Jump to content

begood

Active Members
  • Posts

    3972
  • Joined

  • Last visited

  • Days Won

    22

Everything posted by begood

  1. am gasit 11 "chestii" (ms loki, n-am prins-o pe ultima). stringul cautat are 14 caractere. un hint ?
  2. evident nu ti se adreseaza tie tutorialul.
  3. ai 2 pm-uri.
  4. inot, sala (5-6ori/sapt), ciclism, tenis de camp, alerg zilnic 1h hill, surfing (doar vara, la mare/ocean, in ce tara prind), tenis de masa (ca hobby). desigur halberele; facui si kickboxing & karate-shotokan (centura neagra, 1 dan).
  5. " Si de obicei cand stergi ceva, sterge de tot, sa nu ocupe degeaba loc in baza de date. :)" cand stergi de tot, stergi si ip-urile de pe care s-a postat, hence no more evidence
  6. CINE PU*A MEA A STERS PERMANENT posturile lui ionutzel ? Nici ip-urile lui SrtXt nu mai coincid cu Bebe1911, bughy si ionutzel, careva a umblat si la posturi si la baza de date. Cine ?
  7. Being humans, we just forgot to mention about an important YARA release – version 1.3. We mentioned about YARA a LONG time ago here when we’d just about started actively blogging. “YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. “ You can download YARA version 1.3 here. UPDATE: YARA v1.3! ? PenTestIT
  8. A vulnerability has been discovered in Apple Safari 4.0.5 for Windows, which can be exploited to compromise a system. The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows. Highly critical vulnerability in Safari for Windows
  9. The MPAA, RIAA and other entertainment industry groups want people to believe that piracy is the result of people’s greed and refusal to pay. A recent experiment by Wolfire Games sheds another light on this argument, as they found out that even a penny can be too much. Over the past days the people at Wolfire Games had quite a bit of success with their “Humble Indie Bundle“. The developers have allowed people to set their own price for a bundle of five games, a model that has been tried previously by bands such as Nine Inch Nails and Radiohead. “Pay what you want. If you bought these five games separately, it would cost around $80 but we’re letting you set the price! All of the games work great on Mac, Windows, and Linux. We didn’t want to leave anyone out,” the Wolfire team announced a week ago. Not only can downloaders choose the amount they want to pay, they can also decide whether they want the money to go to the developers, charity or any combination of both. The minimum amount required to get a download link is a penny. Thus far the project has been a great success. The games have been downloaded more than 80,000 times and have raised $683,090 at the time of writing. Linux users have been the most generous with an average donation of $14.01, while Windows users are stuck at $7.31. Over the past days Wolfire has covered the results of the “Humble Indie Bundle” project in detail. Overall they have been very satisfied with the results, but they also found that there is still a high percentage of people who didn’t even want to pay a penny, and pirated the bundle instead. Jeffrey Rosen, the co-founder of Wolfire Games, alerted us to this issue and reported his findings in a recent blog post. According to their analysis of the incoming donations and the amount of data that was transferred, some 25% of downloaders did not pay for the bundle. If Wolfire Games were the RIAA, they would have quickly characterized this group as evil freeriders without any sense of ethics, but Rosen and his colleagues are more realistic in their analysis. Obviously money can’t be an incentive to pirate here, since the games can be legally owned for just a penny. So what motivates people to download the bundle without paying then? What are the barriers that prevent people from coughing up a single penny? Rosen mentions that the download links have been posted all over the Internet and that some people would rather click on those directly, than go through the entire payout process just to send over a penny. We could call this the laziness or convenience argument to pirate. Another explanation is that the payment processors that are used are not available in every country, so some people couldn’t pay even if they wanted to. In a similar vein, but not mentioned by the Wolfire team, is that many people in the target audience are young and don’t have access to a credit card. These two payment restrictions are related to availability, which is a common reason for people to pirate. Even if they want to buy something legally, they can’t because they don’t have access to a credit card or are in a country where they can’t use the required payment processors. Other reasons for downloading without paying could be that one downloads the bundle from different computers after having paid, or that the download is shared with friends who made a joint donation. These should not be counted as ‘piracy’ either. Lastly, there could also be a group of people that think that paying a penny is too much, choosing to grab a free copy instead just to be rebellious pirates. We don’t think that this group is very large, and even if it is significant we’re sure that money is not their incentive. Rose said that they do not intend to add any restrictions to the download links because that would only make the download process more cumbersome for those who do donate generously. He does have a request for future ‘pirates’ though. “If you are deadset on pirating the bundle, please consider downloading it from BitTorrent instead of using up our bandwidth! Also, even though you are pirating our games, please tell some of your friends about the Humble Indie Bundle.” Piracy: When Even a Penny Is Too Much | TorrentFreak
  10. Symantec Hosted Services warns that port 25 could be the problem A lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam, according to new Symantec Hosted Services research. The firm's latest monthly MessageLabs Intelligence Report found that Linux-based computers are five times more likely to send spam than Windows PCs. Mat Nisbet, a malware data analyst at Symantec Hosted Services, explained in a blog post yesterday that he decided to dig deeper into the potential causes. "On investigating the originating IPs of a random selection of spam from Linux, I found that in most cases it came from a machine running an open-source mail transfer agent, such as Postfix or SendMail, that had been left open," he said. "This suggests that one reason there is so much spam from Linux could be that many companies that have implemented their own mail servers, and are using open-source software to keep costs down, have not realised that leaving port 25 open to the internet also leaves them open to abuse." Nisbet further explained that some botnets may be able to search specifically for machines that have port 25 left open. "Anyone who wants to take advantage of the fact that Linux, and most of its software, is free, needs to be aware of how to set it up correctly so that it is secure," he said. "Make sure that the systems are correctly set up to restrict access on port 25 to only authorised users, for example attached to the local network or through a virtual private network." Botnets exploit Linux owners' ignorance - V3.co.uk - formerly vnunet.com
  11. Hello security enthusiasts, It's been 2 years, but a new version of sqlninja is out at Sourceforge! Introduction ============ Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide an interactive access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. It is written in Perl, it is released under the GPLv2 and so far has been successfully tested on: - Linux - FreeBSD - Mac OS X You can find it, together with a flash demo of its features, at the address http://sqlninja.sourceforge.net What's new ========== # Proxy support (it was about time!) # No more 64k bytes limit in upload mode # Upload mode is also massively faster # Privilege escalation through token kidnapping (kudos to Cesar Cerrudo) # Other minor improvements What's not so new ================= # Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) # Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental) # Privilege escalation to sysadmin group if 'sa' password has been found # Creation of a custom xp_cmdshell if the original one has been removed # Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed) # TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell # Direct and reverse bindshell, both TCP and UDP # DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works) # Evasion techniques to confuse a few IDS/IPS/WAF # Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection Happy hacking ! -- Full Disclosure: sqlninja 0.2.5 released! icesurfer
  12. Dozens of people are gibbering about microworkers.com being a legitimate marketplace, Well, the microworkers site might be legit in the respect that they pay you, - I can’t even vouch for that, I’ve been waiting on a pin number for three weeks.. BUT what about Employers and the jobs they allow on there?? I don’t think employers should be hiring people to click on their google ads, we know there is no incentives allowed for this type of scheming. Google publishers should be aware that you can’t pay somebody to click the ads on your site!! *That can be reported on this page, so duh!! *Publishers may not click their own ads & Publishers may not ask others to click their ads or use deceptive implementation methods to obtain clicks. This includes, but is not limited to, offering compensation to users for viewing ads or performing searches..more info on this Microjobs.com also claims you will never have to give out your personal info (such as credit card) on any job, I guess this is to prevent fraud and scams, but, if you look at the list, there are jobs on there that require you to sign up with your credit card!! If their policy prohibits these types of jobs, who is approving them on the site? The ball is still out on this one. Can’t call the whole site a hoax without seeing whether the scams and lies are intentional. Meanwhile, I’m still doing work through them even though I haven’t got the first penny delivered to my paypal account. hmmmm There are some good jobs there, like writing articles for three dollars, and forum posting for a quarter. I like those jobs, but the administrators need to do better moderating, indeed, on some of those job listings. Also, if an employer says you didn’t do the job right, it’s their word against yours. Microjobs.com says they will investigate all complaints and reply within five days. I have never received a reply from them on ANY topic that I’ve submitted. What’s up with that lie? We’ll see. Meanwhile, I’ve been ripped off by a few employers. We need the option to block jobs from those employers that have ripped us off in the past. Microworkers.com’s policy for pay is you meet threshold of nine dollars and you request a payment, then they mail you a pin number through the post office. You have to verify your account like this before payment is released from microworkers.com. I don’t know how long it takes to get the pin number in the mail, but I have been waiting for a few weeks already. I don’t know anymore. All the world seems a scam and scheme these days. I’ll post more on this as time progresses or activity changes. Microworkers.com Hoax Scam or Legitimate? Money and Health Blog Blog Archive @balcky scoate culoarea pana nu iei warn.
  13. 1: esti agramat, vezi titlu. 2: cererile se fac numai si numai aici : CERERI [numai aici] - RST
  14. man, inca e in teste, inca putem pune alta versiune de windows, doar sa fie clean, no trojans n shit. ma ai in lista, discutam pe IM. Ce ziceti, facem doua versiuni ? Una "compacta" care sa contina toate kit-urile de instalare ale programelor care le alegem, si una "mare" (toate programele din versiunea compacta sa fie instalate deja pe sistem).
  15. more proof :
  16. There are several method for recovering email password locally, you can search the configuration file manually or using different applications but in most cases the password is encrypted which can make it hard to decrypt. Some password recovery applications do not work with the antiviruses such as Openpass ,Passview or Recover. Here is a good and fast way to do that: 1- Open your notepad and create a simple Fake POP3 server, over this server you will be able to get your password. #! / Usr / bin / perl # run a fake pop3 service use IO:: Socket; $|++; # using socket and cuts buffering $ Sock = IO:: Socket:: INET-> new (Listen => 10, LocalPort => 110, Proto => ‘tcp’, Reuse => 1) | | “Cant open port: $! \ N”; # Create a socket on port number 110 at the local machine while ($ client = $ sock-> accept ()) ( while (1) (# We hear of new clients and enter into an infinite loop at each new connection $ Client-> send (“+ OK Fake POP Service ready \ n”); # Banner $ Stat = $ client-> recv ($ data, 1024); $ Client-> send (“+ OK Password? \ N”); $ Stat = $ client-> recv ($ data, 1024); # organize the exchange of data according to RFC1939 (Undef, $ data) = split (”, $ data); print “Password is \” $ data \ “\ n”; # Separates the password and write it on the console close ($ client); # Close Client session and exit exit; ) ) 2. Changing the client host’s mail server to a local address or other that runs the fake pop3 script. 3. Run the fake script and start the process of getting new emails. As a result – you will receive your password in plain-text, on the console. By the way, you can use the same script to other services such as FTP the most important to change the script according to the desired protocol. Recover Email Client lost passwords | SecTechno
  17. pwned )) putin mai mult sloboz, if ya ask me
  18. Realizez asta, ce propui/neti ?
  19. "tinkode, raton homosexual" ))))))))))))))))))) esti tu bun, dar nici chiar asa de bun sa-l cuceresti pe dae, se lasa greu. Tre fortata ... rozeta )))))))))))))))))))
  20. Iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables as a special for Ethernet frames. In this video series, create by Linuxjournalonline, we will learn the basics of IPTables and how to create simple rulesets. There are 3 videos in this series. The example scripts using in them are available here - Script1, Script2, Script3. Mastering IPTables Tutorial
  21. voi adauga la versiunea pentru editare video, dar intai pentesting & malware analysis & programing.
  22. wga nu va aparea vreodata pe sistem ! desigur, voi face update-urile necesare si programele care va sunt voua folositoare.
  23. majoritatea is facute de fl0 fl0w
×
×
  • Create New...