-
Posts
3972 -
Joined
-
Last visited
-
Days Won
22
Everything posted by begood
-
follow them on twitter. asa vei avea afla la minut cand va fi publicat. http://twitter.com/PlanetUbuntu
-
Vulnerability ID: HTB22350 Reference: http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html Product: Microsoft SharePoint Server 2007 Vendor: Microsoft Corporation Vulnerable Version: 12.0.0.6421 and Probably Prior Versions Vendor Notification: 12 April 2010 Vulnerability Type: XSS (?ross Site S?ri?ting) Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA (http://www.htbridge.ch/) Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. An attacker can use browser to exploit this vulnerability. The following PoC is available: http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X
-
Cinnamon Chasers - Luv Deluxe (Music Video) e interesant facut videoclipul.
-
Who needs exploits when you have social engineering?
begood replied to wildchild's topic in Stiri securitate
acum am citit si eu articolul in intregime ) -
Daca e sa dam crezare unui grup de exploratori turci si chinezi, atunci avem de-a face o descoperire extraordinara. Ei pretind ca au descoperit ramasite din Arca lui Noe, chiar pe Muntele Ararat, din Turcia. cititi mai multe : http://stirileprotv.ro/stiri/international/descoperire-senzationala-arca-lui-noe-gasita-in-turcia.html
-
sectiunea e buna.
-
bun venit. treaba e ca aici mai mult ajuti pe altii, asa inveti. daca vrei sa inveti citesti tutoriale/carti.
-
Introduction Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. “Powered by XYZ” and others are more subtle. WhatWeb recognises these hints and reports what it finds. WhatWeb has over 70 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues. For example, a WordPress site might remove the tag but the WordPress plugin also looks for “wp-content” which is less easy to disguise. Plugins are flexible and can return any datatype, for example plugins can return version numbers, email addresses, account ID’s and more. There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them. Example Usage Using WhatWeb on a handful of websites. http://www.morningstarsecurity.com/research/whatweb
-
Russian investors have bought ICQ, the venerable instant messenger service, from AOL for $187.5m. The deal was announced today by Digital Sky Technologies, an investment group backed by Yuri Milner, a media baron, and Alisher Usmanov, the controversial Uzbek commodities plutocrat who owns a large stake in Arsenal FC. After dotcom-era success, the popularity of ICQ has waned in the West. In Israel, where it was developed, and former Soviet countries, it remains a leading instant messenging service however. AOL bought ICQ back in 1998, from its developer Mirabilis, for $407m. It now registers 32 million users per month. In 2001 it announced it had 100 million registered users. AOL, currently amputating non-profitable arms as it aims to refocus as a digital publisher said today: "Digital Sky Technologies is a leading innovator in the Internet investment space and has a significant presence in the markets where ICQ is strong." The Russian group is dominant in its home market, claiming responsibility for 70 per cent of all web page views. In the West its most significant investment to date has been its $200m purchase of 2 per cent of Facebook. ® http://www.theregister.co.uk/2010/04/28/icq_sold/
-
Plenty of utilities can recover deleted files, but what if you can't boot your computer, or the whole drive has been formatted? Here's how to dig deep and recover the most elusive deleted files, or even whole partitions. We've shown you simple ways to recover accidentally deleted files, even a simple method that can be done from an Ubuntu Live CD, but for hard disks that have been heavily corrupted, those methods aren't going to cut it. In this article, we'll examine four tools that can recover data from the most messed up hard drives, regardless of whether they were formatted for a Windows, Linux, or Mac computer, or even if the partition table is wiped out entirely. Note: These tools cannot recover data that has been overwritten on a hard disk. Whether a deleted file has been overwritten depends on many factors – the quicker you realize that you want to recover a file, the more likely you will be able to do so. Our setup To show these tools, we've set up a small 1 GB hard drive, with half of the space partitioned as ext2, a file system used in Linux, and half the space partitioned as FAT32, a file system used in older Windows systems. We stored ten random pictures on each hard drive. We then wiped the partition table from the hard drive by deleting the partitions in GParted. Is our data lost forever? Installing the tools All of the tools we're going to use are in Ubuntu's universe repository. To enable the repository, open Synaptic Package Manager by clicking on System in the top-left, then Administration > Synaptic Package Manager. Click on Settings > Repositories and add a check in the box labelled "Community-maintained Open Source software (universe)". Click Close, and then in the main Synaptic Package Manager window, click the Reload button. Once the package list has reloaded, and the search index rebuilt, search for and mark for installation one or all of the following packages: testdisk, foremost, and scalpel. Testdisk includes TestDisk, which can recover lost partitions and repair boot sectors, and PhotoRec, which can recover many different types of files from tons of different file systems. Finally, scalpel performs the same functions as foremost, but is focused on enhanced performance and lower memory usage. Scalpel may run better if you have an older machine with less RAM. more : http://lifehacker.com/5525534/recover-data-like-a-forensics-expert-using-an-ubuntu-live-cd
-
Visit any forum or website to find something useful and they will ask you to register. Every time a forum asks me to register, I simply close the site. You would probably do the same. But this time, lets face it. Before I begin, you should know how things work. All websites and forums will block unregistered users, but they won’t block Google Bot. What we will do is to switch our User Agent to that of Google Bot and freely browse any website or forum without registering. First grab the add-on for Firefox called ‘user agent’ here and install it. Now go to Tools > User Agent Switcher > Options and then again to Options. Select User Agent from the left sidebar and click Add. Now in the description field type: crawl-66-249-66-1.googlebot.com and in user agent field type: Googlebot/2.1 (+http://www.googlebot.com/bot.html) as shown in the screenshot below. Select Google Bot as your User Script by going to Tools > User Agent Switcher. Now browse any website or forum without registering. Alternatively you can also check out BugMeNot, it is a free online service where people share login information of thousands of websites and forums. Enjoy! Read more: http://www.addictivetips.com/internet-tips/access-any-website-or-forum-without-registering/
-
Hackers have overcome Ubisoft's controversial DRM system that relied on constant connection to the internet for games to function. A crack for Ubisoft’s anti-piracy system published by a group called Skid Row allows gamers to circumvent the controls for games such as Assassin's Creed II. A message from the group on a gamers' forum sets out the group's agenda: allowing legitimate copies of PC games to be played without an internet connection, rather than facilitating piracy. Skid Row cheekily thanks Ubisoft for posing an interesting intellectual challenge. Thank you Ubisoft, this was quiete a challenge for us, but nothing stops the leading force from doing what we do. Next time focus on the game and not on the DRM. It was probably horrible for all legit users. We just make their lifes easier. This release is an accomplishment of weeks of investigating, experimenting, testing and lots of hard work. We know that there is a server emulator out in the open, which makes the game playable, but when you look at our cracked content, you will know that it can't be compared to that. Our work does not construct any program deviation or any kind of host file paradox solutions. Install game and copy the cracked content, it's that simple. Chris Boyd (AKA PaperGhost), a security researcher at Sunbelt Software and a long-time gamer, Told The Register that Ubisoft's controls were fundamentally misconceived. “In general, it seems DRM restrictions in gaming are becoming more intrusive and creating problems for genuine customers, rather than the pirates who happily bypass these measures every time," Boyd said. "PC gaming should be about portability - what use are games you can't play at the airport or on a train if you can't get online? "We already see layered DRM in gaming - for example, the Ubisoft DRM is used if you buy certain titles on Steam, the PC content delivery system which also ties games to user accounts. Eventually we could see games with so many restrictions and requirements needed to play that they would be all but unusable to everybody but the pirates. This would clearly not be a good situation for either the consumer or the games publisher.” ® http://www.theregister.co.uk/2010/04/28/ubisoft_drm_cracked/
-
Cel mai periculoas hacker din lume arestat din cauza extraterestrilor...
begood replied to BigT's topic in Cosul de gunoi
trash, old story //mai deschide threaduri de cacat si zbori permanent de pe RST.- 4 replies
-
- cel mai periculos
- gary mckinnon
-
(and 3 more)
Tagged with:
-
Email Bomber Avansat(By R.N.S)Romanian National Security
begood replied to R.N.S's topic in Cosul de gunoi
ban pentru analfabetism. -
Email Bomber Avansat(By R.N.S)Romanian National Security
begood replied to R.N.S's topic in Cosul de gunoi
se gandea ca foloseste page rank-ul rst + title pentru a-si distribui RAT-ul. -
Email Bomber Avansat(By R.N.S)Romanian National Security
begood replied to R.N.S's topic in Cosul de gunoi
)))))))))))))))))))))))))))) razor1992 analfabet-o-raton mai esti Cica face parte din RNS !! salutati-l si venerati-l razor1992tm@yahoo.com -
//lol bt stats retention DB, instance 165 of 1024. v 0.2mig_7+0.54
-
For the past few years we've (Netragard) been using internet based Social Networking tools to hack into our customer's IT Infrastructures. This method of attack has been used by hackers since the conception of Social Networking Websites, but only recently has it caught the attention of the media. As a result of this new exposure we've decided to give people a rare glimpse into Facebook from a hackers perspective. Credit for designing this specific attack methodology goes to Kevin Finisterre and Josh Valentine both core members of our team. Lets start off by talking about the internet and identity. The internet is a shapeless world where identities are not only dynamic but can't ever be verified with certainty. As a result, its easily possible to be one person one moment, then another person the next moment. This is particularly true when using internet based social networking sites like Facebook (and the rest). Humans have a natural tendency to trust each other. If one human being can provide another human with "something sufficient" then trust is earned. That "something sufficient" can be a face to face meeting but it doesn't always need to be. Roughly 90% of the people that we've targeted and successfully exploited during our social attacks trusted us because they thought we worked for the same company as them. The setup... Facebook allows its users to search for other users by keyword. Many facebook users include their place of employment in their profile. Some companies even have facebook groups that only employees or contractors are allowed to become members of. So step one is to perform reconnaissance against those facebook using employees. This can be done with facebook, or with reconnaissance tools like Maltego and pipl.com. Reconnaissance is the military term for the collection of intelligence about an enemy prior to attacking the enemy. With regards to hacking, reconnaissance can be performed against social targets (facebook, myspace, etc) and technology targets (servers, firewalls, routers, etc). Because our preferred method of attacking employees through facebook is via phishing we normally perform reconnaissance against both vectors. When setting up for the ideal attack two things are nice to have but only one is required. The first is the discovery of some sort of Cross-site Scripting vulnerability (or something else useful) in our customers website (or one of their servers). The vulnerability is the component that is not required, but is a nice to have (we can set up our own fake server if we need to). The second component is the required component, and that is the discovery of facebook profiles for employees that work for our customer (other social networking sites work just as well). In one of our recent engagements we performed detailed social and technical reconnaissance. The social reconnaissance enabled us to identify 1402 employees 906 of which used facebook. We didn't read all 906 profiles but we did read around 200 which gave us sufficient information to create a fake employee profile. The technical reconnaissance identified various vulnerabilities one of which was the Cross-site Scripting vulnerability that we usually hope to find. In this case the vulnerability existed in our customer's corporate website. Cross-site scripting ("XSS") is a kind of computer security vulnerability that is most frequently discovered in websites that do not have sufficient input validation or data validation capabilities. XSS vulnerabilities allow an attacker to inject code into a website that is viewed by other users. This injection can be done sever side by saving the injected code on the server (in a forum, blog, etc) or it can be done client side by injecting the code into a specially crafted URL that can be delivered to a victim. During our recent engagement we used a client side attack as opposed to a server side attack . We chose the client side attack because it enabled us to select only the users that we are interested in attacking. Server side attacks are not as surgical and usually affect any user who views the compromised server page. The payload that we created was designed to render a legitimate looking https secured web page that appeared to be a component of our customer's web site. When a victim clicks on the specially crafted link the payload is executed and the fake web page is rendered. In this case our fake web page was an alert that warned users that their accounts may have been compromised and that they should verify their credentials by entering them into the form provided. When the users credentials are entered the form submitted them to http://www.netragard.com and were extracted by an automated tool that we created. After the payload was created and tested we started the process of building an easy to trust facebook profile. Because most of the targeted employees were male between the ages of 20 and 40 we decided that it would be best to become a very attractive 28 year old female. We found a fitting photograph by searching google images and used that photograph for our fake Facebook profile. We also populated the profile with information about our experiences at work by using combined stories that we collected from real employee facebook profiles. Upon completion we joined our customer's facebook group. Joining wasn't an issue and our request was approved in a matter of hours. Within twenty minutes of being accepted as group members, legitimate customer employees began requesting our friendship. In addition to inbound requests we made hundreds of outbound requests. Our friends list grew very quickly and included managers, executives, secretaries, interns, and even contractors. After having collected a few hundred friends, we began chatting. Our conversations were based on work related issues that we were able to collect from legitimate employee profiles. After a period of three days of conversing and sharing links, we posted our specially crafted link to our facebook profile. The title of the link was "Omigawd have you seen this I think we got hacked!" Sure enough, people started clicking on the link and verifying their credentials. Ironically, the first set of credentials that we got belonged to the person that hired us in the first place. We used those credentials to access the web-vpn which in turn gave us access to the network. As it turns out those credentials also allowed us to access the majority of systems on the network including the Active Directory server, the mainframe, pump control systems, the checkpoint firewall console, etc. It was game over, the Facebook hack worked yet again. During testing we did evaluate the customer's entire infrastructure, but the results of the evaluation have been left out of this post for clarity. We also provided our customer with a solution that was unique to them to counter the Social Network threat. They've since implemented the solution and have reported on 4 other social penetration attempts since early 2008. The threat that Social Networks bring to the table affects every business and the described method of attack has an extraordinarily high success rate. http://snosoft.blogspot.com/2009/02/facebook-from-hackers-perspective.html
-
da, excelent, il copiez pe rst sa fie un backup ^^
-
This plugin searches the files and database of your website for signs of suspicious activity. It will not stop someone hacking into your site, but it may help you find any uploaded or compromised files left by the hacker. When a website is compromised, hackers leave behind scripts and modified content that can be found by manually searching through all the files on a site. Some of the methods used to hide their code or spam links are obvious, like using CSS to hide text, and we can search for those strings. The database can also be used to hide content or be used to run code. Spam links are sometimes added to blog posts and comments. They’re hidden by CSS so visitors don’t see them, but search engines do. Recently, hackers took advantage of the WP plugin system to run their own malicious code. They uploaded files with the extensions of image files and added them to the list of active plugins. So, despite the fact that the file didn’t have a .php file extension, the code in them was still able to run! This plugin searches through your site and attempts to find those changed files and db records. It’s far from perfect, so if you have suggestions for improving it, I’d like to hear them! You can find the Scanner admin page linked off the Dashboard. This is the screen you’ll see. You can search in numerous ways: 1. Files and database. 2. Files only. 3. Database only 4. Search files by custom keyword. All fairly self explanatory I think. The custom keyword form allows you to search your files for whatever you like. Be careful with that one because a search for a common keyword like “php” will takes ages and generate an extremely long list of files. Warning! Searching through the files on your site will take some time. Even a clean WordPress install with no plugins will probably take a noticeable length of time. It’s also heavy on your server. Only run the file check when your server is idling and not busy. Download The latest version of the plugin can always be found on the WordPress.org plugin page. Install 1. Download and unzip the plugin. 2. Copy the exploit-scanner directory into your plugins folder. 3. Visit your Plugins page and activate the plugin. 4. A new menu item called “Exploit Scanner” will be made off the Dashboard. Security Security is an important issue of course. If this plugin was somehow writable by the webserver it could be modified. For that reason it displays an md5 checksum of itself. That checksum is listed above, and also in the README file in the plugin zip file. Compare the checksums if you’re paranoid. If you’re really paranoid, run the script through md5sum just in case! It also uses file checksums to rule out some false positive results which is one reason why a specific version of WordPress is needed. Newer versions of WordPress may create more false positive results. links : http://wordpress.org/extend/plugins/exploit-scanner/ http://ocaoimh.ie/exploit-scanner/
-
Information Gathering Tools Metagoofil - Metadata extractor- Updated! theHarvester - Account and user names harvester Updated! Subdomainer - subdomain harvester Updated! DigDug - DNS brute forcer Some old tools: Virtual Host Finder Netcraft Subdomain Finder Web Application tools WebSlayer - Web application brute forcer New ProxyStrike - Web application active analyzer proxy Updated! Wfuzz - The web application bruteforcer Updated! AwExploder - Virtual host and CMS discovery Pblind - Blind SQL Injector NEW!! Some old tools: ProxyFinder RequesteR - HTTP request manager Passwords tools BruteSSH - SSH bruteforcer MD5bf - MD5 cracker Database tools Metacoretex-NG SQL Server backdoor Client NEW!! Miscellaneous tools Geoedge - IP geolocalization HoSproxy - HTTP over SMTP Proxy NEW!! Modsecurity Web Console - log visualization http://www.edge-security.com/soft.php
-
Twitter can be a decent communications medium for some things, but let's face it: there's only so much one can say in 140 characters. It's hard to believe that a user could infringe on someone's copyright within such tight constraints, but someone apparently thinks it can. Twitter has removed an update posted by the music writer who runs JP's blog, citing a DMCA takedown request from an unnamed sender. The situation once again highlights the potential for abuse through the DMCA's takedown system, and raises questions about how much service providers should push back against abuses. According to a post on JP's blog, JP received a message from Twitter with a URL to the tweet that was being removed, noting that the reason was because of a DMCA takedown notice. The tweet in question was a link to a blog post on his site posted on April 20. The post described a leaked album by The National, a link to the Amazon page where the album could be preordered, and two links to MP3s from the album, both of which were hosted elsewhere (Box.net and Mediafire). Incidentally, that blog post with the leak is still online, while his tweet about the blog post is now offline. And, of course, the Streisand Effect is now taking place—even more attention has been drawn to the leak thanks to the anonymous DMCA takedown sender (which is likely the music label behind The National). As noted by TechDirt, there are numerous questions here over whether a DMCA takedown was even appropriate in this case. After all, the text of the tweet itself did not contain any infringing material—it read "New Post: Leaked: The National — High Violet" with a link to JP's own blog. It's the Twitter equivalent of us here at Ars getting a takedown notice for linking to JP's blog post about the leaked album, which links to the MP3s. Did anyone retweet JP's tweet, and, if so, did those get taken down too? How far can a copyright holder go down the linking rabbit hole before it becomes too ridiculous, even for them? There's also a question of whether JP's blog post itself should even be subject to a DMCA takedown on its own—it certainly makes more sense than the tweet, but JP doesn't host any of the MP3s of questionable origin on his own site. And, because he offers several paragraphs of commentary on the music, a lawyer could push the fair use angle on the post. If anything, the takedown-sender should have focused its attention on Mediafire and Box.net for hosting the leaked files. Then again, music bloggers can't seem to catch a break lately, so in that sense, it's hardly surprising to see a (likely) music label sending misguided DMCA notices. Either way, it's clear that Twitter was not the proper recipient of this DMCA notice. http://arstechnica.com/tech-policy/news/2010/04/dmca-abuse-extends-to-twitter-posts.ars
-
Elcomsoft announced the support of Tableau TACC1441 hardware to accelerate the recovery of Wi-Fi passwords and password-protected iPhone and iPod backups. The use of a single Tableau TACC1441 device allows Elcomsoft products to recover passwords significantly faster compared to Intel top of the line quad-core CPUs while drawing very little power. Attaching several Tableau TACC1441 devices results in a gain in performance. Elcomsoft Wireless Security Auditor and Elcomsoft iPhone Password Breaker are the first commercially available products to support such a wide range of password breaking acceleration hardware including units manufactured by Tableau, ATI, and NVIDIA. The support of Tableau TACC1441 allows Elcomsoft password recovery products to be used more productively in forensic environments, during investigations, and by the government organizations having existing inventories of Tableau TACC1441 devices. Empowered with one or more Tableau TACC1441 devices, Elcomsoft products are able to demonstrate password recovery speeds exceeding those of high-end CPUs. http://www.net-security.org/secworld.php?id=9197