../../../etc/passwd%00&d=../../../../../../../../etc/passwd%00&x=../../../../../../../../etc/passwd%00& +[injector]+ LFI dectected !!! on http://127.0.0.1/40ff8f74f40925e361f150ca6999ddeb.php?pages=../../../../../../../../etc/passwd%00&t=../../../../../../../../etc/passwd%00&d=../../../../../../../../etc/passwd%00&x=../../../../../../../../etc/passwd%00& Ici le scanner commence par « crawler » la page principale du site . Ensuite, il enregistre tout les liens de la page dans une liste et enregistre les paramètres et scripts dans un dictionnaire. Les liens seront scannés si et seulement si ils n’ont pas déjà été scannés. Les scripts seront scannés si il y a apparition d’une nouvelle variable (cela évite que le scanner tourne en boucle sur les forums). Une fois que le site est crawlé dans son intégralité, le scanner va se constituer une série de url pour tenter d’exploiter une potentiel LFI. La méthodologie n’est pas parfaite mais c’est la plus rapide à mettre en œuvre que j’ai trouvé. Vous pouvez télécharger le scanner ici. http://data.stealthisblog.fr/tools/LfiScan.zip Il est vous est fourni sous la licence JMB (Je M’en Branle) Vous pouvez le garder pour vous, le redistribuer, le donner à votre chien, à votre grand mère. Toutes les remarques bonnes ou mauvaises sont les bienvenues. : ) Enjoy ! Steal This Blog Blog Archive LFI Scanner

Some 15 years ago, the introduction of HTML frames caused a significant uproar in the (still young) web development community. The outraged purists asserted that frames were bound to ruin everything: incompatible with many of the browsers and search engines of the old; bringing a significant potential to break navigation or printing; unfamiliar and confusing to users; and simply against the original vision supposedly laid out by the founding fathers of the web. Today, these criticisms seem rather arbitrary: although framed navigation had its share of amusing missteps (not any worse than most other HTML features, I'd argue), the frames have become an important and unobtrusive part of the modern web, and a valuable content compartmentalization tool. But shockingly, even if for all the wrong reasons, the original detractors had one thing right: in a sense, they turned out to be our doom. How so? Recall that framed browsing dates back to the days of the web being a simple tool for distributing static content - and in that context, the technology warranted no special consideration from the security community; but as our browsers morphed into de facto operating systems for increasingly complex, dynamic applications - well, we quickly discovered that the ability to selectively embed fully functional, third-party content on unrelated and potentially malicious websites is pretty bad news. One of the earliest problems - with early reports dating back to at least 2004, and variants still being discovered several years later - is the realization that frames are implemented using essentially the same model as standalone windows; this model allows any website in possession of window name (or its DOM handle) to navigate it at will. This property is mostly harmless when dealing with proper windows equipped with an address bar - but is a disaster for seamlessly framed regions on trusted websites: if malicious-site.com can open trusted-application.com in a new window, and then navigate that application's frames to any other location - it can, essentially, silently hijack the UI. Following this discovery, Adam Barth and others spent a fair amount of time proposing a better approach, and convincing several browser vendors to implement it; but even today, certain unavoidable weaknesses in this model prevail. The next notable milestone: clickjacking - a seemingly obvious threat essentially ignored by the security community (perhaps in hope it disappears), until extravagantly publicized by Jeremiah Grossman and Robert 'RSnake' Hansen in 2008. The idea behind the attack is simple: if a frame containing trusted-application.com is placed on malicious-site.com, and then partly obscured or made transparent - the user can be easily tricked into thinking he is interacting with the UI of malicious-site.com - but end up sending the UI event to trusted-application.com, instead. As the name implies, their analysis focused on mouse clicks - which in a sense, did the attack some disservice: the reporting led the community to assume that only certain exceedingly simple UI actions (such as the "like" buttons on social networking sites) could be realistically targeted - and that the attacker would still be facing difficulties computing the right alignment of visual elements for all targeted systems, browsers, and screen resolutions. But that's simply not true. To demonstrate other perils of cross-domain frames, I posted a proof-of-concept exploit for an attack I jokingly dubbed strokejacking - showing that with the use of onkeydown events, selective keystroke redirection across domains can be used to perform very complex UI actions in the targeted application, far beyond what is possible with clickjacking alone. I also discussed reverse strokejacking - an even more depressing variant where evil embeddable gadgets on a targeted site are able silently intercept user input by playing with the focus() method. These reports received very little attention - but given the ridiculous name, that's perhaps for the best. Since then, the situation with framed content has gotten even worse: not long ago, we witnessed this presentation from Paul Stone. Paul discussed drag-and-drop attacks on third-party frames: text selected in one obscured frame pointing to trusted-application.com could be unintentionally dragged and dropped into the area controlled by malicious-site.com - thus revealing the content across domains. Many researchers and browser vendors summarily dismissed this threat, on the grounds that the necessary interactions must complex and unusual - for example, triple-clicking or pressing Ctrl-A to select text - and therefore, that they are difficult to solicit; but this is incorrect. What have we missed, then? Paul casually mentioned one special type of a common UI interaction we all frequently engage in on even the least interesting sites: using the scroll bar. Note that the act of grabbing the slider, dragging it down, and releasing it... is eerily similar to the act of selecting text, or dragging and dropping a selection across the page. The attack can be modified thus: Create a page with an article that spans more than a single screen - or has a TEXTAREA with an EULA that needs to be scrolled to the end before the "I agree" button is enabled, instead. Have a transparent IFRAME pointing to trusted-application.com that follows the mouse pointer. As soon as the user clicks the slider and holds the mouse button, reposition the frame up in relation to the cursor. This ensures that the entire framed text is selected, regardless of mouse movement (yes, this works!). Wait for mouse button to be released. Reposition the frame so that the next click will begin to drag the selection. While the user is interacting with the slider, move the frame away, and place a receiving TEXTAREA or contentEditable / designMode container under the mouse pointer. Steal documents across domains! There are some technical challenges that make this a bit more complicated than advertised - but these can be worked around in a majority of the browsers on the market. In the end, cross-domain frames proved to be a giant and completely unexpected attack surface; and very depressingly, we still have no idea how to properly address the problem once and for all. There simply are no simple and elegant solutions compatible with the modern web; and rest assured, browser vendors are extremely hesitant to experiment with complex heuristics instead. The only thing we decided to do to tackle the general threat is plastering the gaping holes over with X-Frame-Options - a naive opt-in mechanism that allows websites to refuse being framed across domains. Alas, this mechanism will never be used by all the sites that actually need it - and it offers no protection in more complex cases, such as the increasingly prevalent embeddable gadgets. The history of information security is littered with disturbingly similar cases of browser features colliding with each other, or being incompatible with the natural evolution of the web. If you need another example, just look at the profound problems caused by differences between same-origin policies for JavaScript, cookies, plugins (Java in particular) - and for peripheral browser features, such as password managers. Because of this, I often fear that we are bound to repeat the painful security lessons of framed browsing very soon; for example, I am simply intimidated by the rush to deploy some of the more complex and at times exotic features as a part of HTML5 - web sockets, workers, sandboxing, storage, application caches, notifications, CORS, UMP, and countless other new HTML, CSS, and JS extensions added there every other week. Yes, it's called "job security". But at times, it tends to suck. lcamtuf's blog: Attack of the monster frames (a mini-retrospective)

Once again WiFi security is in the news, this time a new report in the UK shows that almost half of UK home WiFi networks could be compromised within 5 seconds. While that sounds a little dramatic it wouldn’t surprise me if a lot still have no WEP key at all. And even if they have a WEP key with the tools available for WEP cracking now – it wouldn’t take that long to hammer it down – especially on a high traffic network. From the study it seems that about 25% of networks are totally password free, I’m not sure how far they went though in terms of trying to connect. Perhaps a lot are public wifi spots that employ proxy services and require you to ‘login’, perhaps some are using MAC address white-listing. Nearly half of all home Wi-Fi networks in the UK could be hacked within five seconds, according to CPP. The life assistance company employed the services of ethical hacker Jason Hart to roam six major cities across the UK and use specially developed software to identify home networks that were at risk of ‘Wi-Fi jacking’. Wi-Fi jacking see hackers piggybacking on a net connection and allows them to illegally download files, purchase illegal goods or pornography or even sell on stolen goods, without being traced. It also allows them to view the private transactions made over the net, providing them with access to passwords and usernames that can subsequently be used to commit identity fraud. CPP’s research, which has been conducted ahead of National Identity Fraud Prevention Week, revealed 40,000 home Wi-Fi networks were at risk. CPP also said that despite the fact 82 percent of web users believe their Wi-Fi connection is secure, nearly a quarter of private wireless networks are not password protected It’s also interesting the amount of web users that use public or wifi-jacked networks without using encrypted connections. Grabbing login and password combos at a rate of 350 per hour is a LOT of passwords. If they also recorded the associated services that could be a massive stash of credentials. It just goes to show if you do a little war-driving, what kind of goodies you can go home with. Furthermore, nearly one in five (16 percent) of web users say they regularly use public networks. During his research, Hart was able to ‘harvest’ usernames and passwords from user of the public Wi-Fi networks at a rate of more than 350 an hour. He also revealed more than 200 web users unsuspectingly logged onto a fake Wi-Di network over the course of an hour, during the experiment, putting themselves at risk from fraudsters who could harvest their personal and financial information. “This report is a real eye-opener in highlighting how many of us have a cavalier attitude to Wi-Fi use, despite the very real dangers posed by unauthorised use,” said CPP’s identity fraud expert Michael Lynch. “We urge all Wi-Fi users to remember that any information they volunteer through public networks can easily be visible to hackers. It’s vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity.” Hart warned both businesses and individuals to “think very carefully about network security and what information they provide when going online”. As with most things this is not a technical issue, there are plenty of security options for home Wi-Fi setups, they are well documented and all new modems/routers come with filtering, white-listing and WEP/WPA encryption built in. With a combination of these factors anyone can set up a secure WAP at home. Oh well, it looks like things are going to change for a while. Source: Network World Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking | Darknet - The Darkside

A site run by the MPAA has become the most recent victim of cyber attacks being carried out by Anonymous. Copy-Protected.com, a site used to inform on copy protection and DRM on DVD and Blu-ray movie discs, now displays a missive from the anarchic group . After a few seconds it redirects visitors to the homepage of The Pirate Bay. MPAA Copy-Protected DRM Site Hacked By Anonymous | TorrentFreak

^wax, ia asta : Dimensions Home

Nu. 20mbps = 2.5 MBps mbps = mega biti pe secunda MBps = mega bytes pe secunda 1 byte = 8 biti. Toate reclamele pe care le vedeti la televizor, pe strada sunt exprimate in biti.

Nervi, nu gluma! O prezentatoare a injurat in direct. A enervat-o publicul - Stirileprotv.ro http://stirileprotv.ro/static/ro/shared/app/MediaCenter_Embed.swf?media_id=60450289&section_id=16&section=EMBED_PLAY&ad_file=noad&autostart=true&bit=1286807586_39557050320&userad_id=b75232d2f9d4aa1c867f6bac7ef9bcf9

In 4 ani de cand am RDS n-am patit asa ceva. zilnic vorbesc de pe fix pe mobil, factura nu a sarit vreodata de 50 lei. n-am avut vreodata incurcaturi de niciun fel cu ei. o singura data (repet in 4 ani), o zi, n-am avut net, faceau upgrade-uri. netul e brici (fiberlink 100mbps) @Cosminn Clauzele sunt precizate clar in contractul pe care l-ai semnat atunci cand ti-ai facut abonamentul. Cititi cu atentie fiecare contract pe termen lung, sa nu va prindeti urechile si sa ajungeti la judecata pentru un rahat de amanunt.

lene . fa tu daca tot ai timp liber. la mine tinde la zero.

@paxnWo, dude, are 12 ani Competitie [challenges] - RST